Commit Graph

437 Commits

Author SHA1 Message Date
Michael Niedermayer
509c9e74e5 avcodec/mjpegdec: Check for end for both bytes in unescaping
Fixes assertion failure
Fixes: c40c779601b77dc6e19aaea0b04b9751/signal_sigabrt_7ffff6ae7cb7_5769_b94f6ec70caecb2d3d76b4771b109ac1.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-21 23:47:29 +01:00
Michael Niedermayer
d86d7b2486 avcodec/mjpegdec: Fix negative shift
Fixes: mjpeg_left_shift.avi

Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-10 15:59:27 +01:00
Andreas Cadhalpun
7ea2db6eaf mjpegdec: extend check for incompatible values of s->rgb and s->ls
This can happen if s->ls changes from 0 to 1, but picture allocation is
skipped due to s->interlaced.

In that case ff_jpegls_decode_picture could be called even though the
s->picture_ptr frame has the wrong pixel format and thus a wrong
linesize, which results in a too small zero buffer being allocated.

This fixes an out-of-bounds read in ls_decode_line.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-12-31 17:30:25 +01:00
Andreas Cadhalpun
5adb5d9d89 mjpegdec: consider chroma subsampling in size check
If the chroma components are subsampled, smaller buffers are allocated
for them. In that case the maximal block_offset for the chroma
components is not as large as for the luma component.

This fixes out of bounds writes causing segmentation faults or memory
corruption.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-12-06 22:40:41 +01:00
Clément Bœsch
fb99ef0bd3 avcodec: use AV_OPT_TYPE_BOOL in a bunch of places 2015-12-04 15:37:05 +01:00
James Almer
3885ef0c6c avcodec/mjpegdec: fix typo on a warning 2015-11-25 19:24:24 -03:00
Matthieu Bouron
ad0203d7b0 lavc/mjpegdec: set FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM capability 2015-11-15 10:13:24 +01:00
Michael Niedermayer
cc35f6f476 avcodec/mjpegdec: Reinitialize IDCT on BPP changes
Fixes misaligned access
Fixes: dc9262a469f6f315f74c087a7b3a7f35/signal_sigsegv_2e95bcd_9_9c0f9f4a9ba82aa9b3ab2b91ce4d5277.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-04 21:51:21 +01:00
Michael Niedermayer
d24888ef19 avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it
Fixes: 04715144ba237443010554be0d05343f/asan_heap-oob_1eafc76_1737_c685b48041a563461839e4e7ab97abb8.jpg
Fixes out of array access

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-04 19:33:33 +01:00
Matthieu Bouron
ff0dfb5c36 lavc/mjpegdec: honor skip_frame option 2015-10-29 12:04:11 +01:00
Michael Niedermayer
055e56e9f7 avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-09-11 13:42:05 +02:00
Hendrik Leppkes
5d8e836d0e Replace all remaining occurances of step/depth_minus1 and offset_plus1 2015-09-08 17:10:48 +02:00
Michael Niedermayer
fa9af304f0 avcodec/mjpegdec: Remove message asking for a non mod 16 AMV sample
Ticket4770 contains such a sample and it decodes fine

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-08-24 19:50:01 +02:00
Carl Eugen Hoyos
84170d4be0 lavc/mjpegdec: Detect more CMYK images.
Fixes ticket #4772.
2015-08-17 15:53:41 +02:00
Carl Eugen Hoyos
daf2c35f52 lavc: Remove newline from avpriv_request_sample() calls. 2015-08-11 22:50:45 +02:00
Michael Niedermayer
29d147c94d Merge commit '059a934806d61f7af9ab3fd9f74994b838ea5eba'
* commit '059a934806d61f7af9ab3fd9f74994b838ea5eba':
  lavc: Consistently prefix input buffer defines

