From c402eb2aa3a3913b51e8be96eab963e4f2cb3296 Mon Sep 17 00:00:00 2001 From: John Stebbins Date: Wed, 20 Mar 2024 09:11:09 +0100 Subject: [PATCH 06/16] dvdsubdec: fix processing of partial packets Wait for a complete dvd subtitle before processing. If the input packet is large enough to start processing, but does not contain complete data, unfinished results are emitted and the following input packet causes an error because the stream is no longer in sync with the decoder. --- libavcodec/dvdsubdec.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c index f8769353a0..68c1f3af53 100644 --- a/libavcodec/dvdsubdec.c +++ b/libavcodec/dvdsubdec.c @@ -230,7 +230,10 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header, uint32_t size; int64_t offset1, offset2; - if (buf_size < 10) + if (buf_size < 2) + return AVERROR(EAGAIN); + + if (buf_size == 2 && AV_RB16(buf) == 0) return -1; if (AV_RB16(buf) == 0) { /* HD subpicture with 4-byte offsets */ @@ -243,15 +246,22 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header, cmd_pos = 2; } + if (big_offsets && buf_size < 6) + return AVERROR(EAGAIN); + size = READ_OFFSET(buf + (big_offsets ? 2 : 0)); - cmd_pos = READ_OFFSET(buf + cmd_pos); - if (cmd_pos < 0 || cmd_pos > buf_size - 2 - offset_size) { - if (cmd_pos > size) { - av_log(ctx, AV_LOG_ERROR, "Discarding invalid packet\n"); - return 0; - } + if (size == 0) + return -1; + + if (buf_size < size) return AVERROR(EAGAIN); + + cmd_pos = READ_OFFSET(buf + cmd_pos); + + if (cmd_pos < 0 || cmd_pos > size) { + av_log(ctx, AV_LOG_ERROR, "Discarding invalid packet\n"); + return AVERROR_INVALIDDATA; } while (cmd_pos > 0 && cmd_pos < buf_size - 2 - offset_size) { -- 2.39.5 (Apple Git-154)