[FFmpeg-devel] [PATCH] lavc/avpacket: fill padding area on side data split.
Clément Bœsch
ubitux at gmail.com
Sat Jun 1 14:38:18 CEST 2013
On Sat, Jun 01, 2013 at 02:09:47PM +0200, Clément Bœsch wrote:
> The padding data is assumed to be 0 in several places, notably in
> subtitles. This problem was not detected with fate-sub-srt test because
> the first element of the side data (x1) is 0 in the test, so the
> trailing side data present in the packet wasn't read by the decoder. The
> issue can be observed with a large enough x1.
>
> It is also noted in FF_INPUT_BUFFER_PADDING_SIZE doxy that MPEG
> bitstreams require that padding with 0, so it might fix other issues.
> ---
> libavcodec/avpacket.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
> index 198365e..2bfb501 100644
> --- a/libavcodec/avpacket.c
> +++ b/libavcodec/avpacket.c
> @@ -389,6 +389,7 @@ int av_packet_split_side_data(AVPacket *pkt){
> p-= size+5;
> }
> pkt->size -= 8;
> + memset(pkt->data + pkt->size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
> pkt->side_data_elems = i+1;
> return 1;
> }
New version after Michael's comment on IRC.
--
Clément B.
-------------- next part --------------
From e05a63d6a48f06639e2002a5c615528a7a7fb8b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20B=C5=93sch?= <ubitux at gmail.com>
Date: Sat, 1 Jun 2013 14:07:24 +0200
Subject: [PATCH] lavc/avpacket: fill padding area on side data split.
The padding data is assumed to be 0 in several places, notably in
subtitles. This problem was not detected with fate-sub-srt test because
the first element of the side data (x1) is 0 in the test, so the
trailing side data present in the packet wasn't read by the decoder. The
issue can be observed with a large enough x1.
It is also noted in FF_INPUT_BUFFER_PADDING_SIZE doxy that MPEG
bitstreams require that padding with 0, so it might fix other issues.
---
libavcodec/avpacket.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c
index 198365e..e276c60 100644
--- a/libavcodec/avpacket.c
+++ b/libavcodec/avpacket.c
@@ -356,7 +356,7 @@ int av_packet_merge_side_data(AVPacket *pkt){
int av_packet_split_side_data(AVPacket *pkt){
if (!pkt->side_data_elems && pkt->size >12 && AV_RB64(pkt->data + pkt->size - 8) == FF_MERGE_MARKER){
int i;
- unsigned int size;
+ unsigned int size, orig_pktsize = pkt->size;
uint8_t *p;
p = pkt->data + pkt->size - 8 - 5;
@@ -389,6 +389,13 @@ int av_packet_split_side_data(AVPacket *pkt){
p-= size+5;
}
pkt->size -= 8;
+ /* FFMIN() prevents overflow in case the packet wasn't allocated with
+ * proper padding.
+ * If the side data is smaller than the buffer padding size, the
+ * remaining bytes should have already been filled with zeros by the
+ * original packet allocation anyway. */
+ memset(pkt->data + pkt->size, 0,
+ FFMIN(orig_pktsize - pkt->size, FF_INPUT_BUFFER_PADDING_SIZE));
pkt->side_data_elems = i+1;
return 1;
}
--
1.8.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130601/e3f4de54/attachment.asc>
More information about the ffmpeg-devel
mailing list