From 3c56b5c3df4d3315d7ac5d02e9baefc6c9f0a6ad Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 10 Jun 2023 01:11:48 +0200 Subject: [PATCH] avcodec/jpeg2000dec: jpeg2000 has its own lowres option jpeg2000 overrides the global lowres variable with a lowres field called reduction_factor ffmpeg -lowres X causes the reduction_factor to be set ffplay -lowres X causes both lowres and the reduction_factor to be set ossfuss sets only lowres only the ffmpeg variant works. This patch tries to make the other 2 work. Alternative we could just error out if things are inconsistent. More complex restructuring should be limited to the master branch to keep this reasonably easy to backport Fixes: out of array access Fixes: 59672/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit c012d1f2bb8735f2b17ce88cd8181d2ffc989b02) Signed-off-by: Michael Niedermayer --- libavcodec/jpeg2000dec.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 69503059d7..fc10bb8f0c 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -393,7 +393,7 @@ static int get_siz(Jpeg2000DecoderContext *s) dimy = FFMAX(dimy, ff_jpeg2000_ceildiv(o_dimy, s->cdy[i])); } - ret = ff_set_dimensions(s->avctx, dimx, dimy); + ret = ff_set_dimensions(s->avctx, dimx << s->avctx->lowres, dimy << s->avctx->lowres); if (ret < 0) return ret; @@ -2472,6 +2472,14 @@ static av_cold int jpeg2000_decode_init(AVCodecContext *avctx) { Jpeg2000DecoderContext *s = avctx->priv_data; + if (avctx->lowres) + av_log(avctx, AV_LOG_WARNING, "lowres is overriden by reduction_factor but set anyway\n"); + if (!s->reduction_factor && avctx->lowres < JPEG2000_MAX_RESLEVELS) { + s->reduction_factor = avctx->lowres; + } + if (avctx->lowres != s->reduction_factor && avctx->lowres) + return AVERROR(EINVAL); + ff_jpeg2000dsp_init(&s->dsp); ff_jpeg2000_init_tier1_luts();