On 31.01.2017 09:43, Steinar H. Gunderson wrote:
> On Tue, Jan 31, 2017 at 01:57:31AM +0100, Andreas Cadhalpun wrote:
>>> This sounds like a strangeness in constructing the table, which shouldn't be
>>> papered over in the inner loop of the decoder.
>> Maybe, I don't know what the contents of the table should be, but the
>> following
>> are {-1, 0}: 32, 33, 64, 96, 128
>
> Seemingly they are, indeed.
>
>>> Do you have an actual input where your code makes a difference?
>> Yes, without this patch ubsan reports:
>> src/libavcodec/speedhq.c:206:13: runtime error: index -1 out of bounds for
>> type 'uint8_t [128]'
>
> Would you mind sharing an input where this actually triggers? None of the
> samples I have seem to trigger this, so I suppose it's some sort of fuzzed
> input.
Indeed it is. I've sent you a sample.
Best regards,
Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
