Re: [libav-devel] [PATCH 4/6] nuv: Use av_fast_realloc

Tue, 13 Aug 2013 04:25:55 -0700 

On Tue, Aug 13, 2013 at 01:24:05PM +0200, Luca Barbato wrote:
> On 13/08/13 13:13, Kostya Shishkov wrote:
> > On Tue, Aug 13, 2013 at 07:08:26AM +0200, Luca Barbato wrote:
> >> The decompressed buffer can be used after codec_reinit, so it must be
> >> preserved.
> >>
> >> Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> >> CC: [email protected]
> >> ---
> >>  libavcodec/nuv.c | 14 +++++++++-----
> >>  1 file changed, 9 insertions(+), 5 deletions(-)
> >>
> >> diff --git a/libavcodec/nuv.c b/libavcodec/nuv.c
> >> index 086e57c..7398f8c 100644
> >> --- a/libavcodec/nuv.c
> >> +++ b/libavcodec/nuv.c
> >> @@ -120,18 +120,20 @@ static int codec_reinit(AVCodecContext *avctx, int 
> >> width, int height,
> >>      if (quality >= 0)
> >>          get_quant_quality(c, quality);
> >>      if (width != c->width || height != c->height) {
> >> +        void *ptr;
> >>          if ((ret = av_image_check_size(height, width, 0, avctx)) < 0)
> >>              return ret;
> >>          avctx->width  = c->width  = width;
> >>          avctx->height = c->height = height;
> >> -        av_fast_malloc(&c->decomp_buf, &c->decomp_size,
> >> -                       c->height * c->width * 3 / 2 +
> >> -                       FF_INPUT_BUFFER_PADDING_SIZE);
> >> -        if (!c->decomp_buf) {
> >> +        ptr = av_fast_realloc(c->decomp_buf, &c->decomp_size,
> >> +                              c->height * c->width * 3 / 2 +
> >> +                              FF_INPUT_BUFFER_PADDING_SIZE);
> >> +        if (!ptr) {
> >>              av_log(avctx, AV_LOG_ERROR,
> >>                     "Can't allocate decompression buffer.\n");
> >>              return AVERROR(ENOMEM);
> >> -        }
> >> +        } else
> >> +            c->decomp_buf = ptr;
> >>          ff_rtjpeg_decode_init(&c->rtj, &c->dsp, c->width, c->height,
> >>                                c->lq, c->cq);
> >>          av_frame_unref(&c->pic);
> >> @@ -222,6 +224,8 @@ static int decode_frame(AVCodecContext *avctx, void 
> >> *data, int *got_frame,
> >>          q = buf[10];
> >>          if ((result = codec_reinit(avctx, w, h, q)) < 0)
> >>              return result;
> >> +        if (comptype == NUV_RTJPEG_IN_LZO || comptype == NUV_LZO)
> >> +            buf = c->decomp_buf;
> > 
> > hmm, so in this case decomp_buf is expected to have RTJPEG_HEADER_SIZE bytes
> > for the header? Why is not in realloc? Otherwise LGTM
> 
> Actually you found yet another corner case that would lead to a crash if
> not checked, thank you =)

If you just amend av_fast_realloc() argument patch should be OK.
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

Reply via email to