xviddec: bodge to avoid crashes

It seems xvidcore overreads its input buffer, so a nasty workaround
is to allocate some more memory (16 bytes seem to be enough).
There is no apparent image corruption with these extra bytes set to 0,
valgrind is much happier, and the crashes go away.
It is ugly, and slower though. But then, xviddec is currently
not autoplugged for playback anyway.

https://bugzilla.gnome.org/show_bug.cgi?id=334107

1 files changed, 12 insertions, 1 deletions

diff --git a/ext/xvid/gstxviddec.c b/ext/xvid/gstxviddec.c
index 84a0eaad9..67e33c03e 100644
--- a/ext/xvid/gstxviddec.c
+++ b/ext/xvid/gstxviddec.c
@@ -310,7 +310,7 @@ gst_xviddec_chain (GstPad * pad, GstBuffer * buf)
   xvid_dec_frame_t xframe;
   xvid_dec_stats_t xstats;
   gint ret;
-  guint8 *data;
+  guint8 *data, *dupe = NULL;
   guint size;
   GstFlowReturn fret;
 
@@ -333,6 +333,16 @@ gst_xviddec_chain (GstPad * pad, GstBuffer * buf)
   data = GST_BUFFER_DATA (buf);
   size = GST_BUFFER_SIZE (buf);
 
+  /* xvidcore overreads the input buffer, we need to alloc some extra padding
+   * to make things work reliably */
+#define EXTRA_PADDING 16
+  if (EXTRA_PADDING > 0) {
+    dupe = g_malloc (size + EXTRA_PADDING);
+    memcpy (dupe, data, size);
+    memset (dupe + size, 0, EXTRA_PADDING);
+    data = dupe;
+  }
+
   do {                          /* loop needed because xvidcore may return vol information */
     /* decode and so ... */
     gst_xvid_init_struct (xframe);
@@ -412,6 +422,7 @@ gst_xviddec_chain (GstPad * pad, GstBuffer * buf)
   }
 
 done:
+  g_free (dupe);
   gst_buffer_unref (buf);
 
   return fret;