[xiph-commits] r16099 - branches/theora-thusnelda/lib/dec
giles at svn.xiph.org
giles at svn.xiph.org
Wed Jun 10 11:50:57 PDT 2009
Author: giles
Date: 2009-06-10 11:50:57 -0700 (Wed, 10 Jun 2009)
New Revision: 16099
Modified:
branches/theora-thusnelda/lib/dec/decode.c
Log:
Fix a memory corruption error.
In r15977 the ref_frame_data member of oc_theora_state was changed from
a single data buffer to an array of three such buffers, but the code
which cleared the reference frame when an inter frame was received
without a previous intra frame, as from a damaged stream, was not updated,
resulting in the memset overwriting other parts of the state structures
and subsequent memory, generally resulting in a segfault.
Instead, clear the first such buffer. Patch from Timothy Terriberry.
Modified: branches/theora-thusnelda/lib/dec/decode.c
===================================================================
--- branches/theora-thusnelda/lib/dec/decode.c 2009-06-10 18:24:46 UTC (rev 16098)
+++ branches/theora-thusnelda/lib/dec/decode.c 2009-06-10 18:50:57 UTC (rev 16099)
@@ -1958,7 +1958,7 @@
cheight=yheight>>!(info->pixel_fmt&2);
yplane_sz=yhstride*(size_t)yheight;
cplane_sz=chstride*(size_t)cheight;
- memset(_dec->state.ref_frame_data,0x80,yplane_sz+2*cplane_sz);
+ memset(_dec->state.ref_frame_data[0],0x80,yplane_sz+2*cplane_sz);
}
else{
for(refi=0;refi==_dec->state.ref_frame_idx[OC_FRAME_GOLD]||
More information about the commits
mailing list