[FFmpeg-devel,5/5] avcodec/mjpeg_parser: Make parser a bit more robust with unclean input

Submitted by Michael Niedermayer on Oct. 10, 2019, 10:40 p.m.

Details

Message ID 20191010224011.5364-5-michael@niedermayer.cc
State Accepted
Commit ec3d8a0e6945fe015d16cd98a1e7dbb4be815c15
Headers show

Commit Message

Michael Niedermayer Oct. 10, 2019, 10:40 p.m.
Helps: test_roman.mjpeg (note this is not really just mjpeg)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/mjpeg_parser.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Paul B Mahol Nov. 16, 2019, 1:53 p.m.
So you gonna commit this or not? Are there obvious drawbacks?

On 10/11/19, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Helps: test_roman.mjpeg (note this is not really just mjpeg)
>
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/mjpeg_parser.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/mjpeg_parser.c b/libavcodec/mjpeg_parser.c
> index 07a6b2bdc6..c642b2ecbc 100644
> --- a/libavcodec/mjpeg_parser.c
> +++ b/libavcodec/mjpeg_parser.c
> @@ -50,7 +50,7 @@ static int find_frame_end(MJPEGParserContext *m, const
> uint8_t *buf, int buf_siz
>          for(i=0; i<buf_size;){
>              state= (state<<8) | buf[i];
>              if(state>=0xFFC00000 && state<=0xFFFEFFFF){
> -                if(state>=0xFFD80000 && state<=0xFFD8FFFF){
> +                if(state>=0xFFD8FFC0 && state<=0xFFD8FFFF){
>                      i++;
>                      vop_found=1;
>                      break;
> @@ -76,12 +76,14 @@ static int find_frame_end(MJPEGParserContext *m, const
> uint8_t *buf, int buf_siz
>          for(; i<buf_size;){
>              state= (state<<8) | buf[i];
>              if(state>=0xFFC00000 && state<=0xFFFEFFFF){
> -                if(state>=0xFFD80000 && state<=0xFFD8FFFF){
> +                if(state>=0xFFD8FFC0 && state<=0xFFD8FFFF){
>                      pc->frame_start_found=0;
>                      pc->state=0;
>                      return i-3;
>                  } else if(state<0xFFD00000 || state>0xFFD9FFFF){
>                      m->size= (state&0xFFFF)-1;
> +                    if (m->size >= 0x8000)
> +                        m->size = 0;
>                  }
>              }
>              if(m->size>0){
> --
> 2.23.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Michael Niedermayer Nov. 16, 2019, 9:40 p.m.
On Fri, Oct 11, 2019 at 12:40:11AM +0200, Michael Niedermayer wrote:
> Helps: test_roman.mjpeg (note this is not really just mjpeg)
> 
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/mjpeg_parser.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)

will apply

[...]

Patch hide | download patch | download mbox

diff --git a/libavcodec/mjpeg_parser.c b/libavcodec/mjpeg_parser.c
index 07a6b2bdc6..c642b2ecbc 100644
--- a/libavcodec/mjpeg_parser.c
+++ b/libavcodec/mjpeg_parser.c
@@ -50,7 +50,7 @@  static int find_frame_end(MJPEGParserContext *m, const uint8_t *buf, int buf_siz
         for(i=0; i<buf_size;){
             state= (state<<8) | buf[i];
             if(state>=0xFFC00000 && state<=0xFFFEFFFF){
-                if(state>=0xFFD80000 && state<=0xFFD8FFFF){
+                if(state>=0xFFD8FFC0 && state<=0xFFD8FFFF){
                     i++;
                     vop_found=1;
                     break;
@@ -76,12 +76,14 @@  static int find_frame_end(MJPEGParserContext *m, const uint8_t *buf, int buf_siz
         for(; i<buf_size;){
             state= (state<<8) | buf[i];
             if(state>=0xFFC00000 && state<=0xFFFEFFFF){
-                if(state>=0xFFD80000 && state<=0xFFD8FFFF){
+                if(state>=0xFFD8FFC0 && state<=0xFFD8FFFF){
                     pc->frame_start_found=0;
                     pc->state=0;
                     return i-3;
                 } else if(state<0xFFD00000 || state>0xFFD9FFFF){
                     m->size= (state&0xFFFF)-1;
+                    if (m->size >= 0x8000)
+                        m->size = 0;
                 }
             }
             if(m->size>0){