[Hardmad-devel] huffman bug

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think I found what is causing the segmentation fault:
the pin bigvalues_decoder_need_more_bits is not becoming hi. Because of thi=
s=20
the loop on line 981 (layer3.cpp) never ends. The command "cachesz--;" insi=
de=20
this loop is executed unconditionally (should this happen?) and causes the=
=20
test "if (cachesz < 5)" to be true and additional 5 bits are repeatedly rea=
d.=20
In the end, the number of bits read is much larger than what is needed to=20
compute the huffman. The additional bits are NOT garanted to have been read=
=20
(with the input callback). This clearly will cause mad_bit_read to try to=20
read past the buffer.

Rafael
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFASd8aLlrfGJ8JUHwRAjpkAJ9wM9yZUkZ4xpTDx8QqHHQJz+jDWwCgpnUd
2qhqOY8epgJa7kKlXAGxmuE=3D
=3DVFLy
=2D----END PGP SIGNATURE-----