diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2013-11-21 02:32:37 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2013-12-24 01:05:47 +0100 |
| commit | ae81a0e32de6fa53a2670fe0dbb5d2a252030281 (patch) | |
| tree | 945715c6c1ffca0d7cafab9ecac89f4d0cbff546 | |
| parent | 4f93400db1f21f65a94777f0b13b0f1b336e41fc (diff) | |
| download | ffmpeg-ae81a0e32de6fa53a2670fe0dbb5d2a252030281.tar.gz | |
avcodec: move end zeroing code from av_packet_split_side_data() to avcodec_decode_subtitle2()
This code changes the input packet, which is read only and can in
rare circumstances lead to decoder errors. (i run into one of these in
the audio decoder, which corrupted the packet during av_find_stream_info()
so that actual decoding that single packet failed later)
Until a better fix is implemented, this commit limits the problem.
A better fix might be to make the subtitle decoders not depend on
data[size] = 0 or to copy their input when this is not the case.
(cherry picked from commit 01923bab98506b1e98b4cbf08419364ce6ffea6d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/avpacket.c | 9 | ||||
| -rw-r--r-- | libavcodec/utils.c | 10 |
2 files changed, 11 insertions, 8 deletions
diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c index 136e4b5669..d5d3e2a40f 100644 --- a/libavcodec/avpacket.c +++ b/libavcodec/avpacket.c @@ -356,7 +356,7 @@ int av_packet_merge_side_data(AVPacket *pkt){ int av_packet_split_side_data(AVPacket *pkt){ if (!pkt->side_data_elems && pkt->size >12 && AV_RB64(pkt->data + pkt->size - 8) == FF_MERGE_MARKER){ int i; - unsigned int size, orig_pktsize = pkt->size; + unsigned int size; uint8_t *p; p = pkt->data + pkt->size - 8 - 5; @@ -389,13 +389,6 @@ int av_packet_split_side_data(AVPacket *pkt){ p-= size+5; } pkt->size -= 8; - /* FFMIN() prevents overflow in case the packet wasn't allocated with - * proper padding. - * If the side data is smaller than the buffer padding size, the - * remaining bytes should have already been filled with zeros by the - * original packet allocation anyway. */ - memset(pkt->data + pkt->size, 0, - FFMIN(orig_pktsize - pkt->size, FF_INPUT_BUFFER_PADDING_SIZE)); pkt->side_data_elems = i+1; return 1; } diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 5b1b96d9b8..6609f20ef7 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -2278,6 +2278,16 @@ int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub, int did_split = av_packet_split_side_data(&tmp); //apply_param_change(avctx, &tmp); + if (did_split) { + /* FFMIN() prevents overflow in case the packet wasn't allocated with + * proper padding. + * If the side data is smaller than the buffer padding size, the + * remaining bytes should have already been filled with zeros by the + * original packet allocation anyway. */ + memset(tmp.data + tmp.size, 0, + FFMIN(avpkt->size - tmp.size, FF_INPUT_BUFFER_PADDING_SIZE)); + } + pkt_recoded = tmp; ret = recode_subtitle(avctx, &pkt_recoded, &tmp); if (ret < 0) { |