Browse code
* Bad buffer management bug. Forgot to take care of the case where doubling the size of the buffer is not enough.
Originally committed as revision 633 to svn://svn.ffmpeg.org/ffmpeg/trunk
Philip Gladstone authored on 2002/05/31 05:37:51Showing 1 changed files
| ... | ... |
@@ -1317,13 +1317,21 @@ static void http_write_packet(void *opaque, |
| 1317 | 1317 |
c->buffer_ptr = c->buffer_end = c->buffer; |
| 1318 | 1318 |
|
| 1319 | 1319 |
if (c->buffer_end - c->buffer + size > c->buffer_size) {
|
| 1320 |
- UINT8 *new_buffer = av_malloc(c->buffer_size * 2); |
|
| 1320 |
+ int new_buffer_size = c->buffer_size * 2; |
|
| 1321 |
+ UINT8 *new_buffer; |
|
| 1322 |
+ |
|
| 1323 |
+ if (new_buffer_size <= c->buffer_end - c->buffer + size) {
|
|
| 1324 |
+ new_buffer_size = c->buffer_end - c->buffer + size + c->buffer_size; |
|
| 1325 |
+ } |
|
| 1326 |
+ |
|
| 1327 |
+ new_buffer = av_malloc(new_buffer_size); |
|
| 1321 | 1328 |
if (new_buffer) {
|
| 1322 | 1329 |
memcpy(new_buffer, c->buffer, c->buffer_end - c->buffer); |
| 1323 | 1330 |
c->buffer_end += (new_buffer - c->buffer); |
| 1324 | 1331 |
c->buffer_ptr += (new_buffer - c->buffer); |
| 1325 | 1332 |
av_free(c->buffer); |
| 1326 | 1333 |
c->buffer = new_buffer; |
| 1334 |
+ c->buffer_size = new_buffer_size; |
|
| 1327 | 1335 |
} else {
|
| 1328 | 1336 |
av_abort(); |
| 1329 | 1337 |
} |