[FFmpeg-cvslog] avformat/dvdvideodec: check the length of a NAV packet when reading titles
Marth64
git at videolan.org
Sat Nov 16 22:48:45 EET 2024
ffmpeg | branch: master | Marth64 <marth64 at proxyid.net> | Mon Oct 7 18:04:58 2024 -0500| [afc152f564fbeca4d2ff62195e3f0b6244e28cb3] | committer: Marth64
avformat/dvdvideodec: check the length of a NAV packet when reading titles
Some discs present titles with bogus NAV packets. We apply this check
for menus and for title MPEG blocks, but we should also apply it
for NAV packets during title demuxing.
Signed-off-by: Marth64 <marth64 at proxyid.net>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=afc152f564fbeca4d2ff62195e3f0b6244e28cb3
---
libavformat/dvdvideodec.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/libavformat/dvdvideodec.c b/libavformat/dvdvideodec.c
index 726c45601f..f7c7ba5a3b 100644
--- a/libavformat/dvdvideodec.c
+++ b/libavformat/dvdvideodec.c
@@ -740,6 +740,13 @@ static int dvdvideo_play_next_ps_block(AVFormatContext *s, DVDVideoPlaybackState
return AVERROR_EOF;
}
+ if (nav_len != DVDVIDEO_BLOCK_SIZE) {
+ av_log(s, AV_LOG_ERROR, "Invalid NAV packet size (expected=%d actual=%d)\n",
+ DVDVIDEO_BLOCK_SIZE, nav_len);
+
+ return AVERROR_INVALIDDATA;
+ }
+
e_pci = dvdnav_get_current_nav_pci(state->dvdnav);
e_dsi = dvdnav_get_current_nav_dsi(state->dvdnav);
More information about the ffmpeg-cvslog
mailing list