Commit 4750d4f5 authored by hpi1's avatar hpi1

HDMV: Verify title number before executing JUMP_TITLE / CALL_TITLE

parent 41f77cf1
...@@ -1807,7 +1807,7 @@ static int _play_hdmv(BLURAY *bd, unsigned id_ref) ...@@ -1807,7 +1807,7 @@ static int _play_hdmv(BLURAY *bd, unsigned id_ref)
#endif #endif
if (!bd->hdmv_vm) { if (!bd->hdmv_vm) {
bd->hdmv_vm = hdmv_vm_init(bd->device_path, bd->regs); bd->hdmv_vm = hdmv_vm_init(bd->device_path, bd->regs, bd->index);
} }
if (hdmv_vm_select_object(bd->hdmv_vm, id_ref)) { if (hdmv_vm_select_object(bd->hdmv_vm, id_ref)) {
......
...@@ -23,6 +23,7 @@ ...@@ -23,6 +23,7 @@
#include "hdmv_insn.h" #include "hdmv_insn.h"
#include "../register.h" #include "../register.h"
#include "../bdnav/index_parse.h"
#include "util/macro.h" #include "util/macro.h"
#include "util/strutl.h" #include "util/strutl.h"
#include "util/logging.h" #include "util/logging.h"
...@@ -58,6 +59,9 @@ struct hdmv_vm_s { ...@@ -58,6 +59,9 @@ struct hdmv_vm_s {
/* suspended object */ /* suspended object */
MOBJ_OBJECT *suspended_object; MOBJ_OBJECT *suspended_object;
int suspended_pc; int suspended_pc;
/* disc index (used to verify CALL_TITLE/JUMP_TITLE) */
INDX_ROOT *indx;
}; };
/* /*
...@@ -231,7 +235,7 @@ static int _queue_event(HDMV_VM *p, uint32_t event, uint32_t param) ...@@ -231,7 +235,7 @@ static int _queue_event(HDMV_VM *p, uint32_t event, uint32_t param)
* vm init * vm init
*/ */
HDMV_VM *hdmv_vm_init(const char *disc_root, BD_REGISTERS *regs) HDMV_VM *hdmv_vm_init(const char *disc_root, BD_REGISTERS *regs, INDX_ROOT *indx)
{ {
HDMV_VM *p = calloc(1, sizeof(HDMV_VM)); HDMV_VM *p = calloc(1, sizeof(HDMV_VM));
char *file; char *file;
...@@ -246,6 +250,7 @@ HDMV_VM *hdmv_vm_init(const char *disc_root, BD_REGISTERS *regs) ...@@ -246,6 +250,7 @@ HDMV_VM *hdmv_vm_init(const char *disc_root, BD_REGISTERS *regs)
} }
p->regs = regs; p->regs = regs;
p->indx = indx;
bd_mutex_init(&p->mutex); bd_mutex_init(&p->mutex);
...@@ -341,6 +346,21 @@ static int _resume_object(HDMV_VM *p, int psr_restore) ...@@ -341,6 +346,21 @@ static int _resume_object(HDMV_VM *p, int psr_restore)
* branching * branching
*/ */
static int _is_valid_title(HDMV_VM *p, int title)
{
if (title == 0 || title == 0xffff) {
INDX_PLAY_ITEM *pi = (!title) ? &p->indx->top_menu : &p->indx->first_play;
if (pi->object_type == indx_object_type_hdmv && pi->hdmv.id_ref == 0xffff) {
/* no top menu or first play title (5.2.3.3) */
return 0;
}
return 1;
}
return title > 0 && title <= p->indx->num_titles;
}
static int _jump_object(HDMV_VM *p, int object) static int _jump_object(HDMV_VM *p, int object)
{ {
if (object < 0 || object >= p->movie_objects->num_objects) { if (object < 0 || object >= p->movie_objects->num_objects) {
...@@ -362,7 +382,7 @@ static int _jump_object(HDMV_VM *p, int object) ...@@ -362,7 +382,7 @@ static int _jump_object(HDMV_VM *p, int object)
static int _jump_title(HDMV_VM *p, int title) static int _jump_title(HDMV_VM *p, int title)
{ {
if (title >= 0 && title <= 0xffff) { if (_is_valid_title(p, title)) {
BD_DEBUG(DBG_HDMV, "_jump_title(%d)\n", title); BD_DEBUG(DBG_HDMV, "_jump_title(%d)\n", title);
/* discard suspended object */ /* discard suspended object */
...@@ -389,7 +409,7 @@ static int _call_object(HDMV_VM *p, int object) ...@@ -389,7 +409,7 @@ static int _call_object(HDMV_VM *p, int object)
static int _call_title(HDMV_VM *p, int title) static int _call_title(HDMV_VM *p, int title)
{ {
if (title >= 0 && title <= 0xffff) { if (_is_valid_title(p, title)) {
BD_DEBUG(DBG_HDMV, "_call_title(%d)\n", title); BD_DEBUG(DBG_HDMV, "_call_title(%d)\n", title);
_suspend_object(p, 1); _suspend_object(p, 1);
......
...@@ -58,6 +58,7 @@ typedef struct hdmv_vm_event_s { ...@@ -58,6 +58,7 @@ typedef struct hdmv_vm_event_s {
*/ */
struct bd_registers_s; struct bd_registers_s;
struct indx_root_s;
/* /*
* *
...@@ -65,7 +66,7 @@ struct bd_registers_s; ...@@ -65,7 +66,7 @@ struct bd_registers_s;
typedef struct hdmv_vm_s HDMV_VM; typedef struct hdmv_vm_s HDMV_VM;
BD_PRIVATE HDMV_VM *hdmv_vm_init(const char *disc_root, struct bd_registers_s *regs); BD_PRIVATE HDMV_VM *hdmv_vm_init(const char *disc_root, struct bd_registers_s *regs, struct indx_root_s *indx);
BD_PRIVATE void hdmv_vm_free(HDMV_VM **p); BD_PRIVATE void hdmv_vm_free(HDMV_VM **p);
BD_PRIVATE int hdmv_vm_select_object(HDMV_VM *p, int object); BD_PRIVATE int hdmv_vm_select_object(HDMV_VM *p, int object);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment