[FFmpeg-cvslog] mjpegbdec: check SOS/SOF ordering.
Michael Niedermayer
git at videolan.org
Sun Apr 22 15:03:45 CEST 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sun Apr 22 14:19:18 2012 +0200| [9a4f5b76169a71156819dbaa8ee0b6ea25dc7195] | committer: Michael Niedermayer
mjpegbdec: check SOS/SOF ordering.
Fixes null ptr dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9a4f5b76169a71156819dbaa8ee0b6ea25dc7195
---
libavcodec/mjpegbdec.c | 1 +
libavcodec/mjpegdec.c | 12 +++++++-----
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/libavcodec/mjpegbdec.c b/libavcodec/mjpegbdec.c
index 2c1d67f..c457b98 100644
--- a/libavcodec/mjpegbdec.c
+++ b/libavcodec/mjpegbdec.c
@@ -52,6 +52,7 @@ static int mjpegb_decode_frame(AVCodecContext *avctx,
buf_ptr = buf;
buf_end = buf + buf_size;
+ s->got_picture = 0;
read_header:
/* reset on every SOI */
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index c3e69f6..c9021b9 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1148,6 +1148,13 @@ int ff_mjpeg_decode_sos(MJpegDecodeContext *s, const uint8_t *mb_bitmask,
const int block_size = s->lossless ? 1 : 8;
int ilv, prev_shift;
+ if (!s->got_picture) {
+ av_log(s->avctx, AV_LOG_WARNING,
+ "Can not process SOS before SOF, skipping\n");
+ return -1;
+ }
+
+ av_assert0(s->picture_ptr->data[0]);
/* XXX: verify len field validity */
len = get_bits(&s->gb, 16);
nb_components = get_bits(&s->gb, 8);
@@ -1699,11 +1706,6 @@ eoi_parser:
goto the_end;
case SOS:
- if (!s->got_picture) {
- av_log(avctx, AV_LOG_WARNING,
- "Can not process SOS before SOF, skipping\n");
- break;
- }
if (ff_mjpeg_decode_sos(s, NULL, NULL) < 0 &&
(avctx->err_recognition & AV_EF_EXPLODE))
return AVERROR_INVALIDDATA;
More information about the ffmpeg-cvslog
mailing list