Commit Graph

400 Commits

Author SHA1 Message Date
Michael Niedermayer
08509c8f86 avcodec/mjpegdec: Skip blocks which are outside the visible area
Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash.avi

Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-11 03:53:30 +01:00
Michael Niedermayer
fabbfaa095 avcodec/mjpegdec: Check number of components for JPEG-LS
Fixes out of array accesses
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-04 20:49:12 +01:00
Michael Niedermayer
afa92907f3 avcodec/mjpegdec: Check escape sequence validity
Fixes assertion failure
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-04 20:14:18 +01:00
Michael Niedermayer
6c68522a2a Merge commit '809c3023b699c54c90511913d3b6140dd2436550'
* commit '809c3023b699c54c90511913d3b6140dd2436550':
  mjpegdec: check for pixel format changes

Conflicts:
	libavcodec/mjpegdec.c

See: 5c378d6a6d
See: a2f680c7bc
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 12:49:23 +01:00
Anton Khirnov
809c3023b6 mjpegdec: check for pixel format changes
Fixes possible invalid memory access.

Based on code by Michael Niedermayer <michaelni@gmx.at>

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8541
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2014-12-19 08:01:46 +01:00
Michael Niedermayer
970a8f1c25 avcodec/mjpegdec: Fix integer overflow in shift
Fixes: signal_sigabrt_7ffff6ac7bb9_2683_cov_4120310995_m_ijpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-27 19:30:31 +01:00
Michael Niedermayer
0eecf40935 avcodec/mjpegdec: Fix context fields becoming inconsistent
Fixes out of array access
Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-25 13:54:20 +01:00
Michael Niedermayer
172d22a071 avcodec/mjpegdec: Add YUVA420 formats to *scale asserts
Fixes assertion failure
Fixes: signal_sigabrt_7ffff6ac7bb9_2042_cov_2593130068_ef1f8a057bb6056674fad92f6b8c0acd.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-25 01:42:39 +01:00
Michael Niedermayer
03a17f2bbf avcodec/mjpegdec: Print the number of bits in the unsupported pixel format error
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-25 01:34:32 +01:00
Michael Niedermayer
0bf416f262 avcodec/mjpegdec: Check for pixfmtid 0x42111100 || 0x24111100 with more than 8 bits
These cases are not supported yet

Fixes assertion failure
Fixes: signal_sigabrt_7ffff6ac7bb9_1_cov_1553101927_00.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-25 01:23:21 +01:00
Michael Niedermayer
2f6550bb9a avcodec/mjpegdec: fix pixfmtid 0x14111100
Fixes part of Ticket 2004
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-22 19:38:43 +01:00
Michael Niedermayer
4243415741 avcodec/mjpegdec: Support some subsampled GBR variants
Fixes Ticket4045

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-18 05:10:21 +01:00
Michael Niedermayer
960c573cc5 avcodec/mjpegdec: support pix fmt id 0x22111111
Fixes: 4163724_300.jpg

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-07 15:37:11 +01:00
Michael Niedermayer
c53a1507aa Merge commit '199d9f995da53fe2507821f6d96bbc692574e1a9'
* commit '199d9f995da53fe2507821f6d96bbc692574e1a9':
  mjpegdec: fix undefined shift

Conflicts:
	libavcodec/mjpegdec.c

See: b432960528
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-06 18:28:49 +01:00
Vittorio Giovara
199d9f995d mjpegdec: fix undefined shift
Add a comment to explain the code.

CC: libav-stable@libav.org
Bug-Id: CID 1194388
2014-11-06 10:44:46 -05:00
Michael Niedermayer
c5ffd7aee5 avcodec/mjpegdec: use FF_CEIL_RSHIFT() for width
No testcase known

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-10-22 02:28:54 +02:00
Michael Niedermayer
d5a3a20d1e avcodec/mjpegdec: simplify chroma_height calculation
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-10-21 21:36:17 +02:00
Michael Niedermayer
059c842818 avcodec/mjpegdec: Support 24111100 pix fmt id
Fixes 129533924_640.jpg

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-10-21 16:41:47 +02:00
Michael Niedermayer
0db1f2c2c7 avcodec/mjpegdec: sanity check bits
Fixes undefined shift
Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-10-12 00:28:07 +02:00
Michael Niedermayer
5c378d6a6d avcodec/mjpegdec: check bits per pixel for changes similar to dimensions
Fixes out of array accesses
Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-10-03 02:18:13 +02:00
Clément Bœsch
b96d864fd6 avcodec/mjpegdec: Fix chroma width rounding
Fixes vertical line at the right side
Fixes Ticket 3929

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-09-13 20:25:27 +02:00
Michael Niedermayer
1654ca7d4e avcodec/mjpegdec: fix rounding of chroma_height
Fixes green line at the bottom
Fixes Ticket3913

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-09-06 03:13:57 +02:00
Michael Niedermayer
f0d4f00f24 avcodec/mjpegdec: fix green line at the bottom with upscale v
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-31 15:33:30 +02:00
Michael Niedermayer
63a52ca134 avcodec/mjpegdec: fix green vertical line at the right with upscale h
Fixes Ticket3891

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-31 15:16:36 +02:00
Michael Niedermayer
5c7899a483 avcodec/mjpegdec: Support AV_PIX_FMT_YUV420P16 with upscale_h
Fixes assertion failure
Fixes: test42f.jpg
Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-14 16:20:55 +02:00
Przemysław Sobala
c68098ba4a avcodec/mjpegdec: add pix_fmt: 0x14121200
Fixes: _15801_F.jpg

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-07-22 18:07:44 +02:00
Michael Niedermayer
ef7e8425e8 avcodec/mjpegdec: factorize some parts of the pix_fmt_id switch()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-07-01 23:28:18 +02:00
Michael Niedermayer
784e1cf76b avcodec/mjpegdec: handle luma upscale detection generically
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-07-01 23:26:19 +02:00
Michael Niedermayer
64d98dadc7 avcodec/mjpegdec: set upscale_h/upscale_v using generic code instead of hardcoding a list
Some code is left to handle corner cases

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-07-01 22:54:57 +02:00
Michael Niedermayer
7558e55345 avcodec/mjpegdec: Support pix_fmt_id==0x11222200
Fixes: 4858286_300.jpg

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-07-01 22:12:20 +02:00
Michael Niedermayer
cd417d947e avcodec/mjpegdec: fix width for non chroma in rescaling
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-07-01 22:09:19 +02:00
Michael Niedermayer
4e09300ffa mjpegdec: Support pix_fmt_id == 0x22112200
Fixes 4780490_300.jpg

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-07-01 21:47:54 +02:00
Michael Niedermayer
581b5f0b9b Merge commit 'e3fcb14347466095839c2a3c47ebecff02da891e'
* commit 'e3fcb14347466095839c2a3c47ebecff02da891e':
  dsputil: Split off IDCT bits into their own context

Conflicts:
	configure
	libavcodec/aic.c
	libavcodec/arm/Makefile
	libavcodec/arm/dsputil_init_arm.c
	libavcodec/arm/dsputil_init_armv6.c
	libavcodec/asvdec.c
	libavcodec/dnxhdenc.c
	libavcodec/dsputil.c
	libavcodec/dvdec.c
	libavcodec/dxva2_mpeg2.c
	libavcodec/intrax8.c
	libavcodec/mdec.c
	libavcodec/mjpegdec.c
	libavcodec/mjpegenc_common.h
	libavcodec/mpegvideo.c
	libavcodec/ppc/dsputil_altivec.h
	libavcodec/ppc/dsputil_ppc.c
	libavcodec/ppc/idctdsp.c
	libavcodec/x86/Makefile
	libavcodec/x86/dsputil_init.c
	libavcodec/x86/dsputil_mmx.c
	libavcodec/x86/dsputil_x86.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-07-01 15:22:11 +02:00
Diego Biurrun
e3fcb14347 dsputil: Split off IDCT bits into their own context 2014-06-30 07:58:46 -07:00
Derek Buitenhuis
2deb614272 mjpegdec: Properly set the context colorspace info
The JPEG spec requires it to be this.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2014-06-24 20:42:40 +01:00
Derek Buitenhuis
c11043aca7 mjpegdec: Properly set the context colorspace info
The JPEG spec requires it to be this.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2014-06-24 20:40:44 +01:00
Michael Niedermayer
0dceefc5fa Merge commit '9e500efdbe0deeff1602500ebc229a0a6b6bb1a2'
* commit '9e500efdbe0deeff1602500ebc229a0a6b6bb1a2':
  Add av_image_check_sar() and use it to validate SAR

