cbs: Add padding to slice data allocations
authorMark Thompson <sw@jkqxz.net>
Thu, 9 Nov 2017 01:04:20 +0000 (01:04 +0000)
committerMark Thompson <sw@jkqxz.net>
Sat, 2 Dec 2017 15:21:30 +0000 (15:21 +0000)
These may be read by the bitstream reader, so they should include the
necessary padding for overreads.

libavcodec/cbs_h2645.c
libavcodec/cbs_mpeg2.c

index 61729cc..00eed0f 100644 (file)
@@ -781,13 +781,16 @@ static int cbs_h264_read_nal_unit(CodedBitstreamContext *ctx,
             }
 
             slice->data_size = len - pos / 8;
-            slice->data = av_malloc(slice->data_size);
+            slice->data = av_malloc(slice->data_size +
+                                    AV_INPUT_BUFFER_PADDING_SIZE);
             if (!slice->data) {
                 av_free(slice);
                 return AVERROR(ENOMEM);
             }
             memcpy(slice->data,
                    unit->data + pos / 8, slice->data_size);
+            memset(slice->data + slice->data_size, 0,
+                   AV_INPUT_BUFFER_PADDING_SIZE);
             slice->data_bit_start = pos % 8;
 
             unit->content = slice;
@@ -943,13 +946,16 @@ static int cbs_h265_read_nal_unit(CodedBitstreamContext *ctx,
             }
 
             slice->data_size = len - pos / 8;
-            slice->data = av_malloc(slice->data_size);
+            slice->data = av_malloc(slice->data_size +
+                                    AV_INPUT_BUFFER_PADDING_SIZE);
             if (!slice->data) {
                 av_free(slice);
                 return AVERROR(ENOMEM);
             }
             memcpy(slice->data,
                    unit->data + pos / 8, slice->data_size);
+            memset(slice->data + slice->data_size, 0,
+                   AV_INPUT_BUFFER_PADDING_SIZE);
             slice->data_bit_start = pos % 8;
 
             unit->content = slice;
index 3c09377..8a4da96 100644 (file)
@@ -181,7 +181,8 @@ static int cbs_mpeg2_read_unit(CodedBitstreamContext *ctx,
         len = unit->data_size;
 
         slice->data_size = len - pos / 8;
-        slice->data = av_malloc(slice->data_size);
+        slice->data = av_malloc(slice->data_size +
+                                AV_INPUT_BUFFER_PADDING_SIZE);
         if (!slice->data) {
             av_free(slice);
             return AVERROR(ENOMEM);
@@ -189,6 +190,8 @@ static int cbs_mpeg2_read_unit(CodedBitstreamContext *ctx,
 
         memcpy(slice->data,
                unit->data + pos / 8, slice->data_size);
+        memset(slice->data + slice->data_size, 0,
+               AV_INPUT_BUFFER_PADDING_SIZE);
         slice->data_bit_start = pos % 8;
 
         unit->content = slice;