[FFmpeg-devel] [PATCH 3/4] proresenc_kostya: realloc if buffer too small
Christophe Gisquet
christophe.gisquet at gmail.com
Tue Aug 12 00:06:09 CEST 2014
The buffer allocation may be incorrect (e.g. with an alpha plane),
and currently causes the buffer to be set to NULL by init_put_bits,
later on causing crashing.
So, detect that situation, and if detected, reallocate the buffer
and ask a sample if it happens.
Fixes ticket #2760
---
libavcodec/proresenc_kostya.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/libavcodec/proresenc_kostya.c b/libavcodec/proresenc_kostya.c
index a70ae3c..2cd33ce 100644
--- a/libavcodec/proresenc_kostya.c
+++ b/libavcodec/proresenc_kostya.c
@@ -1023,6 +1023,30 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt,
bytestream_put_byte(&buf, slice_hdr_size << 3);
slice_hdr = buf;
buf += slice_hdr_size - 1;
+ if (pkt_size <= buf - orig_buf) {
+ static int warn = 0;
+ uint8_t *start = pkt->data;
+ int ret, delta = buf - orig_buf; // double the size
+
+ if (!warn) {
+ avpriv_request_sample(avctx,
+ "Packet too small (%i/%i)",
+ pkt_size, delta);
+ }
+ ctx->frame_size_upper_bound += delta;
+ ret = av_grow_packet(pkt, delta);
+ if (ret < 0)
+ return AVERROR(ENOMEM);
+
+ pkt_size += delta;
+ // restore pointers
+ orig_buf = pkt->data + (orig_buf - start);
+ buf = pkt->data + (buf - start);
+ picture_size_pos = pkt->data + (picture_size_pos - start);
+ slice_sizes = pkt->data + (slice_sizes - start);
+ slice_hdr = pkt->data + (slice_hdr - start);
+ tmp = pkt->data + (tmp - start);
+ }
init_put_bits(&pb, buf, (pkt_size - (buf - orig_buf)) * 8);
ret = encode_slice(avctx, pic, &pb, sizes, x, y, q, mbs_per_slice);
if (ret < 0)
--
1.9.2.msysgit.0
More information about the ffmpeg-devel
mailing list