summaryrefslogtreecommitdiff
path: root/libavcodec/mjpegdec.c
Commit message (Collapse)AuthorAge
* avcodec/mjpegdec: Check that reference frame matches the current frameMichael Niedermayer2017-06-05
| | | | | | | | Fixes: out of array read Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Fix runtime error: signed integer overflow: -32767 * ↵Michael Niedermayer2017-05-22
| | | | | | | | | 130560 cannot be represented in type 'int' Fixes: 1724/clusterfuzz-testcase-minimized-4842395432648704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Fix runtime error: signed integer overflow: -24543 * ↵Michael Niedermayer2017-05-04
| | | | | | | | | 2031616 cannot be represented in type 'int' Fixes: 943/clusterfuzz-testcase-5114865297391616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec: do not use AVFrame accessorMuhammad Faiz2017-04-23
| | | | | Reviewed-by: wm4 <nfxjfg@googlemail.com> Signed-off-by: Muhammad Faiz <mfcc64@gmail.com>
* lavc/mjpegdec: allow failure while decoding APPClément Bœsch2017-04-07
| | | | | | Fix decoding frame.jpg from ticket #267 Regression since 9c7ee3749 / 212c6a1d7
* Merge commit '212c6a1d70df011b6f2a2aa02f7677503287bd00'Clément Bœsch2017-04-07
|\ | | | | | | | | | | | | * commit '212c6a1d70df011b6f2a2aa02f7677503287bd00': mjpegdec: Check return values of functions that may fail Merged-by: Clément Bœsch <u@pkh.me>
| * mjpegdec: Check return values of functions that may failDiego Biurrun2016-11-29
| |
* | Merge commit '67deba8a416d818f3d95aef0aa916589090396e2'Clément Bœsch2017-03-31
|\| | | | | | | | | | | | | * commit '67deba8a416d818f3d95aef0aa916589090396e2': Use avpriv_report_missing_feature() where appropriate Merged-by: Clément Bœsch <cboesch@gopro.com>
| * Use avpriv_report_missing_feature() where appropriateDiego Biurrun2016-11-08
| |
* | lavc: fix usages of av_get_codec_tag_string()Clément Bœsch2017-03-29
| |
* | avcodec/mjpegdec: quant_matrixes can be up to 65535, use uint16_tMichael Niedermayer2017-03-20
| | | | | | | | | | | | | | | | Fixes invalid shift Fixes: 870/clusterfuzz-testcase-5649105424482304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/mjpegdec: Check quant_matrixes values for being non zeroMichael Niedermayer2017-03-20
| | | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | Merge commit 'b53d8c3ccfeff77874f5ca7c68136b6d87a0a69c'Clément Bœsch2017-03-19
|\| | | | | | | | | | | | | | | | | * commit 'b53d8c3ccfeff77874f5ca7c68136b6d87a0a69c': mjpegdec: Drop disabled code The last chunk is replaced with a comment describing the structure. Merged-by: Clément Bœsch <u@pkh.me>
| * mjpegdec: Drop disabled codeDiego Biurrun2016-08-17
| |
* | avcodec/mjpegdec: Fix runtime error: left shift of negative value -127Michael Niedermayer2017-03-09
| | | | | | | | | | | | | | Fixes: 733/clusterfuzz-testcase-4682158096515072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/mjpegdec: Fix runtime error: left shift of negative value -511Michael Niedermayer2017-03-03
| | | | | | | | | | | | | | Fixes: 693/clusterfuzz-testcase-6109776066904064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/mjpegdec: Fix runtime error: left shift of negative value -507Michael Niedermayer2017-02-19
| | | | | | | | | | | | | | Fixes: 611/clusterfuzz-testcase-5613455820193792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/mjpegdec: Check for for the bitstream end in ↵Michael Niedermayer2017-02-01
| | | | | | | | | | | | | | | | | | | | mjpeg_decode_scan_progressive_ac() Fixes timeout Fixes: 496/clusterfuzz-testcase-5805083497332736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | lavc/mjpegdec: consume SOS data even if the frame is discardedMatthieu Bouron2017-01-29
| | | | | | | | | | Speeds up next marker search when a SOS marker is found but the frame is discarded (which happens in avformat_find_stream_info).
* | avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan()Michael Niedermayer2017-01-24
| | | | | | | | | | | | | | | | | | Fixes timeout Fixes: 445/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer Fixes: 456/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_JPEGLS_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | lavc/mjpegdec: Do not overread too short JFIF tags.Carl Eugen Hoyos2017-01-01
| | | | | | | | Fixes ticket #6055.
* | avcodec/mjpegdec: Check for rgb before flippingMichael Niedermayer2016-12-31
| | | | | | | | | | | | | | | | Fixes assertion failure due to unsupported case Fixes: 356/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | Cosmetics: Reindent after e82b181f.Carl Eugen Hoyos2016-09-03
| |
* | lavc/mjpegdec: Only read JFIF thumbnail size if the segment is long enough.Carl Eugen Hoyos2016-09-03
| | | | | | | | Fixes ticket #5805.
* | lavc/mjpegdec: Do not skip reading quantization tables.Carl Eugen Hoyos2016-09-03
| | | | | | | | | | | | They may contain 0xFFs, confusing the start code finding algorithm. Fixes ticket #5819.
