diff options
author | Yonit Halperin <yhalperi@redhat.com> | 2012-05-14 15:17:54 +0300 |
---|---|---|
committer | Yonit Halperin <yhalperi@redhat.com> | 2012-05-16 08:55:11 +0300 |
commit | d0a57ac22becf162148c11cc30b89f34bc4120bf (patch) | |
tree | ca22089d40b5260ab5cf8f71c7b79a1cc0e8c81e /server/mjpeg_encoder.c | |
parent | 05f4276cc128c500cd88df13e44b4bff7d5d0937 (diff) | |
download | spice-d0a57ac22becf162148c11cc30b89f34bc4120bf.tar.gz spice-d0a57ac22becf162148c11cc30b89f34bc4120bf.tar.xz spice-d0a57ac22becf162148c11cc30b89f34bc4120bf.zip |
server/mjpeg_encoder: realloc encoder->row, when a wider frame is given
Fix crashes when there are sized wider frames in the stream, and we are
linked with libjpeg.
Related : rhbz#813826
Resolves: rhbz#820669
Diffstat (limited to 'server/mjpeg_encoder.c')
-rw-r--r-- | server/mjpeg_encoder.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/server/mjpeg_encoder.c b/server/mjpeg_encoder.c index 6bb2f699..b812ba05 100644 --- a/server/mjpeg_encoder.c +++ b/server/mjpeg_encoder.c @@ -26,6 +26,7 @@ struct MJpegEncoder { uint8_t *row; + uint32_t row_size; int first_frame; int quality; @@ -196,6 +197,8 @@ int mjpeg_encoder_start_frame(MJpegEncoder *encoder, SpiceBitmapFmt format, { encoder->cinfo.in_color_space = JCS_RGB; encoder->cinfo.input_components = 3; + encoder->pixel_converter = NULL; + switch (format) { case SPICE_BITMAP_FMT_32BIT: case SPICE_BITMAP_FMT_RGBA: @@ -224,13 +227,16 @@ int mjpeg_encoder_start_frame(MJpegEncoder *encoder, SpiceBitmapFmt format, return FALSE; } - if ((encoder->pixel_converter != NULL) && (encoder->row == NULL)) { + if (encoder->pixel_converter != NULL) { unsigned int stride = width * 3; /* check for integer overflow */ if (stride < width) { return FALSE; } - encoder->row = spice_malloc(stride); + if (encoder->row_size < stride) { + encoder->row = spice_realloc(encoder->row, stride); + encoder->row_size = stride; + } } spice_jpeg_mem_dest(&encoder->cinfo, dest, dest_len); |