[vlc-commits] commit: Fixed potential segfault with corrupted streams (audio codecs). ( Rémi Denis-Courmont )
git at videolan.org
git at videolan.org
Thu Apr 15 20:54:14 CEST 2010
vlc/vlc-1.0 | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Thu Apr 15 21:51:20 2010 +0300| [8ab9066cf44f06afd8dca32e9aa9460393b0ad8e] | committer: Rémi Denis-Courmont
Fixed potential segfault with corrupted streams (audio codecs).
(cherry picked from commit b51e492c3da42a569b9b6715c97fe858a0c96a15)
Conflicts:
modules/codec/mpeg_audio.c
> http://git.videolan.org/gitweb.cgi/vlc/vlc-1.0.git/?a=commit;h=8ab9066cf44f06afd8dca32e9aa9460393b0ad8e
---
modules/codec/a52.c | 9 +++++----
modules/codec/dts.c | 9 +++++----
modules/codec/mpeg_audio.c | 24 ++++++++++++++++--------
3 files changed, 26 insertions(+), 16 deletions(-)
diff --git a/modules/codec/a52.c b/modules/codec/a52.c
index f55cae1..fe808fc 100644
--- a/modules/codec/a52.c
+++ b/modules/codec/a52.c
@@ -99,7 +99,7 @@ enum {
****************************************************************************/
static void *DecodeBlock ( decoder_t *, block_t ** );
-static uint8_t *GetOutBuffer ( decoder_t *, void ** );
+static uint8_t *GetOutBuffer ( decoder_t *, block_t ** );
static aout_buffer_t *GetAoutBuffer( decoder_t * );
static block_t *GetSoutBuffer( decoder_t * );
@@ -182,7 +182,7 @@ static void *DecodeBlock( decoder_t *p_dec, block_t **pp_block )
decoder_sys_t *p_sys = p_dec->p_sys;
uint8_t p_header[VLC_A52_HEADER_SIZE];
uint8_t *p_buf;
- void *p_out_buffer;
+ block_t *p_out_buffer;
if( !pp_block || !*pp_block ) return NULL;
@@ -312,7 +312,8 @@ static void *DecodeBlock( decoder_t *p_dec, block_t **pp_block )
/* Copy the whole frame into the buffer. When we reach this point
* we already know we have enough data available. */
- block_GetBytes( &p_sys->bytestream, p_buf, p_sys->frame.i_size );
+ block_GetBytes( &p_sys->bytestream,
+ p_buf, __MIN( p_sys->frame.i_size, p_out_buffer->i_buffer ) );
/* Make sure we don't reuse the same pts twice */
if( p_sys->i_pts == p_sys->bytestream.p_block->i_pts )
@@ -346,7 +347,7 @@ static void CloseCommon( vlc_object_t *p_this )
/*****************************************************************************
* GetOutBuffer:
*****************************************************************************/
-static uint8_t *GetOutBuffer( decoder_t *p_dec, void **pp_out_buffer )
+static uint8_t *GetOutBuffer( decoder_t *p_dec, block_t **pp_out_buffer )
{
decoder_sys_t *p_sys = p_dec->p_sys;
uint8_t *p_buf;
diff --git a/modules/codec/dts.c b/modules/codec/dts.c
index 090eae1..f8f64eb 100644
--- a/modules/codec/dts.c
+++ b/modules/codec/dts.c
@@ -108,7 +108,7 @@ static inline int SyncCode( const uint8_t * );
static int SyncInfo( const uint8_t *, bool *, unsigned int *, unsigned int *,
unsigned int *, unsigned int *, unsigned int * );
-static uint8_t *GetOutBuffer ( decoder_t *, void ** );
+static uint8_t *GetOutBuffer ( decoder_t *, block_t ** );
static aout_buffer_t *GetAoutBuffer( decoder_t * );
static block_t *GetSoutBuffer( decoder_t * );
@@ -185,7 +185,7 @@ static void *DecodeBlock( decoder_t *p_dec, block_t **pp_block )
decoder_sys_t *p_sys = p_dec->p_sys;
uint8_t p_header[DTS_HEADER_SIZE];
uint8_t *p_buf;
- void *p_out_buffer;
+ block_t *p_out_buffer;
if( !pp_block || !*pp_block )
return NULL;
@@ -325,7 +325,8 @@ static void *DecodeBlock( decoder_t *p_dec, block_t **pp_block )
/* Copy the whole frame into the buffer. When we reach this point
* we already know we have enough data available. */
- block_GetBytes( &p_sys->bytestream, p_buf, p_sys->i_frame_size );
+ block_GetBytes( &p_sys->bytestream,
+ p_buf, __MIN( p_sys->i_frame_size, p_out_buffer->i_buffer ) );
/* Make sure we don't reuse the same pts twice */
if( p_sys->i_pts == p_sys->bytestream.p_block->i_pts )
