On Wed, Feb 20, 2013 at 10:47:43AM +0100, Nicolas BERTRAND wrote:
> Le 19/02/2013 20:04, Kostya Shishkov a écrit :
> >>you mean modifications like
> >>>static uint16_t tag_tree_size(int w, int h)
> >>>{
> >>> uint32_t res = 0;
> >>> while (w > 1 || h > 1) {
> >>> res += w * h;
> >>> if ( (res + 1) >= MAX_UINT16)
> >>> return NULL;
> >>> w = (w + 1) >> 1;
> >>> h = (h + 1) >> 1;
> >>> }
> >>> return (uint16_t)(res + 1);
> >>>}
> >not sure about the actual limit but returning -1 in case of too large value
> >would be nice
> The function is used
> t = res = av_mallocz(tag_tree_size(w, h) * sizeof(*t));
>
> av_mallocz is type size_t, returning -1, will be an out of boud value.
> returning o isn't not not more safe. The allocation will just fail
> due to 0 size
int size = tag_tree_size(w, h);
if (size == -1) error out;
t = res = av_mallocz(size * sizeof(*t));
Note that one must NOT call av_malloc*(0) in any case.
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
