+2006-02-17 Tim-Philipp Müller <tim at centricular dot net>
+
+ * ext/jpeg/gstjpegdec.c: (gst_jpeg_dec_decode_direct),
+ (gst_jpeg_dec_chain):
+ Fix invalid memory access for some odd-sized images
+ (see image contained in quicktime stream in #327083);
+ use g_malloc() instead of g_alloca().
+
2006-02-17 Wim Taymans <wim@fluendo.com>
* gst/rtp/gstrtpamrdepay.c: (gst_rtp_amr_depay_chain):
guchar **line[3]; /* the jpeg line buffer */
gint i, j, k;
- line[0] = g_alloca ((r_v * DCTSIZE) * sizeof (guchar *));
- line[1] = g_alloca ((r_v * DCTSIZE) * sizeof (guchar *));
- line[2] = g_alloca ((r_v * DCTSIZE) * sizeof (guchar *));
- memset (line[0], 0, (r_v * DCTSIZE) * sizeof (guchar *));
- memset (line[1], 0, (r_v * DCTSIZE) * sizeof (guchar *));
- memset (line[2], 0, (r_v * DCTSIZE) * sizeof (guchar *));
+ line[0] = g_new0 (guchar *, (r_v * DCTSIZE));
+ line[1] = g_new0 (guchar *, (r_v * DCTSIZE));
+ line[2] = g_new0 (guchar *, (r_v * DCTSIZE));
/* let jpeglib decode directly into our final buffer */
GST_DEBUG_OBJECT (dec, "decoding directly into output buffer");
}
jpeg_read_raw_data (&dec->cinfo, line, r_v * DCTSIZE);
}
+
+ g_free (line[0]);
+ g_free (line[1]);
+ g_free (line[2]);
}
* copy over the data into our final picture buffer, otherwise jpeglib might
* write over the end of a line into the beginning of the next line,
* resulting in blocky artifacts on the left side of the picture. */
- if ((I420_Y_ROWSTRIDE (width) % (dec->cinfo.max_h_samp_factor * DCTSIZE)) > 0) {
+ if (width % (dec->cinfo.max_h_samp_factor * DCTSIZE) != 0) {
gst_jpeg_dec_decode_indirect (dec, base, last, width, height, r_v);
} else {
gst_jpeg_dec_decode_direct (dec, base, last, width, height, r_v);
projects / platform / upstream / gst-plugins-good.git / commitdiff