@@ -359,7 +360,7 @@ static void CloseCommon( vlc_object_t *p_this )
/*****************************************************************************
* GetOutBuffer:
*****************************************************************************/
-static uint8_t *GetOutBuffer( decoder_t *p_dec, void **pp_out_buffer )
+static uint8_t *GetOutBuffer( decoder_t *p_dec, block_t **pp_out_buffer )
{
decoder_sys_t *p_sys = p_dec->p_sys;
uint8_t *p_buf;
diff --git a/modules/codec/mpeg_audio.c b/modules/codec/mpeg_audio.c
index 91aa7db..b8bf3e5 100644
--- a/modules/codec/mpeg_audio.c
+++ b/modules/codec/mpeg_audio.c
@@ -35,6 +35,7 @@
#include <vlc_plugin.h>
#include <vlc_codec.h>
#include <vlc_aout.h>
+#include <assert.h>
#include <vlc_block_helper.h>
@@ -95,8 +96,8 @@ static int OpenPacketizer( vlc_object_t * );
static void CloseDecoder ( vlc_object_t * );
static void *DecodeBlock ( decoder_t *, block_t ** );
-static uint8_t *GetOutBuffer ( decoder_t *, void ** );
-static aout_buffer_t *GetAoutBuffer( decoder_t * );
+static uint8_t *GetOutBuffer ( decoder_t *, block_t ** );
+static block_t *GetAoutBuffer( decoder_t * );
static block_t *GetSoutBuffer( decoder_t * );
static int SyncInfo( uint32_t i_header, unsigned int * pi_channels,
@@ -204,7 +205,7 @@ static void *DecodeBlock( decoder_t *p_dec, block_t **pp_block )
uint8_t p_header[MAD_BUFFER_GUARD];
uint32_t i_header;
uint8_t *p_buf;
- void *p_out_buffer;
+ block_t *p_out_buffer;
if( !pp_block || !*pp_block ) return NULL;
@@ -462,11 +463,13 @@ static void *DecodeBlock( decoder_t *p_dec, block_t **pp_block )
/* Copy the whole frame into the buffer. When we reach this point
* we already know we have enough data available. */
- block_GetBytes( &p_sys->bytestream, p_buf, p_sys->i_frame_size );
+ block_GetBytes( &p_sys->bytestream,
+ p_buf, __MIN( (unsigned)p_sys->i_frame_size, p_out_buffer->i_buffer ) );
/* Get beginning of next frame for libmad */
if( !p_sys->b_packetizer )
{
+ assert( p_out_buffer->i_buffer >= (unsigned)p_sys->i_frame_size + MAD_BUFFER_GUARD );
memcpy( p_buf + p_sys->i_frame_size,
p_header, MAD_BUFFER_GUARD );
}
@@ -490,7 +493,7 @@ static void *DecodeBlock( decoder_t *p_dec, block_t **pp_block )
/*****************************************************************************
* GetOutBuffer:
*****************************************************************************/
-static uint8_t *GetOutBuffer( decoder_t *p_dec, void **pp_out_buffer )
+static uint8_t *GetOutBuffer( decoder_t *p_dec, block_t **pp_out_buffer )
{
decoder_sys_t *p_sys = p_dec->p_sys;
uint8_t *p_buf;
@@ -524,7 +527,7 @@ static uint8_t *GetOutBuffer( decoder_t *p_dec, void **pp_out_buffer )
}
else
{
- aout_buffer_t *p_aout_buffer = GetAoutBuffer( p_dec );
+ block_t *p_aout_buffer = GetAoutBuffer( p_dec );
p_buf = p_aout_buffer ? p_aout_buffer->p_buffer : NULL;
*pp_out_buffer = p_aout_buffer;
}
@@ -535,7 +538,7 @@ static uint8_t *GetOutBuffer( decoder_t *p_dec, void **pp_out_buffer )
/*****************************************************************************
* GetAoutBuffer:
*****************************************************************************/
-static aout_buffer_t *GetAoutBuffer( decoder_t *p_dec )
+static block_t *GetAoutBuffer( decoder_t *p_dec )
{
decoder_sys_t *p_sys = p_dec->p_sys;
aout_buffer_t *p_buf;
@@ -550,9 +553,14 @@ static aout_buffer_t *GetAoutBuffer( decoder_t *p_dec )
p_sys->b_discontinuity = false;
/* Hack for libmad filter */
- p_buf->i_nb_bytes = p_sys->i_frame_size + MAD_BUFFER_GUARD;
+#if 0
+ p_buf = block_Realloc( p_buf, 0, p_sys->i_frame_size + MAD_BUFFER_GUARD );
return p_buf;
+#else
+ decoder_DeleteAudioBuffer( p_dec, p_buf );
+ return 0;
+#endif
}
/*****************************************************************************
More information about the vlc-commits
mailing list