[MPlayer-cvslog] CVS: main/libmpcodecs ad_ffmpeg.c, 1.20, 1.21 vd_ffmpeg.c, 1.155, 1.156

Jindrich Makovicka CVS syncmail at mplayerhq.hu
Mon Dec 19 20:38:30 CET 2005


CVS change done by Jindrich Makovicka CVS

Update of /cvsroot/mplayer/main/libmpcodecs
In directory mail:/var2/tmp/cvs-serv22236/libmpcodecs

Modified Files:
	ad_ffmpeg.c vd_ffmpeg.c 
Log Message:
malloc padding to avoid access beyond allocated memory

Credits to Mikulas Patocka (mikulas at artax karlin mff cuni cz)


Index: ad_ffmpeg.c
===================================================================
RCS file: /cvsroot/mplayer/main/libmpcodecs/ad_ffmpeg.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- ad_ffmpeg.c	1 Aug 2005 20:16:56 -0000	1.20
+++ ad_ffmpeg.c	19 Dec 2005 19:38:28 -0000	1.21
@@ -73,7 +73,7 @@
 
     /* alloc extra data */
     if (sh_audio->wf && sh_audio->wf->cbSize > 0) {
-        lavc_context->extradata = av_malloc(sh_audio->wf->cbSize);
+        lavc_context->extradata = av_mallocz(sh_audio->wf->cbSize + FF_INPUT_BUFFER_PADDING_SIZE);
         lavc_context->extradata_size = sh_audio->wf->cbSize;
         memcpy(lavc_context->extradata, (char *)sh_audio->wf + sizeof(WAVEFORMATEX), 
                lavc_context->extradata_size);

Index: vd_ffmpeg.c
===================================================================
RCS file: /cvsroot/mplayer/main/libmpcodecs/vd_ffmpeg.c,v
retrieving revision 1.155
retrieving revision 1.156
diff -u -r1.155 -r1.156
--- vd_ffmpeg.c	18 Dec 2005 01:22:11 -0000	1.155
+++ vd_ffmpeg.c	19 Dec 2005 19:38:28 -0000	1.156
@@ -324,7 +324,7 @@
     {
 	avctx->flags |= CODEC_FLAG_EXTERN_HUFF;
 	avctx->extradata_size = sh->bih->biSize-sizeof(BITMAPINFOHEADER);
-	avctx->extradata = av_malloc(avctx->extradata_size);
+	avctx->extradata = av_mallocz(avctx->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
 	memcpy(avctx->extradata, sh->bih+sizeof(BITMAPINFOHEADER),
 	    avctx->extradata_size);
 
@@ -346,7 +346,7 @@
        || sh->format == mmioFOURCC('R', 'V', '4', '0')
        ){
         avctx->extradata_size= 8;
-        avctx->extradata = av_malloc(avctx->extradata_size);
+        avctx->extradata = av_mallocz(avctx->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
         if(sh->bih->biSize!=sizeof(*sh->bih)+8){
             /* only 1 packet per frame & sub_id from fourcc */
 	    ((uint32_t*)avctx->extradata)[0] = 0;
@@ -384,7 +384,7 @@
          ))
     {
 	avctx->extradata_size = sh->bih->biSize-sizeof(BITMAPINFOHEADER);
-	avctx->extradata = av_malloc(avctx->extradata_size);
+	avctx->extradata = av_mallocz(avctx->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
 	memcpy(avctx->extradata, sh->bih+1, avctx->extradata_size);
     }
     /* Pass palette to codec */
@@ -405,7 +405,7 @@
     if (sh->ImageDesc &&
 	 sh->format == mmioFOURCC('S','V','Q','3')){
 	avctx->extradata_size = (*(int*)sh->ImageDesc) - sizeof(int);
-	avctx->extradata = av_malloc(avctx->extradata_size);
+	avctx->extradata = av_mallocz(avctx->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
 	memcpy(avctx->extradata, ((int*)sh->ImageDesc)+1, avctx->extradata_size);
     }
     




More information about the MPlayer-cvslog mailing list