[MPlayer-cvslog] r29423 - in trunk/libass: ass.h ass_render.c

eugeni subversion at mplayerhq.hu
Sat Jul 18 13:32:58 CEST 2009 

Author: eugeni
Date: Sat Jul 18 13:32:58 2009
New Revision: 29423

Log:
Fix read after the end of allocated buffer.

Modified:
   trunk/libass/ass.h
   trunk/libass/ass_render.c

Modified: trunk/libass/ass.h
==============================================================================
--- trunk/libass/ass.h	Sat Jul 18 06:31:55 2009	(r29422)
+++ trunk/libass/ass.h	Sat Jul 18 13:32:58 2009	(r29423)
@@ -34,6 +34,8 @@ typedef struct ass_image_s {
 	int w, h; // bitmap width/height
 	int stride; // bitmap stride
 	unsigned char* bitmap; // 1bpp stride*h alpha buffer
+	                       // Actual bitmap size may be as low as
+	                       // stride * (h-1) + w
 	uint32_t color; // RGBA
 	int dst_x, dst_y; // bitmap placement inside the video frame
 

Modified: trunk/libass/ass_render.c
==============================================================================
--- trunk/libass/ass_render.c	Sat Jul 18 06:31:55 2009	(r29422)
+++ trunk/libass/ass_render.c	Sat Jul 18 13:32:58 2009	(r29423)
@@ -408,6 +408,21 @@ static ass_image_t** render_glyph(bitmap
 }
 
 /**
+ * \brief Replaces the bitmap buffer in ass_image_t with its copy.
+ *
+ * @param img Image to operate on.
+ * @return Address of the old buffer.
+ */
+static unsigned char* clone_bitmap_data(ass_image_t* img)
+{
+	unsigned char* old_bitmap = img->bitmap;
+	int size = img->stride * (img->h - 1) + img->w;
+	img->bitmap = malloc(size);
+	memcpy(img->bitmap, old_bitmap, size);
+	return old_bitmap;
+}
+
+/**
  * \brief Calculate overlapping area of two consecutive bitmaps and in case they
  * overlap, composite them together
  * Mainly useful for translucent glyphs and especially borders, to avoid the
@@ -474,12 +489,8 @@ static void render_overlap(ass_image_t**
 	}
 
 	// Allocate new bitmaps and copy over data
-	a = (*last_tail)->bitmap;
-	b = (*tail)->bitmap;
-	(*last_tail)->bitmap = malloc(as*ah);
-	(*tail)->bitmap = malloc(bs*bh);
-	memcpy((*last_tail)->bitmap, a, as*ah);
-	memcpy((*tail)->bitmap, b, bs*bh);
+	a = clone_bitmap_data(*last_tail);
+	b = clone_bitmap_data(*tail);
 
 	// Composite overlapping area
 	for (y=0; y<h; y++)

More information about the MPlayer-cvslog mailing list