From ebc19d19bbf3de462731cbf8d19ab8aadb6b33b4 Mon Sep 17 00:00:00 2001 From: Matthew Waters Date: Tue, 12 May 2020 16:00:58 +1000 Subject: [PATCH] ccconverter: fix unintialized read of mapped output info in error case We only need to gst_buffer_unmap() if we have gst_buffer_map()ed. In most cases we can shorten the lenght of time we need to map the output buffer. Fix similar occurences elsewhere. CID 1463349 Part-of: --- ext/closedcaption/gstccconverter.c | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/ext/closedcaption/gstccconverter.c b/ext/closedcaption/gstccconverter.c index c0066b0071..531ce02c5d 100644 --- a/ext/closedcaption/gstccconverter.c +++ b/ext/closedcaption/gstccconverter.c @@ -1457,8 +1457,6 @@ convert_cea608_raw_cea708_cdp (GstCCConverter * self, GstBuffer * inbuf, if (!out_fps_entry || out_fps_entry->fps_n == 0) g_assert_not_reached (); - gst_buffer_map (outbuf, &out, GST_MAP_WRITE); - if (!fit_and_scale_cc_data (self, in_fps_entry, out_fps_entry, NULL, 0, cea608_1, &cea608_1_len, NULL, 0, tc_meta ? &tc_meta->tc : NULL)) goto drop; @@ -1467,14 +1465,14 @@ convert_cea608_raw_cea708_cdp (GstCCConverter * self, GstBuffer * inbuf, cea608_1_len, NULL, 0, cc_data, &cc_data_len)) goto drop; + gst_buffer_map (outbuf, &out, GST_MAP_WRITE); cc_data_len = convert_cea708_cc_data_cea708_cdp_internal (self, cc_data, cc_data_len, out.data, out.size, &self->current_output_timecode, out_fps_entry); self->output_frames++; - -out: gst_buffer_unmap (outbuf, &out); +out: gst_buffer_set_size (outbuf, cc_data_len); return GST_FLOW_OK; @@ -1618,25 +1616,25 @@ convert_cea608_s334_1a_cea708_cdp (GstCCConverter * self, GstBuffer * inbuf, if (!out_fps_entry || out_fps_entry->fps_n == 0) g_assert_not_reached (); - gst_buffer_map (outbuf, &out, GST_MAP_WRITE); - if (!fit_and_scale_cc_data (self, in_fps_entry, out_fps_entry, NULL, 0, cea608_1, &cea608_1_len, cea608_2, &cea608_2_len, - tc_meta ? &tc_meta->tc : NULL)) + tc_meta ? &tc_meta->tc : NULL)) { goto drop; + } if (!combine_cc_data (self, TRUE, out_fps_entry, NULL, 0, cea608_1, - cea608_1_len, cea608_2, cea608_2_len, cc_data, &cc_data_len)) + cea608_1_len, cea608_2, cea608_2_len, cc_data, &cc_data_len)) { goto drop; + } + gst_buffer_map (outbuf, &out, GST_MAP_WRITE); cc_data_len = convert_cea708_cc_data_cea708_cdp_internal (self, cc_data, cc_data_len, out.data, out.size, &self->current_output_timecode, out_fps_entry); self->output_frames++; - -out: gst_buffer_unmap (outbuf, &out); +out: gst_buffer_set_size (outbuf, cc_data_len); return GST_FLOW_OK; @@ -1771,15 +1769,12 @@ convert_cea708_cc_data_cea708_cdp (GstCCConverter * self, GstBuffer * inbuf, in_fps_entry)) { if (inbuf) gst_buffer_unmap (inbuf, &in); - gst_buffer_set_size (outbuf, cc_data_len); - return GST_FLOW_OK; + goto drop; } if (inbuf) gst_buffer_unmap (inbuf, &in); - gst_buffer_map (outbuf, &out, GST_MAP_WRITE); - if (!fit_and_scale_cc_data (self, in_fps_entry, out_fps_entry, ccp_data, &ccp_data_len, cea608_1, &cea608_1_len, cea608_2, &cea608_2_len, tc_meta ? &tc_meta->tc : NULL)) @@ -1790,14 +1785,14 @@ convert_cea708_cc_data_cea708_cdp (GstCCConverter * self, GstBuffer * inbuf, &cc_data_len)) goto drop; + gst_buffer_map (outbuf, &out, GST_MAP_WRITE); cc_data_len = convert_cea708_cc_data_cea708_cdp_internal (self, cc_data, cc_data_len, out.data, out.size, &self->current_output_timecode, out_fps_entry); self->output_frames++; - -out: gst_buffer_unmap (outbuf, &out); +out: gst_buffer_set_size (outbuf, cc_data_len); return GST_FLOW_OK;