[FFmpeg-devel] [PATCH] ensure input buffer padding is always initialized to 0

Reimar Döffinger Reimar.Doeffinger
Sat Apr 11 12:29:17 CEST 2009 

Hello,
there are quite a few valgrind errors in all kinds of codecs because the
padding is not initialized to 0 as required.
Attached patch changes this. I have not checked if any of the code is
speed-critical enough to justify a more complicated method of doing
this, though in those cases av_fast_realloc should not have been used
since it involves a memcpy which AFAICT is completely useless in all
these cases (the previous data is not relevant).
-------------- next part --------------
Index: libavcodec/motionpixels.c
===================================================================
--- libavcodec/motionpixels.c	(revision 18427)
+++ libavcodec/motionpixels.c	(working copy)
@@ -298,6 +298,9 @@
 
     /* le32 bitstream msb first */
     mp->bswapbuf = av_fast_realloc(mp->bswapbuf, &mp->bswapbuf_size, buf_size + FF_INPUT_BUFFER_PADDING_SIZE);
+    if (!mp->bswapbuf)
+        return AVERROR(ENOMEM);
+    memset(mp->bswapbuf + buf_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
     mp->dsp.bswap_buf((uint32_t *)mp->bswapbuf, (const uint32_t *)buf, buf_size / 4);
     if (buf_size & 3)
         memcpy(mp->bswapbuf + (buf_size & ~3), buf + (buf_size & ~3), buf_size & 3);
Index: libavcodec/mimic.c
===================================================================
--- libavcodec/mimic.c	(revision 18427)
+++ libavcodec/mimic.c	(working copy)
@@ -338,6 +338,7 @@
                                  swap_buf_size + FF_INPUT_BUFFER_PADDING_SIZE);
     if(!ctx->swap_buf)
         return AVERROR_NOMEM;
+    memset(ctx->swap_buf + swap_buf_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
 
     ctx->dsp.bswap_buf((uint32_t*)ctx->swap_buf,
                         (const uint32_t*) buf,
Index: libavcodec/asv1.c
===================================================================
--- libavcodec/asv1.c	(revision 18427)
+++ libavcodec/asv1.c	(working copy)
@@ -408,6 +408,9 @@
     p->key_frame= 1;
 
     a->bitstream_buffer= av_fast_realloc(a->bitstream_buffer, &a->bitstream_buffer_size, buf_size + FF_INPUT_BUFFER_PADDING_SIZE);
+    if (!a->bitstream_buffer)
+        AVERROR(ENOMEM);
+    memset(a->bitstream_buffer + buf_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
 
     if(avctx->codec_id == CODEC_ID_ASV1)
         a->dsp.bswap_buf((uint32_t*)a->bitstream_buffer, (const uint32_t*)buf, buf_size/4);
Index: libavcodec/h264.c
===================================================================
--- libavcodec/h264.c	(revision 18427)
+++ libavcodec/h264.c	(working copy)
@@ -1417,6 +1417,7 @@
     if (dst == NULL){
         return NULL;
     }
+    memset(dst + length, 0, FF_INPUT_BUFFER_PADDING_SIZE);
 
 //printf("decoding esc\n");
     memcpy(dst, src, i);
Index: libavcodec/mdec.c
===================================================================
--- libavcodec/mdec.c	(revision 18427)
+++ libavcodec/mdec.c	(working copy)
@@ -175,6 +175,9 @@
     p->key_frame= 1;
 
     a->bitstream_buffer= av_fast_realloc(a->bitstream_buffer, &a->bitstream_buffer_size, buf_size + FF_INPUT_BUFFER_PADDING_SIZE);
+    if (!a->bitstream_buffer)
+        return AVERROR(ENOMEM);
+    memset(a->bitstream_buffer + buf_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
     for(i=0; i<buf_size; i+=2){
         a->bitstream_buffer[i]  = buf[i+1];
         a->bitstream_buffer[i+1]= buf[i  ];
Index: libavcodec/parser.c
===================================================================
--- libavcodec/parser.c	(revision 18427)
+++ libavcodec/parser.c	(working copy)
@@ -274,6 +274,7 @@
         pc->buffer = new_buffer;
         memcpy(&pc->buffer[pc->index], *buf, *buf_size);
         pc->index += *buf_size;
+        memset(&pc->buffer[pc->index], 0, FF_INPUT_BUFFER_PADDING_SIZE);
         return -1;
     }
 
