[FFmpeg-devel] [PATCH] Fix crash in MJEG decoder

Stefan Gehrer stefan.gehrer
Fri Jun 27 20:43:16 CEST 2008


Diego Santa Cruz wrote:
> Hi there,
> 
> I have a JPEG file which segfaults the MJPEG decoder.
> 
> This file has 4 color components (YCCK I believe, color transform 2 in the Adobe APP14 marker) with no subsampling.
> 
> The problem is that ff_mjpeg_decode_sof() sets the pixel format to PIX_FMT_GRAY8 and thus allocates only one component. Then mjpeg_decode_scan() decodes the MBs and tries to perform the IDCT on a non-allocated component which triggers a segfault.
> 
> The attached patch fixes the problem by simply skipping the IDCT step in mjpeg_decode_scan() when the corresponding component is not allocated.
> 
> The decoded image will not be correct anyhow, but it can be considered a best attempt to decode an unhandled color space and prevents ffmpeg from crashing.
> 
> Tested on SVN HEAD with
> 
> ffmpeg -i celgene.jpg test.avi
> 
> I can provide the troublesome file if required (680K).
> 
> Comments welcome.

I think it would be nicer to adjust the value of nb_components outside
of the macroblock loop instead of checking the pointers for validity
inside it.

Stefan




More information about the ffmpeg-devel mailing list