[FFmpeg-cvslog] avcodec/mjpegdec: Fix context fields becoming inconsistent
Michael Niedermayer
git at videolan.org
Mon Dec 8 19:26:13 CET 2014
ffmpeg | branch: release/2.2 | Michael Niedermayer <michaelni at gmx.at> | Tue Nov 25 13:53:06 2014 +0100| [5d6f8bab02ba6d8434188172b31a4e1ac0a00756] | committer: Michael Niedermayer
avcodec/mjpegdec: Fix context fields becoming inconsistent
Fixes out of array access
Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 0eecf40935b22644e6cd74c586057237ecfd6844)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5d6f8bab02ba6d8434188172b31a4e1ac0a00756
---
libavcodec/mjpegdec.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 7feeade..a811b51 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1553,6 +1553,8 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
}
if (id == AV_RB32("LJIF")) {
+ int rgb = s->rgb;
+ int pegasus_rct = s->pegasus_rct;
if (s->avctx->debug & FF_DEBUG_PICT_INFO)
av_log(s->avctx, AV_LOG_INFO,
"Pegasus lossless jpeg header found\n");
@@ -1562,17 +1564,27 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
skip_bits(&s->gb, 16); /* unknown always 0? */
switch (i=get_bits(&s->gb, 8)) {
case 1:
- s->rgb = 1;
- s->pegasus_rct = 0;
+ rgb = 1;
+ pegasus_rct = 0;
break;
case 2:
- s->rgb = 1;
- s->pegasus_rct = 1;
+ rgb = 1;
+ pegasus_rct = 1;
break;
default:
av_log(s->avctx, AV_LOG_ERROR, "unknown colorspace %d\n", i);
}
+
len -= 9;
+ if (s->got_picture)
+ if (rgb != s->rgb || pegasus_rct != s->pegasus_rct) {
+ av_log(s->avctx, AV_LOG_WARNING, "Mismatching LJIF tag\n");
+ goto out;
+ }
+
+ s->rgb = rgb;
+ s->pegasus_rct = pegasus_rct;
+
goto out;
}
if (id == AV_RL32("colr") && len > 0) {
More information about the ffmpeg-cvslog
mailing list