Mirrors/mpv
1
0
Fork 0
mirror of https://github.com/mpv-player/mpv.git synced 2025-12-28 05:33:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

core: fix crash when video filter returns inf as PTS

Browse Source 
When a video filter returned inf as PTS, the player crashed. One
reason for this was that decode_audio() was called with a negative
minlen parameter, which at some point caused it to call a memory
allocation function with a ridiculous value, triggering an out of
memory code path in talloc.c. (talloc.c has been modified to abort()
on out of memory situations.)

Fix this by sanity checking minlen in decode_audio(). (The check
against outbuf->len always succeeded, because it's an unsigned
comparison.)

Make an existing sanity check in mplayer.c more robust: check for NaN
too, which happens if the video PTS is inf.

This happened with "-vf pullup,softpulldown" (but is not triggered when
the following commit is applied).
This commit is contained in:
wm4
2012-11-19 00:57:41 +01:00
parent 6f6dfc5163
commit 2a353381f3
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
audio/decode/dec_audio.c
View File

@@ -405,7 +405,7 @@ int decode_audio(sh_audio_t *sh_audio, struct bstr *outbuf, int minlen)
return -1;
max_decode_len -= max_decode_len % unitsize;
while (outbuf->len < minlen) {
while (minlen >=0 && outbuf->len < minlen) {
int declen = (minlen - outbuf->len) / filter_multiplier
+ (unitsize << 5); // some extra for possible filter buffering
if (huge_filter_buffer)