RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-02-13 10:10:03 +00:00
Code Issues Projects Releases Wiki Activity

Use av_fast_padded_malloc in fraps and mpc decoders.

Browse Source 
Fixes FATE failures due to uninitialized reads under valgrind
for these two codecs.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
This commit is contained in:
Reimar Döffinger 2012-01-17 22:20:23 +01:00
parent 4259d1eb99
commit f9ced97543
3 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/fraps.c
View File

@ -277,7 +277,7 @@ static int decode_frame(AVCodecContext *avctx,
offs[planes] = buf_size; offs[planes] = buf_size;
for(i = 0; i < planes; i++){ for(i = 0; i < planes; i++){
is_chroma = !!i; is_chroma = !!i;
av_fast_malloc(&s->tmpbuf, &s->tmpbuf_size, offs[i + 1] - offs[i] - 1024 + FF_INPUT_BUFFER_PADDING_SIZE); av_fast_padded_malloc(&s->tmpbuf, &s->tmpbuf_size, offs[i + 1] - offs[i] - 1024);
if (!s->tmpbuf) if (!s->tmpbuf)
return AVERROR(ENOMEM); return AVERROR(ENOMEM);
if(fraps2_decode_plane(s, f->data[i], f->linesize[i], avctx->width >> is_chroma, if(fraps2_decode_plane(s, f->data[i], f->linesize[i], avctx->width >> is_chroma,

2
libavcodec/mpc.h
View File

@ -66,6 +66,8 @@ typedef struct {
int buf_size; int buf_size;
AVLFG rnd; AVLFG rnd;
int frames_to_skip; int frames_to_skip;
uint8_t *buffer;
int buffer_size;
/* for synthesis */ /* for synthesis */
DECLARE_ALIGNED(16, MPA_INT, synth_buf)[MPA_MAX_CHANNELS][512*2]; DECLARE_ALIGNED(16, MPA_INT, synth_buf)[MPA_MAX_CHANNELS][512*2];
int synth_buf_offset[MPA_MAX_CHANNELS]; int synth_buf_offset[MPA_MAX_CHANNELS];

20
libavcodec/mpc7.c
View File

@ -203,7 +203,6 @@ static int mpc7_decode_frame(AVCodecContext * avctx, void *data,
int buf_size = avpkt->size; int buf_size = avpkt->size;
MPCContext *c = avctx->priv_data; MPCContext *c = avctx->priv_data;
GetBitContext gb; GetBitContext gb;
uint8_t *bits;
int i, ch; int i, ch;
int mb = -1; int mb = -1;
Band *bands = c->bands; Band *bands = c->bands;
@ -223,9 +222,11 @@ static int mpc7_decode_frame(AVCodecContext * avctx, void *data,
return ret; return ret;
} }
bits = av_malloc(((buf_size - 1) & ~3) + FF_INPUT_BUFFER_PADDING_SIZE); av_fast_padded_malloc(&c->buffer, &c->buffer_size, FFALIGN(buf_size - 1, 4));
c->dsp.bswap_buf((uint32_t*)bits, (const uint32_t*)(buf + 4), (buf_size - 4) >> 2); if (!c->buffer)
init_get_bits(&gb, bits, (buf_size - 4)* 8); return AVERROR(ENOMEM);
c->dsp.bswap_buf((uint32_t*)c->buffer, (const uint32_t*)(buf + 4), (buf_size - 4) >> 2);
init_get_bits(&gb, c->buffer, (buf_size - 4)* 8);
skip_bits_long(&gb, buf[0]); skip_bits_long(&gb, buf[0]);
/* read subband indexes */ /* read subband indexes */
@ -282,8 +283,6 @@ static int mpc7_decode_frame(AVCodecContext * avctx, void *data,
ff_mpc_dequantize_and_synth(c, mb, c->frame.data[0], 2); ff_mpc_dequantize_and_synth(c, mb, c->frame.data[0], 2);
av_free(bits);
bits_used = get_bits_count(&gb); bits_used = get_bits_count(&gb);
bits_avail = (buf_size - 4) * 8; bits_avail = (buf_size - 4) * 8;
if(!buf[1] && ((bits_avail < bits_used) || (bits_used + 32 <= bits_avail))){ if(!buf[1] && ((bits_avail < bits_used) || (bits_used + 32 <= bits_avail))){
@ -310,12 +309,21 @@ static void mpc7_decode_flush(AVCodecContext *avctx)
c->frames_to_skip = 32; c->frames_to_skip = 32;
} }
static av_cold int mpc7_decode_close(AVCodecContext *avctx)
{
MPCContext *c = avctx->priv_data;
av_freep(&c->buffer);
c->buffer_size = 0;
return 0;
}
AVCodec ff_mpc7_decoder = { AVCodec ff_mpc7_decoder = {
.name = "mpc7", .name = "mpc7",
.type = AVMEDIA_TYPE_AUDIO, .type = AVMEDIA_TYPE_AUDIO,
.id = CODEC_ID_MUSEPACK7, .id = CODEC_ID_MUSEPACK7,
.priv_data_size = sizeof(MPCContext), .priv_data_size = sizeof(MPCContext),
.init = mpc7_decode_init, .init = mpc7_decode_init,
.close = mpc7_decode_close,
.decode = mpc7_decode_frame, .decode = mpc7_decode_frame,
.flush = mpc7_decode_flush, .flush = mpc7_decode_flush,
.capabilities = CODEC_CAP_DR1, .capabilities = CODEC_CAP_DR1,