diff mbox series

[FFmpeg-devel] avcodec/mjpeg_parser: skip markers after EOI, not by size

Message ID 20211125193034.8061-1-alex_y_xu@yahoo.ca
State Accepted
Commit cd0bdce71ac0b9871fa04d31756daa26fa7999af
Headers show
Series [FFmpeg-devel] avcodec/mjpeg_parser: skip markers after EOI, not by size | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_ppc success Make finished
andriy/make_fate_ppc success Make fate finished

Commit Message

Alex Xu (Hello71) Nov. 25, 2021, 7:30 p.m. UTC 
The check for m->size >= 0xF000 is intended to avoid skipping too much
garbage data between JPEG frames in test_roman (thus missing next SOI),
but it erroneously also skips valid markers between SOI and SOS. Instead
of this, we should simply skip parsing markers other than SOI after EOI.
That way, we will not accidentally skip over SOI due to some garbage
between frames. There is still a small risk of encountering FFD8 in the
garbage data, but the chance of this is fairly low.

Fixes: https://trac.ffmpeg.org/ticket/8967
---
 libavcodec/mjpeg_parser.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Michael Niedermayer Nov. 27, 2021, 5:18 p.m. UTC | #1 
On Thu, Nov 25, 2021 at 02:30:33PM -0500, Alex Xu (Hello71) wrote:
> The check for m->size >= 0xF000 is intended to avoid skipping too much
> garbage data between JPEG frames in test_roman (thus missing next SOI),
> but it erroneously also skips valid markers between SOI and SOS. Instead
> of this, we should simply skip parsing markers other than SOI after EOI.
> That way, we will not accidentally skip over SOI due to some garbage
> between frames. There is still a small risk of encountering FFD8 in the
> garbage data, but the chance of this is fairly low.
> 
> Fixes: https://trac.ffmpeg.org/ticket/8967
> ---
>  libavcodec/mjpeg_parser.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

will apply

thx


[...]
diff mbox series

Patch

diff --git a/libavcodec/mjpeg_parser.c b/libavcodec/mjpeg_parser.c
index 16a5902c7c..62b923b625 100644
--- a/libavcodec/mjpeg_parser.c
+++ b/libavcodec/mjpeg_parser.c
@@ -80,10 +80,10 @@  static int find_frame_end(MJPEGParserContext *m, const uint8_t *buf, int buf_siz
                     pc->frame_start_found=0;
                     pc->state=0;
                     return i-3;
+                } else if((state>>16)==0xFFD9 && (state&0xFFFF)!=0xFFD8){
+                    state= 0xFFD900|(state&0xFF);
                 } else if(state<0xFFD00000 || state>0xFFD9FFFF){
                     m->size= (state&0xFFFF)-1;
-                    if (m->size >= 0xF000)
-                        m->size = 0;
                 }
             }
             if(m->size>0){