[MPlayer-dev-eng] [PATCH] safe lzo decompression should be used
Reimar Döffinger
Reimar.Doeffinger at stud.uni-karlsruhe.de
Sun Apr 9 11:22:00 CEST 2006
Hi,
currently some decoders in libmpcodecs use lzo1x_decompress instead of
lzo1x_decompress_safe, which means that there are no checks at all if
the data fits in the output buffer. Despite the speed loss I think this
really needs to be fixed (see attached patch). If speed really matters
that much for somebody it would still be possible to add an switch to
configure (like --extra-insecure :-P)
Greetings,
Reimar Döffinger
-------------- next part --------------
Index: libmpcodecs/vd_lzo.c
===================================================================
RCS file: /cvsroot/mplayer/main/libmpcodecs/vd_lzo.c,v
retrieving revision 1.7
diff -u -r1.7 vd_lzo.c
--- libmpcodecs/vd_lzo.c 8 Mar 2006 10:50:16 -0000 1.7
+++ libmpcodecs/vd_lzo.c 9 Apr 2006 09:16:01 -0000
@@ -119,7 +119,8 @@
);
/* decompress the frame */
- r = lzo1x_decompress (data, len, tmp, &w, priv->wrkmem);
+ w = sh->bih->biSizeImage;
+ r = lzo1x_decompress_safe (data, len, tmp, &w, priv->wrkmem);
free(tmp);
if (r != LZO_E_OK) {
@@ -154,7 +155,8 @@
return NULL;
}
- r = lzo1x_decompress (data, len, mpi->planes[0], &w, priv->wrkmem);
+ w = mpi->w * mpi->h;
+ r = lzo1x_decompress_safe (data, len, mpi->planes[0], &w, priv->wrkmem);
if (r != LZO_E_OK) {
/* this should NEVER happen */
mp_msg (MSGT_DECVIDEO, MSGL_ERR,
Index: libmpcodecs/native/nuppelvideo.c
===================================================================
RCS file: /cvsroot/mplayer/main/libmpcodecs/native/nuppelvideo.c,v
retrieving revision 1.11
diff -u -r1.11 nuppelvideo.c
--- libmpcodecs/native/nuppelvideo.c 18 Nov 2005 14:39:25 -0000 1.11
+++ libmpcodecs/native/nuppelvideo.c 9 Apr 2006 09:16:09 -0000
@@ -27,7 +27,7 @@
unsigned char *decoded, int width, int height)
{
int r;
- unsigned int out_len;
+ unsigned int out_len = width * height + ( width * height ) / 2;
struct rtframeheader *encodedh = ( struct rtframeheader* ) encoded;
static unsigned char *buffer = 0; /* for RTJpeg with LZO decompress */
#ifdef KEEP_BUFFER
@@ -56,7 +56,7 @@
{
#ifdef KEEP_BUFFER
if (!previous_buffer)
- previous_buffer = ( unsigned char * ) malloc ( width * height + ( width * height ) / 2 );
+ previous_buffer = ( unsigned char * ) malloc ( out_len );
#endif
if (((encodedh->comptype == '2') ||
@@ -74,20 +74,20 @@
switch(encodedh->comptype)
{
case '0': /* raw YUV420 */
- memcpy(decoded, encoded + 12, width*height*3/2);
+ memcpy(decoded, encoded + 12, out_len);
break;
case '1': /* RTJpeg */
RTjpeg_decompressYUV420 ( ( __s8 * ) encoded + 12, decoded );
break;
case '2': /* RTJpeg with LZO */
if (!buffer)
- buffer = ( unsigned char * ) malloc ( width * height + ( width * height ) / 2 );
+ buffer = ( unsigned char * ) malloc ( out_len );
if (!buffer)
{
mp_msg(MSGT_DECVIDEO, MSGL_ERR, "Nuppelvideo: error decompressing\n");
break;
}
- r = lzo1x_decompress ( encoded + 12, encodedh->packetlength, buffer, &out_len, NULL );
+ r = lzo1x_decompress_safe ( encoded + 12, encodedh->packetlength, buffer, &out_len, NULL );
if ( r != LZO_E_OK )
{
mp_msg(MSGT_DECVIDEO, MSGL_ERR, "Nuppelvideo: error decompressing\n");
@@ -96,7 +96,7 @@
RTjpeg_decompressYUV420 ( ( __s8 * ) buffer, decoded );
break;
case '3': /* raw YUV420 with LZO */
- r = lzo1x_decompress ( encoded + 12, encodedh->packetlength, decoded, &out_len, NULL );
+ r = lzo1x_decompress_safe ( encoded + 12, encodedh->packetlength, decoded, &out_len, NULL );
if ( r != LZO_E_OK )
{
mp_msg(MSGT_DECVIDEO, MSGL_ERR, "Nuppelvideo: error decompressing\n");
More information about the MPlayer-dev-eng
mailing list