diff options
| author | wm4 <wm4@nowhere> | 2012-11-19 00:57:41 +0100 |
|---|---|---|
| committer | wm4 <wm4@nowhere> | 2012-11-20 18:00:15 +0100 |
| commit | 2a353381f32c955eee0f2051d34375eba9459e6a (patch) | |
| tree | ecaecc06a42370caa52ec9339e7a9ca2c6d820cf /core | |
| parent | 6f6dfc5163c3e1442f1c480e3dbd645ecd740eb5 (diff) | |
| download | mpv-2a353381f32c955eee0f2051d34375eba9459e6a.tar.bz2 mpv-2a353381f32c955eee0f2051d34375eba9459e6a.tar.xz | |
core: fix crash when video filter returns inf as PTS
When a video filter returned inf as PTS, the player crashed. One
reason for this was that decode_audio() was called with a negative
minlen parameter, which at some point caused it to call a memory
allocation function with a ridiculous value, triggering an out of
memory code path in talloc.c. (talloc.c has been modified to abort()
on out of memory situations.)
Fix this by sanity checking minlen in decode_audio(). (The check
against outbuf->len always succeeded, because it's an unsigned
comparison.)
Make an existing sanity check in mplayer.c more robust: check for NaN
too, which happens if the video PTS is inf.
This happened with "-vf pullup,softpulldown" (but is not triggered when
the following commit is applied).
Diffstat (limited to 'core')
| -rw-r--r-- | core/mplayer.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/mplayer.c b/core/mplayer.c index 1b07a0f9ee..223774a711 100644 --- a/core/mplayer.c +++ b/core/mplayer.c @@ -2124,7 +2124,7 @@ static int audio_start_sync(struct MPContext *mpctx, int playsize) bytes = 0; } - if (fabs(ptsdiff) > 300) // pts reset or just broken? + if (fabs(ptsdiff) > 300 || isnan(ptsdiff)) // pts reset or just broken? bytes = 0; if (bytes > 0) |