avcodec/g2meet: Fix framebuf size

Currently the code can in some cases draw tiles that hang outside the allocated buffer. This patch increases the buffer size to avoid out of array accesses. An alternative would be to fail if such tiles are encountered. I do not know if any valid files use such hanging tiles. Fixes Ticket2971 Found-by: ami_stuff Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e07ac727c1cc9eed39e7f9117c97006f719864bd) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-09-21 23:34:11 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2013-09-23 21:46:15 +0200
commit: 2b06f5f8f15a4464c74405cd7da57da2d6be5d36 (patch)
tree: 42c46c4b8b3ee178dcc52506890aeb2100c88f33
parent: 0a64b25c77320577a54203b2c7e5f3da4ae36e40 (diff)
download: ffmpeg-2b06f5f8f15a4464c74405cd7da57da2d6be5d36.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c
index 1822c5e274..1634059f16 100644
--- a/libavcodec/g2meet.c
+++ b/libavcodec/g2meet.c
@@ -443,8 +443,8 @@ static int g2m_init_buffers(G2MContext *c)
     int aligned_height;
 
     if (!c->framebuf || c->old_width < c->width || c->old_height < c->height) {
-        c->framebuf_stride = FFALIGN(c->width * 3, 16);
-        aligned_height     = FFALIGN(c->height,    16);
+        c->framebuf_stride = FFALIGN(c->width + 15, 16) * 3;
+        aligned_height     = c->height + 15;
         av_free(c->framebuf);
         c->framebuf = av_mallocz(c->framebuf_stride * aligned_height);
         if (!c->framebuf)
author	Michael Niedermayer <michaelni@gmx.at>	2013-09-21 23:34:11 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2013-09-23 21:46:15 +0200
commit	2b06f5f8f15a4464c74405cd7da57da2d6be5d36 (patch)
tree	42c46c4b8b3ee178dcc52506890aeb2100c88f33
parent	0a64b25c77320577a54203b2c7e5f3da4ae36e40 (diff)
download	ffmpeg-2b06f5f8f15a4464c74405cd7da57da2d6be5d36.tar.gz