diff mbox series

[FFmpeg-devel,2/2] avcodec/mjpegdec: silently ignore APPx stubs

Message ID 20241017110012.1873-2-ramiro.polla@gmail.com
State New
Headers show
Series [FFmpeg-devel,1/2] avcodec/mjpegdec: fix skipping of bytes for unknown APPx markers | expand

Commit Message

Ramiro Polla Oct. 17, 2024, 11 a.m. UTC 
Consider APPx fields that are too short to contain an id field (32-bit)
as stubs, and silently ignore them.

This has been seen in the MJPEG output from some webcams (such as the
Logitech C270 and C920) and the JPEG images embedded in DNG images
from the Pentax K-1 camera.
---
 libavcodec/mjpegdec.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)
diff mbox series

Patch

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index a775fdca30..3cd9904595 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1856,20 +1856,22 @@  static int mjpeg_decode_app(MJpegDecodeContext *s)
     int len, id, i;
 
     len = get_bits(&s->gb, 16);
-    if (len < 6) {
-        if (s->bayer) {
-            // Pentax K-1 (digital camera) JPEG images embedded in DNG images contain unknown APP0 markers
-            av_log(s->avctx, AV_LOG_WARNING, "skipping APPx (len=%"PRId32") for bayer-encoded image\n", len);
-            skip_bits(&s->gb, len);
-            return 0;
-        } else
-            return AVERROR_INVALIDDATA;
+    if (len < 2)
+        return AVERROR_INVALIDDATA;
+    len -= 2;
+
+    if (len < 4) {
+        /* Silently ignore APPx stubs */
+        if (show_bits(&s->gb, 8 * len) == 0)
+            goto out;
+        return AVERROR_INVALIDDATA;
     }
+
     if (8 * len > get_bits_left(&s->gb))
         return AVERROR_INVALIDDATA;
 
     id   = get_bits_long(&s->gb, 32);
-    len -= 6;
+    len -= 4;
 
     if (s->avctx->debug & FF_DEBUG_STARTCODE)
         av_log(s->avctx, AV_LOG_DEBUG, "APPx (%s / %8X) len=%d\n",