fdkaacdec: avoid memory corruption on decoding error

The buffer size is expected to be in multiples of the sample size,
not in bytes.

https://bugzilla.gnome.org/show_bug.cgi?id=772186
This commit is contained in:
Vincent Penquerc'h 2016-09-29 14:31:37 +01:00
parent 95de5bf193
commit 58bb21c463
2 changed files with 5 additions and 5 deletions

View file

@ -167,8 +167,8 @@ gst_fdkaacdec_set_format (GstAudioDecoder * dec, GstCaps * caps)
/* 8 channels * 2 bytes per sample * 2048 samples */ /* 8 channels * 2 bytes per sample * 2048 samples */
if (!self->decode_buffer) { if (!self->decode_buffer) {
self->decode_buffer_size = 8 * 2 * 2048; self->decode_buffer_size = 8 * 2048;
self->decode_buffer = g_malloc (self->decode_buffer_size); self->decode_buffer = g_new (gint16, self->decode_buffer_size);
} }
return TRUE; return TRUE;
@ -210,7 +210,7 @@ gst_fdkaacdec_handle_frame (GstAudioDecoder * dec, GstBuffer * inbuf)
} }
if ((err = if ((err =
aacDecoder_DecodeFrame (self->dec, (gint16 *) self->decode_buffer, aacDecoder_DecodeFrame (self->dec, self->decode_buffer,
self->decode_buffer_size, flags)) != AAC_DEC_OK) { self->decode_buffer_size, flags)) != AAC_DEC_OK) {
if (err == AAC_DEC_TRANSPORT_SYNC_ERROR) { if (err == AAC_DEC_TRANSPORT_SYNC_ERROR) {
ret = GST_FLOW_OK; ret = GST_FLOW_OK;
@ -406,7 +406,7 @@ gst_fdkaacdec_flush (GstAudioDecoder * dec, gboolean hard)
if (self->dec) { if (self->dec) {
AAC_DECODER_ERROR err; AAC_DECODER_ERROR err;
if ((err = if ((err =
aacDecoder_DecodeFrame (self->dec, (gint16 *) self->decode_buffer, aacDecoder_DecodeFrame (self->dec, self->decode_buffer,
self->decode_buffer_size, AACDEC_FLUSH)) != AAC_DEC_OK) { self->decode_buffer_size, AACDEC_FLUSH)) != AAC_DEC_OK) {
GST_ERROR_OBJECT (self, "flushing error: %d", err); GST_ERROR_OBJECT (self, "flushing error: %d", err);
} }

View file

@ -45,7 +45,7 @@ struct _GstFdkAacDec {
GstAudioDecoder element; GstAudioDecoder element;
HANDLE_AACDECODER dec; HANDLE_AACDECODER dec;
guint8 *decode_buffer; gint16 *decode_buffer;
gint decode_buffer_size; gint decode_buffer_size;
}; };