[FFmpeg-cvslog] avcodec/diracdec: move mc buffer allocation to per frame
Michael Niedermayer
git at videolan.org
Mon May 19 06:45:18 CEST 2014
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon May 19 06:19:23 2014 +0200| [4a30f08505a4e85718896ff233c97be41a9754ca] | committer: Michael Niedermayer
avcodec/diracdec: move mc buffer allocation to per frame
Fixes out of array accesses for non default buffers with large strides
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a30f08505a4e85718896ff233c97be41a9754ca
---
libavcodec/diracdec.c | 41 ++++++++++++++++++++++++++++++++++-------
1 file changed, 34 insertions(+), 7 deletions(-)
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 1be4115..24c540e 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -201,6 +201,7 @@ typedef struct DiracContext {
uint16_t *mctmp; /* buffer holding the MC data multipled by OBMC weights */
uint8_t *mcscratch;
+ int buffer_stride;
DECLARE_ALIGNED(16, uint8_t, obmc_weight)[3][MAX_BLOCKSIZE*MAX_BLOCKSIZE];
@@ -343,19 +344,41 @@ static int alloc_sequence_buffers(DiracContext *s)
return AVERROR(ENOMEM);
}
- w = s->source.width;
- h = s->source.height;
-
/* fixme: allocate using real stride here */
s->sbsplit = av_malloc_array(sbwidth, sbheight);
s->blmotion = av_malloc_array(sbwidth, sbheight * 16 * sizeof(*s->blmotion));
- s->edge_emu_buffer_base = av_malloc_array((w+64), MAX_BLOCKSIZE);
- s->mctmp = av_malloc_array((w+64+MAX_BLOCKSIZE), (h+MAX_BLOCKSIZE) * sizeof(*s->mctmp));
- s->mcscratch = av_malloc_array((w+64), MAX_BLOCKSIZE);
+ if (!s->sbsplit || !s->blmotion)
+ return AVERROR(ENOMEM);
+ return 0;
+}
+
+static int alloc_buffers(DiracContext *s, int stride)
+{
+ int w = s->source.width;
+ int h = s->source.height;
+
+ av_assert0(stride >= w);
+ stride += 64;
+
+ if (s->buffer_stride >= stride)
+ return 0;
+ s->buffer_stride = 0;
+
+ av_freep(&s->edge_emu_buffer_base);
+ memset(s->edge_emu_buffer, 0, sizeof(s->edge_emu_buffer));
+ av_freep(&s->mctmp);
+ av_freep(&s->mcscratch);
+
+ s->edge_emu_buffer_base = av_malloc_array(stride, MAX_BLOCKSIZE);
- if (!s->sbsplit || !s->blmotion || !s->mctmp || !s->mcscratch)
+ s->mctmp = av_malloc_array((stride+MAX_BLOCKSIZE), (h+MAX_BLOCKSIZE) * sizeof(*s->mctmp));
+ s->mcscratch = av_malloc_array(stride, MAX_BLOCKSIZE);
+
+ if (!s->edge_emu_buffer_base || !s->mctmp || !s->mcscratch)
return AVERROR(ENOMEM);
+
+ s->buffer_stride = stride;
return 0;
}
@@ -382,6 +405,7 @@ static void free_sequence_buffers(DiracContext *s)
av_freep(&s->plane[i].idwt_tmp);
}
+ s->buffer_stride = 0;
av_freep(&s->sbsplit);
av_freep(&s->blmotion);
av_freep(&s->edge_emu_buffer_base);
@@ -1854,6 +1878,9 @@ static int dirac_decode_data_unit(AVCodecContext *avctx, const uint8_t *buf, int
s->plane[1].stride = pic->avframe->linesize[1];
s->plane[2].stride = pic->avframe->linesize[2];
+ if (alloc_buffers(s, FFMAX3(FFABS(s->plane[0].stride), FFABS(s->plane[1].stride), FFABS(s->plane[2].stride))) < 0)
+ return AVERROR(ENOMEM);
+
/* [DIRAC_STD] 11.1 Picture parse. picture_parse() */
if (dirac_decode_picture_header(s))
return -1;
More information about the ffmpeg-cvslog
mailing list