Index: libavcodec/h263dec.c
===================================================================
--- libavcodec/h263dec.c	(revision 18427)
+++ libavcodec/h263dec.c	(working copy)
@@ -692,6 +692,7 @@
                 &s->allocated_bitstream_buffer_size,
                 buf_size - current_pos + FF_INPUT_BUFFER_PADDING_SIZE);
             memcpy(s->bitstream_buffer, buf + current_pos, buf_size - current_pos);
+            memset(s->bitstream_buffer + buf_size - current_pos, 0, FF_INPUT_BUFFER_PADDING_SIZE);
             s->bitstream_buffer_size= buf_size - current_pos;
         }
     }
Index: libavcodec/eatqi.c
===================================================================
--- libavcodec/eatqi.c	(revision 18427)
+++ libavcodec/eatqi.c	(working copy)
@@ -129,6 +129,7 @@
     t->bitstream_buf = av_fast_realloc(t->bitstream_buf, &t->bitstream_buf_size, (buf_end-buf) + FF_INPUT_BUFFER_PADDING_SIZE);
     if (!t->bitstream_buf)
         return -1;
+    memset(t->bitstream_buf + (buf_end-buf), 0, FF_INPUT_BUFFER_PADDING_SIZE);
     s->dsp.bswap_buf((uint32_t*)t->bitstream_buf, (const uint32_t*)buf, (buf_end-buf)/4);
     init_get_bits(&s->gb, t->bitstream_buf, 8*(buf_end-buf));
 
Index: libavcodec/4xm.c
===================================================================
--- libavcodec/4xm.c	(revision 18427)
+++ libavcodec/4xm.c	(working copy)
@@ -376,6 +376,9 @@
     }
 
     f->bitstream_buffer= av_fast_realloc(f->bitstream_buffer, &f->bitstream_buffer_size, bitstream_size + FF_INPUT_BUFFER_PADDING_SIZE);
+    if (!f->bitstream_buffer)
+        return AVERROR(ENOMEM);
+    memset(f->bitstream_buffer + bitstream_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
     f->dsp.bswap_buf((uint32_t*)f->bitstream_buffer, (const uint32_t*)(buf + extra), bitstream_size/4);
     init_get_bits(&f->gb, f->bitstream_buffer, 8*bitstream_size);
 
@@ -654,6 +657,9 @@
     prestream_size= length + buf - prestream;
 
     f->bitstream_buffer= av_fast_realloc(f->bitstream_buffer, &f->bitstream_buffer_size, prestream_size + FF_INPUT_BUFFER_PADDING_SIZE);
+    if (!f->bitstream_buffer)
+        return AVERROR(ENOMEM);
+    memset(f->bitstream_buffer + prestream_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
     f->dsp.bswap_buf((uint32_t*)f->bitstream_buffer, (const uint32_t*)prestream, prestream_size/4);
     init_get_bits(&f->pre_gb, f->bitstream_buffer, 8*prestream_size);
 
@@ -722,6 +728,7 @@
 
         memcpy(cfrm->data + cfrm->size, buf+20, data_size);
         cfrm->size += data_size;
+        memset(cfrm->data + cfrm->size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
 
         if(cfrm->size >= whole_size){
             buf= cfrm->data;
Index: libavcodec/huffyuv.c
===================================================================
--- libavcodec/huffyuv.c	(revision 18427)
+++ libavcodec/huffyuv.c	(working copy)
@@ -956,6 +956,9 @@
     AVFrame *picture = data;
 
     s->bitstream_buffer= av_fast_realloc(s->bitstream_buffer, &s->bitstream_buffer_size, buf_size + FF_INPUT_BUFFER_PADDING_SIZE);
+    if (!s->bitstream_buffer)
+        return AVERROR(ENOMEM);
+    memset(s->bitstream_buffer + buf_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
 
     s->dsp.bswap_buf((uint32_t*)s->bitstream_buffer, (const uint32_t*)buf, buf_size/4);

More information about the ffmpeg-devel mailing list