* | Merge commit 'd68fb1475856cf93199e2bc4eee3063902c35df7'Clément Bœsch2016-06-25
|\| | | | | | | | | | | | | * commit 'd68fb1475856cf93199e2bc4eee3063902c35df7': mjpegdec: Properly fail on malloc failure Merged-by: Clément Bœsch <u@pkh.me>
| * mjpegdec: Properly fail on malloc failureDerek Buitenhuis2016-05-19
| | | | | | | | | | Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | Merge commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb'Clément Bœsch2016-06-21
|\| | | | | | | | | | | | | * commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb': cosmetics: Fix spelling mistakes Merged-by: Clément Bœsch <u@pkh.me>
| * cosmetics: Fix spelling mistakesVittorio Giovara2016-05-04
| | | | | | | | Signed-off-by: Diego Biurrun <diego@biurrun.de>
* | avcodec/mjpegdec: Do not try to detect last scan but apply idct after all ↵Michael Niedermayer2016-05-02
| | | | | | | | | | | | | | | | scans for progressive jpeg Fixes: IMG-20160418-WA0002.jpg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/mjpegdec: Do not permute quantization tablesMichael Niedermayer2016-04-03
| | | | | | | | | | | | This fixes issues if the permutation changes, as quantizations tables would need to be reread Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | lavc/mjpegdec: Set sar for multiscope videos.Carl Eugen Hoyos2016-03-09
| | | | | | | | Fixes decoding of the files from ticket #4535 visually.
* | lavc/mjpegdec: avoid printing useless message in default log levelMoritz Barsnick2016-03-08
| | | | | | | | | | | | | | | | | | | | The change of bps from 0 doesn't contain any info useful to the user. This message is now at info log level only if the original value is !=0, otherwise pushed back to debug log level. The original value is displayed additionally. Signed-off-by: Moritz Barsnick <barsnick@gmx.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | lavc/mjpegdec: avoid unneeded allocation if the frame is to be skippedMatthieu Bouron2016-03-07
| |
* | avcodec/mjpegdec: Fix decoding slightly odd progressive jpegMichael Niedermayer2016-02-28
| | | | | | | | | | | | Fixes: ebd58db6-dc86-11e5-91c2-59daeddf50c7.jpg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | mjpegdec: Do not assume unused plane pointer are NULL.Reimar Döffinger2016-02-28
| | | | | | | | | | | | | | | | | | | | | | | | | | We do neither document nor check such a requirement and for application-provided get_buffer2 they could contain the result of a malloc(0) or whatever value they had previously. This fixes a use-after-free in e.g. MPlayer: https://trac.mplayerhq.hu/ticket/2262 We might want to consider changing the (documented) API in addition though. Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
* | lavc/mjpegdec: Fix decoding images with Adobe_CM tag.Carl Eugen Hoyos2016-02-25
| | | | | | | | Fixes ticket #5267.
* | lavc/mjpegdec: use ptrdiff_t instead of ssize_tMatthieu Bouron2016-01-28
| | | | | | | | Fixes build on msvc.
* | lavc/mjpegdec: speed up scan data copyMatthieu Bouron2016-01-27
| |
* | avutil: Rename FF_CEIL_COMPAT to AV_CEIL_COMPATDerek Buitenhuis2016-01-27
| | | | | | | | | | | | | | | | | | | | Libav, for some reason, merged this as a public API function. This will aid in future merges. A define is left for backwards compat, just in case some person used it, since it is in a public header. Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
* | lavc/mjpegdec: Set SAR even if no resolution is available.Carl Eugen Hoyos2016-01-27
| | | | | | | | Fixes ticket #4479.
* | avcodec/mjpegdec: Check for end for both bytes in unescapingMichael Niedermayer2016-01-21
| | | | | | | | | | | | | | | | Fixes assertion failure Fixes: c40c779601b77dc6e19aaea0b04b9751/signal_sigabrt_7ffff6ae7cb7_5769_b94f6ec70caecb2d3d76b4771b109ac1.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/mjpegdec: Fix negative shiftMichael Niedermayer2016-01-10
| | | | | | | | | | | | | | Fixes: mjpeg_left_shift.avi Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | mjpegdec: extend check for incompatible values of s->rgb and s->lsAndreas Cadhalpun2015-12-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This can happen if s->ls changes from 0 to 1, but picture allocation is skipped due to s->interlaced. In that case ff_jpegls_decode_picture could be called even though the s->picture_ptr frame has the wrong pixel format and thus a wrong linesize, which results in a too small zero buffer being allocated. This fixes an out-of-bounds read in ls_decode_line. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* | mjpegdec: consider chroma subsampling in size checkAndreas Cadhalpun2015-12-06
| | | | | | | | | | | | | | | | | | | | | | | | If the chroma components are subsampled, smaller buffers are allocated for them. In that case the maximal block_offset for the chroma components is not as large as for the luma component. This fixes out of bounds writes causing segmentation faults or memory corruption. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* | avcodec: use AV_OPT_TYPE_BOOL in a bunch of placesClément Bœsch2015-12-04
| |
* | avcodec/mjpegdec: fix typo on a warningJames Almer2015-11-25
| |
* | lavc/mjpegdec: set FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM capabilityMatthieu Bouron2015-11-15
| |
* | avcodec/mjpegdec: Reinitialize IDCT on BPP changesMichael Niedermayer2015-11-04
| | | | | | | | | | | | | | | | Fixes misaligned access Fixes: dc9262a469f6f315f74c087a7b3a7f35/signal_sigsegv_2e95bcd_9_9c0f9f4a9ba82aa9b3ab2b91ce4d5277.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using itMichael Niedermayer2015-11-04
| | | | | | | | | | | | | | | | Fixes: 04715144ba237443010554be0d05343f/asan_heap-oob_1eafc76_1737_c685b48041a563461839e4e7ab97abb8.jpg Fixes out of array access Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-24 12:36:05 +0000