From 453747f9e5d8b719b46d1f0c82bc06b92fdfa2ca Mon Sep 17 00:00:00 2001 From: uau Date: Thu, 27 Apr 2006 02:46:33 +0000 Subject: [PATCH] Fix memory corruption in vd_libmpeg2 git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@18302 b3059339-0415-0410-9bf9-f77b7e298cf2 --- libmpcodecs/vd_libmpeg2.c | 38 +++++++++++++++++++++++++++++--------- libmpcodecs/vf.c | 1 + 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/libmpcodecs/vd_libmpeg2.c b/libmpcodecs/vd_libmpeg2.c index debbbb0e5f..f07e49614b 100644 --- a/libmpcodecs/vd_libmpeg2.c +++ b/libmpcodecs/vd_libmpeg2.c @@ -29,9 +29,16 @@ LIBVD_EXTERN(libmpeg2) #include "cpudetect.h" +typedef struct { + mpeg2dec_t *mpeg2dec; + int quant_store_idx; + char *quant_store[3]; +} vd_libmpeg2_ctx_t; + // to set/get/query special features/parameters static int control(sh_video_t *sh,int cmd,void* arg,...){ - mpeg2dec_t * mpeg2dec = sh->context; + vd_libmpeg2_ctx_t *context = sh->context; + mpeg2dec_t * mpeg2dec = context->mpeg2dec; const mpeg2_info_t * info = mpeg2_info (mpeg2dec); switch(cmd) { @@ -52,6 +59,7 @@ static int control(sh_video_t *sh,int cmd,void* arg,...){ // init driver static int init(sh_video_t *sh){ + vd_libmpeg2_ctx_t *context; mpeg2dec_t * mpeg2dec; // const mpeg2_info_t * info; int accel; @@ -75,8 +83,10 @@ static int init(sh_video_t *sh){ if(!mpeg2dec) return 0; mpeg2_custom_fbuf(mpeg2dec,1); // enable DR1 - - sh->context=mpeg2dec; + + context = calloc(1, sizeof(vd_libmpeg2_ctx_t)); + context->mpeg2dec = mpeg2dec; + sh->context = context; mpeg2dec->pending_buffer = 0; mpeg2dec->pending_length = 0; @@ -86,16 +96,22 @@ static int init(sh_video_t *sh){ // uninit driver static void uninit(sh_video_t *sh){ - mpeg2dec_t * mpeg2dec = sh->context; + int i; + vd_libmpeg2_ctx_t *context = sh->context; + mpeg2dec_t * mpeg2dec = context->mpeg2dec; if (mpeg2dec->pending_buffer) free(mpeg2dec->pending_buffer); mpeg2dec->decoder.convert=NULL; mpeg2dec->decoder.convert_id=NULL; mpeg2_close (mpeg2dec); + for (i=0; i < 3; i++) + free(context->quant_store[i]); + free(sh->context); } static void draw_slice (void * _sh, uint8_t * const * src, unsigned int y){ sh_video_t* sh = (sh_video_t*) _sh; - mpeg2dec_t* mpeg2dec = sh->context; + vd_libmpeg2_ctx_t *context = sh->context; + mpeg2dec_t* mpeg2dec = context->mpeg2dec; const mpeg2_info_t * info = mpeg2_info (mpeg2dec); int stride[3]; @@ -113,7 +129,8 @@ static void draw_slice (void * _sh, uint8_t * const * src, unsigned int y){ // decode a frame static mp_image_t* decode(sh_video_t *sh,void* data,int len,int flags){ - mpeg2dec_t * mpeg2dec = sh->context; + vd_libmpeg2_ctx_t *context = sh->context; + mpeg2dec_t * mpeg2dec = context->mpeg2dec; const mpeg2_info_t * info = mpeg2_info (mpeg2dec); int drop_frame, framedrop=flags&3; @@ -200,9 +217,12 @@ static mp_image_t* decode(sh_video_t *sh,void* data,int len,int flags){ mpi_new->fields |= MP_IMGFIELD_ORDERED; #ifdef MPEG12_POSTPROC - if(!mpi_new->qscale){ - mpi_new->qstride=info->sequence->width>>4; - mpi_new->qscale=malloc(mpi_new->qstride*(info->sequence->height>>4)); + mpi_new->qstride=info->sequence->width>>4; + { + char **p = &context->quant_store[type==PIC_FLAG_CODING_TYPE_B ? + 2 : (context->quant_store_idx ^= 1)]; + *p = realloc(*p, mpi_new->qstride*(info->sequence->height>>4)); + mpi_new->qscale = *p; } mpeg2dec->decoder.quant_store=mpi_new->qscale; mpeg2dec->decoder.quant_stride=mpi_new->qstride; diff --git a/libmpcodecs/vf.c b/libmpcodecs/vf.c index f34bca1044..a9bff4b771 100644 --- a/libmpcodecs/vf.c +++ b/libmpcodecs/vf.c @@ -412,6 +412,7 @@ mp_image_t* vf_get_image(vf_instance_t* vf, unsigned int outfmt, int mp_imgtype, mpi->flags|=MP_IMGFLAG_TYPE_DISPLAYED; } + mpi->qscale = NULL; } // printf("\rVF_MPI: %p %p %p %d %d %d \n", // mpi->planes[0],mpi->planes[1],mpi->planes[2],