[Ffmpeg-cvslog] CVS: ffmpeg/libavformat ogg.c, 1.26, 1.27 rm.c, 1.50, 1.51 sierravmd.c, 1.10, 1.11 westwood.c, 1.8, 1.9
Jindrich Makovicka CVS
henry
Sat Dec 17 18:57:06 CET 2005
Update of /cvsroot/ffmpeg/ffmpeg/libavformat
In directory mail:/var2/tmp/cvs-serv20417
Modified Files:
ogg.c rm.c sierravmd.c westwood.c
Log Message:
malloc padding to avoid reading past the malloc()ed area.
Credits to Mikulas Patocka (mikulas at artax karlin mff cuni cz)
Index: ogg.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavformat/ogg.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -r1.26 -r1.27
--- ogg.c 23 Sep 2005 00:25:41 -0000 1.26
+++ ogg.c 17 Dec 2005 17:57:03 -0000 1.27
@@ -216,6 +216,7 @@
return -1;
codec->extradata_size+= 2 + op.bytes;
codec->extradata= av_realloc(codec->extradata, codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
+ memset(codec->extradata + codec->extradata_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
p= codec->extradata + codec->extradata_size - 2 - op.bytes;
*(p++)= op.bytes>>8;
*(p++)= op.bytes&0xFF;
Index: rm.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavformat/rm.c,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -d -r1.50 -r1.51
--- rm.c 9 Dec 2005 16:08:18 -0000 1.50
+++ rm.c 17 Dec 2005 17:57:03 -0000 1.51
@@ -557,7 +557,7 @@
codecdata_length = get_be32(pb);
st->codec->codec_id = CODEC_ID_COOK;
st->codec->extradata_size= codecdata_length;
- st->codec->extradata= av_mallocz(st->codec->extradata_size);
+ st->codec->extradata= av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
for(i = 0; i < codecdata_length; i++)
((uint8_t*)st->codec->extradata)[i] = get_byte(pb);
rm->audio_framesize = st->codec->block_align;
@@ -708,7 +708,7 @@
get_be16(pb);
st->codec->extradata_size= codec_data_size - (url_ftell(pb) - codec_pos);
- st->codec->extradata= av_malloc(st->codec->extradata_size);
+ st->codec->extradata= av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
get_buffer(pb, st->codec->extradata, st->codec->extradata_size);
// av_log(NULL, AV_LOG_DEBUG, "fps= %d fps2= %d\n", fps, fps2);
Index: sierravmd.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavformat/sierravmd.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- sierravmd.c 12 Dec 2005 01:56:46 -0000 1.10
+++ sierravmd.c 17 Dec 2005 17:57:03 -0000 1.11
@@ -137,7 +137,7 @@
st->codec->width = LE_16(&vmd->vmd_header[12]);
st->codec->height = LE_16(&vmd->vmd_header[14]);
st->codec->extradata_size = VMD_HEADER_SIZE;
- st->codec->extradata = av_malloc(VMD_HEADER_SIZE);
+ st->codec->extradata = av_mallocz(VMD_HEADER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
memcpy(st->codec->extradata, vmd->vmd_header, VMD_HEADER_SIZE);
/* if sample rate is 0, assume no audio */
Index: westwood.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavformat/westwood.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- westwood.c 17 Jul 2005 22:24:36 -0000 1.8
+++ westwood.c 17 Dec 2005 17:57:03 -0000 1.9
@@ -231,7 +231,7 @@
/* the VQA header needs to go to the decoder */
st->codec->extradata_size = VQA_HEADER_SIZE;
- st->codec->extradata = av_malloc(VQA_HEADER_SIZE);
+ st->codec->extradata = av_mallocz(VQA_HEADER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
header = (unsigned char *)st->codec->extradata;
if (get_buffer(pb, st->codec->extradata, VQA_HEADER_SIZE) !=
VQA_HEADER_SIZE) {
More information about the ffmpeg-cvslog
mailing list