From: Limin Wang <lance.lmw...@gmail.com>
Signed-off-by: Limin Wang <lance.lmw...@gmail.com>
---
libavcodec/mpeg12dec.c | 73 +++++++++++++++++++++++++++-----------------------
1 file changed, 40 insertions(+), 33 deletions(-)
diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c
index 775579f..86cdebd 100644
--- a/libavcodec/mpeg12dec.c
+++ b/libavcodec/mpeg12dec.c
@@ -57,8 +57,7 @@ typedef struct Mpeg1Context {
AVPanScan pan_scan; /* some temporary storage for the panscan */
AVStereo3D stereo3d;
int has_stereo3d;
- uint8_t *a53_caption;
- int a53_caption_size;
+ AVBufferRef *a53_buf_ref;
uint8_t afd;
int has_afd;
int slice_count;
@@ -1630,13 +1629,13 @@ static int mpeg_field_start(MpegEncContext *s, const
uint8_t *buf, int buf_size)
return AVERROR(ENOMEM);
memcpy(pan_scan->data, &s1->pan_scan, sizeof(s1->pan_scan));
- if (s1->a53_caption) {
- AVFrameSideData *sd = av_frame_new_side_data(
+ if (s1->a53_buf_ref) {
+ AVFrameSideData *sd = av_frame_new_side_data_from_buf(
s->current_picture_ptr->f, AV_FRAME_DATA_A53_CC,
- s1->a53_caption_size);
- if (sd)
- memcpy(sd->data, s1->a53_caption, s1->a53_caption_size);
- av_freep(&s1->a53_caption);
+ s1->a53_buf_ref);
+ if (!sd)
+ av_buffer_unref(&s1->a53_buf_ref);
+ s1->a53_buf_ref = NULL;
}
if (s1->has_stereo3d) {
@@ -2238,14 +2237,18 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
/* extract A53 Part 4 CC data */
int cc_count = p[5] & 0x1f;
if (cc_count > 0 && buf_size >= 7 + cc_count * 3) {
- av_freep(&s1->a53_caption);
- s1->a53_caption_size = cc_count * 3;
- s1->a53_caption = av_malloc(s1->a53_caption_size);
- if (!s1->a53_caption) {
- s1->a53_caption_size = 0;
- } else {
- memcpy(s1->a53_caption, p + 7, s1->a53_caption_size);
- }
+ int old_size = s1->a53_buf_ref ? s1->a53_buf_ref->size : 0;
+ const uint64_t new_size = (old_size + cc_count
+ * UINT64_C(3));
+ int ret;
+
+ if (new_size > INT_MAX)
+ return AVERROR(EINVAL);
+
+ ret = av_buffer_realloc(&s1->a53_buf_ref, new_size);
+ if (ret >= 0)
+ memcpy(s1->a53_buf_ref->data + old_size, p + 7, cc_count *
UINT64_C(3));
+
avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS;
}
return 1;
@@ -2254,19 +2257,21 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
/* extract SCTE-20 CC data */
GetBitContext gb;
int cc_count = 0;
- int i;
+ int i, ret;
init_get_bits(&gb, p + 2, buf_size - 2);
cc_count = get_bits(&gb, 5);
if (cc_count > 0) {
- av_freep(&s1->a53_caption);
- s1->a53_caption_size = cc_count * 3;
- s1->a53_caption = av_mallocz(s1->a53_caption_size);
- if (!s1->a53_caption) {
- s1->a53_caption_size = 0;
- } else {
+ int old_size = s1->a53_buf_ref ? s1->a53_buf_ref->size : 0;
+ const uint64_t new_size = (old_size + cc_count
+ * UINT64_C(3));
+ if (new_size > INT_MAX)
+ return AVERROR(EINVAL);
+
+ ret = av_buffer_realloc(&s1->a53_buf_ref, new_size);
+ if (ret >= 0) {
uint8_t field, cc1, cc2;
- uint8_t *cap = s1->a53_caption;
+ uint8_t *cap = s1->a53_buf_ref->data;
for (i = 0; i < cc_count && get_bits_left(&gb) >= 26; i++) {
skip_bits(&gb, 2); // priority
field = get_bits(&gb, 2);
@@ -2318,21 +2323,23 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
* on the even field. There also exist DVDs in the wild that encode an
odd field count and the
* caption_extra_field_added/caption_odd_field_first bits change per
packet to allow that. */
int cc_count = 0;
- int i;
+ int i, ret;
// There is a caption count field in the data, but it is often
// incorrect. So count the number of captions present.
for (i = 5; i + 6 <= buf_size && ((p[i] & 0xfe) == 0xfe); i += 6)
cc_count++;
// Transform the DVD format into A53 Part 4 format
if (cc_count > 0) {
- av_freep(&s1->a53_caption);
- s1->a53_caption_size = cc_count * 6;
- s1->a53_caption = av_malloc(s1->a53_caption_size);
- if (!s1->a53_caption) {
- s1->a53_caption_size = 0;
- } else {
+ int old_size = s1->a53_buf_ref ? s1->a53_buf_ref->size : 0;
+ const uint64_t new_size = (old_size + cc_count
+ * UINT64_C(6));
+ if (new_size > INT_MAX)
+ return AVERROR(EINVAL);
+
+ ret = av_buffer_realloc(&s1->a53_buf_ref, new_size);
+ if (ret >= 0) {
uint8_t field1 = !!(p[4] & 0x80);
- uint8_t *cap = s1->a53_caption;
+ uint8_t *cap = s1->a53_buf_ref->data;
p += 5;
for (i = 0; i < cc_count; i++) {
cap[0] = (p[0] == 0xff && field1) ? 0xfc : 0xfd;
@@ -2871,7 +2878,7 @@ static av_cold int mpeg_decode_end(AVCodecContext *avctx)
if (s->mpeg_enc_ctx_allocated)
ff_mpv_common_end(&s->mpeg_enc_ctx);
- av_freep(&s->a53_caption);
+ av_buffer_unref(&s->a53_buf_ref);
return 0;
}
--
2.6.4
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
