[FFmpeg-devel] [PATCH 2/2] Do not fail DVB sub decoding because of a few padding bytes
Måns Rullgård
mans
Wed Feb 9 20:02:43 CET 2011
Justin Ruggles <justin.ruggles at gmail.com> writes:
> On 02/09/2011 01:32 PM, Reimar D?ffinger wrote:
>
>> Instead of returning an error when bytes are left over, just return
>> the number of actually used bytes as other decoders do.
>> Instead add a special case so an error will be returned when none
>> of the data looks valid to avoid making debugging a pain.
>> ---
>> libavcodec/dvbsubdec.c | 9 ++-------
>> 1 files changed, 2 insertions(+), 7 deletions(-)
>>
>> diff --git a/libavcodec/dvbsubdec.c b/libavcodec/dvbsubdec.c
>> index 8cc8d4f..401144f 100644
>> --- a/libavcodec/dvbsubdec.c
>> +++ b/libavcodec/dvbsubdec.c
>> @@ -1423,7 +1423,7 @@ static int dvbsub_decode(AVCodecContext *avctx,
>>
>> #endif
>>
>> - if (buf_size <= 2)
>> + if (buf_size <= 2 || *buf != 0x0f)
>> return -1;
>>
>> p = buf;
>> @@ -1467,12 +1467,7 @@ static int dvbsub_decode(AVCodecContext *avctx,
>> p += segment_length;
>> }
>>
>> - if (p != p_end) {
>> - av_dlog(avctx, "Junk at end of packet\n");
>> - return -1;
>> - }
>> -
>> - return buf_size;
>> + return p - buf;
>> }
>
> This looks fine. Does the decoder still work ok if the first byte of
> the "junk" happens to be 0xF?
Doesn't look like it to me. If the first byte is 0x0f, it immediately
proceeds to read 6 bytes from the packet, two of which are used
unchecked as a 16-bit size value. Even without this patch, this code
could easily over-read the buffer if fed with bad data.
--
M?ns Rullg?rd
mans at mansr.com
More information about the ffmpeg-devel
mailing list