diff options
| author | Jindřich Makovička <makovick@gmail.com> | 2005-12-17 17:57:03 +0000 |
|---|---|---|
| committer | Jindřich Makovička <makovick@gmail.com> | 2005-12-17 17:57:03 +0000 |
| commit | d76319b1ab716320f6e6a4d690b85fe4504ebd5b (patch) | |
| tree | 60e46ea97983711974a83c54752d0795c9707928 | |
| parent | 63d33cf4390a9280b1ba42ee722f3140cf1cad3e (diff) | |
malloc padding to avoid reading past the malloc()ed area.
Credits to Mikulas Patocka (mikulas at artax karlin mff cuni cz)
Originally committed as revision 4748 to svn://svn.ffmpeg.org/ffmpeg/trunk
| -rw-r--r-- | libavformat/ogg.c | 1 | ||||
| -rw-r--r-- | libavformat/rm.c | 4 | ||||
| -rw-r--r-- | libavformat/sierravmd.c | 2 | ||||
| -rw-r--r-- | libavformat/westwood.c | 2 |
4 files changed, 5 insertions, 4 deletions
diff --git a/libavformat/ogg.c b/libavformat/ogg.c index 41fa0d92e0..53c8b05826 100644 --- a/libavformat/ogg.c +++ b/libavformat/ogg.c @@ -216,6 +216,7 @@ static int ogg_read_header(AVFormatContext *avfcontext, AVFormatParameters *ap) return -1; codec->extradata_size+= 2 + op.bytes; codec->extradata= av_realloc(codec->extradata, codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); + memset(codec->extradata + codec->extradata_size, 0, FF_INPUT_BUFFER_PADDING_SIZE); p= codec->extradata + codec->extradata_size - 2 - op.bytes; *(p++)= op.bytes>>8; *(p++)= op.bytes&0xFF; diff --git a/libavformat/rm.c b/libavformat/rm.c index b8ef354353..5433da73a1 100644 --- a/libavformat/rm.c +++ b/libavformat/rm.c @@ -557,7 +557,7 @@ static void rm_read_audio_stream_info(AVFormatContext *s, AVStream *st, codecdata_length = get_be32(pb); st->codec->codec_id = CODEC_ID_COOK; st->codec->extradata_size= codecdata_length; - st->codec->extradata= av_mallocz(st->codec->extradata_size); + st->codec->extradata= av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); for(i = 0; i < codecdata_length; i++) ((uint8_t*)st->codec->extradata)[i] = get_byte(pb); rm->audio_framesize = st->codec->block_align; @@ -708,7 +708,7 @@ static int rm_read_header(AVFormatContext *s, AVFormatParameters *ap) get_be16(pb); st->codec->extradata_size= codec_data_size - (url_ftell(pb) - codec_pos); - st->codec->extradata= av_malloc(st->codec->extradata_size); + st->codec->extradata= av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); get_buffer(pb, st->codec->extradata, st->codec->extradata_size); // av_log(NULL, AV_LOG_DEBUG, "fps= %d fps2= %d\n", fps, fps2); diff --git a/libavformat/sierravmd.c b/libavformat/sierravmd.c index bc69c0ecd1..4037614b8a 100644 --- a/libavformat/sierravmd.c +++ b/libavformat/sierravmd.c @@ -137,7 +137,7 @@ static int vmd_read_header(AVFormatContext *s, st->codec->width = LE_16(&vmd->vmd_header[12]); st->codec->height = LE_16(&vmd->vmd_header[14]); st->codec->extradata_size = VMD_HEADER_SIZE; - st->codec->extradata = av_malloc(VMD_HEADER_SIZE); + st->codec->extradata = av_mallocz(VMD_HEADER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE); memcpy(st->codec->extradata, vmd->vmd_header, VMD_HEADER_SIZE); /* if sample rate is 0, assume no audio */ diff --git a/libavformat/westwood.c b/libavformat/westwood.c index 1d3e325e4f..d9f61c717a 100644 --- a/libavformat/westwood.c +++ b/libavformat/westwood.c @@ -231,7 +231,7 @@ static int wsvqa_read_header(AVFormatContext *s, /* the VQA header needs to go to the decoder */ st->codec->extradata_size = VQA_HEADER_SIZE; - st->codec->extradata = av_malloc(VQA_HEADER_SIZE); + st->codec->extradata = av_mallocz(VQA_HEADER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE); header = (unsigned char *)st->codec->extradata; if (get_buffer(pb, st->codec->extradata, VQA_HEADER_SIZE) != VQA_HEADER_SIZE) { |