RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2024-12-29 10:52:20 +00:00
Code Issues Projects Releases Wiki Activity

malloc padding to avoid reading past the malloc()ed area.

Browse Source 
Credits to Mikulas Patocka (mikulas at artax karlin mff cuni cz)

Originally committed as revision 4748 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Jindřich Makovička 2005-12-17 17:57:03 +00:00
parent 63d33cf439
commit d76319b1ab
4 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libavformat/ogg.c
View File

@ -216,6 +216,7 @@ static int ogg_read_header(AVFormatContext *avfcontext, AVFormatParameters *ap)
return -1; return -1;
codec->extradata_size+= 2 + op.bytes; codec->extradata_size+= 2 + op.bytes;
codec->extradata= av_realloc(codec->extradata, codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); codec->extradata= av_realloc(codec->extradata, codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
memset(codec->extradata + codec->extradata_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
p= codec->extradata + codec->extradata_size - 2 - op.bytes; p= codec->extradata + codec->extradata_size - 2 - op.bytes;
*(p++)= op.bytes>>8; *(p++)= op.bytes>>8;
*(p++)= op.bytes&0xFF; *(p++)= op.bytes&0xFF;

4
libavformat/rm.c
View File

@ -557,7 +557,7 @@ static void rm_read_audio_stream_info(AVFormatContext *s, AVStream *st,
codecdata_length = get_be32(pb); codecdata_length = get_be32(pb);
st->codec->codec_id = CODEC_ID_COOK; st->codec->codec_id = CODEC_ID_COOK;
st->codec->extradata_size= codecdata_length; st->codec->extradata_size= codecdata_length;
st->codec->extradata= av_mallocz(st->codec->extradata_size); st->codec->extradata= av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
for(i = 0; i < codecdata_length; i++) for(i = 0; i < codecdata_length; i++)
((uint8_t*)st->codec->extradata)[i] = get_byte(pb); ((uint8_t*)st->codec->extradata)[i] = get_byte(pb);
rm->audio_framesize = st->codec->block_align; rm->audio_framesize = st->codec->block_align;
@ -708,7 +708,7 @@ static int rm_read_header(AVFormatContext *s, AVFormatParameters *ap)
get_be16(pb); get_be16(pb);
st->codec->extradata_size= codec_data_size - (url_ftell(pb) - codec_pos); st->codec->extradata_size= codec_data_size - (url_ftell(pb) - codec_pos);
st->codec->extradata= av_malloc(st->codec->extradata_size); st->codec->extradata= av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
get_buffer(pb, st->codec->extradata, st->codec->extradata_size); get_buffer(pb, st->codec->extradata, st->codec->extradata_size);
// av_log(NULL, AV_LOG_DEBUG, "fps= %d fps2= %d\n", fps, fps2); // av_log(NULL, AV_LOG_DEBUG, "fps= %d fps2= %d\n", fps, fps2);

2
libavformat/sierravmd.c
View File

@ -137,7 +137,7 @@ static int vmd_read_header(AVFormatContext *s,
st->codec->width = LE_16(&vmd->vmd_header[12]); st->codec->width = LE_16(&vmd->vmd_header[12]);
st->codec->height = LE_16(&vmd->vmd_header[14]); st->codec->height = LE_16(&vmd->vmd_header[14]);
st->codec->extradata_size = VMD_HEADER_SIZE; st->codec->extradata_size = VMD_HEADER_SIZE;
st->codec->extradata = av_malloc(VMD_HEADER_SIZE); st->codec->extradata = av_mallocz(VMD_HEADER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
memcpy(st->codec->extradata, vmd->vmd_header, VMD_HEADER_SIZE); memcpy(st->codec->extradata, vmd->vmd_header, VMD_HEADER_SIZE);
/* if sample rate is 0, assume no audio */ /* if sample rate is 0, assume no audio */

2
libavformat/westwood.c
View File

@ -231,7 +231,7 @@ static int wsvqa_read_header(AVFormatContext *s,
/* the VQA header needs to go to the decoder */ /* the VQA header needs to go to the decoder */
st->codec->extradata_size = VQA_HEADER_SIZE; st->codec->extradata_size = VQA_HEADER_SIZE;
st->codec->extradata = av_malloc(VQA_HEADER_SIZE); st->codec->extradata = av_mallocz(VQA_HEADER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
header = (unsigned char *)st->codec->extradata; header = (unsigned char *)st->codec->extradata;
if (get_buffer(pb, st->codec->extradata, VQA_HEADER_SIZE) != if (get_buffer(pb, st->codec->extradata, VQA_HEADER_SIZE) !=
VQA_HEADER_SIZE) { VQA_HEADER_SIZE) {