Skip to content

F
ffmpeg.wasm-core
Commit d76319b1 authored by Jindřich Makovička's avatar Jindřich Makovička
Browse files
Options

malloc padding to avoid reading past the malloc()ed area. 

Credits to Mikulas Patocka (mikulas at artax karlin mff cuni cz)

Originally committed as revision 4748 to svn://svn.ffmpeg.org/ffmpeg/trunk
parent 63d33cf4
Show whitespace changes
Inline Side-by-side
Showing with 5 additions and 4 deletions
libavformat/ogg.c
View file @ d76319b1
...@@ -216,6 +216,7 @@ static int ogg_read_header(AVFormatContext *avfcontext, AVFormatParameters *ap) ...@@ -216,6 +216,7 @@ static int ogg_read_header(AVFormatContext *avfcontext, AVFormatParameters *ap)
return -1; return -1;
codec->extradata_size+= 2 + op.bytes; codec->extradata_size+= 2 + op.bytes;
codec->extradata= av_realloc(codec->extradata, codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); codec->extradata= av_realloc(codec->extradata, codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
memset(codec->extradata + codec->extradata_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
p= codec->extradata + codec->extradata_size - 2 - op.bytes; p= codec->extradata + codec->extradata_size - 2 - op.bytes;
*(p++)= op.bytes>>8; *(p++)= op.bytes>>8;
*(p++)= op.bytes&0xFF; *(p++)= op.bytes&0xFF;
......
libavformat/rm.c
View file @ d76319b1
...@@ -557,7 +557,7 @@ static void rm_read_audio_stream_info(AVFormatContext *s, AVStream *st, ...@@ -557,7 +557,7 @@ static void rm_read_audio_stream_info(AVFormatContext *s, AVStream *st,
codecdata_length = get_be32(pb); codecdata_length = get_be32(pb);
st->codec->codec_id = CODEC_ID_COOK; st->codec->codec_id = CODEC_ID_COOK;
st->codec->extradata_size= codecdata_length; st->codec->extradata_size= codecdata_length;
st->codec->extradata= av_mallocz(st->codec->extradata_size); st->codec->extradata= av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
for(i = 0; i < codecdata_length; i++) for(i = 0; i < codecdata_length; i++)
((uint8_t*)st->codec->extradata)[i] = get_byte(pb); ((uint8_t*)st->codec->extradata)[i] = get_byte(pb);
rm->audio_framesize = st->codec->block_align; rm->audio_framesize = st->codec->block_align;
...@@ -708,7 +708,7 @@ static int rm_read_header(AVFormatContext *s, AVFormatParameters *ap) ...@@ -708,7 +708,7 @@ static int rm_read_header(AVFormatContext *s, AVFormatParameters *ap)
get_be16(pb); get_be16(pb);
st->codec->extradata_size= codec_data_size - (url_ftell(pb) - codec_pos); st->codec->extradata_size= codec_data_size - (url_ftell(pb) - codec_pos);
st->codec->extradata= av_malloc(st->codec->extradata_size); st->codec->extradata= av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
get_buffer(pb, st->codec->extradata, st->codec->extradata_size); get_buffer(pb, st->codec->extradata, st->codec->extradata_size);
// av_log(NULL, AV_LOG_DEBUG, "fps= %d fps2= %d\n", fps, fps2); // av_log(NULL, AV_LOG_DEBUG, "fps= %d fps2= %d\n", fps, fps2);
......
libavformat/sierravmd.c
View file @ d76319b1
...@@ -137,7 +137,7 @@ static int vmd_read_header(AVFormatContext *s, ...@@ -137,7 +137,7 @@ static int vmd_read_header(AVFormatContext *s,
st->codec->width = LE_16(&vmd->vmd_header[12]); st->codec->width = LE_16(&vmd->vmd_header[12]);
st->codec->height = LE_16(&vmd->vmd_header[14]); st->codec->height = LE_16(&vmd->vmd_header[14]);
st->codec->extradata_size = VMD_HEADER_SIZE; st->codec->extradata_size = VMD_HEADER_SIZE;
st->codec->extradata = av_malloc(VMD_HEADER_SIZE); st->codec->extradata = av_mallocz(VMD_HEADER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
memcpy(st->codec->extradata, vmd->vmd_header, VMD_HEADER_SIZE); memcpy(st->codec->extradata, vmd->vmd_header, VMD_HEADER_SIZE);
/* if sample rate is 0, assume no audio */ /* if sample rate is 0, assume no audio */
......
libavformat/westwood.c
View file @ d76319b1
...@@ -231,7 +231,7 @@ static int wsvqa_read_header(AVFormatContext *s, ...@@ -231,7 +231,7 @@ static int wsvqa_read_header(AVFormatContext *s,
/* the VQA header needs to go to the decoder */ /* the VQA header needs to go to the decoder */
st->codec->extradata_size = VQA_HEADER_SIZE; st->codec->extradata_size = VQA_HEADER_SIZE;
st->codec->extradata = av_malloc(VQA_HEADER_SIZE); st->codec->extradata = av_mallocz(VQA_HEADER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
header = (unsigned char *)st->codec->extradata; header = (unsigned char *)st->codec->extradata;
if (get_buffer(pb, st->codec->extradata, VQA_HEADER_SIZE) != if (get_buffer(pb, st->codec->extradata, VQA_HEADER_SIZE) !=
VQA_HEADER_SIZE) { VQA_HEADER_SIZE) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment