Present Perfect


Picture Gallery
Present Perfect


Filed under: General — Thomas @ 7:47 pm

7:47 pm

Found a nice WTF in some external code. As part of some deal we received some proprietary code for a proprietary codec format. I obviously cannot divulge with, or share the actual code. I can paraphrase though.

I was running a simple encoding test and the test segfaulted. GDB showed me that it segfaulted on a line that looks a little like this:

somepointer[-1] = 0; //assuming some extra memery is there to consume

(somepointer was renamed to protect the guilty party).

Looking higher up in the function, somepointer is being assigned as this:

guint16* somepointer = someencoder->coefpointer;

And coefpointer is just a pointer stored inside the encoder structure to some data somewhere.

So, what happens if coefpointer is pointing to the first guint16 inside the memory structure ? My guess is the assumption being made in the comment ends up wrong.

The rest of the code doesn’t actually write to the “-1” location, except at the very end, where it does

someencoder->coefpointer[-1] = out

(with out being a counter of coefficients written).

This same operation is repeated all over the code, poking 0’s in random memory locations. I’m surprised this doesn’t trigger more often.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment