Andreas Cadhalpun
5adb5d9d89
mjpegdec: consider chroma subsampling in size check
...
If the chroma components are subsampled, smaller buffers are allocated
for them. In that case the maximal block_offset for the chroma
components is not as large as for the luma component.
This fixes out of bounds writes causing segmentation faults or memory
corruption.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
9 years ago
Clément Bœsch
fb99ef0bd3
avcodec: use AV_OPT_TYPE_BOOL in a bunch of places
9 years ago
James Almer
3885ef0c6c
avcodec/mjpegdec: fix typo on a warning
9 years ago
Matthieu Bouron
ad0203d7b0
lavc/mjpegdec: set FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM capability
9 years ago
Michael Niedermayer
cc35f6f476
avcodec/mjpegdec: Reinitialize IDCT on BPP changes
...
Fixes misaligned access
Fixes: dc9262a469f6f315f74c087a7b3a7f35/signal_sigsegv_2e95bcd_9_9c0f9f4a9ba82aa9b3ab2b91ce4d5277.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
9 years ago
Michael Niedermayer
d24888ef19
avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it
...
Fixes: 04715144ba237443010554be0d05343f/asan_heap-oob_1eafc76_1737_c685b48041a563461839e4e7ab97abb8.jpg
Fixes out of array access
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
9 years ago
Matthieu Bouron
ff0dfb5c36
lavc/mjpegdec: honor skip_frame option
9 years ago
Michael Niedermayer
055e56e9f7
avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
9 years ago
Hendrik Leppkes
5d8e836d0e
Replace all remaining occurances of step/depth_minus1 and offset_plus1
9 years ago
Michael Niedermayer
fa9af304f0
avcodec/mjpegdec: Remove message asking for a non mod 16 AMV sample
...
Ticket4770 contains such a sample and it decodes fine
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
9 years ago
Carl Eugen Hoyos
84170d4be0
lavc/mjpegdec: Detect more CMYK images.
...
Fixes ticket #4772 .
10 years ago
Carl Eugen Hoyos
daf2c35f52
lavc: Remove newline from avpriv_request_sample() calls.
10 years ago
Vittorio Giovara
059a934806
lavc: Consistently prefix input buffer defines
...
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
10 years ago
Vittorio Giovara
def97856de
lavc: AV-prefix all codec capabilities
...
Express bitfields more simply.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
10 years ago
Carl Eugen Hoyos
8dad213143
lavc: Add properties field to AVCodecContext.
...
The new field can hold information about losslessness and closed captions for now.
10 years ago
Michael Niedermayer
dffae122d0
avcodec/mjpegdec: Fix DC overflow in decode_block()
...
Fixes Ticket4683
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
10 years ago
Michael Niedermayer
c9220d5b06
avcodec/mjpegdec: Reorder operations to avoid undefined behavior
...
Fixes: asan_heap-oob_1dd60fd_267_cov_2954683513_5baad44ca4702949724234e35c5bb341.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
84afc6b70d
avcodec/mjpegdec: Fix small picture upscale
...
Fixes out of array access
Fixes: asan_heap-oob_1dd60fd_267_cov_2954683513_5baad44ca4702949724234e35c5bb341.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
dde6b2a355
avcodec/mjpegdec: dont try to combine fields for decimated multiscope 2 material
...
Fixes Ticket4535
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
81cf910856
avcodec/mjpegdec: fix len computation in ff_mjpeg_decode_dqt()
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
cf9ab119d0
avcodec/mjpegdec: Check len in ff_mjpeg_decode_dht()
...
Fixes CID1239167
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
dc35a58149
avcodec/mjpegdec: Check len in ff_mjpeg_decode_dqt()
...
