[vlc-commits] Fixed potential overread in the rawvideo decoder.
Laurent Aimar
git at videolan.org
Fri Jan 6 22:45:40 CET 2012
vlc | branch: master | Laurent Aimar <fenrir at videolan.org> | Fri Jan 6 21:00:10 2012 +0100| [4a26ac7f892063dcc79ade092e490a6e4168f8f9] | committer: Laurent Aimar
Fixed potential overread in the rawvideo decoder.
The plane size of the pictures given to a decoder can be a bit larger than
necessary. It can happens when the video size is incompatible with the
colorspace.
It closes #5770.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=4a26ac7f892063dcc79ade092e490a6e4168f8f9
---
modules/codec/rawvideo.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/modules/codec/rawvideo.c b/modules/codec/rawvideo.c
index dbb8fde..0dcf42e 100644
--- a/modules/codec/rawvideo.c
+++ b/modules/codec/rawvideo.c
@@ -45,6 +45,7 @@ struct decoder_sys_t
*/
size_t i_raw_size;
bool b_invert;
+ plane_t planes[PICTURE_PLANE_MAX];
/*
* Common properties
@@ -171,8 +172,11 @@ static int OpenDecoder( vlc_object_t *p_this )
p_dec->fmt_in.video.i_height, 0, 1 );
p_sys->i_raw_size = 0;
for( int i = 0; i < picture.i_planes; i++ )
+ {
p_sys->i_raw_size += picture.p[i].i_visible_pitch *
picture.p[i].i_visible_lines;
+ p_sys->planes[i] = picture.p[i];
+ }
if( !p_dec->fmt_in.video.i_sar_num || !p_dec->fmt_in.video.i_sar_den )
{
@@ -275,8 +279,8 @@ static void FillPicture( decoder_t *p_dec, block_t *p_block, picture_t *p_pic )
for( i_plane = 0; i_plane < p_pic->i_planes; i_plane++ )
{
int i_pitch = p_pic->p[i_plane].i_pitch;
- int i_visible_pitch = p_pic->p[i_plane].i_visible_pitch;
- int i_visible_lines = p_pic->p[i_plane].i_visible_lines;
+ int i_visible_pitch = p_sys->planes[i_plane].i_visible_pitch;
+ int i_visible_lines = p_sys->planes[i_plane].i_visible_lines;
uint8_t *p_dst = p_pic->p[i_plane].p_pixels;
uint8_t *p_dst_end = p_dst+i_pitch*i_visible_lines;
More information about the vlc-commits
mailing list