| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Found by Coverity Scan and -fsanitize=undefined
|
|
|
|
|
|
|
|
|
| |
Avoid that PlayResY is set to 0 when only PlayResX is specified and
set to 1. Setting PlayResY to 0 results in divide-by-zero errors.
Also fix PlayResX calculations in case only PlayResY is specified,
for completeness.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1474.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When given a byte c, decode_chars expects that 0 <= c - 33 <= 63,
i. e. that only the six lowest bits of c - 33 are possibly set.
With this assumption, it shifts and adds together multiple c - 33 values.
When c > 96, c - 33 has high nonzero bits, which interferes with other
shifted terms. c < 33 is even worse: c - 33 is negative (if unsigned char
fits in int), and left-shifting negative numbers has undefined behavior.
Even before the shift, on common platforms with a two's complement
representation of negative integers (or if unsigned char does not fit in
int and is promoted to unsigned int), c - 33 has high nonzero bits, which
again interfere with other shifted terms.
To make matters worse, even perfectly valid encoded data is affected when
size % 4 != 0, as decode_font calls decode_chars with '\0', which leads
decode_chars to shift and add -33, causing undefined behavior and/or
incorrect output.
Take our cue from VSFilter and bit-mask c - 33 to keep only the six
relevant bits. To ensure that we get the same bits as VSFilter when
c < 33 and to avoid the undefined behavior of left-shifting negative
numbers, convert the number to unsigned before masking and shifting.
While we are at it, rewrite decode_chars entirely
to get rid of any GPL code from mkvtoolnix.
Related mkvtoolnix bug: https://github.com/mbunkus/mkvtoolnix/issues/1003
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516.
Also allocate exactly the right amount of memory for the font,
because why not.
|
|
|
|
| |
Like VSFilter, treat negative values the same as missing values.
|
|
|
|
|
|
|
|
|
| |
Commit 8c8741fe2000d4b4d89a53f894363a42288cec3e attempted to fix this
expression and make it use the full range of long long, but it missed
the millisecond term.
This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=522.
The entire timestamp can still overflow long long though.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle large and negative values except INT32_MIN like VSFilter.
This avoids both overflow and inconsistent internal state.
This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=523.
VSFilter handles INT32_MIN like a mix of \an1, \an2 and \an3:
* Vertical alignment is bottom.
* Lines within the event are center-aligned.
* Without \pos or \move, the center of the event is aligned
with the right edge of the screen minus MarginR.
* With \pos or \move, the left edge of the event is aligned
with the position point.
* Without \org, the rotation origin is aligned
with the horizontal center of the event.
* (With \org, the rotation origin is as specified.)
If we wanted to emulate this in libass, the cleanest way would be to
introduce a new horizontal alignment constant for this purpose that
would be used only for ASS style definitions with Alignment INT32_MIN.
This commit makes no attempt to do this and instead arbitrarily picks
\an2 for style definitions with Alignment -INT_MAX-1, which equals
INT32_MIN if int is int32_t. The fact that int is platform-dependent
is one of the reasons for this. We could change Alignment to be int32_t
instead of int for perfect VSFilter compatibility, but the same applies
to many other fields that currently use platform-dependent types.
|
|
|
|
|
| |
Discovered by OSS-Fuzz.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=229.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Subtitle recommendations often include that multi line
subtitles should be left justified as this is easier for
the eyes. This is also the standard used by several television
companies.
This add the possibility to define how subtitles are to
be justified, independently of where they are aligned.
The most common way could be to set justify to left, and have
alignment to center. But you can, for example, have alignment
to left and justify to center, giving subtitles to the left but
justifed on the center (instead of normal left justified).
Using justify right and alignment of center, might be good
choice for Arabic.
If justify is not defined, all works like before.
If justify is defined, subtitles are aligned as defined
by alignment and justified as defined by justify.
ASS is not extended by this, justify can only be defined
by setting Justify to wanted justification.
|
|
|
|
| |
Found by fuzzer test case id:000051,sig:11,sync:fuzzer3,src:004221.
|
|
|
|
| |
Finds the start of the subtitle at "now".
|
|
|
|
|
|
|
|
| |
Not all API users will keep the event list on seeking. This also gives
the opportunity to API users to handle severely broken files with
duplicate ReadOrder entries. (It is not known whether this is really
needed, however VSFilter does not deduplicate using the ReadOrder
field.)
|
|
|
|
|
| |
Otherwise, ass_process_chunk() will reject events that were previously
removed with ass_flush_events(), which is nonsense.
|
|
|
|
|
| |
Keep all components signed, allowing for timestamps like 00:01:-05.00
to denote 55 seconds. This matches the behavior of VSFilter.
|
|
|
|
| |
Reported by gcc -Wall -Wextra.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The loop in check_duplicate_event() essentially makes event processing
with ass_process_chunk() O(n^2). Using a bitmap instead of a loop brings
it back to O(n).
