From: Tim-Philipp Müller <tim@centricular.net>
Date: Fri, 17 Feb 2006 17:54:05 +0000 (+0000)
Subject: ext/jpeg/gstjpegdec.c: Fix invalid memory access for some odd-sized images (see image... 
X-Git-Tag: RELEASE-0_10_1~8
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b73f81517653b316fcb1abab2cd88a9d9b253233;p=platform%2Fupstream%2Fgst-plugins-good.git

ext/jpeg/gstjpegdec.c: Fix invalid memory access for some odd-sized images (see image contained in quicktime stream i...

Original commit message from CVS:
* ext/jpeg/gstjpegdec.c: (gst_jpeg_dec_decode_direct),
(gst_jpeg_dec_chain):
Fix invalid memory access for some odd-sized images
(see image contained in quicktime stream in #327083);
use g_malloc() instead of g_alloca().
---

diff --git a/ChangeLog b/ChangeLog
index 3524d19..5b31cfb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2006-02-17  Tim-Philipp MÃ¼ller  <tim at centricular dot net>
+
+	* ext/jpeg/gstjpegdec.c: (gst_jpeg_dec_decode_direct),
+	(gst_jpeg_dec_chain):
+	  Fix invalid memory access for some odd-sized images
+	  (see image contained in quicktime stream in #327083);
+	  use g_malloc() instead of g_alloca().
+
 2006-02-17  Wim Taymans  <wim@fluendo.com>
 
 	* gst/rtp/gstrtpamrdepay.c: (gst_rtp_amr_depay_chain):
diff --git a/ext/jpeg/gstjpegdec.c b/ext/jpeg/gstjpegdec.c
index 0ad04c4..eb5fb81 100644
--- a/ext/jpeg/gstjpegdec.c
+++ b/ext/jpeg/gstjpegdec.c
@@ -655,12 +655,9 @@ gst_jpeg_dec_decode_direct (GstJpegDec * dec, guchar * base[3],
   guchar **line[3];             /* the jpeg line buffer */
   gint i, j, k;
 
-  line[0] = g_alloca ((r_v * DCTSIZE) * sizeof (guchar *));
-  line[1] = g_alloca ((r_v * DCTSIZE) * sizeof (guchar *));
-  line[2] = g_alloca ((r_v * DCTSIZE) * sizeof (guchar *));
-  memset (line[0], 0, (r_v * DCTSIZE) * sizeof (guchar *));
-  memset (line[1], 0, (r_v * DCTSIZE) * sizeof (guchar *));
-  memset (line[2], 0, (r_v * DCTSIZE) * sizeof (guchar *));
+  line[0] = g_new0 (guchar *, (r_v * DCTSIZE));
+  line[1] = g_new0 (guchar *, (r_v * DCTSIZE));
+  line[2] = g_new0 (guchar *, (r_v * DCTSIZE));
 
   /* let jpeglib decode directly into our final buffer */
   GST_DEBUG_OBJECT (dec, "decoding directly into output buffer");
@@ -685,6 +682,10 @@ gst_jpeg_dec_decode_direct (GstJpegDec * dec, guchar * base[3],
     }
     jpeg_read_raw_data (&dec->cinfo, line, r_v * DCTSIZE);
   }
+
+  g_free (line[0]);
+  g_free (line[1]);
+  g_free (line[2]);
 }
 
 
@@ -864,7 +865,7 @@ gst_jpeg_dec_chain (GstPad * pad, GstBuffer * buf)
    * copy over the data into our final picture buffer, otherwise jpeglib might
    * write over the end of a line into the beginning of the next line,
    * resulting in blocky artifacts on the left side of the picture. */
-  if ((I420_Y_ROWSTRIDE (width) % (dec->cinfo.max_h_samp_factor * DCTSIZE)) > 0) {
+  if (width % (dec->cinfo.max_h_samp_factor * DCTSIZE) != 0) {
     gst_jpeg_dec_decode_indirect (dec, base, last, width, height, r_v);
   } else {
     gst_jpeg_dec_decode_direct (dec, base, last, width, height, r_v);