Conflicts:
	doc/examples/decoding_encoding.c
	libavcodec/4xm.c
	libavcodec/aac_adtstoasc_bsf.c
	libavcodec/aacdec.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.h
	libavcodec/asvenc.c
	libavcodec/avcodec.h
	libavcodec/avpacket.c
	libavcodec/dvdec.c
	libavcodec/ffv1enc.c
	libavcodec/g2meet.c
	libavcodec/gif.c
	libavcodec/h264.c
	libavcodec/h264_mp4toannexb_bsf.c
	libavcodec/huffyuvdec.c
	libavcodec/huffyuvenc.c
	libavcodec/jpeglsenc.c
	libavcodec/libxvid.c
	libavcodec/mdec.c
	libavcodec/motionpixels.c
	libavcodec/mpeg4videodec.c
	libavcodec/mpegvideo.c
	libavcodec/noise_bsf.c
	libavcodec/nuv.c
	libavcodec/nvenc.c
	libavcodec/options.c
	libavcodec/parser.c
	libavcodec/pngenc.c
	libavcodec/proresenc_kostya.c
	libavcodec/qsvdec.c
	libavcodec/svq1enc.c
	libavcodec/tiffenc.c
	libavcodec/truemotion2.c
	libavcodec/utils.c
	libavcodec/utvideoenc.c
	libavcodec/vc1dec.c
	libavcodec/wmalosslessdec.c
	libavformat/adxdec.c
	libavformat/aiffdec.c
	libavformat/apc.c
	libavformat/apetag.c
	libavformat/avidec.c
	libavformat/bink.c
	libavformat/cafdec.c
	libavformat/flvdec.c
	libavformat/id3v2.c
	libavformat/isom.c
	libavformat/matroskadec.c
	libavformat/mov.c
	libavformat/mpc.c
	libavformat/mpc8.c
	libavformat/mpegts.c
	libavformat/mvi.c
	libavformat/mxfdec.c
	libavformat/mxg.c
	libavformat/nutdec.c
	libavformat/oggdec.c
	libavformat/oggparsecelt.c
	libavformat/oggparseflac.c
	libavformat/oggparseopus.c
	libavformat/oggparsespeex.c
	libavformat/omadec.c
	libavformat/rawdec.c
	libavformat/riffdec.c
	libavformat/rl2.c
	libavformat/rmdec.c
	libavformat/rtpdec_latm.c
	libavformat/rtpdec_mpeg4.c
	libavformat/rtpdec_qdm2.c
	libavformat/rtpdec_svq3.c
	libavformat/sierravmd.c
	libavformat/smacker.c
	libavformat/smush.c
	libavformat/spdifenc.c
	libavformat/takdec.c
	libavformat/tta.c
	libavformat/utils.c
	libavformat/vqf.c
	libavformat/westwood_vqa.c
	libavformat/xmv.c
	libavformat/xwma.c
	libavformat/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 23:15:19 +02:00
Michael Niedermayer
444e9874a7 Merge commit 'def97856de6021965db86c25a732d78689bd6bb0'
* commit 'def97856de6021965db86c25a732d78689bd6bb0':
  lavc: AV-prefix all codec capabilities

Conflicts:
	cmdutils.c
	ffmpeg.c
	ffplay.c
	libavcodec/8svx.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.c
	libavcodec/adpcm.c
	libavcodec/alac.c
	libavcodec/atrac3plusdec.c
	libavcodec/bink.c
	libavcodec/dnxhddec.c
	libavcodec/dvdec.c
	libavcodec/dvenc.c
	libavcodec/ffv1dec.c
	libavcodec/ffv1enc.c
	libavcodec/fic.c
	libavcodec/flacdec.c
	libavcodec/flacenc.c
	libavcodec/flvdec.c
	libavcodec/fraps.c
	libavcodec/frwu.c
	libavcodec/gifdec.c
	libavcodec/h261dec.c
	libavcodec/hevc.c
	libavcodec/iff.c
	libavcodec/imc.c
	libavcodec/libopenjpegdec.c
	libavcodec/libvo-aacenc.c
	libavcodec/libvorbisenc.c
	libavcodec/libvpxdec.c
	libavcodec/libvpxenc.c
	libavcodec/libx264.c
	libavcodec/mjpegbdec.c
	libavcodec/mjpegdec.c
	libavcodec/mpegaudiodec_float.c
	libavcodec/msmpeg4dec.c
	libavcodec/mxpegdec.c
	libavcodec/nvenc_h264.c
	libavcodec/nvenc_hevc.c
	libavcodec/pngdec.c
	libavcodec/qpeg.c
	libavcodec/ra288.c
	libavcodec/rv10.c
	libavcodec/s302m.c
	libavcodec/sp5xdec.c
	libavcodec/takdec.c
	libavcodec/tiff.c
	libavcodec/tta.c
	libavcodec/utils.c
	libavcodec/v210dec.c
	libavcodec/vp6.c
	libavcodec/vp9.c
	libavcodec/wavpack.c
	libavcodec/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 22:50:18 +02:00
Vittorio Giovara
059a934806 lavc: Consistently prefix input buffer defines
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:59 +01:00
Vittorio Giovara
def97856de lavc: AV-prefix all codec capabilities
Express bitfields more simply.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:58 +01:00
Carl Eugen Hoyos
8dad213143 lavc: Add properties field to AVCodecContext.
The new field can hold information about losslessness and closed captions for now.
2015-07-16 12:18:30 +02:00
Michael Niedermayer
dffae122d0 avcodec/mjpegdec: Fix DC overflow in decode_block()
Fixes Ticket4683

