Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/jpegxl_parse{,r}: use correct ISOBMFF extended size location

Browse Source 
According to ISO/IEC 14996-12, size == 1 means a 64-bit extended-size
field occurs *after* the 32-bit box type, not before. This fix should
allow correct parsing of JXL files with extended-size boxes.

Signed-off-by: Leo Izen <leo.izen@gmail.com>
release/7.0
Leo Izen 1 year ago
parent 35a555e2b9
commit 019b3ea65a
No known key found for this signature in database
GPG Key ID: 5A71C331FD2FA19A
2 changed files with 8 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      libavcodec/jpegxl_parse.c
  2. 9
      libavcodec/jpegxl_parser.c

6
libavcodec/jpegxl_parse.c
Unescape View File

@ -462,8 +462,10 @@ int ff_jpegxl_collect_codestream_header(const uint8_t *input_buffer, int input_l
return AVERROR_BUFFER_TOO_SMALL; return AVERROR_BUFFER_TOO_SMALL;
size = bytestream2_get_be32(&gb); size = bytestream2_get_be32(&gb);
tag = bytestream2_get_le32(&gb);
if (size == 1) { if (size == 1) {
if (bytestream2_get_bytes_left(&gb) < 12) if (bytestream2_get_bytes_left(&gb) < 8)
return AVERROR_BUFFER_TOO_SMALL; return AVERROR_BUFFER_TOO_SMALL;
size = bytestream2_get_be64(&gb); size = bytestream2_get_be64(&gb);
head_size = 16; head_size = 16;
@ -474,8 +476,6 @@ int ff_jpegxl_collect_codestream_header(const uint8_t *input_buffer, int input_l
if (size) if (size)
size -= head_size; size -= head_size;
tag = bytestream2_get_le32(&gb);
if (tag == MKTAG('j','x','l','p')) { if (tag == MKTAG('j','x','l','p')) {
uint32_t idx; uint32_t idx;
if (bytestream2_get_bytes_left(&gb) < 4) if (bytestream2_get_bytes_left(&gb) < 4)

9
libavcodec/jpegxl_parser.c
Unescape View File

@ -1342,7 +1342,7 @@ static int skip_boxes(JXLParseContext *ctx, const uint8_t *buf, int buf_size)
while (1) { while (1) {
uint64_t size; uint64_t size;
int head_size = 4; int head_size = 8;
if (bytestream2_peek_le16(&gb) == FF_JPEGXL_CODESTREAM_SIGNATURE_LE) if (bytestream2_peek_le16(&gb) == FF_JPEGXL_CODESTREAM_SIGNATURE_LE)
break; break;
@ -1353,16 +1353,17 @@ static int skip_boxes(JXLParseContext *ctx, const uint8_t *buf, int buf_size)
return AVERROR_BUFFER_TOO_SMALL; return AVERROR_BUFFER_TOO_SMALL;
size = bytestream2_get_be32(&gb); size = bytestream2_get_be32(&gb);
bytestream2_skip(&gb, 4); // tag
if (size == 1) { if (size == 1) {
if (bytestream2_get_bytes_left(&gb) < 12) if (bytestream2_get_bytes_left(&gb) < 8)
return AVERROR_BUFFER_TOO_SMALL; return AVERROR_BUFFER_TOO_SMALL;
size = bytestream2_get_be64(&gb); size = bytestream2_get_be64(&gb);
head_size = 12; head_size = 16;
} }
if (!size) if (!size)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
/* invalid ISOBMFF size */ /* invalid ISOBMFF size */
if (size <= head_size + 4 || size > INT_MAX - ctx->skip) if (size <= head_size || size > INT_MAX - ctx->skip)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
ctx->skip += size; ctx->skip += size;

Write Preview
Loading…
Cancel
Save