Ticket #473 (closed defect: fixed)

Opened 8 months ago

Last modified 4 months ago

Subtitles occasionally throw NSRangeException from [NSCFString characterAtIndex:] in ParseFontVerticality

Reported by: pipian Owned by: astrange
Priority: normal Milestone: 1.2.1
Component: Subtitles Version: 1.2
Severity: normal Keywords:
Cc:

Description

Upon viewing certain (possibly corrupt) subtitles (e.g. the SpoonSubs? v1 release of Hidamari Sketch x365 episode 3 near ), Perian crashes QuickTime by giving an alert box remarking about a "[NSCFString characterAtIndex:] Range or index out of bounds" error. At the very least, Perian should probably try to silently drop the subtitles instead of throwing an exception.

Crash log is attached, with critical crashed thread trace also copied below:

Thread 13 Crashed: 0 com.apple.CoreFoundation? 0x9756ae94 _TERMINATING_DUE_TO_UNCAUGHT_EXCEPTION_ + 4 1 libobjc.A.dylib 0x95cfee3b objc_exception_throw + 40 2 com.apple.CoreFoundation? 0x9756adcb +[NSException raise:format:arguments:] + 155 3 com.apple.CoreFoundation? 0x9756ae0a +[NSException raise:format:] + 58 4 com.apple.Foundation 0x92560a03 -[NSCFString characterAtIndex:] + 115 5 org.perian.Perian 0x1589a286 ParseFontVerticality? + 38 6 org.perian.Perian 0x1589d462 -[SubATSUIRenderer spanChangedTag:span:div:param:] + 1506 7 org.perian.Perian 0x158791d2 SubParsePacket? + 2770 8 org.perian.Perian 0x1589e043 -[SubATSUIRenderer renderPacket:inContext:width:height:] + 83 9 org.perian.Perian 0x1589b92e SubRenderPacket? + 62 10 org.perian.Perian 0x15886194 TextSubCodecDrawBand? + 260 11 org.perian.Perian 0x15886084 TextSubCodecComponentDispatch? + 212 12 ...ple.CoreServices?.CarbonCore? 0x969c4935 CallComponentDispatch? + 29 13 ...ickTimeComponents.component 0x94af6897 ImageCodecDrawBand? + 43 14 ...ickTimeComponents.component 0x9449f0ef BaseCodec?_ImageCodecDrawBand_VideoDecodeThread + 35 15 com.apple.QuickTime 0x90110556 VideoDecodeThread? + 118 16 libSystem.B.dylib 0x95b6f155 _pthread_start + 321 17 libSystem.B.dylib 0x95b6f012 thread_start + 34

Attachments

crash.log Download (37.6 KB) - added by pipian 8 months ago.
Complete crash log of event.
subs.ass Download (36.0 KB) - added by pipian 8 months ago.
The apparently offending ASS file extracted from the MKV

Change History

Changed 8 months ago by pipian

Complete crash log of event.

Changed 8 months ago by pipian

Would like to add that the particular CRC32 of the defective file should be E433662E, as described on  AniDB. Furthermore, the crash occurs near 20:05-20:10 within the file.

Changed 8 months ago by pipian

Viewing in VLC does not crash, and suggests it may have something to do with an accented e in the title "I like to top it off with condensed milk or whipped crème", especially as the è bears a different font in VLC compared to the rest of the characters.

Changed 8 months ago by pipian

The apparently offending ASS file extracted from the MKV

Changed 8 months ago by pipian

The ASS file is attached, and the crash may be related to font-switching within the subtitle, as the particular line does, in fact, reference "{\fnChinacat}è{\fn}", where chinacat.ttf is one of the attached font files within the MKV file. Is it possible that the length of the subtitle is not the same length as the string, due to not properly handling the font-change within the same line?

Changed 8 months ago by astrange

  • owner set to astrange
  • status changed from new to assigned
  • milestone set to 1.2.1

Reformatted: 

Thread 13 Crashed:
0   com.apple.CoreFoundation?              0x9756ae94 _TERMINATING_DUE_TO_UNCAUGHT_EXCEPTION_ + 4
1   libobjc.A.dylib                       0x95cfee3b objc_exception_throw + 40
2   com.apple.CoreFoundation?              0x9756adcb +[NSException raise:format:arguments:] + 155
3   com.apple.CoreFoundation?              0x9756ae0a +[NSException raise:format:] + 58
4   com.apple.Foundation                  0x92560a03 -[NSCFString characterAtIndex:] + 115
5   org.perian.Perian                     0x1589a286 ParseFontVerticality? + 38
6   org.perian.Perian                     0x1589d462 -[SubATSUIRenderer spanChangedTag:span:div:param:] + 1506
7   org.perian.Perian                     0x158791d2 SubParsePacket? + 2770
8   org.perian.Perian                     0x1589e043 -[SubATSUIRenderer renderPacket:inContext:width:height:] + 83
9   org.perian.Perian                     0x1589b92e SubRenderPacket? + 62
10  org.perian.Perian                     0x15886194 TextSubCodecDrawBand? + 260
11  org.perian.Perian                     0x15886084 TextSubCodecComponentDispatch? + 212
12  ...ple.CoreServices?.CarbonCore?        0x969c4935 CallComponentDispatch? + 29
13  ...ickTimeComponents.component        0x94af6897 ImageCodecDrawBand? + 43
14  ...ickTimeComponents.component        0x9449f0ef BaseCodec?_ImageCodecDrawBand_VideoDecodeThread + 35
15  com.apple.QuickTime                   0x90110556 VideoDecodeThread + 118
16  libSystem.B.dylib                     0x95b6f155 _pthread_start + 321
17  libSystem.B.dylib                     0x95b6f012 thread_start + 34

Changed 8 months ago by astrange

ParseFontVerticality? assume that \fn contains a font name. I guess "" means the default one? That seems undocumented, but it obviously shouldn't crash anyway.

Changed 8 months ago by pipian

Behavior in VLC seems to assume that "" is default. Haven't tested with VSFilter on Windows yet.

Changed 8 months ago by astrange

(In [1250]) Audit for crashes resulting from invalid characterAtIndex: calls.

Briefly tested, refs #473

Changed 6 months ago by astrange

  • status changed from assigned to closed
  • resolution set to fixed

(In [1278]) SSA: Skip \fn with blank font name.

Fixes #473

Note: See TracTickets for help on using tickets.