diff options
| author | James Courtier-Dutton <jcdutton@users.sourceforge.net> | 2002-11-01 11:02:52 +0000 |
|---|---|---|
| committer | James Courtier-Dutton <jcdutton@users.sourceforge.net> | 2002-11-01 11:02:52 +0000 |
| commit | ac05c37c1ac529a4622c3c1e66d778fbfe96c885 (patch) | |
| tree | fa91dbe57fb28b863a7b717a857a4040b33fb243 | |
| parent | 2eab203a28f7f3ee7f851fa5b4b98d5c9537e4d9 (diff) | |
| download | xine-lib-ac05c37c1ac529a4622c3c1e66d778fbfe96c885.tar.gz xine-lib-ac05c37c1ac529a4622c3c1e66d778fbfe96c885.tar.bz2 | |
Add stricter checking.
Try to remove SPU_WIPE bug.
CVS patchset: 3122
CVS date: 2002/11/01 11:02:52
| -rw-r--r-- | src/libspudec/spu.c | 43 | ||||
| -rw-r--r-- | src/libspudec/xine_decoder.c | 8 |
2 files changed, 44 insertions, 7 deletions
diff --git a/src/libspudec/spu.c b/src/libspudec/spu.c index 1b9821e61..f818643b4 100644 --- a/src/libspudec/spu.c +++ b/src/libspudec/spu.c @@ -35,7 +35,7 @@ * along with this program; see the file COPYING. If not, write to * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. * - * $Id: spu.c,v 1.50 2002/10/26 20:52:42 mroi Exp $ + * $Id: spu.c,v 1.51 2002/11/01 11:02:52 jcdutton Exp $ * */ @@ -60,10 +60,11 @@ #include "nav_read.h" #include "nav_print.h" + /* #define LOG_DEBUG 1 -#define LOG_NAV 1 #define LOG_BUTTON 1 +#define LOG_NAV 1 */ void spudec_reassembly (spudec_seq_t *seq, uint8_t *pkt_data, u_int pkt_len); @@ -231,10 +232,21 @@ void spudec_decode_nav(spudec_decoder_t *this, buf_element_t *buf) { void spudec_reassembly (spudec_seq_t *seq, uint8_t *pkt_data, u_int pkt_len) { +#ifdef LOG_DEBUG + printf ("libspudec: seq->complete = %d\n", seq->complete); + printf("libspudec:1: seq->ra_offs = %d, seq->seq_len = %d, seq->buf_len = %d, seq->buf=%p\n", + seq->ra_offs, + seq->seq_len, + seq->buf_len, + seq->buf); +#endif if (seq->complete) { seq->seq_len = (((uint32_t)pkt_data[0])<<8) | pkt_data[1]; seq->cmd_offs = (((uint32_t)pkt_data[2])<<8) | pkt_data[3]; - + if (seq->cmd_offs >= seq->seq_len) { + printf("libspudec:faulty stream\n"); + abort(); + } if (seq->buf_len < seq->seq_len) { seq->buf_len = seq->seq_len; #ifdef LOG_DEBUG @@ -258,13 +270,22 @@ void spudec_reassembly (spudec_seq_t *seq, uint8_t *pkt_data, u_int pkt_len) #endif } - if (seq->ra_offs < seq->buf_len) { +#ifdef LOG_DEBUG + printf("libspudec:2: seq->ra_offs = %d, seq->seq_len = %d, seq->buf_len = %d, seq->buf=%p\n", + seq->ra_offs, + seq->seq_len, + seq->buf_len, + seq->buf); +#endif + if (seq->ra_offs < seq->seq_len) { if (seq->ra_offs + pkt_len > seq->seq_len) pkt_len = seq->seq_len - seq->ra_offs; - memcpy (seq->buf + seq->ra_offs, pkt_data, pkt_len); seq->ra_offs += pkt_len; - } + } else { + printf("libspudec:faulty stream\n"); + abort(); + } if (seq->ra_offs == seq->seq_len) { seq->finished = 0; @@ -444,6 +465,7 @@ static void spudec_do_commands(spudec_state_t *state, spudec_seq_t* seq, vo_over { uint8_t *buf = state->cmd_ptr; uint8_t *next_seq; + int32_t param_length; #ifdef LOG_DEBUG printf ("spu: SPU DO COMMANDS\n"); @@ -568,10 +590,17 @@ static void spudec_do_commands(spudec_state_t *state, spudec_seq_t* seq, vo_over case CMD_SPU_SET_PXD_OFFSET: /* image top[0] field / image bottom[1] field*/ state->field_offs[0] = (((u_int)buf[1]) << 8) | buf[2]; state->field_offs[1] = (((u_int)buf[3]) << 8) | buf[4]; + #ifdef LOG_DEBUG printf ("spu: \toffset[0] = %d offset[1] = %d\n", state->field_offs[0], state->field_offs[1]); #endif + + if ((state->field_offs[0] >= seq->seq_len) || + (state->field_offs[1] >= seq->seq_len)) { + printf("libspudec:faulty stream\n"); + abort(); + } state->modified = 1; buf += 5; break; @@ -580,6 +609,8 @@ static void spudec_do_commands(spudec_state_t *state, spudec_seq_t* seq, vo_over #ifdef LOG_DEBUG printf ("spu: \tSPU_WIPE not implemented yet\n"); #endif + param_length = (buf[1] << 8) | (buf[2]); + buf += 1 + param_length; break; case CMD_SPU_FORCE_DISPLAY: diff --git a/src/libspudec/xine_decoder.c b/src/libspudec/xine_decoder.c index 5b7e235d5..5625e0f51 100644 --- a/src/libspudec/xine_decoder.c +++ b/src/libspudec/xine_decoder.c @@ -19,7 +19,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * - * $Id: xine_decoder.c,v 1.83 2002/10/27 20:08:41 mroi Exp $ + * $Id: xine_decoder.c,v 1.84 2002/11/01 11:02:52 jcdutton Exp $ * * stuff needed to turn libspu into a xine decoder plugin */ @@ -74,6 +74,9 @@ static void spudec_decode_data (spu_decoder_t *this_gen, buf_element_t *buf) { stream_id = buf->type & 0x1f ; cur_seq = &this->spudec_stream_state[stream_id].ra_seq; +#ifdef LOG_DEBUG + printf("libspudec:got buffer type = %x\n", buf->type); +#endif if (buf->type == BUF_SPU_CLUT) { printf("libspudec: SPU CLUT\n"); if (buf->content[0]) { /* cheap endianess detection */ @@ -105,6 +108,9 @@ static void spudec_decode_data (spu_decoder_t *this_gen, buf_element_t *buf) { return; } +#ifdef LOG_DEBUG + printf("libspudec:got buffer type = %x\n", buf->type); +#endif if (buf->decoder_flags & BUF_FLAG_PREVIEW) /* skip preview data */ return; |