shithub: dav1d

Download patch

ref: ba08e37cd28515055edd42d092835ac142ca8114
parent: d8996b181d2013abd01a2e9f5dceae5e09b3afda
author: Marvin Scholz <[email protected]>
date: Sun Oct 28 22:04:50 EDT 2018

dav1d: Fix theoretical invalid pointer dereference

Fix a theoretical bug found by the clang static analyzer:
In theory num_muxers could be smaller than res, never evaluating the
loop (as the condition would be false) but not satisfying the
i == num_muxers case, so proceeding and dereferencing the never
initialized impl pointer.

Fixing this is simple: Changed the num_muxers and index variables
to unsigned so num_muxers can never be smaller than i.

--- a/tools/output/output.c
+++ b/tools/output/output.c
@@ -43,7 +43,7 @@
 
 #define MAX_NUM_MUXERS 4
 static const Muxer *muxers[MAX_NUM_MUXERS];
-static int num_muxers = 0;
+static unsigned num_muxers = 0;
 
 #define register_muxer(impl) { \
     extern const Muxer impl; \
@@ -81,7 +81,8 @@
 {
     const Muxer *impl;
     MuxerContext *c;
-    int res, i;
+    unsigned i;
+    int res;
 
     if (name) {
         for (i = 0; i < num_muxers; i++) {