diff options
| author | Clément Bœsch <ubitux@gmail.com> | 2013-06-01 14:07:24 +0200 |
|---|---|---|
| committer | Clément Bœsch <ubitux@gmail.com> | 2013-06-01 15:12:49 +0200 |
| commit | 151b4947e5d21c418d5316a6d93b5b03f4be4b86 (patch) | |
| tree | 0d76f391e88817e9ece8675e25836a65a7fb5214 /libavcodec | |
| parent | 9054e725296843c28a85bcd978a0ee7fc93de37f (diff) | |
lavc/avpacket: fill padding area on side data split.
The padding data is assumed to be 0 in several places, notably in
subtitles. This problem was not detected with fate-sub-srt test because
the first element of the side data (x1) is 0 in the test, so the
trailing side data present in the packet wasn't read by the decoder. The
issue can be observed with a large enough x1.
It is also noted in FF_INPUT_BUFFER_PADDING_SIZE doxy that MPEG
bitstreams require that padding with 0, so it might fix other issues.
Diffstat (limited to 'libavcodec')
| -rw-r--r-- | libavcodec/avpacket.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c index 198365e3a7..e276c60c2d 100644 --- a/libavcodec/avpacket.c +++ b/libavcodec/avpacket.c @@ -356,7 +356,7 @@ int av_packet_merge_side_data(AVPacket *pkt){ int av_packet_split_side_data(AVPacket *pkt){ if (!pkt->side_data_elems && pkt->size >12 && AV_RB64(pkt->data + pkt->size - 8) == FF_MERGE_MARKER){ int i; - unsigned int size; + unsigned int size, orig_pktsize = pkt->size; uint8_t *p; p = pkt->data + pkt->size - 8 - 5; @@ -389,6 +389,13 @@ int av_packet_split_side_data(AVPacket *pkt){ p-= size+5; } pkt->size -= 8; + /* FFMIN() prevents overflow in case the packet wasn't allocated with + * proper padding. + * If the side data is smaller than the buffer padding size, the + * remaining bytes should have already been filled with zeros by the + * original packet allocation anyway. */ + memset(pkt->data + pkt->size, 0, + FFMIN(orig_pktsize - pkt->size, FF_INPUT_BUFFER_PADDING_SIZE)); pkt->side_data_elems = i+1; return 1; } |