th->internal_encode in not cleared, and later in theora_granule_time
CP_INSTANCE *cpi=(CP_INSTANCE *)(th->internal_encode);
PB_INSTANCE *pbi=(PB_INSTANCE *)(th->internal_decode);
if(cpi)
pbi=&cpi->pb; // here we access uninitialized memory
theora_encode_init does memset(th, 0, sizeof(*th)) so I figured that it
would be a good thing to do.
// Erik
-----Original Message-----
From: Ralph Giles [mailto:giles@xiph.org]
Sent: den 5 augusti 2004 04:41
To: Erik Olofsson
Cc: 'theora-dev@xiph.org'
Subject: Re: [Theora-dev] theora_decode_init bug
On Thu, Aug 05, 2004 at 01:13:59AM +0200, Erik Olofsson
wrote:> I found a bug in theora_decode_init when I was implementing the decoder.
>
> theora_decode_init should be zeroing the theora state structure right?
How so? Everything should be initialized properly. The only advantage of
nulling the structure ahead of time is if it's more likely to allow the
program to continue after an error. I don't believe this is such a case.
> memset(th, 0, sizeof(theora_state));
Can you point to something specific that goes wrong without this line?
-r