mirror of
https://github.com/mpv-player/mpv
synced 2024-12-16 11:55:42 +00:00
1e73da47da
If, for some reason, the subtitle renderer attempts to render a subtitle before SD_CTRL_SET_VIDEO_PARAMS was called, it passed a value calculated from invalid values. This can happen with --vf=sub and --start. The crash happens if 1. there was a subtitle packet that falls into the timestamp of the rendered video frame, 2. the playloop hasn't informed the subtitle decoder about the video resolution yet (normally unneeded, because that is used for weird corner cases only, so this code is a bit fuzzy), and 3. something actually requests a frame to be drawn from the subtitle renderer, like with vf_sub. The actual crash was due to passing NaN as pixel aspect to libass, which then created glyphs with ridiculous sizes, involving a few integer overflows and unchecked mallocs. The sd_lavc.c and sd_spu.c cases probably don't crash, but I'm not sure, and it's better fix them anyway. Not bothering with sd_spu.c, this crap is for compatibility and will be removed soon. Note that this would have been no problem, had the code checked whether SD_CTRL_SET_VIDEO_PARAMS was actually called. This commit adds such a check (although it basically checks after using the parameters). Regression since |
||
|---|---|---|
| .. | ||
| ass_mp.c | ||
| ass_mp.h | ||
| dec_sub.c | ||
| dec_sub.h | ||
| draw_bmp.c | ||
| draw_bmp.h | ||
| find_subfiles.c | ||
| find_subfiles.h | ||
| img_convert.c | ||
| img_convert.h | ||
| osd_dummy.c | ||
| osd_font.otf | ||
| osd_libass.c | ||
| osd_state.h | ||
| osd.c | ||
| osd.h | ||
| sd_ass.c | ||
| sd_lavc_conv.c | ||
| sd_lavc.c | ||
| sd_lavf_srt.c | ||
| sd_microdvd.c | ||
| sd_movtext.c | ||
| sd_spu.c | ||
| sd_srt.c | ||
| sd.h | ||
| spudec.c | ||
| spudec.h | ||