[theora-dev] ReconRefFrames() - Possible Bug?
John Pullen
john at paradise-games.com
Mon Oct 9 10:22:44 PDT 2006
Hi All,
I'm just debugging my current implementation of Theora, and while
nothing is crashing I noticed the following bit of code in the
ReconRefFrames() function:
around line 1133 lib\dct_decode.c
fn[0]=i-1;
fn[1]=i-FragsAcross-1;
fn[2]=i-FragsAcross;
fn[3]=i-FragsAcross+1;
/* fragment valid for prediction use if coded and it comes
from same frame as the one we are predicting */
for(k=pcount=wpc=0; k<4; k++) {
int pflag;
pflag=1<<k;
if((bc_mask[WhichCase]&pflag) &&
pbi->display_fragments[fn[k]] &&
(Mode2Frame[pbi->FragCodingMethod[fn[k]]] ==
WhichFrame)){
v[pcount]=pbi->QFragData[fn[k]][0];
wpc|=pflag;
pcount++;
}
}
In the If statement the fn[k] value can be negative and the code tries
to access elements before 0.
Is this supposed to happen?, as the non of the arrays have had the base
pointer moved forward to allow for negative access.
Cheers,
John.
More information about the theora-dev
mailing list