[libav-devel] [PATCH 06/14] cbs: Add padding to slice data allocations

Mark Thompson sw at jkqxz.net
Thu Nov 9 02:07:48 CET 2017


These may be read by the bitstream reader, so they should include the
necessary padding for overreads.
---
 libavcodec/cbs_h2645.c | 10 ++++++++--
 libavcodec/cbs_mpeg2.c |  5 ++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
index c4739a946..52b61eb61 100644
--- a/libavcodec/cbs_h2645.c
+++ b/libavcodec/cbs_h2645.c
@@ -781,13 +781,16 @@ static int cbs_h264_read_nal_unit(CodedBitstreamContext *ctx,
             }
 
             slice->data_size = len - pos / 8;
-            slice->data = av_malloc(slice->data_size);
+            slice->data = av_malloc(slice->data_size +
+                                    AV_INPUT_BUFFER_PADDING_SIZE);
             if (!slice->data) {
                 av_free(slice);
                 return AVERROR(ENOMEM);
             }
             memcpy(slice->data,
                    unit->data + pos / 8, slice->data_size);
+            memset(slice->data + slice->data_size, 0,
+                   AV_INPUT_BUFFER_PADDING_SIZE);
             slice->data_bit_start = pos % 8;
 
             unit->content = slice;
@@ -942,13 +945,16 @@ static int cbs_h265_read_nal_unit(CodedBitstreamContext *ctx,
             }
 
             slice->data_size = len - pos / 8;
-            slice->data = av_malloc(slice->data_size);
+            slice->data = av_malloc(slice->data_size +
+                                    AV_INPUT_BUFFER_PADDING_SIZE);
             if (!slice->data) {
                 av_free(slice);
                 return AVERROR(ENOMEM);
             }
             memcpy(slice->data,
                    unit->data + pos / 8, slice->data_size);
+            memset(slice->data + slice->data_size, 0,
+                   AV_INPUT_BUFFER_PADDING_SIZE);
             slice->data_bit_start = pos % 8;
 
             unit->content = slice;
diff --git a/libavcodec/cbs_mpeg2.c b/libavcodec/cbs_mpeg2.c
index 3a41e5452..cd8e1b66d 100644
--- a/libavcodec/cbs_mpeg2.c
+++ b/libavcodec/cbs_mpeg2.c
@@ -181,7 +181,8 @@ static int cbs_mpeg2_read_unit(CodedBitstreamContext *ctx,
         len = unit->data_size;
 
         slice->data_size = len - pos / 8;
-        slice->data = av_malloc(slice->data_size);
+        slice->data = av_malloc(slice->data_size +
+                                AV_INPUT_BUFFER_PADDING_SIZE);
         if (!slice->data) {
             av_free(slice);
             return AVERROR(ENOMEM);
@@ -189,6 +190,8 @@ static int cbs_mpeg2_read_unit(CodedBitstreamContext *ctx,
 
         memcpy(slice->data,
                unit->data + pos / 8, slice->data_size);
+        memset(slice->data + slice->data_size, 0,
+               AV_INPUT_BUFFER_PADDING_SIZE);
         slice->data_bit_start = pos % 8;
 
         unit->content = slice;
-- 
2.11.0



More information about the libav-devel mailing list