Re: [libav-devel] [PATCH 4/5] faxcompr: fix out of array read
On Thu, Oct 18, 2012 at 11:52 AM, Kostya Shishkov wrote: > On Thu, Oct 18, 2012 at 10:49:41AM +0100, Måns Rullgård wrote: >> Kostya Shishkov writes: >> >> > On Wed, Oct 17, 2012 at 11:31:12PM +0200, Reinhard Tartler wrote: >> >> From: Michael Niedermayer >> >> >> >> Signed-off-by: Michael Niedermayer >> >> (cherry picked from commit 5891e454a667e42ef71a06bfd9661540ea3f3ebd) >> >> >> >> Signed-off-by: Reinhard Tartler >> >> --- >> >> libavcodec/faxcompr.c |2 +- >> >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> >> >> diff --git a/libavcodec/faxcompr.c b/libavcodec/faxcompr.c >> >> index 077e740..a9a415a 100644 >> >> --- a/libavcodec/faxcompr.c >> >> +++ b/libavcodec/faxcompr.c >> >> @@ -228,7 +228,7 @@ static int decode_group3_2d_line(AVCodecContext >> >> *avctx, GetBitContext *gb, >> >> mode = !mode; >> >> } >> >> //sync line pointers >> >> -while(run_off <= offs){ >> >> +while(offs < width && run_off <= offs){ >> >> run_off += *ref++; >> >> run_off += *ref++; >> >> } >> >> -- >> > >> > looks stupid - either it should be an external condition or not changed at >> > all >> >> Looks fragile either way. It would seem better to explicitly check offs >> going out of range and bail out properly. > > It's done above but probably not for all cases. I'm not sure how to address these comments. please someone else take over from here. -- regards, Reinhard ___ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel
Re: [libav-devel] [PATCH 4/5] faxcompr: fix out of array read
On Thu, Oct 18, 2012 at 10:49:41AM +0100, Måns Rullgård wrote: > Kostya Shishkov writes: > > > On Wed, Oct 17, 2012 at 11:31:12PM +0200, Reinhard Tartler wrote: > >> From: Michael Niedermayer > >> > >> Signed-off-by: Michael Niedermayer > >> (cherry picked from commit 5891e454a667e42ef71a06bfd9661540ea3f3ebd) > >> > >> Signed-off-by: Reinhard Tartler > >> --- > >> libavcodec/faxcompr.c |2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/libavcodec/faxcompr.c b/libavcodec/faxcompr.c > >> index 077e740..a9a415a 100644 > >> --- a/libavcodec/faxcompr.c > >> +++ b/libavcodec/faxcompr.c > >> @@ -228,7 +228,7 @@ static int decode_group3_2d_line(AVCodecContext > >> *avctx, GetBitContext *gb, > >> mode = !mode; > >> } > >> //sync line pointers > >> -while(run_off <= offs){ > >> +while(offs < width && run_off <= offs){ > >> run_off += *ref++; > >> run_off += *ref++; > >> } > >> -- > > > > looks stupid - either it should be an external condition or not changed at > > all > > Looks fragile either way. It would seem better to explicitly check offs > going out of range and bail out properly. It's done above but probably not for all cases. ___ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel
Re: [libav-devel] [PATCH 4/5] faxcompr: fix out of array read
Kostya Shishkov writes: > On Wed, Oct 17, 2012 at 11:31:12PM +0200, Reinhard Tartler wrote: >> From: Michael Niedermayer >> >> Signed-off-by: Michael Niedermayer >> (cherry picked from commit 5891e454a667e42ef71a06bfd9661540ea3f3ebd) >> >> Signed-off-by: Reinhard Tartler >> --- >> libavcodec/faxcompr.c |2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/libavcodec/faxcompr.c b/libavcodec/faxcompr.c >> index 077e740..a9a415a 100644 >> --- a/libavcodec/faxcompr.c >> +++ b/libavcodec/faxcompr.c >> @@ -228,7 +228,7 @@ static int decode_group3_2d_line(AVCodecContext *avctx, >> GetBitContext *gb, >> mode = !mode; >> } >> //sync line pointers >> -while(run_off <= offs){ >> +while(offs < width && run_off <= offs){ >> run_off += *ref++; >> run_off += *ref++; >> } >> -- > > looks stupid - either it should be an external condition or not changed at all Looks fragile either way. It would seem better to explicitly check offs going out of range and bail out properly. -- Måns Rullgård m...@mansr.com ___ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel
Re: [libav-devel] [PATCH 4/5] faxcompr: fix out of array read
On Wed, Oct 17, 2012 at 11:31:12PM +0200, Reinhard Tartler wrote: > From: Michael Niedermayer > > Signed-off-by: Michael Niedermayer > (cherry picked from commit 5891e454a667e42ef71a06bfd9661540ea3f3ebd) > > Signed-off-by: Reinhard Tartler > --- > libavcodec/faxcompr.c |2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/faxcompr.c b/libavcodec/faxcompr.c > index 077e740..a9a415a 100644 > --- a/libavcodec/faxcompr.c > +++ b/libavcodec/faxcompr.c > @@ -228,7 +228,7 @@ static int decode_group3_2d_line(AVCodecContext *avctx, > GetBitContext *gb, > mode = !mode; > } > //sync line pointers > -while(run_off <= offs){ > +while(offs < width && run_off <= offs){ > run_off += *ref++; > run_off += *ref++; > } > -- looks stupid - either it should be an external condition or not changed at all ___ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel