[FFmpeg-devel] [PATCH 2/2] avcodec/dvdsubdec: reject some broken packets
nfxjfg at googlemail.com
Tue Sep 22 09:41:39 CEST 2015
On Mon, 21 Sep 2015 23:33:16 +0200
Michael Niedermayer <michaelni at gmx.at> wrote:
> On Mon, Sep 21, 2015 at 06:25:31PM +0200, wm4 wrote:
> > If cmd_pos is broken, this would just keep accumulating packets in the
> > reassembly buffer, until it fails and flushes the buffer on overflow.
> > Since packets are usually rather small, this will take a lot of subtitle
> > packets. The perceived effect is that subtitles are not displayed
> > anymore after the faulty packet was passed to the decoder.
> > I'm not terribly sure about this, but on the other hand this code is
> > active only when fragmented packets need to be reassembled.
> > Fixes sample file in trac issue #4872.
> > ---
> > Oh, by the way, the sample was supposedly created by mencoder. Playing
> > directly from DVD doesn't show the issue.
> > ---
> > libavcodec/dvdsubdec.c | 9 ++++++++-
> > 1 file changed, 8 insertions(+), 1 deletion(-)
> > diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c
> > index 57eafbf..1264e86 100644
> > --- a/libavcodec/dvdsubdec.c
> > +++ b/libavcodec/dvdsubdec.c
> > @@ -227,6 +227,7 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header,
> > int date;
> > int i;
> > int is_menu = 0;
> > + uint32_t size;
> > if (buf_size < 10)
> > return -1;
> > @@ -241,10 +242,16 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header,
> > cmd_pos = 2;
> > }
> > + size = READ_OFFSET(buf);
> is this correct for the big_offsets == 1 case ?
> iam asking as big_offsets == 1 implies that AV_RB16(buf) == 0
Good point. Likely it does have a 4 byte command offset, but starting
at byte 2. Does anyone have a HD sample?
> also does someone have a link to a specification or something?
From what I've gathered, the DVD spec exists only in printed form, and
was never leaked.
More information about the ffmpeg-devel