From ad9feac9fb1a55b41fb2cc21832fad1109e37bda Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 2 Nov 2009 14:12:25 +0000 Subject: [PATCH] Avoid huge array for rgb ljpeg on the stack. Code tested with an ljpeg i had laying around. Originally committed as revision 20433 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/mjpegdec.c | 8 +++++--- libavcodec/mjpegdec.h | 3 +++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index d1d933fa86..812d69bd06 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -616,13 +616,13 @@ static int decode_block_refinement(MJpegDecodeContext *s, DCTELEM *block, uint8_ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int predictor, int point_transform){ int i, mb_x, mb_y; - uint16_t buffer[32768][4]; + uint16_t (*buffer)[4]; int left[3], top[3], topleft[3]; const int linesize= s->linesize[0]; const int mask= (1<bits)-1; - if((unsigned)s->mb_width > 32768) //dynamic alloc - return -1; + av_fast_malloc(&s->ljpeg_buffer, &s->ljpeg_buffer_size, (unsigned)s->mb_width * 4 * sizeof(s->ljpeg_buffer[0][0])); + buffer= s->ljpeg_buffer; for(i=0; i<3; i++){ buffer[0][i]= 1 << (s->bits + point_transform - 1); @@ -1504,6 +1504,8 @@ av_cold int ff_mjpeg_decode_end(AVCodecContext *avctx) av_free(s->buffer); av_free(s->qscale_table); + av_freep(&s->ljpeg_buffer); + s->ljpeg_buffer_size=0; for(i=0;i<2;i++) { for(j=0;j<4;j++) diff --git a/libavcodec/mjpegdec.h b/libavcodec/mjpegdec.h index d7a33b8c4f..71773fb32e 100644 --- a/libavcodec/mjpegdec.h +++ b/libavcodec/mjpegdec.h @@ -102,6 +102,9 @@ typedef struct MJpegDecodeContext { int cur_scan; /* current scan, used by JPEG-LS */ int flipped; /* true if picture is flipped */ + + uint16_t (*ljpeg_buffer)[4]; + unsigned int ljpeg_buffer_size; } MJpegDecodeContext; int ff_mjpeg_decode_init(AVCodecContext *avctx);