[FFmpeg-cvslog] avcodec/g2meet: Fix framebuf size

Michael Niedermayer git at videolan.org
Mon Sep 23 22:30:49 CEST 2013


ffmpeg | branch: release/2.0 | Michael Niedermayer <michaelni at gmx.at> | Sat Sep 21 23:34:11 2013 +0200| [2b06f5f8f15a4464c74405cd7da57da2d6be5d36] | committer: Michael Niedermayer

avcodec/g2meet: Fix framebuf size

Currently the code can in some cases draw tiles that hang outside the
allocated buffer. This patch increases the buffer size to avoid out
of array accesses. An alternative would be to fail if such tiles are
encountered.
I do not know if any valid files use such hanging tiles.

Fixes Ticket2971
Found-by: ami_stuff
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit e07ac727c1cc9eed39e7f9117c97006f719864bd)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b06f5f8f15a4464c74405cd7da57da2d6be5d36
---

 libavcodec/g2meet.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c
index 1822c5e..1634059 100644
--- a/libavcodec/g2meet.c
+++ b/libavcodec/g2meet.c
@@ -443,8 +443,8 @@ static int g2m_init_buffers(G2MContext *c)
     int aligned_height;
 
     if (!c->framebuf || c->old_width < c->width || c->old_height < c->height) {
-        c->framebuf_stride = FFALIGN(c->width * 3, 16);
-        aligned_height     = FFALIGN(c->height,    16);
+        c->framebuf_stride = FFALIGN(c->width + 15, 16) * 3;
+        aligned_height     = c->height + 15;
         av_free(c->framebuf);
         c->framebuf = av_mallocz(c->framebuf_stride * aligned_height);
         if (!c->framebuf)



More information about the ffmpeg-cvslog mailing list