# HG changeset patch # User reimar # Date 1246731635 0 # Node ID b73796e935710a3475d6b53e8e0b43d3cef69064 # Parent 9502108caadfc5c67c76f87cacc50cfda7559479 Add a got_picture flag to MJpegDecodeContext which indicates if its picture element is valid. Skip the code handling SOS and EOI if not, since it can not work without a valid AVPicture. This fixes a crash with mjpeg/smclockmjpeg.avi.1.0 from issue 1240 where the decoder returned an invalid AVPicture. diff -r 9502108caadf -r b73796e93571 mjpegdec.c --- a/mjpegdec.c Sat Jul 04 12:54:36 2009 +0000 +++ b/mjpegdec.c Sat Jul 04 18:20:35 2009 +0000 @@ -338,6 +338,7 @@ } s->picture.pict_type= FF_I_TYPE; s->picture.key_frame= 1; + s->got_picture = 1; for(i=0; i<3; i++){ s->linesize[i]= s->picture.linesize[i] << s->interlaced; @@ -1249,6 +1250,7 @@ int start_code; AVFrame *picture = data; + s->got_picture = 0; // picture from previous image can not be reused buf_ptr = buf; buf_end = buf + buf_size; while (buf_ptr < buf_end) { @@ -1410,6 +1412,10 @@ if ((s->buggy_avid && !s->interlaced) || s->restart_interval) break; eoi_parser: + if (!s->got_picture) { + av_log(avctx, AV_LOG_WARNING, "Found EOI before any SOF, ignoring\n"); + break; + } { if (s->interlaced) { s->bottom_field ^= 1; @@ -1434,6 +1440,10 @@ } break; case SOS: + if (!s->got_picture) { + av_log(avctx, AV_LOG_WARNING, "Can not process SOS before SOF, skipping\n"); + break; + } ff_mjpeg_decode_sos(s); /* buggy avid puts EOI every 10-20th frame */ /* if restart period is over process EOI */ diff -r 9502108caadf -r b73796e93571 mjpegdec.h --- a/mjpegdec.h Sat Jul 04 12:54:36 2009 +0000 +++ b/mjpegdec.h Sat Jul 04 18:20:35 2009 +0000 @@ -81,6 +81,7 @@ int quant_index[4]; /* quant table index for each component */ int last_dc[MAX_COMPONENTS]; /* last DEQUANTIZED dc (XXX: am I right to do that ?) */ AVFrame picture; /* picture structure */ + int got_picture; ///< we found a SOF and picture is valid, too. int linesize[MAX_COMPONENTS]; ///< linesize << interlaced int8_t *qscale_table; DECLARE_ALIGNED_16(DCTELEM, block[64]);