We need to make sure that a buffer is big enough to store the amount of data
we expect to receive from the decoder. Without doing this memory could be
corrupted due to the decoder writing outside the allocate memory.
Signed-off-by: Julian Scheel <julian@jusst.de>
Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
MMAL_BUFFER_HEADER_T *buffer;
picture_t *picture;
MMAL_STATUS_T status;
+ int buffer_size = 0;
int ret = 0;
buffer = mmal_queue_get(sys->output_pool->queue);
goto out;
}
+ for (int i = 0; i < picture->i_planes; i++)
+ buffer_size += picture->p[i].i_lines * picture->p[i].i_pitch;
+
+ if (buffer_size < sys->output->buffer_size) {
+ msg_Err(dec, "Retrieved picture with too small data block (%d < %d)",
+ buffer_size, sys->output->buffer_size);
+ ret = VLC_EGENERIC;
+ goto out;
+ }
+
mmal_buffer_header_reset(buffer);
buffer->user_data = picture;
buffer->cmd = 0;