[FFmpeg-cvslog] rawdec: allocate a buffer in the appropriate size in the copy case.
Hendrik Leppkes
git at videolan.org
Sun Jun 16 09:59:30 CEST 2013
ffmpeg | branch: master | Hendrik Leppkes <h.leppkes at gmail.com> | Sun Jun 16 09:46:17 2013 +0200| [8962da9ec367b535f975c876643ed2cad2bad32e] | committer: Michael Niedermayer
rawdec: allocate a buffer in the appropriate size in the copy case.
Otherwise the created buffer can be smaller than buf_size, which results
in buffer overreads if the original image has extra padding on every line.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8962da9ec367b535f975c876643ed2cad2bad32e
---
libavcodec/rawdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c
index 4699242..ab3e0c7 100644
--- a/libavcodec/rawdec.c
+++ b/libavcodec/rawdec.c
@@ -190,7 +190,7 @@ static int raw_decode(AVCodecContext *avctx, void *data, int *got_frame,
return res;
if (need_copy)
- frame->buf[0] = av_buffer_alloc(context->frame_size);
+ frame->buf[0] = av_buffer_alloc(FFMAX(context->frame_size, buf_size));
else
frame->buf[0] = av_buffer_ref(avpkt->buf);
if (!frame->buf[0])
@@ -219,7 +219,7 @@ static int raw_decode(AVCodecContext *avctx, void *data, int *got_frame,
}
buf = dst;
} else if (need_copy) {
- memcpy(frame->buf[0]->data, buf, FFMIN(buf_size, context->frame_size));
+ memcpy(frame->buf[0]->data, buf, buf_size);
buf = frame->buf[0]->data;
}
More information about the ffmpeg-cvslog
mailing list