From 26491abb53d313e01fbcea48a9b3b4ff13a8a150 Mon Sep 17 00:00:00 2001 From: John Stebbins Date: Wed, 20 Mar 2024 09:11:09 +0100 Subject: [PATCH 08/22] dvdsubdec: fix processing of partial packets Wait for a complete dvd subtitle before processing. If the input packet is large enough to start processing, but does not contain complete data, unfinished results are emitted and the following input packet causes an error because the stream is no longer in sync with the decoder. --- libavcodec/dvdsubdec.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c index 78658f7d2f..1207aff88e 100644 --- a/libavcodec/dvdsubdec.c +++ b/libavcodec/dvdsubdec.c @@ -230,7 +230,10 @@ static int decode_dvd_subtitles(void *logctx, DVDSubContext *ctx, uint32_t size; int64_t offset1, offset2; - if (buf_size < 10) + if (buf_size < 2) + return AVERROR(EAGAIN); + + if (buf_size == 2 && AV_RB16(buf) == 0) return -1; if (AV_RB16(buf) == 0) { /* HD subpicture with 4-byte offsets */ @@ -243,15 +246,21 @@ static int decode_dvd_subtitles(void *logctx, DVDSubContext *ctx, cmd_pos = 2; } + if (big_offsets && buf_size < 6) + return AVERROR(EAGAIN); + size = READ_OFFSET(buf + (big_offsets ? 2 : 0)); - cmd_pos = READ_OFFSET(buf + cmd_pos); + if (size == 0) + return -1; - if (cmd_pos < 0 || cmd_pos > buf_size - 2 - offset_size) { - if (cmd_pos > size) { - av_log(logctx, AV_LOG_ERROR, "Discarding invalid packet\n"); - return 0; - } + if (buf_size < size) return AVERROR(EAGAIN); + + cmd_pos = READ_OFFSET(buf + cmd_pos); + + if (cmd_pos < 0 || cmd_pos > size) { + av_log(ctx, AV_LOG_ERROR, "Discarding invalid packet\n"); + return AVERROR_INVALIDDATA; } while (cmd_pos > 0 && cmd_pos < buf_size - 2 - offset_size) { -- 2.39.5 (Apple Git-154)