From c37a8630ad9fd8f9baef1488bbe07fd0d668e60f Mon Sep 17 00:00:00 2001 From: Miguel Freitas Date: Thu, 27 Dec 2001 20:07:25 +0000 Subject: - ffmpeg update - fix ffmpeg buffer overflow reported by Keith Packard CVS patchset: 1311 CVS date: 2001/12/27 20:07:25 --- src/libffmpeg/xine_decoder.c | 25 +++++++++++++++++++++++-- src/libw32dll/w32codec.c | 6 +++--- 2 files changed, 26 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/libffmpeg/xine_decoder.c b/src/libffmpeg/xine_decoder.c index c77c3b1c4..a7c06f19d 100644 --- a/src/libffmpeg/xine_decoder.c +++ b/src/libffmpeg/xine_decoder.c @@ -17,7 +17,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * - * $Id: xine_decoder.c,v 1.20 2001/12/11 15:30:05 miguelfreitas Exp $ + * $Id: xine_decoder.c,v 1.21 2001/12/27 20:07:25 miguelfreitas Exp $ * * xine decoder plugin using ffmpeg * @@ -71,13 +71,15 @@ typedef struct ff_decoder_s { BITMAPINFOHEADER bih; long biWidth; long biHeight; - unsigned char buf[128*1024]; + unsigned char *buf; + int bufsize; int size; AVPicture av_picture; AVCodecContext context; } ff_decoder_t; +#define VIDEOBUFSIZE 128*1024 /* #define IMGFMT_YUY2 mmioFOURCC('Y','U','Y','2') @@ -118,6 +120,7 @@ static void ff_init (video_decoder_t *this_gen, vo_instance_t *video_out) { this->video_out = video_out; this->decoder_ok = 0; + this->buf = NULL; } static void ff_decode_data (video_decoder_t *this_gen, buf_element_t *buf) { @@ -194,9 +197,23 @@ static void ff_decode_data (video_decoder_t *this_gen, buf_element_t *buf) { this->decoder_ok = 1; this->video_out->open (this->video_out); + + + if( this->buf ) + free( this->buf ); + + this->buf = malloc( VIDEOBUFSIZE ); + this->bufsize = VIDEOBUFSIZE; } else if (this->decoder_ok) { + if( this->size + buf->size > this->bufsize ) { + this->bufsize = this->size + 2 * buf->size; + printf("ffmpeg: increasing source buffer to %d to avoid overflow.\n", + this->bufsize); + this->buf = realloc( this->buf, this->bufsize ); + } + xine_fast_memcpy (&this->buf[this->size], buf->content, buf->size); this->size += buf->size; @@ -331,6 +348,10 @@ static void ff_close (video_decoder_t *this_gen) { this->video_out->close(this->video_out); this->decoder_ok = 0; } + + if (this->buf) + free(this->buf); + this->buf = NULL; } static char *ff_get_id(void) { diff --git a/src/libw32dll/w32codec.c b/src/libw32dll/w32codec.c index e81d19bad..df6465960 100644 --- a/src/libw32dll/w32codec.c +++ b/src/libw32dll/w32codec.c @@ -17,7 +17,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * - * $Id: w32codec.c,v 1.51 2001/12/11 15:30:06 miguelfreitas Exp $ + * $Id: w32codec.c,v 1.52 2001/12/27 20:07:25 miguelfreitas Exp $ * * routines for using w32 codecs * DirectShow support by Miguel Freitas (Nov/2001) @@ -569,7 +569,7 @@ static void w32v_decode_data (video_decoder_t *this_gen, buf_element_t *buf) { return; if( this->size + buf->size > this->bufsize ) { - this->bufsize = this->size + buf->size; + this->bufsize = this->size + 2 * buf->size; printf("w32codec: increasing source buffer to %d to avoid overflow.\n", this->bufsize); this->buf = realloc( this->buf, this->bufsize ); @@ -965,7 +965,7 @@ static void w32a_decode_audio (w32a_decoder_t *this, this->lastpts = pts; if( this->size + size > this->max_audio_src_size ) { - this->max_audio_src_size = this->size + size; + this->max_audio_src_size = this->size + 2 * size; printf("w32codec: increasing source buffer to %d to avoid overflow.\n", this->max_audio_src_size); this->buf = realloc( this->buf, this->max_audio_src_size ); -- cgit v1.2.3