[XviD-devel] malloc(0) and potential underflow error?
Michael Militzer
michael at xvid.org
Wed Jul 1 10:54:39 CEST 2009
Hi,
I think that a legal stats file must start with a XVID_TYPE_IVOP frame
and hence will have at least one scene. So num_scenes should always be
greater than zero and the problem you pointed out should not occur.
Theoretically, it might be possible to trigger the malloc(0) problem in
case you open a specially crafted stats file that has no XVID_TYPE_IVOP
frames. Such a stats file is not valid however and is not generated upon
regular use of xvid.
I think the problem with invalid stats files could be solved when returning
an error in function statsfile_count_frames() in case no keyframes are
found in the stats file.
Regards,
Michael
Quoting Sriram Sankaranarayanan <srirams at gmail.com>:
> Dear Developers,
>
> I am a program verification researcher at NEC Labs. I am trying to use our
> tool F-Soft to find bugs
> in open source projects (xvidcore being one of them).
>
> In the process of examining our tool reports, I came across a potential
> malloc(0) and an underflow related to it. I am not familiar
> with the details of your code (even though I am working to familiarize
> myself). I attach some details. Please email me
> if you have questions.
>
> Project: xvidcore version 1.2.1
> Ditto for xvidcore version 1.2.2 (latest version).
> http://downloads.xvid.org/downloads/xvidcore-1.2.2.tar.gz
>
> File: xvidcore/src/plugins/plugin2_pass2.c
>
> Function: scale_curve_for_vbv_compliancy (plugin2_pass2.c: line 1520).
> The tool claims that
> 1. Value of num_scenes at lines 1565-1569 can be zero
> (malloc(0) is likely)
> 2. potential underflow at line 1591
> (scenelength[num_scenes -1] is the expression accessed, num_scenes=0).
>
> A small pedantic note about malloc(0) :-)
> http://blogs.ethz.ch/syslab/2007/04/02/malloc0-and-freenull/
>
> Our own examination suggests that this is likely if the condition
> if ((rc->stats[i].type == XVID_TYPE_IVOP) &&
> (i-last_scene>min_scenelength)) {
> at line 1559 is not enabled.
>
> If at all possible, feedback on the possibility of this bug will be
> appreciated.
>
> Thanks,
> Sriram Sankaranarayanan
> _______________________________________________
> Xvid-devel mailing list
> Xvid-devel at xvid.org
> http://list.xvid.org/mailman/listinfo/xvid-devel
>
>
More information about the Xvid-devel
mailing list