[FFmpeg-cvslog] Use av_fast_padded_malloc in fraps and mpc decoders.

Reimar Döffinger git at videolan.org
Wed Jan 18 21:22:27 CET 2012


ffmpeg | branch: master | Reimar Döffinger <Reimar.Doeffinger at gmx.de> | Tue Jan 17 22:20:23 2012 +0100| [f9ced97543daf4a34a31bc4d5b1cd898ded11abd] | committer: Reimar Döffinger

Use av_fast_padded_malloc in fraps and mpc decoders.

Fixes FATE failures due to uninitialized reads under valgrind
for these two codecs.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger at gmx.de>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9ced97543daf4a34a31bc4d5b1cd898ded11abd
---

 libavcodec/fraps.c |    2 +-
 libavcodec/mpc.h   |    2 ++
 libavcodec/mpc7.c  |   20 ++++++++++++++------
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/libavcodec/fraps.c b/libavcodec/fraps.c
index de98da7..8a47aee 100644
--- a/libavcodec/fraps.c
+++ b/libavcodec/fraps.c
@@ -277,7 +277,7 @@ static int decode_frame(AVCodecContext *avctx,
         offs[planes] = buf_size;
         for(i = 0; i < planes; i++){
             is_chroma = !!i;
-            av_fast_malloc(&s->tmpbuf, &s->tmpbuf_size, offs[i + 1] - offs[i] - 1024 + FF_INPUT_BUFFER_PADDING_SIZE);
+            av_fast_padded_malloc(&s->tmpbuf, &s->tmpbuf_size, offs[i + 1] - offs[i] - 1024);
             if (!s->tmpbuf)
                 return AVERROR(ENOMEM);
             if(fraps2_decode_plane(s, f->data[i], f->linesize[i], avctx->width >> is_chroma,
diff --git a/libavcodec/mpc.h b/libavcodec/mpc.h
index 8b4deef..808739f 100644
--- a/libavcodec/mpc.h
+++ b/libavcodec/mpc.h
@@ -66,6 +66,8 @@ typedef struct {
     int buf_size;
     AVLFG rnd;
     int frames_to_skip;
+    uint8_t *buffer;
+    int buffer_size;
     /* for synthesis */
     DECLARE_ALIGNED(16, MPA_INT, synth_buf)[MPA_MAX_CHANNELS][512*2];
     int synth_buf_offset[MPA_MAX_CHANNELS];
diff --git a/libavcodec/mpc7.c b/libavcodec/mpc7.c
index 7393250..0bde329 100644
--- a/libavcodec/mpc7.c
+++ b/libavcodec/mpc7.c
@@ -203,7 +203,6 @@ static int mpc7_decode_frame(AVCodecContext * avctx, void *data,
     int buf_size = avpkt->size;
     MPCContext *c = avctx->priv_data;
     GetBitContext gb;
-    uint8_t *bits;
     int i, ch;
     int mb = -1;
     Band *bands = c->bands;
@@ -223,9 +222,11 @@ static int mpc7_decode_frame(AVCodecContext * avctx, void *data,
         return ret;
     }
 
-    bits = av_malloc(((buf_size - 1) & ~3) + FF_INPUT_BUFFER_PADDING_SIZE);
-    c->dsp.bswap_buf((uint32_t*)bits, (const uint32_t*)(buf + 4), (buf_size - 4) >> 2);
-    init_get_bits(&gb, bits, (buf_size - 4)* 8);
+    av_fast_padded_malloc(&c->buffer, &c->buffer_size, FFALIGN(buf_size - 1, 4));
+    if (!c->buffer)
+        return AVERROR(ENOMEM);
+    c->dsp.bswap_buf((uint32_t*)c->buffer, (const uint32_t*)(buf + 4), (buf_size - 4) >> 2);
+    init_get_bits(&gb, c->buffer, (buf_size - 4)* 8);
     skip_bits_long(&gb, buf[0]);
 
     /* read subband indexes */
@@ -282,8 +283,6 @@ static int mpc7_decode_frame(AVCodecContext * avctx, void *data,
 
     ff_mpc_dequantize_and_synth(c, mb, c->frame.data[0], 2);
 
-    av_free(bits);
-
     bits_used = get_bits_count(&gb);
     bits_avail = (buf_size - 4) * 8;
     if(!buf[1] && ((bits_avail < bits_used) || (bits_used + 32 <= bits_avail))){
@@ -310,12 +309,21 @@ static void mpc7_decode_flush(AVCodecContext *avctx)
     c->frames_to_skip = 32;
 }
 
+static av_cold int mpc7_decode_close(AVCodecContext *avctx)
+{
+    MPCContext *c = avctx->priv_data;
+    av_freep(&c->buffer);
+    c->buffer_size = 0;
+    return 0;
+}
+
 AVCodec ff_mpc7_decoder = {
     .name           = "mpc7",
     .type           = AVMEDIA_TYPE_AUDIO,
     .id             = CODEC_ID_MUSEPACK7,
     .priv_data_size = sizeof(MPCContext),
     .init           = mpc7_decode_init,
+    .close          = mpc7_decode_close,
     .decode         = mpc7_decode_frame,
     .flush = mpc7_decode_flush,
     .capabilities   = CODEC_CAP_DR1,



More information about the ffmpeg-cvslog mailing list