[FFmpeg-devel] [PATCH]Fix progressive jpgs with weird pix_fmts
Carl Eugen Hoyos
cehoyos at ag.or.at
Sat Jan 7 03:17:36 CET 2012
On Saturday 07 January 2012 02:59:06 am Michael Niedermayer wrote:
> > Attached fixes the samples from ticket #892 for me.
> >
> > Please comment, Carl Eugen
>
> reset upscale* otherwise this is possibly exploitable if the width or
> height or "pix_fmt" changes
As in attached?
Carl Eugen
-------------- next part --------------
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 58bbd63..ca1f4bc 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -323,6 +323,8 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
if(!(pix_fmt_id & 0x0D0D0D0D))
pix_fmt_id-= (pix_fmt_id & 0x0F0F0F0F)>>1;
+ s->upscale_h = s->upscale_v = 0;
+
switch(pix_fmt_id){
case 0x11111100:
if(s->rgb){
@@ -1173,28 +1175,6 @@ int ff_mjpeg_decode_sos(MJpegDecodeContext *s,
return -1;
}
}
- if (s->upscale_h) {
- uint8_t *line = s->picture_ptr->data[s->upscale_h];
- for (i = 0; i < s->chroma_height; i++) {
- for (index = s->width - 1; index; index--)
- line[index] = (line[index / 2] + line[(index + 1) / 2]) >> 1;
- line += s->linesize[s->upscale_h];
- }
- }
- if (s->upscale_v) {
- uint8_t *dst = &((uint8_t *)s->picture_ptr->data[s->upscale_v])[(s->height - 1) * s->linesize[s->upscale_v]];
- for (i = s->height - 1; i; i--) {
- uint8_t *src1 = &((uint8_t *)s->picture_ptr->data[s->upscale_v])[i / 2 * s->linesize[s->upscale_v]];
- uint8_t *src2 = &((uint8_t *)s->picture_ptr->data[s->upscale_v])[(i + 1) / 2 * s->linesize[s->upscale_v]];
- if (src1 == src2) {
- memcpy(dst, src1, s->width);
- } else {
- for (index = 0; index < s->width; index++)
- dst[index] = (src1[index] + src2[index]) >> 1;
- }
- dst -= s->linesize[s->upscale_v];
- }
- }
emms_c();
return 0;
out_of_range:
@@ -1524,7 +1504,7 @@ int ff_mjpeg_decode_frame(AVCodecContext *avctx,
AVPacket *avpkt)
{
const uint8_t *buf = avpkt->data;
- int buf_size = avpkt->size;
+ int i, index, buf_size = avpkt->size;
MJpegDecodeContext *s = avctx->priv_data;
const uint8_t *buf_end, *buf_ptr;
const uint8_t *unescaped_buf_ptr;
@@ -1683,6 +1663,28 @@ eoi_parser:
av_log(avctx, AV_LOG_FATAL, "No JPEG data found in image\n");
return -1;
the_end:
+ if (s->upscale_h) {
+ uint8_t *line = s->picture_ptr->data[s->upscale_h];
+ for (i = 0; i < s->chroma_height; i++) {
+ for (index = s->width - 1; index; index--)
+ line[index] = (line[index / 2] + line[(index + 1) / 2]) >> 1;
+ line += s->linesize[s->upscale_h];
+ }
+ }
+ if (s->upscale_v) {
+ uint8_t *dst = &((uint8_t *)s->picture_ptr->data[s->upscale_v])[(s->height - 1) * s->linesize[s->upscale_v]];
+ for (i = s->height - 1; i; i--) {
+ uint8_t *src1 = &((uint8_t *)s->picture_ptr->data[s->upscale_v])[i / 2 * s->linesize[s->upscale_v]];
+ uint8_t *src2 = &((uint8_t *)s->picture_ptr->data[s->upscale_v])[(i + 1) / 2 * s->linesize[s->upscale_v]];
+ if (src1 == src2) {
+ memcpy(dst, src1, s->width);
+ } else {
+ for (index = 0; index < s->width; index++)
+ dst[index] = (src1[index] + src2[index]) >> 1;
+ }
+ dst -= s->linesize[s->upscale_v];
+ }
+ }
av_log(avctx, AV_LOG_DEBUG, "mjpeg decode frame unused %td bytes\n", buf_end - buf_ptr);
// return buf_end - buf_ptr;
return buf_ptr - buf;
More information about the ffmpeg-devel
mailing list