RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-02-16 03:37:00 +00:00
Code Issues Projects Releases Wiki Activity

jpeg: handle progressive in second field of interlaced.

Browse Source 
Progressive data is allocated later in decode_sof(), not allocating
that data leads to NULL dereferences.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5eec5a79da)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This commit is contained in:
Ronald S. Bultje 2012-03-13 17:18:41 -07:00 committed by Reinhard Tartler
parent 7fe4c8cb76
commit 7240cc3f8b
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/mjpegdec.c
View File

@ -306,9 +306,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
s->first_picture = 0; s->first_picture = 0;
} }
if (s->interlaced && (s->bottom_field == !s->interlace_polarity)) if (!(s->interlaced && (s->bottom_field == !s->interlace_polarity))) {
return 0;
/* XXX: not complete test ! */ /* XXX: not complete test ! */
pix_fmt_id = (s->h_count[0] << 28) | (s->v_count[0] << 24) | pix_fmt_id = (s->h_count[0] << 28) | (s->v_count[0] << 24) |
(s->h_count[1] << 20) | (s->v_count[1] << 16) | (s->h_count[1] << 20) | (s->v_count[1] << 16) |
@ -375,6 +373,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
if (len != (8 + (3 * nb_components))) if (len != (8 + (3 * nb_components)))
av_log(s->avctx, AV_LOG_DEBUG, "decode_sof0: error, len(%d) mismatch\n", len); av_log(s->avctx, AV_LOG_DEBUG, "decode_sof0: error, len(%d) mismatch\n", len);
}
/* totally blank picture as progressive JPEG will only add details to it */ /* totally blank picture as progressive JPEG will only add details to it */
if (s->progressive) { if (s->progressive) {