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-15 05:05:25 +02:00
Michael Niedermayer
c9220d5b06 avcodec/mjpegdec: Reorder operations to avoid undefined behavior
Fixes: asan_heap-oob_1dd60fd_267_cov_2954683513_5baad44ca4702949724234e35c5bb341.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-07-02 18:53:32 +02:00
Michael Niedermayer
84afc6b70d avcodec/mjpegdec: Fix small picture upscale
Fixes out of array access

Fixes: asan_heap-oob_1dd60fd_267_cov_2954683513_5baad44ca4702949724234e35c5bb341.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-06-30 01:33:25 +02:00
Michael Niedermayer
dde6b2a355 avcodec/mjpegdec: dont try to combine fields for decimated multiscope 2 material
Fixes Ticket4535

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-06-21 02:53:06 +02:00
Michael Niedermayer
81cf910856 avcodec/mjpegdec: fix len computation in ff_mjpeg_decode_dqt()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-13 18:36:50 +02:00
Michael Niedermayer
cf9ab119d0 avcodec/mjpegdec: Check len in ff_mjpeg_decode_dht()
Fixes CID1239167

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-13 17:44:35 +02:00
Michael Niedermayer
dc35a58149 avcodec/mjpegdec: Check len in ff_mjpeg_decode_dqt()
Fixes CID1239060

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-13 17:39:11 +02:00
Michael Niedermayer
8f7b022c8c Merge commit '6a85dfc830f51f1f5c2d36d4182d265c1ea3ba25'
* commit '6a85dfc830f51f1f5c2d36d4182d265c1ea3ba25':
  lavc: Replace av_dlog and tprintf with internal macros

Conflicts:
	libavcodec/aacdec.c
	libavcodec/audio_frame_queue.c
	libavcodec/bitstream.c
	libavcodec/dcadec.c
	libavcodec/dnxhddec.c
	libavcodec/dvbsubdec.c
	libavcodec/dvdec.c
	libavcodec/dvdsubdec.c
	libavcodec/get_bits.h
	libavcodec/gifdec.c
	libavcodec/h264.h
	libavcodec/h264_cabac.c
	libavcodec/h264_cavlc.c
	libavcodec/h264_loopfilter.c
	libavcodec/h264_refs.c
	libavcodec/imc.c
	libavcodec/interplayvideo.c
	libavcodec/jpeglsdec.c
	libavcodec/libopencore-amr.c
	libavcodec/mjpegdec.c
	libavcodec/mpeg12dec.c
	libavcodec/mpegvideo_enc.c
	libavcodec/mpegvideo_parser.c
	libavcodec/pngdec.c
	libavcodec/ratecontrol.c
	libavcodec/rv10.c
	libavcodec/svq1dec.c
	libavcodec/vqavideo.c
	libavcodec/wmadec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-04-20 04:10:10 +02:00
Vittorio Giovara
6a85dfc830 lavc: Replace av_dlog and tprintf with internal macros 2015-04-19 12:41:59 +01:00
Michael Niedermayer
a105931d3e Merge commit '4978850ca2cb1ec6908f5bc79cc592ca454d11e8'
* commit '4978850ca2cb1ec6908f5bc79cc592ca454d11e8':
  build: Split JPEG-related tables off into a separate component

Conflicts:
	configure

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-31 01:11:02 +02:00
Michael Niedermayer
794e9fb5a6 Merge commit 'e6e3dcba0c6f11bd7022e2d3b9bcb7b6a09d6c80'
* commit 'e6e3dcba0c6f11bd7022e2d3b9bcb7b6a09d6c80':
  mjpeg: Move code only used in the encoder(s) to the appropriate header