This could be interpreted as an API change: since the event list is
freely modifieable by the API user through ASS_Track public fields,
libass can't know if the internal bitmap went out of sync with the
public event list. We just redefine it so that calling
ass_process_chunk() means the API user agrees not to manipulate the
event list otherwise.
|
|
|
|
|
|
|
|
|
|
|
| |
There is no real value in it. ENCA only works in some cases and I
can't find any information about software that integrates libass
which relies on it or users that rely on ENCA support in case the
interface is exposed directly (e.g. in MPlayer).
If there is still a wish to have charset detection integrated into
libass (it is out of scope, IMHO), a better library like uchardet
should be used for that.
|
|
|
|
|
|
|
|
|
| |
As before, this does not add any build system support:
a config.h file and a project must still be manually created
(or the compiler can be run manually instead of using a project).
Signed-off-by: Grigori Goronzy <greg@kinoho.net>
Signed-off-by: Oleg Oshmyan <chortos@inbox.lv>
|
| |
|
|
|
|
|
|
|
|
| |
OS or platform-specific locale independent functions are painful to
use and/or not available, so roll our own. Not great but the least
painful and least intrusive.
v2: fix indexing, use static inline
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ass_set_fonts_dir() is supposed to enable all fonts in a specific
directory. The implementation for it was dropped with the commit
introducing the new fontselect code. Some users were relying on it, so
we need it back.
It used to be implemented using a single fontconfig call. But since this
has to work even if fontconfig support is not even compiled, a new
implementation is needed.
This commit adds very simple and low-effort support for it. It loads all
files into memory, and then lets the memory font code do the rest. A
more efficient implementation would be possible, for example by
implementing a new font provider, which serves get_data requests from
open file handles. Anyone who wants to do this is welcome to try, and
this commit is just the minimum to restore the lost feature.
|
|
|
|
|
|
|
|
|
| |
The timecode is a long long, but it is computed as a product whose
all multiplicands are (unsigned) ints and so effectively has the value
of an (unsigned) int. Fix this, and use the full long long range,
by explicitly making one of the first two multiplicands a long long.
Found by Coverity Scan.
|
|
|
|
| |
Reported by clang scan-build static analysis.
|
|
|
|
|
| |
Reported by clang scan-build static analysis. Also fix incorrect
return value in case of error.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Allow exactly one of these prefixes in header values:
0x, 0X, &h, &H. Note that "0x0xFFFFFF" is a correct value,
as the first 0x is consumed by the parser and the second by
the string-to-number conversion following strtol semantics.
* Allow arbitrary numbers of leading & and H
(and not h) in any order in override tag values.
* Reduce header values modulo 2**32 instead
of saturating them to LLONG_MIN/MAX.
* Saturate override tag values to INT32_MIN/MAX
rather than to LLONG_MIN/MAX.
* Don't fiddle with bytes in alpha override tag values.
(They can be outside of the 0..255 range.)
Also change the byte swapping code to be more sensible.
Fixes #80.
Fixes #145.
Fixes #178.
Also fixes our behavior in the case described in
https://code.google.com/p/xy-vsfilter/issues/detail?id=80.
|
|
|
|
|
|
|
| |
Fixes "[ARR] Musashi no Ken - 01 [AVC][5697986B].ssa", which has
timestamps like "00:02:30.85". It starts with 2 zeros instead of one,
which probably means it's an invalid file, but it's accepted by various
other parsers (VSFilter, MPlayer, vlc, ffmpeg).
|
|
|
|
|
|
|
|
|
|
| |
This was a check for the realloc() call, but the result was never
used in the success case - which makes no sense.
Doesn't really matter, because it's the legacy charset code which
hopefully is not used by anyone.
Found by Coverity.
|
|
|
|
|
|
|
|
|
|
| |
Use strndup() instead of malloc+copy.
Make all code deal with the possibility that ASS_Drawing.text can be
NULL (which can happen on allocation failure).
