mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-10-04 17:52:29 +00:00
Code Issues 1 Projects Releases Wiki Activity

avviddec: remove realvideo slice_offset handling

Browse source 
Handling slice_offset in avviddec is resulting in invalid memory read.
Since rv decoders anyways handle slice_offset, removing the same to fix
memory mishandlings

https://bugzilla.gnome.org/show_bug.cgi?id=758726
This commit is contained in:
Vineeth TM 2015-11-27 11:16:07 +09:00 committed by Sebastian Dröge
parent ba5bde5de9
commit ae27b9c503
2 changed files with 0 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
ext/libav/gstavviddec.c
View file

@ -331,10 +331,6 @@ gst_ffmpegviddec_close (GstFFMpegVidDec * ffmpegdec, gboolean reset)
av_free (ffmpegdec->context->extradata); av_free (ffmpegdec->context->extradata);
ffmpegdec->context->extradata = NULL; ffmpegdec->context->extradata = NULL;
} }
if (ffmpegdec->context->slice_offset) {
g_free (ffmpegdec->context->slice_offset);
ffmpegdec->context->slice_offset = NULL;
}
if (reset) { if (reset) {
if (avcodec_get_context_defaults3 (ffmpegdec->context, if (avcodec_get_context_defaults3 (ffmpegdec->context,
oclass->in_plugin) < 0) { oclass->in_plugin) < 0) {
@ -362,23 +358,10 @@ gst_ffmpegviddec_open (GstFFMpegVidDec * ffmpegdec)
ffmpegdec->stride[i] = -1; ffmpegdec->stride[i] = -1;
ffmpegdec->opened = TRUE; ffmpegdec->opened = TRUE;
ffmpegdec->is_realvideo = FALSE;
GST_LOG_OBJECT (ffmpegdec, "Opened libav codec %s, id %d", GST_LOG_OBJECT (ffmpegdec, "Opened libav codec %s, id %d",
oclass->in_plugin->name, oclass->in_plugin->id); oclass->in_plugin->name, oclass->in_plugin->id);
switch (oclass->in_plugin->id) {
case AV_CODEC_ID_RV10:
case AV_CODEC_ID_RV30:
case AV_CODEC_ID_RV20:
case AV_CODEC_ID_RV40:
ffmpegdec->is_realvideo = TRUE;
break;
default:
GST_LOG_OBJECT (ffmpegdec, "Parser deactivated for format");
break;
}
gst_ffmpegviddec_context_set_flags (ffmpegdec->context, gst_ffmpegviddec_context_set_flags (ffmpegdec->context,
CODEC_FLAG_OUTPUT_CORRUPT, ffmpegdec->output_corrupt); CODEC_FLAG_OUTPUT_CORRUPT, ffmpegdec->output_corrupt);
@ -1314,24 +1297,6 @@ gst_ffmpegviddec_video_frame (GstFFMpegVidDec * ffmpegdec,
* else we might skip a reference frame */ * else we might skip a reference frame */
gst_ffmpegviddec_do_qos (ffmpegdec, frame, &mode_switch); gst_ffmpegviddec_do_qos (ffmpegdec, frame, &mode_switch);
if (ffmpegdec->is_realvideo && data != NULL) {
gint slice_count;
gint i;
/* setup the slice table for realvideo */
if (ffmpegdec->context->slice_offset == NULL)
ffmpegdec->context->slice_offset = g_malloc (sizeof (guint32) * 1000);
slice_count = (*data++) + 1;
ffmpegdec->context->slice_count = slice_count;
for (i = 0; i < slice_count; i++) {
data += 4;
ffmpegdec->context->slice_offset[i] = GST_READ_UINT32_LE (data);
data += 4;
}
}
if (frame) { if (frame) {
/* save reference to the timing info */ /* save reference to the timing info */
ffmpegdec->context->reordered_opaque = (gint64) frame->system_frame_number; ffmpegdec->context->reordered_opaque = (gint64) frame->system_frame_number;

2
ext/libav/gstavviddec.h
View file

@ -64,8 +64,6 @@ struct _GstFFMpegVidDec
int max_threads; int max_threads;
gboolean output_corrupt; gboolean output_corrupt;
gboolean is_realvideo;
GstCaps *last_caps; GstCaps *last_caps;
/* Internally used for direct rendering */ /* Internally used for direct rendering */