On 20/02/13 10:47, Nicolas BERTRAND wrote:
> Le 19/02/2013 20:04, Kostya Shishkov a écrit :
>>> you mean modifications like
>>> >static uint16_t tag_tree_size(int w, int h)
>>> >{
>>> > uint32_t res = 0;
>>> > while (w > 1 || h > 1) {
>>> > res += w * h;
>>> > if ( (res + 1) >= MAX_UINT16)
>>> > return NULL;
>>> > w = (w + 1) >> 1;
>>> > h = (h + 1) >> 1;
>>> > }
>>> > return (uint16_t)(res + 1);
>>> >}
>> not sure about the actual limit but returning -1 in case of too large
>> value
>> would be nice
> The function is used
> t = res = av_mallocz(tag_tree_size(w, h) * sizeof(*t));
>
> av_mallocz is type size_t, returning -1, will be an out of boud value.
> returning o isn't not not more safe. The allocation will just fail due
> to 0 size
malloc(0) should never happen.
use av_mallocz_array btw.
lu
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
