malloc padding to avoid reading past the malloc()ed area.
authorJindřich Makovička <makovick@gmail.com>
Sat, 17 Dec 2005 17:57:03 +0000 (17:57 +0000)
committerJindřich Makovička <makovick@gmail.com>
Sat, 17 Dec 2005 17:57:03 +0000 (17:57 +0000)
Credits to Mikulas Patocka (mikulas at artax karlin mff cuni cz)

Originally committed as revision 4748 to svn://svn.ffmpeg.org/ffmpeg/trunk

libavformat/ogg.c
libavformat/rm.c
libavformat/sierravmd.c
libavformat/westwood.c

index 41fa0d92e0fc12bb2e4c035deaa2fc0bb4c43cb2..53c8b058269f1b90916140e4265b01ac939d1e01 100644 (file)
@@ -216,6 +216,7 @@ static int ogg_read_header(AVFormatContext *avfcontext, AVFormatParameters *ap)
             return -1;
         codec->extradata_size+= 2 + op.bytes;
         codec->extradata= av_realloc(codec->extradata, codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
+        memset(codec->extradata + codec->extradata_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
         p= codec->extradata + codec->extradata_size - 2 - op.bytes;
         *(p++)= op.bytes>>8;
         *(p++)= op.bytes&0xFF;
index b8ef35435359ff9155dbd92c2978fca574136fb8..5433da73a1870e858d51b7f99400aa367c38da49 100644 (file)
@@ -557,7 +557,7 @@ static void rm_read_audio_stream_info(AVFormatContext *s, AVStream *st,
             codecdata_length = get_be32(pb);
             st->codec->codec_id = CODEC_ID_COOK;
             st->codec->extradata_size= codecdata_length;
-            st->codec->extradata= av_mallocz(st->codec->extradata_size);
+            st->codec->extradata= av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
             for(i = 0; i < codecdata_length; i++)
                 ((uint8_t*)st->codec->extradata)[i] = get_byte(pb);
             rm->audio_framesize = st->codec->block_align;
@@ -708,7 +708,7 @@ static int rm_read_header(AVFormatContext *s, AVFormatParameters *ap)
                 get_be16(pb);
                 
                 st->codec->extradata_size= codec_data_size - (url_ftell(pb) - codec_pos);
-                st->codec->extradata= av_malloc(st->codec->extradata_size);
+                st->codec->extradata= av_mallocz(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE);
                 get_buffer(pb, st->codec->extradata, st->codec->extradata_size);
                 
 //                av_log(NULL, AV_LOG_DEBUG, "fps= %d fps2= %d\n", fps, fps2);
index bc69c0ecd1237b95e0980517c953dc33400fc0e2..4037614b8a94622c485899c82b71f4a08615990f 100644 (file)
@@ -137,7 +137,7 @@ static int vmd_read_header(AVFormatContext *s,
     st->codec->width = LE_16(&vmd->vmd_header[12]);
     st->codec->height = LE_16(&vmd->vmd_header[14]);
     st->codec->extradata_size = VMD_HEADER_SIZE;
-    st->codec->extradata = av_malloc(VMD_HEADER_SIZE);
+    st->codec->extradata = av_mallocz(VMD_HEADER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
     memcpy(st->codec->extradata, vmd->vmd_header, VMD_HEADER_SIZE);
 
     /* if sample rate is 0, assume no audio */
index 1d3e325e4fdb476a63358afef3b595cc1e7227dd..d9f61c717a42580aeb8a3eb774e2fc5280102e06 100644 (file)
@@ -231,7 +231,7 @@ static int wsvqa_read_header(AVFormatContext *s,
 
     /* the VQA header needs to go to the decoder */
     st->codec->extradata_size = VQA_HEADER_SIZE;
-    st->codec->extradata = av_malloc(VQA_HEADER_SIZE);
+    st->codec->extradata = av_mallocz(VQA_HEADER_SIZE + FF_INPUT_BUFFER_PADDING_SIZE);
     header = (unsigned char *)st->codec->extradata;
     if (get_buffer(pb, st->codec->extradata, VQA_HEADER_SIZE) !=
         VQA_HEADER_SIZE) {