From: Alexandre Colucci Date: Mon, 2 May 2011 16:55:02 +0000 (+0200) Subject: xsub: feed init_get_bits the whole buffer X-Git-Tag: android-x86-4.4-r1~8529^2~489 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=92d2b909a0de6e2f77a98405280c78052b35b421;p=android-x86%2Fexternal-ffmpeg.git xsub: feed init_get_bits the whole buffer Do not use rlelen field for buffer size in init_get_bits, it is only the size of the data for the first field. Since it is not reliable, just use the size of the whole buffer. Additional comments add removal of unused rlelen variable by Reimar Döffinger. Signed-off-by: Luca Barbato --- diff --git a/libavcodec/xsubdec.c b/libavcodec/xsubdec.c index b66a57e2c2..6a1acc7b03 100644 --- a/libavcodec/xsubdec.c +++ b/libavcodec/xsubdec.c @@ -53,7 +53,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVSubtitle *sub = data; const uint8_t *buf_end = buf + buf_size; uint8_t *bitmap; - int w, h, x, y, rlelen, i; + int w, h, x, y, i; int64_t packet_time = 0; GetBitContext gb; @@ -86,7 +86,11 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, // skip bottom right position, it gives no new information bytestream_get_le16(&buf); bytestream_get_le16(&buf); - rlelen = bytestream_get_le16(&buf); + // The following value is supposed to indicate the start offset + // (relative to the palette) of the data for the second field, + // however there are files in which it has a bogus value and thus + // we just ignore it + bytestream_get_le16(&buf); // allocate sub and set values sub->rects = av_mallocz(sizeof(*sub->rects)); @@ -108,8 +112,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, ((uint32_t*)sub->rects[0]->pict.data[1])[i] |= 0xff000000; // process RLE-compressed data - rlelen = FFMIN(rlelen, buf_end - buf); - init_get_bits(&gb, buf, rlelen * 8); + init_get_bits(&gb, buf, (buf_end - buf) * 8); bitmap = sub->rects[0]->pict.data[0]; for (y = 0; y < h; y++) { // interlaced: do odd lines