From 12e12ae0f2fbdc19084c5941a7fdb5c67b158f98 Mon Sep 17 00:00:00 2001
From: ChenSiyong <ChenSiyong@6e48237b-75ef-9749-8fc9-41990f28c85a>
Date: Thu, 30 Jun 2016 01:59:44 +0000
Subject: [PATCH] [mpp_packet] malloc packet more size then real need avoid
 32bit read crash

git-svn-id: https://10.10.10.66:8443/svn/MediaProcessPlatform/trunk/mpp@966 6e48237b-75ef-9749-8fc9-41990f28c85a
---
 mpp/base/mpp_packet.cpp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/mpp/base/mpp_packet.cpp b/mpp/base/mpp_packet.cpp
index 5ddac724..8902da4b 100644
--- a/mpp/base/mpp_packet.cpp
+++ b/mpp/base/mpp_packet.cpp
@@ -118,7 +118,11 @@ MPP_RET mpp_packet_copy_init(MppPacket *packet, const MppPacket src)
     }
 
     size_t size = mpp_packet_get_size(src);
-    void *data = mpp_malloc_size(void, size);
+    /*
+     * due to parser may be read 32 bit interface so we must alloc more size then real size
+     * to avoid read carsh
+     */
+    void *data = mpp_malloc_size(void, size + 256);
     if (NULL == data) {
         mpp_err_f("malloc failed, size %d\n", size);
         mpp_packet_deinit(&pkt);
@@ -132,6 +136,10 @@ MPP_RET mpp_packet_copy_init(MppPacket *packet, const MppPacket src)
     p->flag |= MPP_PACKET_FLAG_INTERNAL;
     if (size) {
         memcpy(data, src_impl->data, size);
+        /*
+         * clean more alloc byte to zero
+        */
+        memset((RK_U8*)data + size, 0, 256);
     }
     *packet = pkt;
     return MPP_OK;