From 839a13d816cf1d499d3f93100124dcc609a55f2f Mon Sep 17 00:00:00 2001 From: John Stebbins Date: Wed, 20 Mar 2024 09:11:09 +0100 Subject: [PATCH 05/16] dvdsubdec: fix processing of partial packets Wait for a complete dvd subtitle before processing. If the input packet is large enough to start processing, but does not contain complete data, unfinished results are emitted and the following input packet causes an error because the stream is no longer in sync with the decoder. --- libavcodec/dvdsubdec.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c index a5da0d7b08..bee42e3c61 100644 --- a/libavcodec/dvdsubdec.c +++ b/libavcodec/dvdsubdec.c @@ -229,7 +229,10 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header, uint32_t size; int64_t offset1, offset2; - if (buf_size < 10) + if (buf_size < 2) + return AVERROR(EAGAIN); + + if (buf_size == 2 && AV_RB16(buf) == 0) return -1; if (AV_RB16(buf) == 0) { /* HD subpicture with 4-byte offsets */ @@ -242,15 +245,22 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header, cmd_pos = 2; } + if (big_offsets && buf_size < 6) + return AVERROR(EAGAIN); + size = READ_OFFSET(buf + (big_offsets ? 2 : 0)); - cmd_pos = READ_OFFSET(buf + cmd_pos); - if (cmd_pos < 0 || cmd_pos > buf_size - 2 - offset_size) { - if (cmd_pos > size) { - av_log(ctx, AV_LOG_ERROR, "Discarding invalid packet\n"); - return 0; - } + if (size == 0) + return -1; + + if (buf_size < size) return AVERROR(EAGAIN); + + cmd_pos = READ_OFFSET(buf + cmd_pos); + + if (cmd_pos < 0 || cmd_pos > size) { + av_log(ctx, AV_LOG_ERROR, "Discarding invalid packet\n"); + return AVERROR_INVALIDDATA; } while (cmd_pos > 0 && cmd_pos < buf_size - 2 - offset_size) { -- 2.39.3 (Apple Git-146)