[FFmpeg-cvslog] mjpegdec: parse RSTn to prevent skipping other data in mjpeg_decode_scan
Janne Grunau
git at videolan.org
Fri Jan 6 02:53:07 CET 2012
ffmpeg | branch: master | Janne Grunau <janne-libav at jannau.net> | Thu Jan 5 03:47:21 2012 +0100| [e268a352af893e47bd3ea2aed90761cb0b4feca7] | committer: Janne Grunau
mjpegdec: parse RSTn to prevent skipping other data in mjpeg_decode_scan
Check explicitly if enough bits are left to prevent an infinite loop
when the bitstream buffer is not followed by zero-padding.
Based on patches by Michael Niedermayer <michaelni at gmx.at>.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e268a352af893e47bd3ea2aed90761cb0b4feca7
---
libavcodec/mjpegdec.c | 24 ++++++++++++++++--------
1 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 058b08f..7a85c16 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -881,14 +881,22 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i
}
}
- if (s->restart_interval && show_bits(&s->gb, 8) == 0xFF){ /* skip RSTn */
- --s->restart_count;
- align_get_bits(&s->gb);
- while(show_bits(&s->gb, 8) == 0xFF)
- skip_bits(&s->gb, 8);
- skip_bits(&s->gb, 8);
- for (i=0; i<nb_components; i++) /* reset dc */
- s->last_dc[i] = 1024;
+ if (s->restart_interval) {
+ s->restart_count--;
+ i = 8 + ((-get_bits_count(&s->gb)) & 7);
+ /* skip RSTn */
+ if (show_bits(&s->gb, i) == (1 << i) - 1) {
+ int pos = get_bits_count(&s->gb);
+ align_get_bits(&s->gb);
+ while (get_bits_left(&s->gb) >= 8 && show_bits(&s->gb, 8) == 0xFF)
+ skip_bits(&s->gb, 8);
+ if ((get_bits(&s->gb, 8) & 0xF8) == 0xD0) {
+ for (i = 0; i < nb_components; i++) /* reset dc */
+ s->last_dc[i] = 1024;
+ } else {
+ skip_bits_long(&s->gb, pos - get_bits_count(&s->gb));
+ }
+ }
}
}
}
More information about the ffmpeg-cvslog
mailing list