From ada798ad2c4a57319e400e2b8939f60e4e6aa92f Mon Sep 17 00:00:00 2001 From: Kitae Kim Date: Fri, 28 Dec 2012 13:19:53 +0900 Subject: [PATCH] marucodec: Added exeption routine in the qemu_av_picture_copy func. Before calling av_picture_copy, there is memory allocation for a frame. When the memory allocation is failed, av_picture_copy call make qemu crashed. So, added exeption routine in case of memory allocation failure in host. Signed-off-by: Kitae Kim --- tizen/src/hw/maru_codec.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/tizen/src/hw/maru_codec.c b/tizen/src/hw/maru_codec.c index 32d55ba..7c0daed 100644 --- a/tizen/src/hw/maru_codec.c +++ b/tizen/src/hw/maru_codec.c @@ -426,6 +426,9 @@ static int qemu_avpicture_fill(AVPicture *picture, uint8_t *ptr, size2 = stride2 * h2; fsize = size + 2 * size2; + TRACE("stride: %d, stride2: %d, size: %d, size2: %d, fsize: %d\n", + stride, stride2, size, size2, fsize); + ptr = av_mallocz(fsize); if (!ptr) { ERR("failed to allocate memory.\n"); @@ -884,7 +887,6 @@ int qemu_avcodec_encode_video(SVCodecState *s, int ctx_index) AVFrame *pict = NULL; uint8_t *inputBuf = NULL; int outbufSize = 0; - int numBytes = 0; int bPict = -1; int size = 0; int ret = -1; @@ -913,17 +915,19 @@ int qemu_avcodec_encode_video(SVCodecState *s, int ctx_index) size += qemu_deserialize_frame((uint8_t *)s->vaddr + offset + size, pict); - numBytes = - avpicture_get_size(avctx->pix_fmt, avctx->width, avctx->height); - TRACE("[%s] input buffer size :%d\n", __func__, numBytes); - inputBuf = (uint8_t *)s->vaddr + offset + size; if (!inputBuf) { ERR("[%s] failed to get input buffer\n", __func__); return ret; } +#if 0 ret = avpicture_fill((AVPicture *)pict, inputBuf, avctx->pix_fmt, avctx->width, avctx->height); +#endif + + ret = qemu_avpicture_fill((AVPicture *)pict, inputBuf, avctx->pix_fmt, + avctx->width, avctx->height); + if (ret < 0) { ERR("after avpicture_fill, ret:%d\n", ret); } @@ -1074,12 +1078,12 @@ int qemu_avcodec_encode_audio(SVCodecState *s, int ctx_index) */ void qemu_av_picture_copy(SVCodecState *s, int ctx_index) { - AVCodecContext *avctx; + AVCodecContext *avctx = NULL; AVPicture dst; - AVPicture *src; - int numBytes; + AVPicture *src = NULL; + int numBytes = 0; uint8_t *buffer = NULL; - off_t offset; + off_t offset = 0; TRACE("Enter :%s\n", __func__); qemu_mutex_lock(&s->thread_mutex); @@ -1097,6 +1101,11 @@ void qemu_av_picture_copy(SVCodecState *s, int ctx_index) numBytes = qemu_avpicture_fill(&dst, buffer, avctx->pix_fmt, avctx->width, avctx->height); TRACE("after avpicture_fill: %d\n", numBytes); + if (numBytes < 0) { + ERR("picture size:%d is wrong.\n", numBytes); + qemu_mutex_unlock(&s->thread_mutex); + return; + } av_picture_copy(&dst, src, avctx->pix_fmt, avctx->width, avctx->height); memcpy((uint8_t *)s->vaddr + offset, dst.data[0], numBytes); -- 2.7.4