In 1.69.0 the `boost::tribool` class's `operator bool` was made
explicit. This means that using a `boost::tribool` as the return value
in a function returning a `bool` requires an explicit cast.
Fixes#2460.
Writing level 1 elements can lead to the situation that a one-byte gap
must be covered. In that case `kax_analyzer_c` can move the head of
the following element by shrinking or enlarging its size field.
If that following element happens to be a cluster, there may be cues
that refer to that cluster. They must be updated in order to reflect
the cluster's new position.
Fixes#2408.
The `CodecPrivate` Matroska element contains AAC's
`AudioSpecificConfig` structure. That structure can contain a
`GASpecificConfig` structure which in turn can contain a
`program_config_element` (short: PCE).
The PCE carries vital information about number of
channels in certain situations and must be present in the first raw
AAC packet if it is present in the `AudioSpecificConfig`. Otherwise
the number of channels cannot be determined.
mkvextract will now check whether the first packet contains the PCE
already. If it doesn't and if there's a PCE in the
`AudioSpecificConfig`, mkvextract will now prepend the first audio
packet with that PCE (right behind the ADTS headers).
Fixes#2205 and #2433.
When generating chapters mkvmerge has to take into account things such
as splitting and file linking. This requires shifting chapter
timestamps to match file timestamps. However, for files which don't
start at 0 generated chapters would be wrongfully shifted down to
below 0 causing invalid timestamps.
Fixes#2432.
This method works for systems where a logind-compatible D-Bus
interface is available for inhibiting sleep & idle states. Requires
Qt's D-Bus library.
Part of the implementation of #2411.
The resource compiler includes identifiers that aren't defined as
preprocessor symbols verbatim as strings. Normally `RT_MANIFEST` is
defined as the integer resource 24, but if the header file where it is
defined (`winuser.h`) isn't included, the verbatim string
`RT_MANIFEST` will be used silently.
See #2415.
The `EbmlElement::Read` function returns two values via reference
parameters. They're called `UpperEltFound` (an integer) and
`FoundElt` (a pointer to an EBML element). They're used for passing
back the first element found (if any) that is not a child of the
element currently being read so that the calling code can continue
parsing the file using the upper-level element.
If the calling code doesn't need that element, it has to delete it
itself. However, the code must not simply rely on the `FoundElt`
pointer being not null as the `Read` function assigns temporary
results to that variable. Depending on the file content, that
temporary element may have already been deleted by the `Read`
function. When the calling code then simply deletes `FoundElt` itself,
this leads to a typical case of use-after-free.
Instead the calling code must only work with the returned `FoundElt`
pointer if the other returned value, `UpperEltFound`, trueish in the
C++ sense (if it isn't 0). Then and only then may the calling code
attempt to delete the object `FoundElt` points to.
This vulnerability allows arbitrary code execution via specially
crafted Matroska files. It was reported by Cisco TALOS on 2018-10-25
and is known as TALOS 2018-0694.
The info tool uses a loop scanning level 1 elements starting with the
first cluster in order to provide a response UI to the user. That loop
is exited when the end of the file is reached or a higher-level
element (level 0) is encountered.
The `EbmlStream::FindNextElement` function used for retrieving the
next element sets the `upper_lvl_el` parameter to a non-zero value
when it finds global elements such as an EBML Void element. However, a
scan of level 1 elements should not abort on an EBML Void
element (generally on any type of global elements) but only when a
real level 0 element is found.
Fixes#2413.
The two header fields `delta_frame_id_length_minus2` and
`additional_frame_id_length_minus1` are only present if
`reduced_still_picture_header` is not set but
`frame_id_numbers_present_flag` is.
Part of the fix for #2410.
When surrounding elements have been written using eight-byte size
length fields, the analyzer cannot enlarge the element
anymore. Instead, it can shrink them by one byte and move the head
up. That way the former one-byte gap will become a two-byte gap
instead. A new, empty EBML void element can then be placed in the gap
instead.
libavformat from ffmpeg/libav writes most level 1 elements with
eight-byte size length fields. Files created by it are therefore the
prime candidate for hitting this but.
Fixes#2406.
So far the "erase" flag wasn't used at all when determining whether or
not to flush the currently queued frame. It can be used, though, as
it's clear that erasing means the following content cannot be merged
to the current one.
Flushing earlier also means that fewer data will have to be buffered
before the frame is handed over to the output routines which will then
interleave frames from different tracks.
This also reverts the increase in maximum buffered amount of data in
the MPEG transport stream reader; it's back to 20 MB now.
Fixes#2393.
With a low buffer limit, it's possible that mkvmerge hits the limit
while looking for the "end of display" conditions for teletext
subtitles. In such a case mkvmerge starts writing out buffered audio &
video packets even though there's no packet available for the subtitle
track.
Once mkvmerge does find the "end of display" conditions, the formerly
incomplete subtitle packet will be written. However, at that point the
timestamps of audio & video packets are higher already, causing the
subtitle packet to be interlaved wrongly.
The higher the limit, the less likely it is mkvmerge will run into
such a situation. With 50 MB the problem disappears for the provided
test file.
Workaround for #2393.
If there's no duration, the current entry will be buffered. As soon as
the following entry is found, the difference between the start
timestamps of the current and buffered blocks will be used as the
buffered block's duration.
Second part of the implementation of #2397.
If there's no duration, the current entry will be buffered. As soon as
the following entry is found, the difference between the start
timestamps of the current and buffered blocks will be used as the
buffered block's duration.
Part of the implementation of #2397.
