[FFmpeg-cvslog] avcodec: move end zeroing code from av_packet_split_side_data() to avcodec_decode_subtitle2()

Michael Niedermayer git at videolan.org
Thu Nov 21 03:24:53 CET 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Nov 21 02:32:37 2013 +0100| [01923bab98506b1e98b4cbf08419364ce6ffea6d] | committer: Michael Niedermayer

avcodec: move end zeroing code from av_packet_split_side_data() to avcodec_decode_subtitle2()

This code changes the input packet, which is read only and can in
rare circumstances lead to decoder errors. (i run into one of these in
the audio decoder, which corrupted the packet during av_find_stream_info()
so that actual decoding that single packet failed later)
Until a better fix is implemented, this commit limits the problem.
A better fix might be to make the subtitle decoders not depend on
data[size] = 0 or to copy their input when this is not the case.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=01923bab98506b1e98b4cbf08419364ce6ffea6d
---

 libavcodec/avpacket.c |    9 +--------
 libavcodec/utils.c    |   10 ++++++++++
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
index 7a6195c..f966bfe 100644
--- a/libavcodec/avpacket.c
+++ b/libavcodec/avpacket.c
@@ -381,7 +381,7 @@ FF_ENABLE_DEPRECATION_WARNINGS
 int av_packet_split_side_data(AVPacket *pkt){
     if (!pkt->side_data_elems && pkt->size >12 && AV_RB64(pkt->data + pkt->size - 8) == FF_MERGE_MARKER){
         int i;
-        unsigned int size, orig_pktsize = pkt->size;
+        unsigned int size;
         uint8_t *p;
 
         p = pkt->data + pkt->size - 8 - 5;
@@ -414,13 +414,6 @@ int av_packet_split_side_data(AVPacket *pkt){
             p-= size+5;
         }
         pkt->size -= 8;
-        /* FFMIN() prevents overflow in case the packet wasn't allocated with
-         * proper padding.
-         * If the side data is smaller than the buffer padding size, the
-         * remaining bytes should have already been filled with zeros by the
-         * original packet allocation anyway. */
-        memset(pkt->data + pkt->size, 0,
-               FFMIN(orig_pktsize - pkt->size, FF_INPUT_BUFFER_PADDING_SIZE));
         pkt->side_data_elems = i+1;
         return 1;
     }
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 0bb2666..d028a51 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -2422,6 +2422,16 @@ int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub,
         int did_split = av_packet_split_side_data(&tmp);
         //apply_param_change(avctx, &tmp);
 
+        if (did_split) {
+            /* FFMIN() prevents overflow in case the packet wasn't allocated with
+             * proper padding.
+             * If the side data is smaller than the buffer padding size, the
+             * remaining bytes should have already been filled with zeros by the
+             * original packet allocation anyway. */
+            memset(tmp.data + tmp.size, 0,
+                   FFMIN(avpkt->size - tmp.size, FF_INPUT_BUFFER_PADDING_SIZE));
+        }
+
         pkt_recoded = tmp;
         ret = recode_subtitle(avctx, &pkt_recoded, &tmp);
         if (ret < 0) {



More information about the ffmpeg-cvslog mailing list