[FFmpeg-devel] [PATCH 2/2] avcodec/dvdsubdec: reject some broken packets
michaelni at gmx.at
Mon Sep 21 23:33:16 CEST 2015
On Mon, Sep 21, 2015 at 06:25:31PM +0200, wm4 wrote:
> If cmd_pos is broken, this would just keep accumulating packets in the
> reassembly buffer, until it fails and flushes the buffer on overflow.
> Since packets are usually rather small, this will take a lot of subtitle
> packets. The perceived effect is that subtitles are not displayed
> anymore after the faulty packet was passed to the decoder.
> I'm not terribly sure about this, but on the other hand this code is
> active only when fragmented packets need to be reassembled.
> Fixes sample file in trac issue #4872.
> Oh, by the way, the sample was supposedly created by mencoder. Playing
> directly from DVD doesn't show the issue.
> libavcodec/dvdsubdec.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
> diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c
> index 57eafbf..1264e86 100644
> --- a/libavcodec/dvdsubdec.c
> +++ b/libavcodec/dvdsubdec.c
> @@ -227,6 +227,7 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header,
> int date;
> int i;
> int is_menu = 0;
> + uint32_t size;
> if (buf_size < 10)
> return -1;
> @@ -241,10 +242,16 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header,
> cmd_pos = 2;
> + size = READ_OFFSET(buf);
is this correct for the big_offsets == 1 case ?
iam asking as big_offsets == 1 implies that AV_RB16(buf) == 0
also does someone have a link to a specification or something?
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Its not that you shouldnt use gotos but rather that you should write
readable code and code with gotos often but not always is less readable
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: Digital signature
More information about the ffmpeg-devel