[vlc-commits] mmal/codec: Check picture buffer size before usage
Julian Scheel
git at videolan.org
Thu Sep 4 18:19:52 CEST 2014
vlc | branch: master | Julian Scheel <julian at jusst.de> | Thu Sep 4 12:43:02 2014 +0200| [a0ffd5a2e6659965207ae9a70e5f81ec09792567] | committer: Jean-Baptiste Kempf
mmal/codec: Check picture buffer size before usage
We need to make sure that a buffer is big enough to store the amount of data
we expect to receive from the decoder. Without doing this memory could be
corrupted due to the decoder writing outside the allocate memory.
Signed-off-by: Julian Scheel <julian at jusst.de>
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=a0ffd5a2e6659965207ae9a70e5f81ec09792567
---
modules/hw/mmal/codec.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/modules/hw/mmal/codec.c b/modules/hw/mmal/codec.c
index d2424ea..2e7a0d0 100644
--- a/modules/hw/mmal/codec.c
+++ b/modules/hw/mmal/codec.c
@@ -373,6 +373,7 @@ static int send_output_buffer(decoder_t *dec)
MMAL_BUFFER_HEADER_T *buffer;
picture_t *picture;
MMAL_STATUS_T status;
+ int buffer_size = 0;
int ret = 0;
buffer = mmal_queue_get(sys->output_pool->queue);
@@ -390,6 +391,16 @@ static int send_output_buffer(decoder_t *dec)
goto out;
}
+ for (int i = 0; i < picture->i_planes; i++)
+ buffer_size += picture->p[i].i_lines * picture->p[i].i_pitch;
+
+ if (buffer_size < sys->output->buffer_size) {
+ msg_Err(dec, "Retrieved picture with too small data block (%d < %d)",
+ buffer_size, sys->output->buffer_size);
+ ret = VLC_EGENERIC;
+ goto out;
+ }
+
mmal_buffer_header_reset(buffer);
buffer->user_data = picture;
buffer->cmd = 0;
More information about the vlc-commits
mailing list