Message ID | 20190623044612.18234-1-andreas.rheinhardt@gmail.com |
---|---|
State | Accepted |
Commit | 800f618a340d122754e7bdb82c22463cb9bd17b0 |
Headers | show |
On Sun, 23 Jun 2019 06:46:12 +0200 Andreas Rheinhardt <andreas.rheinhardt@gmail.com> wrote: > The mov flavour of timed text uses the first two bytes of the packet > as a length field. And up until 11bef2fe said length field has been > read correctly in the mov2textsub bsf. But since then the next two > bytes are read as if they were the length field. This is fixed in > this commit. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> > --- > libavcodec/movsub_bsf.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/movsub_bsf.c b/libavcodec/movsub_bsf.c > index 5878607061..cd48aa7bb8 100644 > --- a/libavcodec/movsub_bsf.c > +++ b/libavcodec/movsub_bsf.c > @@ -75,8 +75,8 @@ static int mov2textsub(AVBSFContext *ctx, AVPacket > *pkt) return AVERROR_INVALIDDATA; > } > > - pkt->data += 2; > pkt->size = FFMIN(pkt->size - 2, AV_RB16(pkt->data)); > + pkt->data += 2; > > return 0; > } LGTM --phil
On 6/23/2019 10:26 PM, Philip Langdale wrote: > On Sun, 23 Jun 2019 06:46:12 +0200 > Andreas Rheinhardt <andreas.rheinhardt@gmail.com> wrote: > >> The mov flavour of timed text uses the first two bytes of the packet >> as a length field. And up until 11bef2fe said length field has been >> read correctly in the mov2textsub bsf. But since then the next two >> bytes are read as if they were the length field. This is fixed in >> this commit. >> >> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> >> --- >> libavcodec/movsub_bsf.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/libavcodec/movsub_bsf.c b/libavcodec/movsub_bsf.c >> index 5878607061..cd48aa7bb8 100644 >> --- a/libavcodec/movsub_bsf.c >> +++ b/libavcodec/movsub_bsf.c >> @@ -75,8 +75,8 @@ static int mov2textsub(AVBSFContext *ctx, AVPacket >> *pkt) return AVERROR_INVALIDDATA; >> } >> >> - pkt->data += 2; >> pkt->size = FFMIN(pkt->size - 2, AV_RB16(pkt->data)); >> + pkt->data += 2; >> >> return 0; >> } > > LGTM > > --phil Applied to master and backported to affected branches, thanks! This could use a fate test, for that matter. It would have caught this mistake instantly.
diff --git a/libavcodec/movsub_bsf.c b/libavcodec/movsub_bsf.c index 5878607061..cd48aa7bb8 100644 --- a/libavcodec/movsub_bsf.c +++ b/libavcodec/movsub_bsf.c @@ -75,8 +75,8 @@ static int mov2textsub(AVBSFContext *ctx, AVPacket *pkt) return AVERROR_INVALIDDATA; } - pkt->data += 2; pkt->size = FFMIN(pkt->size - 2, AV_RB16(pkt->data)); + pkt->data += 2; return 0; }
The mov flavour of timed text uses the first two bytes of the packet as a length field. And up until 11bef2fe said length field has been read correctly in the mov2textsub bsf. But since then the next two bytes are read as if they were the length field. This is fixed in this commit. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- libavcodec/movsub_bsf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)