From: Miguel F. <mig...@us...> - 2001-12-29 04:32:40
|
Update of /cvsroot/xine/xine-lib/src/libdivx4 In directory usw-pr-cvs1:/tmp/cvs-serv13390/src/libdivx4 Modified Files: xine_decoder.c Log Message: fix buffer overflow Index: xine_decoder.c =================================================================== RCS file: /cvsroot/xine/xine-lib/src/libdivx4/xine_decoder.c,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- xine_decoder.c 2001/12/13 23:10:53 1.14 +++ xine_decoder.c 2001/12/29 04:32:36 1.15 @@ -100,8 +100,10 @@ BITMAPINFOHEADER bih; long biWidth; long biHeight; - unsigned char buf[128*1024]; + unsigned char *buf; int size; + int bufsize; + decoreFunc decore; /* ptr to decore function in libdivxdecore */ /* version as reported by decore with GET_OPT_VERSION command */ int version; @@ -119,6 +121,8 @@ int can_handle_311; } divx4_decoder_t; +#define VIDEOBUFSIZE 128*1024 + static unsigned long str2ulong(void *data) { unsigned char *str = data; @@ -339,6 +343,7 @@ this->video_out = video_out; this->decoder_ok = 0; + this->buf = NULL; } @@ -356,8 +361,15 @@ divx4_get_version(this); this->decoder_ok = ( divx4_check_version(this) && divx4_init_decoder(this, buf) ); - if (this->decoder_ok) + if (this->decoder_ok) { this->video_out->open (this->video_out); + + if( this->buf ) + free( this->buf ); + + this->buf = malloc( VIDEOBUFSIZE ); + this->bufsize = VIDEOBUFSIZE; + } return; } @@ -368,6 +380,13 @@ printf("divx4: internal error; decoder not initialized.\n"); return; } + + if( this->size + buf->size > this->bufsize ) { + this->bufsize = this->size + 2 * buf->size; + printf("divx4: increasing source buffer to %d to avoid overflow.\n", + this->bufsize); + this->buf = realloc( this->buf, this->bufsize ); + } xine_fast_memcpy (&this->buf[this->size], buf->content, buf->size); this->size += buf->size; @@ -424,6 +443,10 @@ this->decoder_ok = 0; this->video_out->close(this->video_out); } + + if (this->buf) + free(this->buf); + this->buf = NULL; } static void divx4_update_postproc(void *this_gen, cfg_entry_t *entry) |