[XviD-devel] Various bugs

[Christoph Lampert]

Hi,

thank you for your bugreport, but: 

On Wed, 16 Feb 2005, Fr?d?ric DALLEAU wrote:
> *     I found xvid was doing division by 0 :
> 1) It appeared that the macro DIV_DIV (global.h l. 258) did not check 
> its b parameters. I successfully made a patch. It appeared in rescale() 
> (mbprediction.c) but i found it safer to have it checked everywhere. It 
> meant the quantizer was 0 but since I have no mpeg4 knowledge i did 
> basic checking :
>       #define DIV_DIV(a,b)    (((b)!=0)?(((a)>0) ? ((a)+((b)>>1))/(b) : 
> ((a)-((b)>>1))/(b)):0)

DIV_DIV should not be used in first place if b could be 0. In 
mbprediction.c from what I saw with a quick glance, b is the quantizer, 
and that is only in range 1 to 31. 

> 2) I got dec->time_pp at 0 when dividing in decoder.c l.1236, but 
> haven't found a patch yet

Similar: time_pp cannot be 0 in a legal file, but I don't know what 
happens for nonconformant streams. XviD isn't necessarily stable dealing 
with those, that's true. 

> *     I also found some index out of bounds that causes crash (debug 
> build) when reading scantable (mbcoding.c l.1128: get_intra_block(), 
> get_inter_block_h263(), get_inter_block_mpeg()).
>     block[scan[coeff]] = level; // coeff was out of scan

Again, this should not happen in a legal stream, because there the 
position coefficients cannot add up more than 64 (or rather, the "last" 
flag should be raised before). 

But at least in the decoding part, we should be more error resilient, you 
are right.

gruel