Skip fix_collisions() on malloc failure - the lines will overlap, but at
least libass won't crash.
|
|
|
|
| |
This is just a start and gets most easy ones.
|
| |
|
|
|
|
|
| |
Also replace strtocolor in ass_utils with string2color
from ass.c, because that is more useful everywhere now.
|
| |
|
|
|
|
|
|
|
| |
These aren't very useful for debugging due to the high volume of the log
output in problem cases. In fact, all they do is making the code slower
(the message callback can easily appear in the profiler output, even if
the callback doesn't actually print the messages).
|
|
|
|
| |
This reduces the frequency of reallocations.
|
|
|
|
| |
Obtained by reading the xy-VSFilter source code.
|
|
|
|
| |
This complements 5903771e.
|
|
|
|
| |
The "if (0) { // cool ;)" is just mindblowing.
|
|
|
|
|
|
| |
Based on the patch by chadr123.
See google code issue #113.
|
|
|
|
|
|
|
|
|
|
|
|
| |
ass_step_sub() assumed that the subtitle event list was sorted by event
start time, but that is not guaranteed. Making the list sorted is not
an option. (At least for now - too many issues are in the way to get
such a change being done.) Fix this function so that it works with an
unsorted event list.
Semantics regarding corner cases might be slightly different, such as
what happens if the now parameter coincides with event start/end, or
behavior with overlapping subtitles.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes google code issue #88.
process_text() garbles the memory as the text is parsed.
This also fixes that the user provided buffer implicitly had to
be null terminated. This wasn't obvious, because the caller
passes in the buffer length. libass ignored the buffer length
(unless a codepage was provided and iconv was enabled), and
happily read past the end of the buffer.
It would be much nicer if the parsing code would be fixed,
instead of just copying the input buffer. Maybe one day.
|
|
|
|
|
|
| |
Trim '*' from the start of style name fields of Style
and Dialogue lines and normalize the case of "Default"
in the style name field of Dialogue lines.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The value is parsed and stored as an enum constant that the consumer
can read from ASS_Track. All output images are still plain RGB,
and the consumer is expected to perform its own color correction.
Supported header values: (TV|PC).(601|709|240M|FCC) and None.
If the header is missing, a special compatibility value is used
that should be treated as TV.601 if the accompanying video stream
is YCbCr and as None otherwise. If the header is present but has
an invalid/unknown value, a different special value is substituted.
|
|
|
|
|
| |
Useful when applications specify the style manually for non-ASS
subtitles.
|
|
|
|
| |
Fixes issue 83.
|
|
|
|
|
|
| |
Similar to VSFilter. Thanks to Iroha for reporting this issue.
Note: this breaks the ABI!
|
| |
|
|
|
|
|
| |
This allows to reset to a certain style, instead of the default style
for the current line. For some reason, this was completely missing.
|
|
|
|
|
|
| |
Parse a hint in the form "Language: xx" with xx being an ISO 639-1
language code, and pass it to HarfBuzz. This can be useful to render
scripts with language-specific character variants.
|
| |
|
|
|
|
| |
Use 50% alpha for the shadow. Looks nicer and is just like VSFilter.
|
|
|
|
| |
VSFilter always matches style names case sensitive.
|
|
|
|
|
|
| |
Make the "Default" style, useful as a fallback and required by few
scripts for proper rendering, actually do something sensible. Font,
sizes, et cetera are set up mostly like VSFilter.
|
|
|
|
|
|
| |
In hope to make libass as useful as possible, relicense libass to ISC, a
simplified 2-clause BSD license. All contributors who provided
non-trivial changes have granted their permission for this.
|
|
|
|
|
| |
The useless "if (foo) free(foo)" idiom is all over the place, just
get rid of it finally...
|
| |
|
| |
|
|
|
|
|
| |
strcasecmp/strncasecmp needs strings.h according to POSIX, so add this
include where these occur.
|
|
|
|
| |
Limit context printed after parsing errors to 30 characters
|
|
|
|
|
|
| |
Add a function to flush all events in a track and increment
LIBASS_VERSION to indicate the addition.
Initial patch by Aurelien Jacobs (aurel AT gnuage DOT org).
|
|
|
|
|
|
| |
Do not skip '@' at the start of a font name in styles; detect '@' at
font name start and set a new attribute in ASS_Font accordingly.
Rotate affected glyphs after loading and calculate a suitable advance.
|
|
|
|
|
|
| |
If an application wants to provide some sort of safeguard against
loading very big files (which can trash memory), it should do so by
itself.
|
|
|
|
|
|
| |
Change size limit from 10MB to 50MB and clean up code a bit. A limit
still might be handy if one selects a very big file for subtitles by
accident. 50MB should be enough for even the biggest karaoke files.
|
| |
|
|
|
|
| |
Patch by Arne Morten Kvarving <spiff@micron.(none)>.
|
|
|
|
|
|
|
|
|
|
| |