On Mon, Mar 02, 2015 at 10:42:27PM +0100, Anton Khirnov wrote: > Quoting Diego Biurrun (2015-02-25 15:28:14) > > From: Niels Möller <[email protected]> > > + return AVERROR_INVALIDDATA; > > + } else { > > + unsigned c, r; > > + for (c = i = 0; c < s->xll_channels; c++, i += > > chset->channels + 1) { > > + if ((chset->downmix_coeffs[i] = > > dca_get_inv_dmix_coeff(s)) == -1) > > + return AVERROR_INVALIDDATA; > > + for (r = 1; r <= chset->channels; r++) { > > + int32_t coeff = dca_get_dmix_coeff(s); > > + if (coeff == -1) > > + return AVERROR_INVALIDDATA; > > + chset->downmix_coeffs[i + r] = > > + (chset->downmix_coeffs[i] * (int64_t) > > coeff + (1 << 15)) >> 16; > > Maybe I'm just missing something, but seems to me this can overflow the > array.
This looks scary indeed. Niels? Diego _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
