Mercurial > mplayer.hg

changeset 29381:fd2047f3adf6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix read after the end of allocated buffer.
author eugeni
date Sat, 18 Jul 2009 11:32:58 +0000
parents c15ef485f8aa
children 363310571aae
files libass/ass.h libass/ass_render.c
diffstat 2 files changed, 19 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/libass/ass.h	Sat Jul 18 04:31:55 2009 +0000
+++ b/libass/ass.h	Sat Jul 18 11:32:58 2009 +0000
@@ -34,6 +34,8 @@
 	int w, h; // bitmap width/height
 	int stride; // bitmap stride
 	unsigned char* bitmap; // 1bpp stride*h alpha buffer
+	                       // Actual bitmap size may be as low as
+	                       // stride * (h-1) + w
 	uint32_t color; // RGBA
 	int dst_x, dst_y; // bitmap placement inside the video frame
 
--- a/libass/ass_render.c	Sat Jul 18 04:31:55 2009 +0000
+++ b/libass/ass_render.c	Sat Jul 18 11:32:58 2009 +0000
@@ -408,6 +408,21 @@
 }
 
 /**
+ * \brief Replaces the bitmap buffer in ass_image_t with its copy.
+ *
+ * @param img Image to operate on.
+ * @return Address of the old buffer.
+ */
+static unsigned char* clone_bitmap_data(ass_image_t* img)
+{
+	unsigned char* old_bitmap = img->bitmap;
+	int size = img->stride * (img->h - 1) + img->w;
+	img->bitmap = malloc(size);
+	memcpy(img->bitmap, old_bitmap, size);
+	return old_bitmap;
+}
+
+/**
  * \brief Calculate overlapping area of two consecutive bitmaps and in case they
  * overlap, composite them together
  * Mainly useful for translucent glyphs and especially borders, to avoid the
@@ -474,12 +489,8 @@
 	}
 
 	// Allocate new bitmaps and copy over data
-	a = (*last_tail)->bitmap;
-	b = (*tail)->bitmap;
-	(*last_tail)->bitmap = malloc(as*ah);
-	(*tail)->bitmap = malloc(bs*bh);
-	memcpy((*last_tail)->bitmap, a, as*ah);
-	memcpy((*tail)->bitmap, b, bs*bh);
+	a = clone_bitmap_data(*last_tail);
+	b = clone_bitmap_data(*tail);
 
 	// Composite overlapping area
 	for (y=0; y<h; y++)