From 83ae540225cfcadb34d963faec3d4753f035dbd3 Mon Sep 17 00:00:00 2001 From: Rainer Hochecker Date: Sat, 17 Feb 2018 15:31:08 +0100 Subject: [PATCH] paplayer (vp): fix out-of-bounds error in audiocodec passthrough --- .../Audio/DVDAudioCodecPassthrough.cpp | 21 +++++++++++++------ .../Audio/DVDAudioCodecPassthrough.h | 13 ++++++------ 2 files changed, 22 insertions(+), 12 deletions(-) diff --git a/xbmc/cores/VideoPlayer/DVDCodecs/Audio/DVDAudioCodecPassthrough.cpp b/xbmc/cores/VideoPlayer/DVDCodecs/Audio/DVDAudioCodecPassthrough.cpp index 154d4ef53987a..09c50013caf8e 100644 --- a/xbmc/cores/VideoPlayer/DVDCodecs/Audio/DVDAudioCodecPassthrough.cpp +++ b/xbmc/cores/VideoPlayer/DVDCodecs/Audio/DVDAudioCodecPassthrough.cpp @@ -34,12 +34,7 @@ extern "C" { #define TRUEHD_BUF_SIZE 61440 CDVDAudioCodecPassthrough::CDVDAudioCodecPassthrough(CProcessInfo &processInfo, CAEStreamInfo::DataType streamType) : - CDVDAudioCodec(processInfo), - m_buffer(NULL), - m_bufferSize(0), - m_currentPts(DVD_NOPTS_VALUE), - m_nextPts(DVD_NOPTS_VALUE), - m_trueHDoffset(0) + CDVDAudioCodec(processInfo) { m_format.m_streamInfo.m_type = streamType; } @@ -96,6 +91,10 @@ void CDVDAudioCodecPassthrough::Dispose() m_buffer = NULL; } + free(m_backlogBuffer); + m_backlogBuffer = nullptr; + m_backlogBufferSize = 0; + m_bufferSize = 0; } @@ -146,6 +145,11 @@ bool CDVDAudioCodecPassthrough::AddData(const DemuxPacket &packet) if (used != iSize) { + if (m_backlogBufferSize < (iSize - used)) + { + m_backlogBufferSize = std::max(61440, iSize - used); + m_backlogBuffer = static_cast(realloc(m_backlogBuffer, m_backlogBufferSize)); + } m_backlogSize = iSize - used; memcpy(m_backlogBuffer, pData + used, m_backlogSize); used = iSize; @@ -153,6 +157,11 @@ bool CDVDAudioCodecPassthrough::AddData(const DemuxPacket &packet) } else if (pData) { + if (m_backlogBufferSize < (m_backlogSize + iSize)) + { + m_backlogBufferSize = std::max(61440, static_cast(m_backlogSize + iSize)); + m_backlogBuffer = static_cast(realloc(m_backlogBuffer, m_backlogBufferSize)); + } memcpy(m_backlogBuffer + m_backlogSize, pData, iSize); m_backlogSize += iSize; used = iSize; diff --git a/xbmc/cores/VideoPlayer/DVDCodecs/Audio/DVDAudioCodecPassthrough.h b/xbmc/cores/VideoPlayer/DVDCodecs/Audio/DVDAudioCodecPassthrough.h index 128e83ee287f0..8fdeed2f9c91b 100644 --- a/xbmc/cores/VideoPlayer/DVDCodecs/Audio/DVDAudioCodecPassthrough.h +++ b/xbmc/cores/VideoPlayer/DVDCodecs/Audio/DVDAudioCodecPassthrough.h @@ -49,17 +49,18 @@ class CDVDAudioCodecPassthrough : public CDVDAudioCodec private: CAEStreamParser m_parser; - uint8_t* m_buffer; - unsigned int m_bufferSize; + uint8_t* m_buffer = nullptr; + unsigned int m_bufferSize = 0; unsigned int m_dataSize = 0; AEAudioFormat m_format; - uint8_t m_backlogBuffer[61440]; + uint8_t *m_backlogBuffer = nullptr; + unsigned int m_backlogBufferSize = 0; unsigned int m_backlogSize = 0; - double m_currentPts; - double m_nextPts; + double m_currentPts = DVD_NOPTS_VALUE; + double m_nextPts = DVD_NOPTS_VALUE; // TrueHD specifics std::unique_ptr m_trueHDBuffer; - unsigned int m_trueHDoffset; + unsigned int m_trueHDoffset = 0; };