Conflicts:
	libavcodec/dpx.c
	libavcodec/dvdec.c
	libavcodec/ffv1dec.c
	libavcodec/utils.c
	libavutil/version.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-06-20 22:20:28 +02:00
Justin Ruggles
9e500efdbe Add av_image_check_sar() and use it to validate SAR 2014-06-20 10:39:33 -04:00
Michael Niedermayer
2b05db4f81 Merge commit 'e74433a8e6fc00c8dbde293c97a3e45384c2c1d9'
* commit 'e74433a8e6fc00c8dbde293c97a3e45384c2c1d9':
  dsputil: Split clear_block*/fill_block* off into a separate context

Conflicts:
	configure
	libavcodec/asvdec.c
	libavcodec/dnxhddec.c
	libavcodec/dnxhdenc.c
	libavcodec/dsputil.h
	libavcodec/eamad.c
	libavcodec/intrax8.c
	libavcodec/mjpegdec.c
	libavcodec/ppc/dsputil_ppc.c
	libavcodec/vc1dec.c
	libavcodec/x86/dsputil_init.c
	libavcodec/x86/dsputil_mmx.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-06-19 04:54:38 +02:00
Diego Biurrun
e74433a8e6 dsputil: Split clear_block*/fill_block* off into a separate context 2014-06-18 14:07:23 -07:00
Michael Niedermayer
0545ef7116 avcodec/mjpegdec: Improve intel jpeg flip heuristic
Fixes Ticket3698

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-06-06 01:32:22 +02:00
Michael Niedermayer
149be91374 avcodec/mjpegdec: request a AMV sample with non mod 16 height
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-06-01 04:00:47 +02:00
Michael Niedermayer
ec33f59fed avcodec/mjpegdec: Support pix_fmt_id== 0x42111100
Fixes: 538782_300.jpg
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-05-28 16:36:04 +02:00
Michael Niedermayer
aff352be63 avcodec/mjpegdec: zero gb to silence warning about it being possibly uninitialized
The code is not speed relevant, also its more robust if the pointers are NULL instead of random.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-05-08 17:37:40 +02:00
Michael Niedermayer
8532566e80 avcodec/mjpegdec: use av_mallocz_array()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-04-30 18:26:28 +02:00
Michael Niedermayer
e31727bd53 avcodec/mjpegdec: make type of shift unsigned to avoid undefined behavior
Found-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-04-28 00:22:38 +02:00
Michael Niedermayer
b432960528 avcodec/mjpegdec: Fix undefined shift
Fixes CID1194388

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-04-27 05:32:56 +02:00
Carl Eugen Hoyos
ced0d6c14d Use correct msvc type specifiers for ptrdiff_t and size_t.
The Windows runtime aborts if it finds %t or %z.
Fixes ticket #3472.

Reviewed-by: Ronald Bultje
2014-04-24 18:01:30 +02:00
Justin Ruggles
591c0c26b5 mjpeg: cosmetics: indentation
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2014-04-18 12:41:17 -04:00
Justin Ruggles
39ef000e19 mjpeg: Do not fail jpeg decoding on bad EXIF data.
It is not required to correctly decode the image.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2014-04-18 12:41:10 -04:00