# HG changeset patch # User al # Date 1139047188 0 # Node ID d37c1e2f715dbac6a3238e31b9ca81b80d58d9e2 # Parent 0995d7ddeb58a0cb539f79e4aaef55c1025fa7eb 10l (malloc check with the wrong pointer) Simplification: I have to reconsider this trees and forest thing... Also readded and documented the check i had in the beginning and removed before applying. It avoids a possible div by zero. diff -r 0995d7ddeb58 -r d37c1e2f715d vorbis.c --- a/vorbis.c Sat Feb 04 08:55:34 2006 +0000 +++ b/vorbis.c Sat Feb 04 09:59:48 2006 +0000 @@ -545,6 +545,13 @@ floor_setup->data.t0.rate=get_bits(gb, 16); floor_setup->data.t0.bark_map_size=get_bits(gb, 16); floor_setup->data.t0.amplitude_bits=get_bits(gb, 6); + /* zero would result in a div by zero later * + * 2^0 - 1 == 0 */ + if (floor_setup->data.t0.amplitude_bits == 0) { + av_log(vc->avccontext, AV_LOG_ERROR, + "Floor 0 amplitude bits is 0.\n"); + return 1; + } floor_setup->data.t0.amplitude_offset=get_bits(gb, 8); floor_setup->data.t0.num_books=get_bits(gb, 4)+1; @@ -574,7 +581,7 @@ floor_setup->data.t0.lsp= av_malloc((floor_setup->data.t0.order+1 + max_codebook_dim) * sizeof(float)); - if(!floor_setup->data.t0.book_list) { return 1; } + if(!floor_setup->data.t0.lsp) { return 1; } } #ifdef V_DEBUG /* debug output parsed headers */ @@ -1067,14 +1074,9 @@ /* calculate linear floor value */ { - int_fast32_t pow_of_two=2, exponent=vf->amplitude_bits; - if ( vf->amplitude_bits ) { - while ( --exponent ) { pow_of_two <<= 1; } - } - else { pow_of_two=1; } q=exp( ( ( (amplitude*vf->amplitude_offset)/ - ((pow_of_two-1) * sqrt(p+q)) ) + (((1<amplitude_bits)-1) * sqrt(p+q)) ) - vf->amplitude_offset ) * .11512925f ); }