From 440d7d0fbe8a84989a2bdf8eaa30a522bf9c83dc Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Sat, 12 Nov 2005 17:41:01 +0000 Subject: [PATCH] Fixed some potential and actual segfaults: a lot of readers did not check if the packetizer for a track had been initialized. --- ChangeLog | 6 ++++++ src/input/r_avi.cpp | 2 +- src/input/r_matroska.cpp | 2 +- src/input/r_ogm.cpp | 5 +++-- src/input/r_qtmp4.cpp | 2 +- src/input/r_real.cpp | 4 ++-- src/input/r_usf.cpp | 2 +- src/input/r_vobbtn.cpp | 3 ++- src/input/r_vobsub.cpp | 2 +- 9 files changed, 18 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6eb514f8b..29dd16aaf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2005-11-12 Moritz Bunkus + + * mkvmerge: bug fix: Fixed a couple of potential (and actual) + segmentation faults by accessing invalid memory addresses. Initial + patch for the VobSub reader by Issa on Doom9's forum. + 2005-11-04 Moritz Bunkus * mkvmerge, mmg: new feature: The names of attached files can be diff --git a/src/input/r_avi.cpp b/src/input/r_avi.cpp index 7f15187b7..d844c38cf 100644 --- a/src/input/r_avi.cpp +++ b/src/input/r_avi.cpp @@ -469,7 +469,7 @@ avi_reader_c::read(generic_packetizer_c *ptzr, return read_video(); foreach(demuxer, ademuxers) - if (PTZR(demuxer->ptzr) == ptzr) + if ((-1 != demuxer->ptzr) && (PTZR(demuxer->ptzr) == ptzr)) return read_audio(*demuxer); return FILE_STATUS_DONE; diff --git a/src/input/r_matroska.cpp b/src/input/r_matroska.cpp index 2e7a9eabe..41653a061 100644 --- a/src/input/r_matroska.cpp +++ b/src/input/r_matroska.cpp @@ -173,7 +173,7 @@ kax_reader_c::packets_available() { int i; for (i = 0; i < tracks.size(); i++) - if (tracks[i]->ok && (!PTZR(tracks[i]->ptzr)->packet_available())) + if ((-1 != tracks[i]->ptzr) && !PTZR(tracks[i]->ptzr)->packet_available()) return 0; if (tracks.size() == 0) diff --git a/src/input/r_ogm.cpp b/src/input/r_ogm.cpp index 88e830799..cc7c6ec0f 100644 --- a/src/input/r_ogm.cpp +++ b/src/input/r_ogm.cpp @@ -613,7 +613,8 @@ ogm_reader_c::packet_available() { return 0; for (i = 0; i < sdemuxers.size(); i++) - if (!PTZR(sdemuxers[i]->ptzr)->packet_available()) + if ((-1 != sdemuxers[i]->ptzr) && + !PTZR(sdemuxers[i]->ptzr)->packet_available()) return 0; return 1; @@ -804,7 +805,7 @@ ogm_reader_c::process_page(ogg_page *og) { duration = 0; dmx = find_demuxer(ogg_page_serialno(og)); - if (dmx == NULL) + if ((NULL == dmx) || (-1 == dmx->ptzr)) return; debug_enter("ogm_reader_c::process_page"); diff --git a/src/input/r_qtmp4.cpp b/src/input/r_qtmp4.cpp index cf9fdc423..cee32e77a 100644 --- a/src/input/r_qtmp4.cpp +++ b/src/input/r_qtmp4.cpp @@ -1071,7 +1071,7 @@ qtmp4_reader_c::read(generic_packetizer_c *ptzr, for (i = 0; i < demuxers.size(); i++) { qtmp4_demuxer_ptr &dmx = demuxers[i]; - if (PTZR(dmx->ptzr) != ptzr) + if ((-1 == dmx->ptzr) || (PTZR(dmx->ptzr) != ptzr)) continue; if (dmx->sample_size != 0) { diff --git a/src/input/r_real.cpp b/src/input/r_real.cpp index 77a598eb9..a8c0ff7f1 100644 --- a/src/input/r_real.cpp +++ b/src/input/r_real.cpp @@ -501,7 +501,7 @@ real_reader_c::read(generic_packetizer_c *, timecode = (int64_t)frame->timecode * 1000000ll; dmx = find_demuxer(frame->id); - if (dmx.get() == NULL) { + if ((dmx.get() == NULL) || (-1 == dmx->ptzr)) { rmff_release_frame(frame); return FILE_STATUS_MOREDATA; } @@ -568,7 +568,7 @@ real_reader_c::deliver_audio_frames(real_demuxer_cptr dmx, uint32_t i; rv_segment_cptr segment; - if (dmx->segments.empty()) + if (dmx->segments.empty() || (-1 == dmx->ptzr)) return; for (i = 0; i < dmx->segments.size(); i++) { diff --git a/src/input/r_usf.cpp b/src/input/r_usf.cpp index a81518d73..0d6aa870c 100644 --- a/src/input/r_usf.cpp +++ b/src/input/r_usf.cpp @@ -291,7 +291,7 @@ usf_reader_c::read(generic_packetizer_c *ptzr, track = NULL; for (i = 0; m_tracks.size() > i; ++i) - if (PTZR(m_tracks[i].m_ptzr) == ptzr) { + if ((-1 != m_tracks[i].m_ptzr) && (PTZR(m_tracks[i].m_ptzr) == ptzr)) { track = &m_tracks[i]; break; } diff --git a/src/input/r_vobbtn.cpp b/src/input/r_vobbtn.cpp index 725aa9618..cd80a91c2 100644 --- a/src/input/r_vobbtn.cpp +++ b/src/input/r_vobbtn.cpp @@ -86,7 +86,8 @@ vobbtn_reader_c::~vobbtn_reader_c() { void vobbtn_reader_c::create_packetizer(int64_t tid) { ti.id = tid; - add_packetizer(new vobbtn_packetizer_c(this, width, height, ti)); + if (demuxing_requested('s', tid)) + add_packetizer(new vobbtn_packetizer_c(this, width, height, ti)); } file_status_e diff --git a/src/input/r_vobsub.cpp b/src/input/r_vobsub.cpp index 84fbd5102..e45575677 100644 --- a/src/input/r_vobsub.cpp +++ b/src/input/r_vobsub.cpp @@ -561,7 +561,7 @@ vobsub_reader_c::read(generic_packetizer_c *ptzr, track = NULL; for (i = 0; i < tracks.size(); i++) - if (PTZR(tracks[i]->ptzr) == ptzr) { + if ((-1 != tracks[i]->ptzr) && (PTZR(tracks[i]->ptzr) == ptzr)) { track = tracks[i]; break; }