[FFmpeg-cvslog] r20566 - in trunk/libavcodec: mjpegdec.c utils.c

michael subversion
Fri Nov 20 23:14:37 CET 2009 

Author: michael
Date: Fri Nov 20 23:14:37 2009
New Revision: 20566

Log:
Allocate pictures with enough padding for jpeg.
Ensure that jpeg does not use mbs that could require larger padding.
This might have been exploitable.

Modified:
   trunk/libavcodec/mjpegdec.c
   trunk/libavcodec/utils.c

Modified: trunk/libavcodec/mjpegdec.c
==============================================================================
--- trunk/libavcodec/mjpegdec.c	Fri Nov 20 22:08:26 2009	(r20565)
+++ trunk/libavcodec/mjpegdec.c	Fri Nov 20 23:14:37 2009	(r20566)
@@ -292,9 +292,10 @@ int ff_mjpeg_decode_sof(MJpegDecodeConte
                  (s->h_count[2] << 12) | (s->v_count[2] <<  8) |
                  (s->h_count[3] <<  4) |  s->v_count[3];
     av_log(s->avctx, AV_LOG_DEBUG, "pix fmt id %x\n", pix_fmt_id);
-    if(!(pix_fmt_id & 0x10101010))
+    //NOTE we do not allocate pictures large enough for the possible padding of h/v_count being 4
+    if(!(pix_fmt_id & 0xD0D0D0D0))
         pix_fmt_id-= (pix_fmt_id & 0xF0F0F0F0)>>1;
-    if(!(pix_fmt_id & 0x01010101))
+    if(!(pix_fmt_id & 0x0D0D0D0D))
         pix_fmt_id-= (pix_fmt_id & 0x0F0F0F0F)>>1;
 
     switch(pix_fmt_id){

Modified: trunk/libavcodec/utils.c
==============================================================================
--- trunk/libavcodec/utils.c	Fri Nov 20 22:08:26 2009	(r20565)
+++ trunk/libavcodec/utils.c	Fri Nov 20 23:14:37 2009	(r20566)
@@ -126,17 +126,19 @@ void avcodec_align_dimensions(AVCodecCon
     case PIX_FMT_YUYV422:
     case PIX_FMT_UYVY422:
     case PIX_FMT_YUV422P:
+    case PIX_FMT_YUV440P:
     case PIX_FMT_YUV444P:
     case PIX_FMT_GRAY8:
     case PIX_FMT_GRAY16BE:
     case PIX_FMT_GRAY16LE:
     case PIX_FMT_YUVJ420P:
     case PIX_FMT_YUVJ422P:
+    case PIX_FMT_YUVJ440P:
     case PIX_FMT_YUVJ444P:
     case PIX_FMT_YUVA420P:
         w_align= 16; //FIXME check for non mpeg style codecs and use less alignment
         h_align= 16;
-        if(s->codec_id == CODEC_ID_MPEG2VIDEO)
+        if(s->codec_id == CODEC_ID_MPEG2VIDEO || s->codec_id == CODEC_ID_MJPEG || s->codec_id == CODEC_ID_AMV || s->codec_id == CODEC_ID_THP)
             h_align= 32; // interlaced is rounded up to 2 MBs
         break;
     case PIX_FMT_YUV411P:

More information about the ffmpeg-cvslog mailing list