[MPlayer-dev-eng] [PATCH] use av_malloc/av_free instead of malloc where missing memalign

Wed Oct 15 18:12:07 CEST 2008

Hello,
On Sun, Oct 12, 2008 at 01:30:23AM +0200, Gianluigi Tiesi wrote:
> I've seen a similar patch in liba52 that checks for mingw+sse
> but I think it's better to check for missing memalign

I think it is better not to check at all, at least not with additional
ifdefs.

> there are also other places to be fixed, but it's a bit
> dangerous, since free() needs to be mapped to av_free __only__
> if the buffer is allocated with av_malloc
> (audio_dec -> a_buffer is ok to av_malloc/av_free,
> a_in_buffer leads to stack corruptions, free-ed somewhere else?)

a_in_buffer is only hacked in such an inappropriate way in ad_twin.
If it still crashes we'll have to check in more detail, a_in_buffer
probably should be padded anyway.
Please provide as detailed a bugreport as you can.
And I'd suggest attached (untested) patch.

Greetings,
Reimar Döffinger
-------------- next part --------------
Index: libmpcodecs/dec_audio.c
===================================================================

--- libmpcodecs/dec_audio.c	(revision 27731)
+++ libmpcodecs/dec_audio.c	(working copy)
@@ -74,8 +74,7 @@
 	sh_audio->a_in_buffer_size = sh_audio->audio_in_minsize;
 	mp_msg(MSGT_DECAUDIO, MSGL_V, MSGTR_AllocatingBytesForInputBuffer,
 	       sh_audio->a_in_buffer_size);
-	sh_audio->a_in_buffer = memalign(16, sh_audio->a_in_buffer_size);
-	memset(sh_audio->a_in_buffer, 0, sh_audio->a_in_buffer_size);
+	sh_audio->a_in_buffer = av_mallocz(sh_audio->a_in_buffer_size);
 	sh_audio->a_in_buffer_len = 0;
     }
 
@@ -84,12 +83,11 @@
     mp_msg(MSGT_DECAUDIO, MSGL_V, MSGTR_AllocatingBytesForOutputBuffer,
 	   sh_audio->audio_out_minsize, MAX_OUTBURST, sh_audio->a_buffer_size);
 
-    sh_audio->a_buffer = memalign(16, sh_audio->a_buffer_size);
+    sh_audio->a_buffer = av_mallocz(sh_audio->a_buffer_size);
     if (!sh_audio->a_buffer) {
 	mp_msg(MSGT_DECAUDIO, MSGL_ERR, MSGTR_CantAllocAudioBuf);
 	return 0;
     }
-    memset(sh_audio->a_buffer, 0, sh_audio->a_buffer_size);
     sh_audio->a_buffer_len = 0;
 
     if (!sh_audio->ad_driver->init(sh_audio)) {
@@ -306,12 +304,8 @@
     free(sh_audio->a_out_buffer);
     sh_audio->a_out_buffer = NULL;
     sh_audio->a_out_buffer_size = 0;
-    if (sh_audio->a_buffer)
-	free(sh_audio->a_buffer);
-    sh_audio->a_buffer = NULL;
-    if (sh_audio->a_in_buffer)
-	free(sh_audio->a_in_buffer);
-    sh_audio->a_in_buffer = NULL;
+    av_freep(&sh_audio->a_buffer);
+    av_freep(&sh_audio->a_in_buffer);
 }
 
 
