Mercurial > mplayer.hg
diff libmpcodecs/vd_ffmpeg.c @ 17226:255b14c0bc36
malloc padding to avoid access beyond allocated memory
Credits to Mikulas Patocka (mikulas at artax karlin mff cuni cz)
| author | henry |
|---|---|
| date | Mon, 19 Dec 2005 19:38:28 +0000 |
| parents | 0d8eee43f85c |
| children | b56f34ba3f2f |
line wrap: on
line diff
--- a/libmpcodecs/vd_ffmpeg.c Mon Dec 19 18:04:37 2005 +0000 +++ b/libmpcodecs/vd_ffmpeg.c Mon Dec 19 19:38:28 2005 +0000 @@ -324,7 +324,7 @@ { avctx->flags |= CODEC_FLAG_EXTERN_HUFF; avctx->extradata_size = sh->bih->biSize-sizeof(BITMAPINFOHEADER); - avctx->extradata = av_malloc(avctx->extradata_size); + avctx->extradata = av_mallocz(avctx->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); memcpy(avctx->extradata, sh->bih+sizeof(BITMAPINFOHEADER), avctx->extradata_size); @@ -346,7 +346,7 @@ || sh->format == mmioFOURCC('R', 'V', '4', '0') ){ avctx->extradata_size= 8; - avctx->extradata = av_malloc(avctx->extradata_size); + avctx->extradata = av_mallocz(avctx->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); if(sh->bih->biSize!=sizeof(*sh->bih)+8){ /* only 1 packet per frame & sub_id from fourcc */ ((uint32_t*)avctx->extradata)[0] = 0; @@ -384,7 +384,7 @@ )) { avctx->extradata_size = sh->bih->biSize-sizeof(BITMAPINFOHEADER); - avctx->extradata = av_malloc(avctx->extradata_size); + avctx->extradata = av_mallocz(avctx->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); memcpy(avctx->extradata, sh->bih+1, avctx->extradata_size); } /* Pass palette to codec */ @@ -405,7 +405,7 @@ if (sh->ImageDesc && sh->format == mmioFOURCC('S','V','Q','3')){ avctx->extradata_size = (*(int*)sh->ImageDesc) - sizeof(int); - avctx->extradata = av_malloc(avctx->extradata_size); + avctx->extradata = av_mallocz(avctx->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); memcpy(avctx->extradata, ((int*)sh->ImageDesc)+1, avctx->extradata_size); }