Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

[fixes] Fix a couple of EXC_BAD_ACCESS memory access bugs on OSX that cause real instability #2991

Merged
merged 2 commits into from

3 participants

night199uk davilla Memphiz
night199uk
Collaborator

These 2 bugs cause a significant amount of crashes on OSX especially when scanning movies and downloading images.

night199uk added some commits
night199uk night199uk [fix] string copy allocated in function params can be destroyed befor…
…e access via *end pointer causing EXC_BAD_ACCESS
37f3554
night199uk night199uk [fix] ffmpeg uses a 16-byte stride when scaling images, which can ove…
…rrun the texture buffer which is only 2-byte aligned, causing a segfault on OSX/iOS
2a3ad14
night199uk night199uk merged commit c18fcf2 into from
Memphiz
Owner

awesome catch - thx - this should fix software rendering on those systems :)

davilla
Collaborator

nice catch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jul 20, 2013
  1. night199uk

    [fix] string copy allocated in function params can be destroyed befor…

    night199uk authored
    …e access via *end pointer causing EXC_BAD_ACCESS
Commits on Jul 22, 2013
  1. night199uk

    [fix] ffmpeg uses a 16-byte stride when scaling images, which can ove…

    night199uk authored
    …rrun the texture buffer which is only 2-byte aligned, causing a segfault on OSX/iOS
This page is out of date. Refresh to see the latest.
Showing with 17 additions and 7 deletions.
  1. +5 −1 xbmc/guilib/Texture.cpp
  2. +12 −6 xbmc/utils/Variant.cpp
6 xbmc/guilib/Texture.cpp
View
@@ -87,7 +87,11 @@ void CBaseTexture::Allocate(unsigned int width, unsigned int height, unsigned in
// we crash in CPicture::ScaleImage in ffmpegs swscale
// because it tries to access beyond the source memory
// (happens on osx and ios)
- m_textureWidth = ((m_textureWidth + 1) / 2) * 2;
+ // UPDATE: don't just update to be on an even width;
+ // ffmpegs swscale relies on a 16-byte stride on some systems
+ // so the textureWidth needs to be a multiple of 16. see ffmpeg
+ // swscale headers for more info.
+ m_textureWidth = ((m_textureWidth + 15) / 16) * 16;
}
// check for max texture size
18 xbmc/utils/Variant.cpp
View
@@ -65,7 +65,8 @@ wstring trimRight(const wstring &str)
int64_t str2int64(const string &str, int64_t fallback /* = 0 */)
{
char *end = NULL;
- int64_t result = strtoll(trimRight(str).c_str(), &end, 0);
+ string tmp = trimRight(str);
+ int64_t result = strtoll(tmp.c_str(), &end, 0);
if (end == NULL || *end == '\0')
return result;
@@ -75,7 +76,8 @@ int64_t str2int64(const string &str, int64_t fallback /* = 0 */)
int64_t str2int64(const wstring &str, int64_t fallback /* = 0 */)
{
wchar_t *end = NULL;
- int64_t result = wcstoll(trimRight(str).c_str(), &end, 0);
+ wstring tmp = trimRight(str);
+ int64_t result = wcstoll(tmp.c_str(), &end, 0);
if (end == NULL || *end == '\0')
return result;
@@ -85,7 +87,8 @@ int64_t str2int64(const wstring &str, int64_t fallback /* = 0 */)
uint64_t str2uint64(const string &str, uint64_t fallback /* = 0 */)
{
char *end = NULL;
- uint64_t result = strtoull(trimRight(str).c_str(), &end, 0);
+ string tmp = trimRight(str);
+ uint64_t result = strtoull(tmp.c_str(), &end, 0);
if (end == NULL || *end == '\0')
return result;
@@ -95,7 +98,8 @@ uint64_t str2uint64(const string &str, uint64_t fallback /* = 0 */)
uint64_t str2uint64(const wstring &str, uint64_t fallback /* = 0 */)
{
wchar_t *end = NULL;
- uint64_t result = wcstoull(trimRight(str).c_str(), &end, 0);
+ wstring tmp = trimRight(str);
+ uint64_t result = wcstoull(tmp.c_str(), &end, 0);
if (end == NULL || *end == '\0')
return result;
@@ -105,7 +109,8 @@ uint64_t str2uint64(const wstring &str, uint64_t fallback /* = 0 */)
double str2double(const string &str, double fallback /* = 0.0 */)
{
char *end = NULL;
- double result = strtod(trimRight(str).c_str(), &end);
+ string tmp = trimRight(str);
+ double result = strtod(tmp.c_str(), &end);
if (end == NULL || *end == '\0')
return result;
@@ -115,7 +120,8 @@ double str2double(const string &str, double fallback /* = 0.0 */)
double str2double(const wstring &str, double fallback /* = 0.0 */)
{
wchar_t *end = NULL;
- double result = wcstod(trimRight(str).c_str(), &end);
+ wstring tmp = trimRight(str);
+ double result = wcstod(tmp.c_str(), &end);
if (end == NULL || *end == '\0')
return result;
Something went wrong with that request. Please try again.