[FFmpeg-devel] [PATCH 1/2] avcodec/dvdsub: fix partial packet assembly
wm4
nfxjfg at googlemail.com
Mon Sep 21 18:25:30 CEST 2015
Assuming the first and second packets are partial, this would append the
reassembly buffer (ctx->buf) to itself with the second
append_to_cached_buf() call, because buf is set to ctx->buf.
I do not know a valid sample file which triggers this, and do not know
if packets can be split into more than 2 sub-packets, but it triggered
with a (differently) broken sample file in trac issue #4872.
---
libavcodec/dvdsubdec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c
index 81432e1..57eafbf 100644
--- a/libavcodec/dvdsubdec.c
+++ b/libavcodec/dvdsubdec.c
@@ -535,6 +535,7 @@ static int dvdsub_decode(AVCodecContext *avctx,
const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size;
AVSubtitle *sub = data;
+ int appended = 0;
int is_menu;
if (ctx->buf_size) {
@@ -545,12 +546,13 @@ static int dvdsub_decode(AVCodecContext *avctx,
}
buf = ctx->buf;
buf_size = ctx->buf_size;
+ appended = 1;
}
is_menu = decode_dvd_subtitles(ctx, sub, buf, buf_size);
if (is_menu == AVERROR(EAGAIN)) {
*data_size = 0;
- return append_to_cached_buf(avctx, buf, buf_size);
+ return appended ? 0 : append_to_cached_buf(avctx, buf, buf_size);
}
if (is_menu < 0) {
--
2.5.1
More information about the ffmpeg-devel
mailing list