Mercurial > mplayer.hg

diff libmpdemux/video.c @ 17226:255b14c0bc36

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
malloc padding to avoid access beyond allocated memory Credits to Mikulas Patocka (mikulas at artax karlin mff cuni cz)
author henry
date Mon, 19 Dec 2005 19:38:28 +0000
parents 6ff3379a0862
children c568f01ef9f9
line wrap: on
line diff
--- a/libmpdemux/video.c	Mon Dec 19 18:04:37 2005 +0000
+++ b/libmpdemux/video.c	Mon Dec 19 19:38:28 2005 +0000
@@ -22,6 +22,12 @@
 /* sub_cc (closed captions)*/
 #include "sub_cc.h"
 
+#ifdef USE_LIBAVCODEC
+#include "avcodec.h"
+#else
+#define FF_INPUT_BUFFER_PADDING_SIZE 8
+#endif
+
 /* biCompression constant */
 #define BI_RGB        0L
 
@@ -132,10 +138,13 @@
       }
    }
    mp_msg(MSGT_DECVIDEO,MSGL_V,"OK!\n");
-   if(!videobuffer) videobuffer=(char*)memalign(8,VIDEOBUFFER_SIZE);
-   if(!videobuffer){ 
-     mp_msg(MSGT_DECVIDEO,MSGL_ERR,MSGTR_ShMemAllocFail);
-     return 0;
+   if(!videobuffer) {
+     videobuffer=(char*)memalign(8,VIDEOBUFFER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
+     if (videobuffer) memset(videobuffer+VIDEOBUFFER_SIZE, 0, FF_INPUT_BUFFER_PADDING_SIZE);
+     else {
+       mp_msg(MSGT_DECVIDEO,MSGL_ERR,MSGTR_ShMemAllocFail);
+       return 0;
+     }
    }
    mp_msg(MSGT_DECVIDEO,MSGL_V,"Searching for Video Object Layer Start code... ");fflush(stdout);
    while(1){
@@ -222,10 +231,13 @@
       }
    }
    mp_msg(MSGT_DECVIDEO,MSGL_V,"OK!\n");
-   if(!videobuffer) videobuffer=(char*)memalign(8,VIDEOBUFFER_SIZE);
-   if(!videobuffer){ 
-     mp_msg(MSGT_DECVIDEO,MSGL_ERR,MSGTR_ShMemAllocFail);
-     return 0;
+   if(!videobuffer) {
+     videobuffer=(char*)memalign(8,VIDEOBUFFER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
+     if (videobuffer) memset(videobuffer+VIDEOBUFFER_SIZE, 0, FF_INPUT_BUFFER_PADDING_SIZE);
+     else {
+       mp_msg(MSGT_DECVIDEO,MSGL_ERR,MSGTR_ShMemAllocFail);
+       return 0;
+     }
    }
    pos = videobuf_len+4;
    if(!read_video_packet(d_video)){ 
@@ -280,10 +292,13 @@
 //   sh_video=d_video->sh;sh_video->ds=d_video;
 //   mpeg2_init();
    // ========= Read & process sequence header & extension ============
-   if(!videobuffer) videobuffer=(char*)memalign(8,VIDEOBUFFER_SIZE);
-   if(!videobuffer){ 
-     mp_msg(MSGT_DECVIDEO,MSGL_ERR,MSGTR_ShMemAllocFail);
-     return 0;
+   if(!videobuffer) {
+     videobuffer=(char*)memalign(8,VIDEOBUFFER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
+     if (videobuffer) memset(videobuffer+VIDEOBUFFER_SIZE, 0, FF_INPUT_BUFFER_PADDING_SIZE);
+     else {
+       mp_msg(MSGT_DECVIDEO,MSGL_ERR,MSGTR_ShMemAllocFail);
+       return 0;
+     }
    }
    
    if(!read_video_packet(d_video)){