[Mplayer-cvslog] CVS: main/Gui/bitmap bitmap.c,1.8,1.9
Jürgen Keil
jkeil at mplayerhq.hu
Tue Sep 10 14:38:35 CEST 2002
Update of /cvsroot/mplayer/main/Gui/bitmap
In directory mail:/var/tmp.root/cvs-serv7909
Modified Files:
bitmap.c
Log Message:
Off-by-one error allocating bitmap, when (width*height) % 8 != 0
The code was writing beyond allocated memory, and could corrupt malloc heap.
Index: bitmap.c
===================================================================
RCS file: /cvsroot/mplayer/main/Gui/bitmap/bitmap.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- bitmap.c 4 Sep 2002 09:36:03 -0000 1.8
+++ bitmap.c 10 Sep 2002 12:38:19 -0000 1.9
@@ -114,7 +114,7 @@
out->Width=in->Width;
out->Height=in->Height;
out->BPP=1;
- out->ImageSize=out->Width * out->Height / 8;
+ out->ImageSize=(out->Width * out->Height + 7) / 8;
mp_dbg( MSGT_GPLAYER,MSGL_DBG2,"[c1to32] imagesize: %d\n",out->ImageSize );
out->Image=(char *)calloc( 1,out->ImageSize );
if ( out->Image == NULL ) mp_msg( MSGT_GPLAYER,MSGL_STATUS,"nem van ram baze\n" );
More information about the MPlayer-cvslog
mailing list