Mercurial > mplayer.hg

changeset 7352:757e876d36fe

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Off-by-one error allocating bitmap, when (width*height) % 8 != 0 The code was writing beyond allocated memory, and could corrupt malloc heap.
author jkeil
date Tue, 10 Sep 2002 12:38:19 +0000
parents 064ada190b6c
children 0cb951ac0133
files Gui/bitmap.c Gui/bitmap/bitmap.c
diffstat 2 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/Gui/bitmap.c	Mon Sep 09 22:48:39 2002 +0000
+++ b/Gui/bitmap.c	Tue Sep 10 12:38:19 2002 +0000
@@ -114,7 +114,7 @@
  out->Width=in->Width;
  out->Height=in->Height;
  out->BPP=1;
- out->ImageSize=out->Width * out->Height / 8;
+ out->ImageSize=(out->Width * out->Height + 7) / 8;
  mp_dbg( MSGT_GPLAYER,MSGL_DBG2,"[c1to32] imagesize: %d\n",out->ImageSize );
  out->Image=(char *)calloc( 1,out->ImageSize );
  if ( out->Image == NULL ) mp_msg( MSGT_GPLAYER,MSGL_STATUS,"nem van ram baze\n" );
--- a/Gui/bitmap/bitmap.c	Mon Sep 09 22:48:39 2002 +0000
+++ b/Gui/bitmap/bitmap.c	Tue Sep 10 12:38:19 2002 +0000
@@ -114,7 +114,7 @@
  out->Width=in->Width;
  out->Height=in->Height;
  out->BPP=1;
- out->ImageSize=out->Width * out->Height / 8;
+ out->ImageSize=(out->Width * out->Height + 7) / 8;
  mp_dbg( MSGT_GPLAYER,MSGL_DBG2,"[c1to32] imagesize: %d\n",out->ImageSize );
  out->Image=(char *)calloc( 1,out->ImageSize );
  if ( out->Image == NULL ) mp_msg( MSGT_GPLAYER,MSGL_STATUS,"nem van ram baze\n" );