# HG changeset patch
# User henry
# Date 1134842223 0
# Node ID 2ece9c9dd94cb08bf95613aabc39228dc9da9a28
# Parent  778e090e879da63b16edab5e6b63e988ef790833
malloc padding to avoid reading past the malloc()ed area.

Credits to Mikulas Patocka (mikulas at artax karlin mff cuni cz)

diff -r 778e090e879d -r 2ece9c9dd94c ogg.c
--- a/ogg.c	Sat Dec 17 11:27:37 2005 +0000
+++ b/ogg.c	Sat Dec 17 17:57:03 2005 +0000
@@ -216,6 +216,7 @@
             return -1;
         codec->extradata_size+= 2 + op.bytes;
         codec->extradata= av_realloc(codec->extradata, codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
+        memset(codec->extradata + codec->extradata_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
         p= codec->extradata + codec->extradata_size - 2 - op.bytes;
         *(p++)= op.bytes>>8;
         *(p++)= op.bytes&0xFF;
diff -r 778e090e879d -r 2ece9c9dd94c rm.c
--- a/rm.c	Sat Dec 17 11:27:37 2005 +0000
+++ b/rm.c	Sat Dec 17 17:57:03 2005 +0000
@@ -557,7 +557,7 @@
             codecdata_length = get_be32(pb);
             st->codec->codec_id = CODEC_ID_COOK;
             st->codec->extradata_size= codecdata_length;
-            st->codec->extradata= av_mallocz(st->codec->extradata_size);
+            st->codec->extradata= av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
             for(i = 0; i < codecdata_length; i++)
                 ((uint8_t*)st->codec->extradata)[i] = get_byte(pb);
             rm->audio_framesize = st->codec->block_align;
@@ -708,7 +708,7 @@
                 get_be16(pb);
                 
                 st->codec->extradata_size= codec_data_size - (url_ftell(pb) - codec_pos);
-                st->codec->extradata= av_malloc(st->codec->extradata_size);
+                st->codec->extradata= av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
                 get_buffer(pb, st->codec->extradata, st->codec->extradata_size);
                 
 //                av_log(NULL, AV_LOG_DEBUG, "fps= %d fps2= %d\n", fps, fps2);
diff -r 778e090e879d -r 2ece9c9dd94c sierravmd.c
--- a/sierravmd.c	Sat Dec 17 11:27:37 2005 +0000
+++ b/sierravmd.c	Sat Dec 17 17:57:03 2005 +0000
@@ -137,7 +137,7 @@
     st->codec->width = LE_16(&vmd->vmd_header[12]);
     st->codec->height = LE_16(&vmd->vmd_header[14]);
     st->codec->extradata_size = VMD_HEADER_SIZE;
-    st->codec->extradata = av_malloc(VMD_HEADER_SIZE);
+    st->codec->extradata = av_mallocz(VMD_HEADER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
     memcpy(st->codec->extradata, vmd->vmd_header, VMD_HEADER_SIZE);
 
     /* if sample rate is 0, assume no audio */
diff -r 778e090e879d -r 2ece9c9dd94c westwood.c
--- a/westwood.c	Sat Dec 17 11:27:37 2005 +0000
+++ b/westwood.c	Sat Dec 17 17:57:03 2005 +0000
@@ -231,7 +231,7 @@
 
     /* the VQA header needs to go to the decoder */
     st->codec->extradata_size = VQA_HEADER_SIZE;
-    st->codec->extradata = av_malloc(VQA_HEADER_SIZE);
+    st->codec->extradata = av_mallocz(VQA_HEADER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
     header = (unsigned char *)st->codec->extradata;
     if (get_buffer(pb, st->codec->extradata, VQA_HEADER_SIZE) !=
         VQA_HEADER_SIZE) {