[FFmpeg-devel] [PATCH] vdpau: Fix buffer overflow with old hwaccel_context API

Błażej Szczygieł spaz16 at wp.pl
Fri Sep 8 22:08:13 EEST 2017


VDPAUHWContext struct is used internally, so allocate required amount
of memory. Also move hwctx->reset as it was prior to
7e4ba776a2240d40124d5540ea6b2118fa2fe26a to make sure that buffer
overflow doesn't happen if application allocates only
sizeof(AVVDPAUContext) bytes of memory.
---
 libavcodec/vdpau.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/libavcodec/vdpau.c b/libavcodec/vdpau.c
index 9c7804a287..8d1748347f 100644
--- a/libavcodec/vdpau.c
+++ b/libavcodec/vdpau.c
@@ -142,14 +142,13 @@ int ff_vdpau_common_init(AVCodecContext *avctx, VdpDecoderProfile profile,
         return AVERROR(ENOSYS);
 
     if (hwctx) {
-        hwctx->reset            = 0;
-
         if (hwctx->context.decoder != VDP_INVALID_HANDLE) {
             vdctx->decoder = hwctx->context.decoder;
             vdctx->render  = hwctx->context.render;
             vdctx->device  = VDP_INVALID_HANDLE;
             return 0; /* Decoder created by user */
         }
+        hwctx->reset            = 0;
 
         vdctx->device           = hwctx->device;
         vdctx->get_proc_address = hwctx->get_proc_address;
@@ -797,7 +796,7 @@ do {                                       \
 
 AVVDPAUContext *av_vdpau_alloc_context(void)
 {
-    return av_mallocz(sizeof(AVVDPAUContext));
+    return av_mallocz(sizeof(VDPAUHWContext));
 }
 
 int av_vdpau_bind_context(AVCodecContext *avctx, VdpDevice device,
-- 
2.14.1



More information about the ffmpeg-devel mailing list