[FFmpeg-devel] [PATCH] 04: dtsdec: fix attempts to decode incomplete frames

Pavlov Konstantin thresh
Thu May 17 12:01:22 CEST 2007


Hello.

When (!len) is checked in the buffer fill loop in dts_decode_frame(),
the buffer does not contain a complete frame, therefore executing
"break" when there is no more input data is not correct (subsequent
code will try to decode the buffer, which then will lead to garbage
output and sync loss).  The proper action is to return the number of
consumed bytes and wait for more data.

The problematic case can be triggered by mplayer - apparently it
passes the stream to decoder without caring about frame boundaries,
and sometimes the data block happens to contain just the frame header;
in this case the first pass through the loop will consume HEADER_SIZE
bytes from the input data, and the second pass would trigger the bug.

Patch by Sergey Vlasov vsu - altlinux - ru.

-- 
management, n.:
	The art of getting other people to do all the work.
-------------- next part --------------
>From 50939b9fd93319abb3da2a81d93e390173dde59c Mon Sep 17 00:00:00 2001
From: Sergey Vlasov <vsu at altlinux.ru>
Date: Thu, 17 May 2007 09:26:35 +0400
Subject: dtsdec: fix attempts to decode incomplete frames

When (!len) is checked in the buffer fill loop in dts_decode_frame(),
the buffer does not contain a complete frame, therefore executing
"break" when there is no more input data is not correct (subsequent
code will try to decode the buffer, which then will lead to garbage
output and sync loss).  The proper action is to return the number of
consumed bytes and wait for more data.

The problematic case can be triggered by mplayer - apparently it
passes the stream to decoder without caring about frame boundaries,
and sometimes the data block happens to contain just the frame header;
in this case the first pass through the loop will consume HEADER_SIZE
bytes from the input data, and the second pass would trigger the bug.

Signed-off-by: Sergey Vlasov <vsu at altlinux.ru>
---
 libavcodec/dtsdec.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libavcodec/dtsdec.c b/libavcodec/dtsdec.c
index 275dccb..afe266a 100644
--- a/libavcodec/dtsdec.c
+++ b/libavcodec/dtsdec.c
@@ -191,7 +191,7 @@ dts_decode_frame(AVCodecContext * avctx, void *data, int *data_size,
 
         len = end - start;
         if(!len)
-            break;
+            return start - buff;
         if(len > s->bufpos - s->bufptr)
             len = s->bufpos - s->bufptr;
         memcpy(s->bufptr, start, len);
-- 
1.5.1.1.197.g66b3

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070517/482f6691/attachment.pgp>



More information about the ffmpeg-devel mailing list