avcodec/jpeglsdec: Apply transform only to initialized lines

Fixes: Timeout (110sec -> 1sec) Fixes: 17123/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-5636452758585344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2019-09-19 18:52:50 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2019-10-08 16:24:58 +0200
commit: 675c6d1e171085cc85068fd29c5dfe2b3dd22bda (patch)
tree: b26c650a56132caa937e620cb5b83ee1c1bc76ee /libavcodec
parent: fe7fbf3a2273b2f13c3190fcda58b9663b535157 (diff)
download: ffmpeg-675c6d1e171085cc85068fd29c5dfe2b3dd22bda.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c
index 79f7fc1322..0b1e139048 100644
--- a/libavcodec/jpeglsdec.c
+++ b/libavcodec/jpeglsdec.c
@@ -352,6 +352,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
     uint8_t *zero, *last, *cur;
     JLSState *state;
     int off = 0, stride = 1, width, shift, ret = 0;
+    int decoded_height = 0;
 
     zero = av_mallocz(s->picture_ptr->linesize[0]);
     if (!zero)
@@ -427,6 +428,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
                 skip_bits(&s->gb, 16); /* skip RSTn */
             }
         }
+        decoded_height = i;
     } else if (ilv == 1) { /* line interleaving */
         int j;
         int Rc[3] = { 0, 0, 0 };
@@ -452,6 +454,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
             last = cur;
             cur += s->picture_ptr->linesize[0];
         }
+        decoded_height = i;
     } else if (ilv == 2) { /* sample interleaving */
         avpriv_report_missing_feature(s->avctx, "Sample interleaved images");
         ret = AVERROR_PATCHWELCOME;
@@ -517,7 +520,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
         if (s->bits <= 8) {
             uint8_t *src = s->picture_ptr->data[0];
 
-            for (i = 0; i < s->height; i++) {
+            for (i = 0; i < decoded_height; i++) {
                 for (x = off; x < w; x += stride)
                     src[x] <<= shift;
                 src += s->picture_ptr->linesize[0];
@@ -525,7 +528,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
         } else {
             uint16_t *src = (uint16_t *)s->picture_ptr->data[0];
 
-            for (i = 0; i < s->height; i++) {
+            for (i = 0; i < decoded_height; i++) {
                 for (x = 0; x < w; x++)
                     src[x] <<= shift;
                 src += s->picture_ptr->linesize[0] / 2;
author	Michael Niedermayer <michael@niedermayer.cc>	2019-09-19 18:52:50 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2019-10-08 16:24:58 +0200
commit	675c6d1e171085cc85068fd29c5dfe2b3dd22bda (patch)
tree	b26c650a56132caa937e620cb5b83ee1c1bc76ee /libavcodec
parent	fe7fbf3a2273b2f13c3190fcda58b9663b535157 (diff)
download	ffmpeg-675c6d1e171085cc85068fd29c5dfe2b3dd22bda.tar.gz