[FFmpeg-cvslog] avcodec/dvdsub: fix partial packet assembly
wm4
git at videolan.org
Tue Sep 22 17:41:46 CEST 2015
ffmpeg | branch: master | wm4 <nfxjfg at googlemail.com> | Mon Sep 21 18:16:35 2015 +0200| [f874e2728b0925b2ec30dd7ec64815f15078c06f] | committer: wm4
avcodec/dvdsub: fix partial packet assembly
Assuming the first and second packets are partial, this would append the
reassembly buffer (ctx->buf) to itself with the second
append_to_cached_buf() call, because buf is set to ctx->buf.
I do not know a valid sample file which triggers this, and do not know
if packets can be split into more than 2 sub-packets, but it triggered
with a (differently) broken sample file in trac issue #4872.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f874e2728b0925b2ec30dd7ec64815f15078c06f
---
libavcodec/dvdsubdec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c
index 81432e1..57eafbf 100644
--- a/libavcodec/dvdsubdec.c
+++ b/libavcodec/dvdsubdec.c
@@ -535,6 +535,7 @@ static int dvdsub_decode(AVCodecContext *avctx,
const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size;
AVSubtitle *sub = data;
+ int appended = 0;
int is_menu;
if (ctx->buf_size) {
@@ -545,12 +546,13 @@ static int dvdsub_decode(AVCodecContext *avctx,
}
buf = ctx->buf;
buf_size = ctx->buf_size;
+ appended = 1;
}
is_menu = decode_dvd_subtitles(ctx, sub, buf, buf_size);
if (is_menu == AVERROR(EAGAIN)) {
*data_size = 0;
- return append_to_cached_buf(avctx, buf, buf_size);
+ return appended ? 0 : append_to_cached_buf(avctx, buf, buf_size);
}
if (is_menu < 0) {
More information about the ffmpeg-cvslog
mailing list