Jean-Mark, Tim,
Could either of you expound on the following comment in cwrs.c?
/*If _k==0, the following do-while loop will overflow the buffer.*/
----------------------------------------------------------------
...because the following do-loop does overflow the buffer when k=126
k=2;
do _u[k]=(k<<1)-1;
while(++k<len);
Thanks,
MikeH
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.xiph.org/pipermail/opus/attachments/20100701/7cb90de0/attachment-0001.htm
On Thu, Jul 1, 2010 at 3:58 PM, Mike Hooper <mihooper at bellsouth.net> wrote:> Jean-Mark, Tim, > Could either of you expound on the following comment in cwrs.c? > ?/*If _k==0, the following do-while loop will overflow the buffer.*/ > ---------------------------------------------------------------- > ...because the following do-loop does overflow the buffer when k=126 > ??? k=2; > > ??? do _u[k]=(k<<1)-1; > ??? while(++k<len);Have you correctly set the relevant allocation defines for your system? Are you using C99 var-arrays, alloca, or the application managed pseudo-stack?
Mike Hooper wrote:> Jean-Mark, Tim, > > > > Could either of you expound on the following comment in cwrs.c?That comment just meant the buffer must have at _least_ three elements, because the do loop writes to _u[2] before it checks the loop condition. ncwrs_row() is called from exactly two places, and both of them a) ensure that _k > 0 and b) allocate an array of size _k+2 right before passing it to ncwrs_row(). So if it's overflowing the buffer, that means the allocation failed. See gmaxwell's questions for things to start looking at to figure out why.
Yes, it does appear to be a stack allocation issue. Thanks for the pointers. I will investigate further. MikeH -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.xiph.org/pipermail/opus/attachments/20100701/ac28259e/attachment-0002.htm
Greg,
I have checked and varied my allocations and they appear to be correct. I am
using the TI CCS4 development environment which does not support alloca or
var-arrays. So I am using the application managed pseudo-stack. I have tried
many (oversized) allocations, all of which appear to have the same issue.
What I have determined is that there is a recursive loop in the following
code from which I never return:
"static celt_int16 *get_required_bits_pair(celt_int16 *_bits1,
celt_int16 *_bits2,celt_int16 *_tmp,int _n1,int _n2,int _maxk,int _frac)"
This function is first called after 15 iterations of:
"celt_int16 **compute_alloc_cache(CELTMode *m, int C)"
Around the 15th iteration the following line is executed which goes into a
recursive loop that eventually exceeds the heap allocation (no matter how
big it is)
"_tmp=get_required_bits_pair(_bits2,_tmp,_bits1,
_n1>>1,_n1+1>>1,_maxk,_frac);"
Here are the values of the variables on entry:
_bits1 = 0x00000062
*(_bits1) = 0
_bits2 = 0x000000E2
_tmp = 0x000067FA
_n1 = 4
_n2 = 4
_maxk = 128
_frac = 4
tmp2 = 0x0008007F
Can you see anything obvious that would cause this to loop indefinitely?
Thx
MikeH
-----Original Message-----
From: Gregory Maxwell [mailto:gmaxwell at gmail.com]
Sent: Thursday, July 01, 2010 4:05 PM
To: Mike Hooper
Cc: celt-dev at xiph.org
Subject: Re: [CELT-dev] (no subject)
On Thu, Jul 1, 2010 at 3:58 PM, Mike Hooper <mihooper at bellsouth.net>
wrote:> Jean-Mark, Tim,
> Could either of you expound on the following comment in cwrs.c?
> ?/*If _k==0, the following do-while loop will overflow the buffer.*/
> ----------------------------------------------------------------
> ...because the following do-loop does overflow the buffer when k=126
> ??? k=2;
>
> ??? do _u[k]=(k<<1)-1;
> ??? while(++k<len);
Have you correctly set the relevant allocation defines for your system?
Are you using C99 var-arrays, alloca, or the application managed
pseudo-stack?