Conflicts:
	libavcodec/mjpegdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-30 21:05:23 +02:00
Diego Biurrun
4978850ca2 build: Split JPEG-related tables off into a separate component 2015-03-30 17:51:21 +02:00
Diego Biurrun
e6e3dcba0c mjpeg: Move code only used in the encoder(s) to the appropriate header 2015-03-30 17:51:20 +02:00
Michael Niedermayer
b1fbe29e51 avcodec/mjpegdec: Support 31111100 sampling
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-18 23:28:43 +01:00
Michael Niedermayer
e15455891b avcodec/mjpegdec: Change upscale_* to an array instead of a bitmask
This allows storing integer factors instead of just 0 and 1

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-18 23:13:44 +01:00
Michael Niedermayer
fa4bb7c5b2 Merge commit '5a0e953c2465be9d449d5f523c3d3e2b886910b2'
* commit '5a0e953c2465be9d449d5f523c3d3e2b886910b2':
  mjpeg: Mark decoder family as thread safe

Conflicts:
	libavcodec/mjpegbdec.c
	libavcodec/mjpegdec.c
	libavcodec/mxpegdec.c
	libavcodec/sp5xdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-13 22:48:54 +01:00
Vittorio Giovara
5a0e953c24 mjpeg: Mark decoder family as thread safe
No global variables are used and the VLC tables are allocated without
static elements. This will allow using a JPEG decoding context within
other decoders.
2015-03-13 19:48:07 +00:00
Michael Niedermayer
08509c8f86 avcodec/mjpegdec: Skip blocks which are outside the visible area
Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash.avi

Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-11 03:53:30 +01:00
Michael Niedermayer
fabbfaa095 avcodec/mjpegdec: Check number of components for JPEG-LS
Fixes out of array accesses
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-04 20:49:12 +01:00
Michael Niedermayer
afa92907f3 avcodec/mjpegdec: Check escape sequence validity
Fixes assertion failure
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-04 20:14:18 +01:00
Michael Niedermayer
6c68522a2a Merge commit '809c3023b699c54c90511913d3b6140dd2436550'
* commit '809c3023b699c54c90511913d3b6140dd2436550':
  mjpegdec: check for pixel format changes

Conflicts:
	libavcodec/mjpegdec.c

See: 5c378d6a6d
See: a2f680c7bc
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 12:49:23 +01:00
Anton Khirnov
809c3023b6 mjpegdec: check for pixel format changes
Fixes possible invalid memory access.

Based on code by Michael Niedermayer <michaelni@gmx.at>

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8541
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2014-12-19 08:01:46 +01:00
Michael Niedermayer
970a8f1c25 avcodec/mjpegdec: Fix integer overflow in shift
Fixes: signal_sigabrt_7ffff6ac7bb9_2683_cov_4120310995_m_ijpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-27 19:30:31 +01:00
Michael Niedermayer
0eecf40935 avcodec/mjpegdec: Fix context fields becoming inconsistent
Fixes out of array access
Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-25 13:54:20 +01:00
Michael Niedermayer
172d22a071 avcodec/mjpegdec: Add YUVA420 formats to *scale asserts
Fixes assertion failure
Fixes: signal_sigabrt_7ffff6ac7bb9_2042_cov_2593130068_ef1f8a057bb6056674fad92f6b8c0acd.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-25 01:42:39 +01:00
Michael Niedermayer
03a17f2bbf avcodec/mjpegdec: Print the number of bits in the unsupported pixel format error
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-25 01:34:32 +01:00
Michael Niedermayer
0bf416f262 avcodec/mjpegdec: Check for pixfmtid 0x42111100 || 0x24111100 with more than 8 bits
These cases are not supported yet

Fixes assertion failure
Fixes: signal_sigabrt_7ffff6ac7bb9_1_cov_1553101927_00.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-25 01:23:21 +01:00
Michael Niedermayer
2f6550bb9a avcodec/mjpegdec: fix pixfmtid 0x14111100
Fixes part of Ticket 2004
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-22 19:38:43 +01:00
Michael Niedermayer
4243415741 avcodec/mjpegdec: Support some subsampled GBR variants
Fixes Ticket4045

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-18 05:10:21 +01:00
Michael Niedermayer
960c573cc5 avcodec/mjpegdec: support pix fmt id 0x22111111
Fixes: 4163724_300.jpg

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-07 15:37:11 +01:00