aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2009-11-20 22:14:37 +0000
committerMichael Niedermayer <michaelni@gmx.at>2009-11-20 22:14:37 +0000
commit98c82d691089214251283a1c16808c10f0744ca1 (patch)
tree5d9466835c8e9ca9e2b591b3305ad1f50cdc38bb
parent9fe08942102ecd2dda0d6751b3c7d9f736cc4ee3 (diff)
downloadffmpeg-98c82d691089214251283a1c16808c10f0744ca1.tar.gz
Allocate pictures with enough padding for jpeg.
Ensure that jpeg does not use mbs that could require larger padding. This might have been exploitable. Originally committed as revision 20566 to svn://svn.ffmpeg.org/ffmpeg/trunk
-rw-r--r--libavcodec/mjpegdec.c5
-rw-r--r--libavcodec/utils.c4
2 files changed, 6 insertions, 3 deletions
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 3cf408dfe9..5b213e40e4 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -292,9 +292,10 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
(s->h_count[2] << 12) | (s->v_count[2] << 8) |
(s->h_count[3] << 4) | s->v_count[3];
av_log(s->avctx, AV_LOG_DEBUG, "pix fmt id %x\n", pix_fmt_id);
- if(!(pix_fmt_id & 0x10101010))
+ //NOTE we do not allocate pictures large enough for the possible padding of h/v_count being 4
+ if(!(pix_fmt_id & 0xD0D0D0D0))
pix_fmt_id-= (pix_fmt_id & 0xF0F0F0F0)>>1;
- if(!(pix_fmt_id & 0x01010101))
+ if(!(pix_fmt_id & 0x0D0D0D0D))
pix_fmt_id-= (pix_fmt_id & 0x0F0F0F0F)>>1;
switch(pix_fmt_id){
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 6be9d724ae..810aa5d138 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -126,17 +126,19 @@ void avcodec_align_dimensions(AVCodecContext *s, int *width, int *height){
case PIX_FMT_YUYV422:
case PIX_FMT_UYVY422:
case PIX_FMT_YUV422P:
+ case PIX_FMT_YUV440P:
case PIX_FMT_YUV444P:
case PIX_FMT_GRAY8:
case PIX_FMT_GRAY16BE:
case PIX_FMT_GRAY16LE:
case PIX_FMT_YUVJ420P:
case PIX_FMT_YUVJ422P:
+ case PIX_FMT_YUVJ440P:
case PIX_FMT_YUVJ444P:
case PIX_FMT_YUVA420P:
w_align= 16; //FIXME check for non mpeg style codecs and use less alignment
h_align= 16;
- if(s->codec_id == CODEC_ID_MPEG2VIDEO)
+ if(s->codec_id == CODEC_ID_MPEG2VIDEO || s->codec_id == CODEC_ID_MJPEG || s->codec_id == CODEC_ID_AMV || s->codec_id == CODEC_ID_THP)
h_align= 32; // interlaced is rounded up to 2 MBs
break;
case PIX_FMT_YUV411P: