[FFmpeg-devel] [PATCH 2/2] MxPEG decoder

Michael Niedermayer michaelni
Sun Oct 31 23:17:37 CET 2010 

On Sun, Oct 31, 2010 at 09:23:13PM +0300, Anatoly Nenashev wrote:
> Patch for .mxg demuxer

[...]
> +static int mxg_read_header(AVFormatContext *s, AVFormatParameters *ap)
> +{
> +    AVStream *video_st = 0, *audio_st = 0;
> +    MXGContext *mxg = s->priv_data;
> +
> +    /* video parameters will be extracted from the compressed bitstream */
> +    video_st = av_new_stream(s, VIDEO_STREAM_INDEX);
> +    if (!video_st)
> +        return AVERROR(ENOMEM);
> +    video_st->codec->codec_type = AVMEDIA_TYPE_VIDEO;
> +    video_st->codec->codec_id = CODEC_ID_MXPEG;
> +    av_set_pts_info(video_st, 64, 1, 1000000);
> +
> +    audio_st = av_new_stream(s, AUDIO_STREAM_INDEX);
> +    if (!audio_st)
> +        return AVERROR(ENOMEM);
> +    audio_st->codec->codec_type = AVMEDIA_TYPE_AUDIO;
> +    audio_st->codec->codec_id = CODEC_ID_PCM_ALAW;
> +    audio_st->codec->channels = 1;
> +    audio_st->codec->sample_rate = 8000;
> +    audio_st->codec->bits_per_coded_sample = 8;
> +    audio_st->codec->block_align = 1;
> +

> +    mxg->buffer = (uint8_t*) av_malloc(DEFAULT_PACKET_SIZE);

unneeded cast

[...]
> +        if (mxg->found_video_packet) {
> +            mxg->buffer[mxg->current_pos++] = data;
> +            if (mxg->state == 0xfffe) {
> +                int size = get_be16(s->pb);
> +                if (url_feof(s->pb) || url_ferror(s->pb))
> +                    return AVERROR_EOF;
> +                mxg->buffer = av_fast_realloc(mxg->buffer, &mxg->buffer_size,
> +                                              mxg->current_pos + size);

here the + and similar at other points can overflow and lead to realloc to a
too small buffer
[...]
> +            if (mxg->current_pos >= mxg->buffer_size) {
> +                mxg->buffer = (uint8_t*) av_fast_realloc(mxg->buffer, &mxg->buffer_size,

unneeded cast

[...]
--
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Everything should be made as simple as possible, but not simpler.
-- Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20101031/f41c80ea/attachment.pgp>

More information about the ffmpeg-devel mailing list