[vlc-devel] commit: Fixed a potential crash in aout_FiltersPlay. (Laurent Aimar )

Wed Aug 27 18:33:42 CEST 2008

vlc | branch: 0.9-bugfix | Laurent Aimar <fenrir at videolan.org> | Wed Aug 27 11:38:37 2008 +0200| [695e158c3fb727b6295356a3f81eac961ecbf51d] | committer: Jean-Baptiste Kempf 

Fixed a potential crash in aout_FiltersPlay.

This function was returning a buffer allocated with the wrong type (alloca)
when a filter returned 0 sample (scaletempo at least).

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=695e158c3fb727b6295356a3f81eac961ecbf51d
---

 src/audio_output/filters.c |   31 +++++++++++++++++++------------
 1 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/src/audio_output/filters.c b/src/audio_output/filters.c
index 14aca00..2fcf83b 100644
--- a/src/audio_output/filters.c
+++ b/src/audio_output/filters.c
@@ -334,7 +334,7 @@ void aout_FiltersPlay( aout_instance_t * p_aout,
 {
     int i;
 
-    for ( i = 0; i < i_nb_filters; i++ )
+    for( i = 0; i < i_nb_filters; i++ )
     {
         aout_filter_t * p_filter = pp_filters[i];
         aout_buffer_t * p_output_buffer;
@@ -343,25 +343,32 @@ void aout_FiltersPlay( aout_instance_t * p_aout,
          * p_filter->output.i_rate / p_filter->input.i_rate) so we need
          * slightly bigger buffers. */
         aout_BufferAlloc( &p_filter->output_alloc,
-            ((mtime_t)(*pp_input_buffer)->i_nb_samples + 2)
-            * 1000000 / p_filter->input.i_rate,
-            *pp_input_buffer, p_output_buffer );
-        if ( p_output_buffer == NULL )
+                          ((mtime_t)(*pp_input_buffer)->i_nb_samples + 2)
+                          * 1000000 / p_filter->input.i_rate,
+                          *pp_input_buffer, p_output_buffer );
+        if( p_output_buffer == NULL )
             return;
+
         /* Please note that p_output_buffer->i_nb_samples & i_nb_bytes
          * shall be set by the filter plug-in. */
+        if( (*pp_input_buffer)->i_nb_samples > 0 )
+        {
+            p_filter->pf_do_work( p_aout, p_filter, *pp_input_buffer,
+                                  p_output_buffer );
+        }
+        else
+        {
+            p_output_buffer->i_nb_bytes = 0;
+            p_output_buffer->i_nb_samples = 0;
+        }
 
-        p_filter->pf_do_work( p_aout, p_filter, *pp_input_buffer,
-                              p_output_buffer );
-
-        if ( !p_filter->b_in_place )
+        if( !p_filter->b_in_place )
         {
             aout_BufferFree( *pp_input_buffer );
             *pp_input_buffer = p_output_buffer;
         }
-
-        if( p_output_buffer->i_nb_samples <= 0 )
-            break;
     }
+
+    assert( (*pp_input_buffer) == NULL || (*pp_input_buffer)->i_alloc_type != AOUT_ALLOC_STACK );
 }
 


