From: Andre Noll Date: Mon, 26 Jul 2010 11:05:42 +0000 (+0200) Subject: aacdec: Fix a brown paper bag bug. X-Git-Tag: v0.4.4~11 X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=commitdiff_plain;h=d6f52cebbb178c884ba54ea782efa56a009493db aacdec: Fix a brown paper bag bug. Oops, we were using PARA_MAX() instead of PARA_MIN() to determine the number of bytes to convert in the next run. This silly bug could lead to a segfault in the aacdec filter. Moreover, the assertion in buffer_tree.c that would have caught the bug was _also_ b0rken. But it's not my fault. I blame Grover of the Sesame street for both bugs. He did explain the difference between near and far, although this knowledge is next to useless for a programmer. And he did not say a single word about MIN and MAX, or true and false. No wonder such bugs happen. --- diff --git a/aacdec_filter.c b/aacdec_filter.c index f33f21eb..5b84d07e 100644 --- a/aacdec_filter.c +++ b/aacdec_filter.c @@ -112,7 +112,7 @@ next_buffer: return; btr_merge(btrn, fn->min_iqs); len = btr_next_buffer(btrn, (char **)&inbuf); - len = PARA_MAX(len, (size_t)8192); + len = PARA_MIN(len, (size_t)8192); consumed = 0; iqs = btr_get_input_queue_size(btrn); if (!padd->initialized) { @@ -186,7 +186,8 @@ next_buffer: padd->frame_info.bytesconsumed); PARA_ERROR_LOG("%s\n", NeAACDecGetErrorMessage( padd->frame_info.error)); - consumed++; /* catch 21 */ + if (consumed < len) + consumed++; /* catch 21 */ goto success; } padd->error_count = 0; diff --git a/buffer_tree.c b/buffer_tree.c index 3a59f8b5..d92d9863 100644 --- a/buffer_tree.c +++ b/buffer_tree.c @@ -634,7 +634,7 @@ void btr_consume(struct btr_node *btrn, size_t numbytes) numbytes -= br->btrb->size - br->consumed; btr_drop_buffer_reference(br); } - assert(true); + assert(false); } /* * We have a wrap buffer, consume from it. If in total, i.e. including