Up until now, various subtitle decoders have not cleaned up
the AVSubtitle on error; this task must not be left to the user
because the documentation explicitly states that the AVSubtitle
"must be freed with avsubtitle_free if *got_sub_ptr is set"
(which it isn't on error).
Leaks happen upon failure in ff_ass_add_rect() or in
ass_decode_frame(); freeing generically also allows to remove
now redundant freeing code in pgssubdec and dvbsubdec.
While just at it, also reset got_sub_ptr generically on error.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Note: This decoder uses a static variable in save_display_set() (which
is only enabled if DEBUG is defined); yet said function can't be reached
from the decoder's init function at all, so it is no problem for
setting the FF_CODEC_CAP_INIT_THREADSAFE flag.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
These pointers sometimes point to static storage (namely to
default_clut), so adding const to the pointed-to type is important to
ensure that one does not accidentally modify something that is not owned
by a single AVCodecContext.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Given that the AVCodec.next pointer has now been removed, most of the
AVCodecs are not modified at all any more and can therefore be made
const (as this patch does); the only exceptions are the very few codecs
for external libraries that have a init_static_data callback.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
This avoids crafted files from consuming excessive resources recomputing the clut after each pixel change
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int'
Fixes: 15740/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5641749164195840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reference: ETSI EN 300 743 V1.2.1 7.2.2 Region composition segment
Fixes: Timeout
Fixes: 13325/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5143979392237568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This fixes a segfault (originally found in Movian, but traced to libav)
when decoding subtitles because only an array of rects is allocated,
but not the actual structs it contains. The issue was probably
introduced in commit 2383323 where the loop to allocate the rects in
the array was thrown away.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Fixes: randomly writing over the array end
Fixes: 1473/clusterfuzz-testcase-minimized-5768907824562176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/dvbsubdec.c:145:5: warning: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Wunused-result]
libavcodec/dvbsubdec.c:148:5: warning: ignoring return value of ‘system’, declared with attribute warn_unused_result [-Wunused-result]
This problem was introduced in commit
4b90dcb849.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Use the new fields directly instead of the ones from AVPicture.
This removes a layer of indirection which serves no pratical purpose
whatsoever, and will help in removing AVPicture structure completely
later.
Every subtitle encoder/decoder seamlessly points to the new arrays,
so it is possible to deprecate AVSubtitleRect.pict.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Fixes displaying subtitles before any CLUT has been received
Fixes Ticket153
This will of course not display these initial subtitles in the correct
color (as that is not known at that point) but they should look clean
and not corrupted
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Andreas Rheinhardt
Andreas Rheinhardt
Michael Niedermayer
Clément Bœsch
Limin Wang
Vittorio Giovara
Lorenz Brun
Diego Biurrun
Alexandra Hájková
Andreas Cadhalpun
Clément Bœsch
Ronald S. Bultje
Carl Eugen Hoyos
banastasov
Michael Niedermayer