[FFmpeg-cvslog] cbs: Add padding to slice data allocations

Mark Thompson git at videolan.org
Mon Dec 11 01:51:02 EET 2017 

ffmpeg | branch: master | Mark Thompson <sw at jkqxz.net> | Thu Nov  9 01:04:20 2017 +0000| [7bf3f380466eeff24916fd6218aca13e414c6240] | committer: Mark Thompson

cbs: Add padding to slice data allocations

These may be read by the bitstream reader, so they should include the
necessary padding for overreads.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7bf3f380466eeff24916fd6218aca13e414c6240
---

 libavcodec/cbs_h2645.c | 10 ++++++++--
 libavcodec/cbs_mpeg2.c |  5 ++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
index 61729ccbb3..00eed0f283 100644
--- a/libavcodec/cbs_h2645.c
+++ b/libavcodec/cbs_h2645.c
@@ -781,13 +781,16 @@ static int cbs_h264_read_nal_unit(CodedBitstreamContext *ctx,
             }
 
             slice->data_size = len - pos / 8;
-            slice->data = av_malloc(slice->data_size);
+            slice->data = av_malloc(slice->data_size +
+                                    AV_INPUT_BUFFER_PADDING_SIZE);
             if (!slice->data) {
                 av_free(slice);
                 return AVERROR(ENOMEM);
             }
             memcpy(slice->data,
                    unit->data + pos / 8, slice->data_size);
+            memset(slice->data + slice->data_size, 0,
+                   AV_INPUT_BUFFER_PADDING_SIZE);
             slice->data_bit_start = pos % 8;
 
             unit->content = slice;
@@ -943,13 +946,16 @@ static int cbs_h265_read_nal_unit(CodedBitstreamContext *ctx,
             }
 
             slice->data_size = len - pos / 8;
-            slice->data = av_malloc(slice->data_size);
+            slice->data = av_malloc(slice->data_size +
+                                    AV_INPUT_BUFFER_PADDING_SIZE);
             if (!slice->data) {
                 av_free(slice);
                 return AVERROR(ENOMEM);
             }
             memcpy(slice->data,
                    unit->data + pos / 8, slice->data_size);
+            memset(slice->data + slice->data_size, 0,
+                   AV_INPUT_BUFFER_PADDING_SIZE);
             slice->data_bit_start = pos % 8;
 
             unit->content = slice;
diff --git a/libavcodec/cbs_mpeg2.c b/libavcodec/cbs_mpeg2.c
index 3c09377df3..8a4da96a0a 100644
--- a/libavcodec/cbs_mpeg2.c
+++ b/libavcodec/cbs_mpeg2.c
@@ -181,7 +181,8 @@ static int cbs_mpeg2_read_unit(CodedBitstreamContext *ctx,
         len = unit->data_size;
 
         slice->data_size = len - pos / 8;
-        slice->data = av_malloc(slice->data_size);
+        slice->data = av_malloc(slice->data_size +
+                                AV_INPUT_BUFFER_PADDING_SIZE);
         if (!slice->data) {
             av_free(slice);
             return AVERROR(ENOMEM);
@@ -189,6 +190,8 @@ static int cbs_mpeg2_read_unit(CodedBitstreamContext *ctx,
 
         memcpy(slice->data,
                unit->data + pos / 8, slice->data_size);
+        memset(slice->data + slice->data_size, 0,
+               AV_INPUT_BUFFER_PADDING_SIZE);
         slice->data_bit_start = pos % 8;
 
         unit->content = slice;

More information about the ffmpeg-cvslog mailing list