highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avcodec/jpeglsdec: Apply transform only to initialized lines

Browse Source 
Fixes: Timeout (110sec -> 1sec)
Fixes: 17123/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-5636452758585344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2019-09-19 18:52:50 +02:00
parent fe7fbf3a22
commit 675c6d1e17
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
libavcodec/jpeglsdec.c
View File

@@ -352,6 +352,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
uint8_t *zero, *last, *cur; uint8_t *zero, *last, *cur;
JLSState *state; JLSState *state;
int off = 0, stride = 1, width, shift, ret = 0; int off = 0, stride = 1, width, shift, ret = 0;
int decoded_height = 0;
zero = av_mallocz(s->picture_ptr->linesize[0]); zero = av_mallocz(s->picture_ptr->linesize[0]);
if (!zero) if (!zero)
@@ -427,6 +428,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
skip_bits(&s->gb, 16); /* skip RSTn */ skip_bits(&s->gb, 16); /* skip RSTn */
} }
} }
decoded_height = i;
} else if (ilv == 1) { /* line interleaving */ } else if (ilv == 1) { /* line interleaving */
int j; int j;
int Rc[3] = { 0, 0, 0 }; int Rc[3] = { 0, 0, 0 };
@@ -452,6 +454,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
last = cur; last = cur;
cur += s->picture_ptr->linesize[0]; cur += s->picture_ptr->linesize[0];
} }
decoded_height = i;
} else if (ilv == 2) { /* sample interleaving */ } else if (ilv == 2) { /* sample interleaving */
avpriv_report_missing_feature(s->avctx, "Sample interleaved images"); avpriv_report_missing_feature(s->avctx, "Sample interleaved images");
ret = AVERROR_PATCHWELCOME; ret = AVERROR_PATCHWELCOME;
@@ -517,7 +520,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
if (s->bits <= 8) { if (s->bits <= 8) {
uint8_t *src = s->picture_ptr->data[0]; uint8_t *src = s->picture_ptr->data[0];
for (i = 0; i < s->height; i++) { for (i = 0; i < decoded_height; i++) {
for (x = off; x < w; x += stride) for (x = off; x < w; x += stride)
src[x] <<= shift; src[x] <<= shift;
src += s->picture_ptr->linesize[0]; src += s->picture_ptr->linesize[0];
@@ -525,7 +528,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
} else { } else {
uint16_t *src = (uint16_t *)s->picture_ptr->data[0]; uint16_t *src = (uint16_t *)s->picture_ptr->data[0];
for (i = 0; i < s->height; i++) { for (i = 0; i < decoded_height; i++) {
for (x = 0; x < w; x++) for (x = 0; x < w; x++)
src[x] <<= shift; src[x] <<= shift;
src += s->picture_ptr->linesize[0] / 2; src += s->picture_ptr->linesize[0] / 2;