videolan/ffmpeg
1
Fork 0
mirror of https://git.videolan.org/git/ffmpeg.git synced 2024-08-08 18:35:45 +02:00
Code Releases Activity

avcodec/dvdsub: fix partial packet assembly

Browse Source 
Assuming the first and second packets are partial, this would append the
reassembly buffer (ctx->buf) to itself with the second
append_to_cached_buf() call, because buf is set to ctx->buf.

I do not know a valid sample file which triggers this, and do not know
if packets can be split into more than 2 sub-packets, but it triggered
with a (differently) broken sample file in trac issue #4872.
This commit is contained in:
wm4 2015-09-21 18:16:35 +02:00
parent 26eb294007
commit f874e2728b
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/dvdsubdec.c
View File

@ -535,6 +535,7 @@ static int dvdsub_decode(AVCodecContext *avctx,
const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size;
AVSubtitle *sub = data;
int appended = 0;
int is_menu;
if (ctx->buf_size) {
@ -545,12 +546,13 @@ static int dvdsub_decode(AVCodecContext *avctx,
}
buf = ctx->buf;
buf_size = ctx->buf_size;
appended = 1;
}
is_menu = decode_dvd_subtitles(ctx, sub, buf, buf_size);
if (is_menu == AVERROR(EAGAIN)) {
*data_size = 0;
return append_to_cached_buf(avctx, buf, buf_size);
return appended ? 0 : append_to_cached_buf(avctx, buf, buf_size);
}
if (is_menu < 0) {