libjass icon indicating copy to clipboard operation
libjass copied to clipboard

Published 20 hours ago verified publisher icon Arnavion

When PlayResX or PlayResY are defined as zero, tab crashes.

Open joshuabrown-ellation opened this issue 8 years ago • 1 comments
trafficstars

To reproduce:

  • set the advanced substation subtitle (.ass) PlayResX or PlayResY property to 0 in Aegisub and save the file. Or you can edit the .ass file directly, i.e. PlayResX: 0.
  • use libjass to render that subtitle file via URL or by directly using the text of the .ass file.

Identification of problem: Libjass uses property PlayResX and PlayResY for scaling of the rendering of effects in CSS, for example _textShadow. The way they are defined is by element width / PlayResX and element height / PlayResY, creating the possibility of a divide by zero condition. Since Javascript defines n / 0 as Infinity, and Libjass tries to setup a for() loop with that number as the break condition, we will run out of memory abruptly.

Proposed solution: Line 346 of renderer.ts: if (this.ass.properties.resolutionX === 0 || this.ass.properties.resolutionY === 0) { this._scaleX = 0; this._scaleY = 0; } else { this._scaleX = width / this.ass.properties.resolutionX; this._scaleY = height / this.ass.properties.resolutionY; }

joshuabrown-ellation avatar Sep 05 '17 18:09 joshuabrown-ellation

Relevant PlayRes* fixups in libass are at https://github.com/libass/libass/blob/6092e276de387133de4dfb17843a5d8d0b8de3f0/libass/ass.c#L1333

Pseudocode:

switch (x, y) {
	(> 0, > 0) => (x, y),
	(<= 0, <= 0) => (384, 288),
	(1280, <= 0) => (1280, 1024),
	(<= 0, 1024) => (1280, 1024),
	(*, <= 0) => (x, x * 3 / 4),
	(<= 0, *) => (y * 4 / 3, y),
}

libjass should do the same.

Arnavion avatar Sep 05 '17 18:09 Arnavion