CVSROOT: /sources/gnash
Module name: gnash
Changes by: Tomas Groth <tgc> 07/07/24 22:48:12
Modified files:
. : ChangeLog
server/parser : video_stream_def.cpp
Log message:
* server/parser/video_stream_def.cpp: Free the video frames
when deleting the video_stream_def object. Make the buffer
containing the video data 4 bytes bigger than needed to avoid
illegal reads from ffmpeg. Fixes bug #20440.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.3817&r2=1.3818
http://cvs.savannah.gnu.org/viewcvs/gnash/server/parser/video_stream_def.cpp?cvsroot=gnash&r1=1.10&r2=1.11
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.3817
retrieving revision 1.3818
diff -u -b -r1.3817 -r1.3818
--- ChangeLog 24 Jul 2007 22:32:32 -0000 1.3817
+++ ChangeLog 24 Jul 2007 22:48:12 -0000 1.3818
@@ -1,3 +1,10 @@
+2007-07-24 Tomas Groth Christensen <[EMAIL PROTECTED]>
+
+ * server/parser/video_stream_def.cpp: Free the video frames
+ when deleting the video_stream_def object. Make the buffer
+ containing the video data 4 bytes bigger than needed to avoid
+ illegal reads from ffmpeg. Fixes bug #20440.
+
2007-07-24 Sandro Santilli <[EMAIL PROTECTED]>
* Makefile.am: define PHONY rules.
Index: server/parser/video_stream_def.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/parser/video_stream_def.cpp,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -b -r1.10 -r1.11
--- server/parser/video_stream_def.cpp 24 Jul 2007 11:09:06 -0000 1.10
+++ server/parser/video_stream_def.cpp 24 Jul 2007 22:48:12 -0000 1.11
@@ -16,7 +16,7 @@
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
//
-// $Id: video_stream_def.cpp,v 1.10 2007/07/24 11:09:06 tgc Exp $
+// $Id: video_stream_def.cpp,v 1.11 2007/07/24 22:48:12 tgc Exp $
#include "video_stream_def.h"
#include "video_stream_instance.h"
@@ -39,6 +39,10 @@
video_stream_definition::~video_stream_definition()
{
+ for (int32_t size = m_video_frames.size()-1; size >= 0; size--) {
+ delete m_video_frames[size];
+ }
+ m_video_frames.clear();
}
@@ -71,9 +75,21 @@
else if (tag == SWF::VIDEOFRAME)
{
in->skip_bytes(2); //int frameNum = in->read_u16();
- int size = in->get_tag_end_position() - in->get_position();
+
+ // We need to make the buffer a bit bigger than the data
+ // to avoid libavcodec (ffmpeg) making illegal reads.
+ // The reason is a bit sketchy, but it seems that the h263
+ // decoder (perhaps other decoders as well) assumes that the
+ // buffer with the data is bigger than the data it contains.
+ // We make the buffer 4 bytes bigger than the data, and set
+ // them to 0.
+
+ // The data size is 4 bytes smaller than this, but because of
+ // what is mentioned above we don't subtract the 4 bytes.
+ int size = in->get_tag_length();
uint8_t* data = new uint8_t[size];
- for (int i = 0; i < size; i++)
+ memset(data, 0, size);
+ for (int i = 0; i < size-4; i++) // The size-variable 4 bytes
bigger than the data
{
data[i] = in->read_u8();
}
_______________________________________________
Gnash-commit mailing list
Gnash-commit@gnu.org
http://lists.gnu.org/mailman/listinfo/gnash-commit
