[MPlayer-cvslog] r29423 - in trunk/libass: ass.h ass_render.c
eugeni
subversion at mplayerhq.hu
Sat Jul 18 13:32:58 CEST 2009
Author: eugeni
Date: Sat Jul 18 13:32:58 2009
New Revision: 29423
Log:
Fix read after the end of allocated buffer.
Modified:
trunk/libass/ass.h
trunk/libass/ass_render.c
Modified: trunk/libass/ass.h
==============================================================================
--- trunk/libass/ass.h Sat Jul 18 06:31:55 2009 (r29422)
+++ trunk/libass/ass.h Sat Jul 18 13:32:58 2009 (r29423)
@@ -34,6 +34,8 @@ typedef struct ass_image_s {
int w, h; // bitmap width/height
int stride; // bitmap stride
unsigned char* bitmap; // 1bpp stride*h alpha buffer
+ // Actual bitmap size may be as low as
+ // stride * (h-1) + w
uint32_t color; // RGBA
int dst_x, dst_y; // bitmap placement inside the video frame
Modified: trunk/libass/ass_render.c
==============================================================================
--- trunk/libass/ass_render.c Sat Jul 18 06:31:55 2009 (r29422)
+++ trunk/libass/ass_render.c Sat Jul 18 13:32:58 2009 (r29423)
@@ -408,6 +408,21 @@ static ass_image_t** render_glyph(bitmap
}
/**
+ * \brief Replaces the bitmap buffer in ass_image_t with its copy.
+ *
+ * @param img Image to operate on.
+ * @return Address of the old buffer.
+ */
+static unsigned char* clone_bitmap_data(ass_image_t* img)
+{
+ unsigned char* old_bitmap = img->bitmap;
+ int size = img->stride * (img->h - 1) + img->w;
+ img->bitmap = malloc(size);
+ memcpy(img->bitmap, old_bitmap, size);
+ return old_bitmap;
+}
+
+/**
* \brief Calculate overlapping area of two consecutive bitmaps and in case they
* overlap, composite them together
* Mainly useful for translucent glyphs and especially borders, to avoid the
@@ -474,12 +489,8 @@ static void render_overlap(ass_image_t**
}
// Allocate new bitmaps and copy over data
- a = (*last_tail)->bitmap;
- b = (*tail)->bitmap;
- (*last_tail)->bitmap = malloc(as*ah);
- (*tail)->bitmap = malloc(bs*bh);
- memcpy((*last_tail)->bitmap, a, as*ah);
- memcpy((*tail)->bitmap, b, bs*bh);
+ a = clone_bitmap_data(*last_tail);
+ b = clone_bitmap_data(*tail);
// Composite overlapping area
for (y=0; y<h; y++)
More information about the MPlayer-cvslog
mailing list