Fixes CID1239060
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Vittorio Giovara
6a85dfc830
lavc: Replace av_dlog and tprintf with internal macros
10 years ago
Diego Biurrun
4978850ca2
build: Split JPEG-related tables off into a separate component
10 years ago
Diego Biurrun
e6e3dcba0c
mjpeg: Move code only used in the encoder(s) to the appropriate header
10 years ago
Michael Niedermayer
b1fbe29e51
avcodec/mjpegdec: Support 31111100 sampling
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
e15455891b
avcodec/mjpegdec: Change upscale_* to an array instead of a bitmask
...
This allows storing integer factors instead of just 0 and 1
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Vittorio Giovara
5a0e953c24
mjpeg: Mark decoder family as thread safe
...
No global variables are used and the VLC tables are allocated without
static elements. This will allow using a JPEG decoding context within
other decoders.
10 years ago
Michael Niedermayer
08509c8f86
avcodec/mjpegdec: Skip blocks which are outside the visible area
...
Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash.avi
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
fabbfaa095
avcodec/mjpegdec: Check number of components for JPEG-LS
...
Fixes out of array accesses
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
afa92907f3
avcodec/mjpegdec: Check escape sequence validity
...
Fixes assertion failure
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Anton Khirnov
809c3023b6
mjpegdec: check for pixel format changes
...
Fixes possible invalid memory access.
Based on code by Michael Niedermayer <michaelni@gmx.at>
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8541
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
10 years ago
Michael Niedermayer
970a8f1c25
avcodec/mjpegdec: Fix integer overflow in shift
...
Fixes: signal_sigabrt_7ffff6ac7bb9_2683_cov_4120310995_m_ijpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
0eecf40935
avcodec/mjpegdec: Fix context fields becoming inconsistent
...
Fixes out of array access
Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
172d22a071
avcodec/mjpegdec: Add YUVA420 formats to *scale asserts
...
Fixes assertion failure
Fixes: signal_sigabrt_7ffff6ac7bb9_2042_cov_2593130068_ef1f8a057bb6056674fad92f6b8c0acd.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
03a17f2bbf
avcodec/mjpegdec: Print the number of bits in the unsupported pixel format error
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
0bf416f262
avcodec/mjpegdec: Check for pixfmtid 0x42111100 || 0x24111100 with more than 8 bits
...
These cases are not supported yet
Fixes assertion failure
Fixes: signal_sigabrt_7ffff6ac7bb9_1_cov_1553101927_00.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
2f6550bb9a
avcodec/mjpegdec: fix pixfmtid 0x14111100
...
Fixes part of Ticket 2004
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
4243415741
avcodec/mjpegdec: Support some subsampled GBR variants
...
Fixes Ticket4045
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
960c573cc5
avcodec/mjpegdec: support pix fmt id 0x22111111
...
Fixes: 4163724_300.jpg
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Vittorio Giovara
199d9f995d
mjpegdec: fix undefined shift
...
Add a comment to explain the code.
CC: libav-stable@libav.org
Bug-Id: CID 1194388
10 years ago
Michael Niedermayer
c5ffd7aee5
avcodec/mjpegdec: use FF_CEIL_RSHIFT() for width
...
No testcase known
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
d5a3a20d1e
avcodec/mjpegdec: simplify chroma_height calculation
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
059c842818
avcodec/mjpegdec: Support 24111100 pix fmt id
...
Fixes 129533924_640.jpg
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
0db1f2c2c7
avcodec/mjpegdec: sanity check bits
...
Fixes undefined shift
Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
5c378d6a6d
avcodec/mjpegdec: check bits per pixel for changes similar to dimensions
...
Fixes out of array accesses
Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Clément Bœsch
b96d864fd6
avcodec/mjpegdec: Fix chroma width rounding
...
Fixes vertical line at the right side
Fixes Ticket 3929
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
1654ca7d4e
avcodec/mjpegdec: fix rounding of chroma_height
...
Fixes green line at the bottom
Fixes Ticket3913
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
f0d4f00f24
avcodec/mjpegdec: fix green line at the bottom with upscale v
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Michael Niedermayer
63a52ca134
avcodec/mjpegdec: fix green vertical line at the right with upscale h
...
Fixes Ticket3891
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago