Mercurial > libavcodec.hg
changeset 10549:981e7720fc03 libavcodec
Allocate pictures with enough padding for jpeg.
Ensure that jpeg does not use mbs that could require larger padding.
This might have been exploitable.
| author | michael |
|---|---|
| date | Fri, 20 Nov 2009 22:14:37 +0000 |
| parents | e68792a12c31 |
| children | eb415f52f9f9 |
| files | mjpegdec.c utils.c |
| diffstat | 2 files changed, 6 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/mjpegdec.c Fri Nov 20 21:08:26 2009 +0000 +++ b/mjpegdec.c Fri Nov 20 22:14:37 2009 +0000 @@ -292,9 +292,10 @@ (s->h_count[2] << 12) | (s->v_count[2] << 8) | (s->h_count[3] << 4) | s->v_count[3]; av_log(s->avctx, AV_LOG_DEBUG, "pix fmt id %x\n", pix_fmt_id); - if(!(pix_fmt_id & 0x10101010)) + //NOTE we do not allocate pictures large enough for the possible padding of h/v_count being 4 + if(!(pix_fmt_id & 0xD0D0D0D0)) pix_fmt_id-= (pix_fmt_id & 0xF0F0F0F0)>>1; - if(!(pix_fmt_id & 0x01010101)) + if(!(pix_fmt_id & 0x0D0D0D0D)) pix_fmt_id-= (pix_fmt_id & 0x0F0F0F0F)>>1; switch(pix_fmt_id){
--- a/utils.c Fri Nov 20 21:08:26 2009 +0000 +++ b/utils.c Fri Nov 20 22:14:37 2009 +0000 @@ -126,17 +126,19 @@ case PIX_FMT_YUYV422: case PIX_FMT_UYVY422: case PIX_FMT_YUV422P: + case PIX_FMT_YUV440P: case PIX_FMT_YUV444P: case PIX_FMT_GRAY8: case PIX_FMT_GRAY16BE: case PIX_FMT_GRAY16LE: case PIX_FMT_YUVJ420P: case PIX_FMT_YUVJ422P: + case PIX_FMT_YUVJ440P: case PIX_FMT_YUVJ444P: case PIX_FMT_YUVA420P: w_align= 16; //FIXME check for non mpeg style codecs and use less alignment h_align= 16; - if(s->codec_id == CODEC_ID_MPEG2VIDEO) + if(s->codec_id == CODEC_ID_MPEG2VIDEO || s->codec_id == CODEC_ID_MJPEG || s->codec_id == CODEC_ID_AMV || s->codec_id == CODEC_ID_THP) h_align= 32; // interlaced is rounded up to 2 MBs break; case PIX_FMT_YUV411P: