vlc | branch: master | Laurent Aimar <[email protected]> | Fri Jan 6 21:00:10 2012 +0100| [4a26ac7f892063dcc79ade092e490a6e4168f8f9] | committer: Laurent Aimar
Fixed potential overread in the rawvideo decoder. The plane size of the pictures given to a decoder can be a bit larger than necessary. It can happens when the video size is incompatible with the colorspace. It closes #5770. > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=4a26ac7f892063dcc79ade092e490a6e4168f8f9 --- modules/codec/rawvideo.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/codec/rawvideo.c b/modules/codec/rawvideo.c index dbb8fde..0dcf42e 100644 --- a/modules/codec/rawvideo.c +++ b/modules/codec/rawvideo.c @@ -45,6 +45,7 @@ struct decoder_sys_t */ size_t i_raw_size; bool b_invert; + plane_t planes[PICTURE_PLANE_MAX]; /* * Common properties @@ -171,8 +172,11 @@ static int OpenDecoder( vlc_object_t *p_this ) p_dec->fmt_in.video.i_height, 0, 1 ); p_sys->i_raw_size = 0; for( int i = 0; i < picture.i_planes; i++ ) + { p_sys->i_raw_size += picture.p[i].i_visible_pitch * picture.p[i].i_visible_lines; + p_sys->planes[i] = picture.p[i]; + } if( !p_dec->fmt_in.video.i_sar_num || !p_dec->fmt_in.video.i_sar_den ) { @@ -275,8 +279,8 @@ static void FillPicture( decoder_t *p_dec, block_t *p_block, picture_t *p_pic ) for( i_plane = 0; i_plane < p_pic->i_planes; i_plane++ ) { int i_pitch = p_pic->p[i_plane].i_pitch; - int i_visible_pitch = p_pic->p[i_plane].i_visible_pitch; - int i_visible_lines = p_pic->p[i_plane].i_visible_lines; + int i_visible_pitch = p_sys->planes[i_plane].i_visible_pitch; + int i_visible_lines = p_sys->planes[i_plane].i_visible_lines; uint8_t *p_dst = p_pic->p[i_plane].p_pixels; uint8_t *p_dst_end = p_dst+i_pitch*i_visible_lines; _______________________________________________ vlc-commits mailing list [email protected] http://mailman.videolan.org/listinfo/vlc-commits
