[Speex-dev] probably heap corruption detection
Tom Harper
tharper at sightspeed.com
Mon Feb 26 12:35:28 PST 2007
Hi,
So I see in:
split_cb_shape_sign_unquant
this call is going wrong:
ind[i] = speex_bits_unpack_unsigned(bits, params->shape_bits);
ind as a way negative number- basically this should return bet.
0-255 or somesuch right?
So seems like I need to reset speex at this point if
if (ind[i] > 256) like the note says. So I guess my question is
is this range still valid?
also what is the most innocuous value for ind[i] - 0?
Thanks!
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.xiph.org/pipermail/speex-dev/attachments/20070226/c023ff31/attachment.htm
More information about the Speex-dev
mailing list