From 3ca5df36a50e3ffd3b24734725bf545617a627a8 Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Thu, 8 Aug 2013 18:48:43 +0200 Subject: wmall: use AVFrame API properly This fixes a bug with non-refcounted callers resulting in invalid memory access. Signed-off-by: Anton Khirnov --- libavcodec/wmalosslessdec.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) (limited to 'libavcodec/wmalosslessdec.c') diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index 7c08f1ba4c..75b47209a0 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -66,7 +66,7 @@ typedef struct { typedef struct WmallDecodeCtx { /* generic decoder variables */ AVCodecContext *avctx; - AVFrame frame; + AVFrame *frame; uint8_t frame_data[MAX_FRAMESIZE + FF_INPUT_BUFFER_PADDING_SIZE]; ///< compressed frame data PutBitContext pb; ///< context for filling the frame_data buffer @@ -261,8 +261,10 @@ static av_cold int decode_init(AVCodecContext *avctx) return AVERROR_PATCHWELCOME; } - avcodec_get_frame_defaults(&s->frame); - avctx->coded_frame = &s->frame; + s->frame = av_frame_alloc(); + if (!s->frame) + return AVERROR(ENOMEM); + avctx->channel_layout = channel_mask; return 0; } @@ -908,7 +910,7 @@ static int decode_subframe(WmallDecodeCtx *s) } else if (!s->cdlms[0][0].order) { av_log(s->avctx, AV_LOG_DEBUG, "Waiting for seekable tile\n"); - s->frame.nb_samples = 0; + av_frame_unref(s->frame); return -1; } @@ -1015,8 +1017,8 @@ static int decode_frame(WmallDecodeCtx *s) GetBitContext* gb = &s->gb; int more_frames = 0, len = 0, i, ret; - s->frame.nb_samples = s->samples_per_frame; - if ((ret = ff_get_buffer(s->avctx, &s->frame, 0)) < 0) { + s->frame->nb_samples = s->samples_per_frame; + if ((ret = ff_get_buffer(s->avctx, s->frame, 0)) < 0) { /* return an error if no frame could be decoded at all */ av_log(s->avctx, AV_LOG_ERROR, "not enough space for the output samples\n"); @@ -1024,8 +1026,8 @@ static int decode_frame(WmallDecodeCtx *s) return ret; } for (i = 0; i < s->num_channels; i++) { - s->samples_16[i] = (int16_t *)s->frame.extended_data[i]; - s->samples_32[i] = (int32_t *)s->frame.extended_data[i]; + s->samples_16[i] = (int16_t *)s->frame->extended_data[i]; + s->samples_32[i] = (int32_t *)s->frame->extended_data[i]; } /* get frame length */ @@ -1172,7 +1174,7 @@ static int decode_packet(AVCodecContext *avctx, void *data, int *got_frame_ptr, int buf_size = avpkt->size; int num_bits_prev_frame, packet_sequence_number, spliced_packet; - s->frame.nb_samples = 0; + s->frame->nb_samples = 0; if (s->packet_done || s->packet_loss) { s->packet_done = 0; @@ -1265,8 +1267,9 @@ static int decode_packet(AVCodecContext *avctx, void *data, int *got_frame_ptr, save_bits(s, gb, remaining_bits(s, gb), 0); } - *(AVFrame *)data = s->frame; - *got_frame_ptr = s->frame.nb_samples > 0; + *got_frame_ptr = s->frame->nb_samples > 0; + av_frame_move_ref(data, s->frame); + s->packet_offset = get_bits_count(gb) & 7; return (s->packet_loss) ? AVERROR_INVALIDDATA : get_bits_count(gb) >> 3; @@ -1281,16 +1284,26 @@ static void flush(AVCodecContext *avctx) s->frame_offset = 0; s->next_packet_start = 0; s->cdlms[0][0].order = 0; - s->frame.nb_samples = 0; + s->frame->nb_samples = 0; init_put_bits(&s->pb, s->frame_data, MAX_FRAMESIZE); } +static av_cold int decode_close(AVCodecContext *avctx) +{ + WmallDecodeCtx *s = avctx->priv_data; + + av_frame_free(&s->frame); + + return 0; +} + AVCodec ff_wmalossless_decoder = { .name = "wmalossless", .type = AVMEDIA_TYPE_AUDIO, .id = AV_CODEC_ID_WMALOSSLESS, .priv_data_size = sizeof(WmallDecodeCtx), .init = decode_init, + .close = decode_close, .decode = decode_packet, .flush = flush, .capabilities = CODEC_CAP_SUBFRAMES | CODEC_CAP_DR1 | CODEC_CAP_DELAY, -- cgit v1.2.3