Mercurial > mplayer.hg
changeset 32224:23ba595c0292
Matroska allows data to be compressed multiple times, thus ensure
the destination buffers are sufficiently padded as well.
| author | reimar |
|---|---|
| date | Sat, 18 Sep 2010 17:38:23 +0000 |
| parents | c6e682837c8a |
| children | 8ebdc8466b2f |
| files | libmpdemux/demux_mkv.c |
| diffstat | 1 files changed, 8 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/libmpdemux/demux_mkv.c Sat Sep 18 17:27:17 2010 +0000 +++ b/libmpdemux/demux_mkv.c Sat Sep 18 17:38:23 2010 +0000 @@ -318,11 +318,11 @@ *dest = NULL; zstream.avail_out = *size; do { - if (*size > SIZE_MAX - 4000) + if (*size > SIZE_MAX - 4000 - AV_LZO_INPUT_PADDING) goto zlib_fail; *size += 4000; - *dest = realloc(*dest, *size); + *dest = realloc(*dest, *size + AV_LZO_INPUT_PADDING); zstream.next_out = (Bytef *) (*dest + zstream.total_out); result = inflate(&zstream, Z_NO_FLUSH); if (result != Z_OK && result != Z_STREAM_END) { @@ -349,10 +349,13 @@ *dest = NULL; while (1) { + // Max of both because we might decompress the input multiple + // times. Makes no sense but is possible. + int padding = FFMAX(AV_LZO_OUTPUT_PADDING, AV_LZO_INPUT_PADDING); int srclen = *size; - if (dstlen > SIZE_MAX - AV_LZO_OUTPUT_PADDING) + if (dstlen > SIZE_MAX - padding) goto lzo_fail; - *dest = realloc(*dest, dstlen + AV_LZO_OUTPUT_PADDING); + *dest = realloc(*dest, dstlen + padding); out_avail = dstlen; result = av_lzo1x_decode(*dest, &out_avail, src, &srclen); if (result == 0) @@ -367,7 +370,7 @@ } mp_msg(MSGT_DEMUX, MSGL_DBG2, "[mkv] lzo decompression buffer too small.\n"); - if (dstlen > (SIZE_MAX - AV_LZO_OUTPUT_PADDING)/2) + if (dstlen > (SIZE_MAX - padding)/2) goto lzo_fail; dstlen *= 2; }