1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Commit Graph

508 Commits

Author SHA1 Message Date
Andreas Rheinhardt
9442b0de1b avcodec/mjpegdec: Unify switch statements
This has been forgotten in d5a3a20d.

Found via PVS-Studio (see ticket #8156).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-18 22:53:00 +02:00
Michael Niedermayer
3b5ce76b1a avcodec/mjpegdec: Restore non bayer checks in ljpeg_decode_rgb_scan()
Fixes: out of array write
Fixes: 17088/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5654877765632000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-13 21:53:27 +02:00
Michael Niedermayer
2006e5ccb6 avcodec/mjpegdec: Only allow 0x11110000 pix_fmt_id for bayer mode
Fixes: NULL pointer dereference
Fixes: assertion failure
Fixes: 17003/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5696929253556224
Fixes: 17039/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5651008134316032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-13 21:53:27 +02:00
Nick Renieris
fcf0ebc4a9 lavc/mjpegdec: Skip unknown APPx marker on bayer images
Samples:
- Embedded JPEG images in the DNG images here:
  https://www.photographyblog.com/previews/pentax_k1_photos

Signed-off-by: Nick Renieris <velocityra@gmail.com>
2019-09-02 09:26:52 +02:00
Nick Renieris
a75a9e8f64 lavc/mjpegdec: Enable decoding of single-component bayer images
Also, ensure no false positives when determining DNG bayer images, by
setting them in tiff.c instead of relying on a heuristic.  There's no
way to determine this just from the JPEG data, so we have to pass this
information from outside the MJPEG decoder.

Signed-off-by: Nick Renieris <velocityra@gmail.com>
2019-09-02 09:26:52 +02:00
Nick Renieris
40abff05d2 lavc/mjpegdec: Decode Huffman-coded lossless JPEGs embedded in DNGs
Main image data in DNGs is usually comprised of tiles, each of which is a Huffman-encoded lossless JPEG.

Tested for ljpeg regressions with:
`ffmpeg -f lavfi -i testsrc=d=1 -vcodec ljpeg test.avi`
`ffmpeg test.avi out.avi`
The modified code in ljpeg_decode_rgb_scan runs without issues.

Signed-off-by: Nick Renieris <velocityra@gmail.com>
2019-09-02 09:26:52 +02:00
Zhong Li
e51cc7ed85 lavc/mjpegdec: make code aligned
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Zhong Li <zhong.li@intel.com>
2019-07-01 13:24:57 +08:00
Zhong Li
a6c648f2b4 lavc/mjpegdec: replace number with marker name
Make it easier to read.

Signed-off-by: Zhong Li <zhong.li@intel.com>
2019-07-01 13:24:01 +08:00
Michael Niedermayer
442375fee7 avcodec/mjpegdec: Check for non ls PAL8
Fixes: Null-dereference READ in av_malloc
Fixes: 15002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5643474625363968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-06-12 12:01:32 +02:00
Michael Niedermayer
32d022d26d avcodec/mjpegdec: Fix stereo3d memleak
Fixes: 12937/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5714945346371584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-02-25 18:03:24 +01:00
Michael Niedermayer
ea30ac1e40 avcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan()
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-12-19 10:01:08 +01:00
Michael Niedermayer
dfb5046cf3 avcodec/mjpegdec: verify SOF len field validity
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-12-19 10:01:00 +01:00
Carl Eugen Hoyos
06a436a224 lavc/mjpegdec: Interpret three-component Adobe transform 0 also as RGB.
While there, make a comparison with "RGB" more readable.

Fixes ticket #7625.
2018-12-18 18:00:31 +01:00
Mark Thompson
7ba63695b7 mjpegdec: Fill raw huffman tables with default values too
These may be used by hwaccel decoders when the standard tables are not
otherwise available.  At the same time, clean up that code into an array
so it's a little less repetitive.
2018-11-18 17:40:24 +00:00
Vittorio Giovara
d37faad0cd mjpeg: Use profile names in the encoder and decoder 2018-11-05 12:39:23 -05:00
Carl Eugen Hoyos
e90d4e9272 lavc/mjpegdec: Support 2:3 subsampling.
Fixes ticket #7495.
2018-10-18 00:25:16 +02:00
Michael Niedermayer
09f0429b99 avcodec/mjpegdec: simplify rgb index remaping 2018-09-12 00:52:01 +02:00
Michael Niedermayer
ee1e3ca5eb avcodec/mjpegdec: Check for odd progressive RGB
Fixes: out of array access
Fixes: 9225/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5684770334834688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-07-08 00:55:49 +02:00
Michael Niedermayer
540e8c2d64 avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()
Fixes: Timeout
Fixes: 8648/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5108395525799936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-23 01:06:29 +02:00
Michael Niedermayer
936f4a2c2e avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int'
Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-06 16:58:08 +02:00
Michael Niedermayer
8d381b57fd avcodec/mjpegdec: Check input buffer size.
Fixes: Timeout
Fixes: 6381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5665032743419904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-12 23:52:59 +02:00
Philip Langdale
cd98f20b4a avcodec/nvdec: Implement mjpeg nvdec hwaccel 2018-02-21 23:38:42 +00:00
Mark Thompson
63c690ad15 vaapi: Add MJPEG decode hwaccel 2018-02-21 23:38:30 +00:00
Mark Thompson
6c0bfa30c0 mjpegdec: Add hwaccel hooks
Also adds some extra fields to the main context structure that may
be needed by a hwaccel decoder.
2018-02-21 23:38:10 +00:00
Mark Thompson
9ca79784e9 lavc/mjpeg: Add profiles for MJPEG using SOF marker codes
This is needed by later hwaccel code to tell which encoding process was
used for a particular frame, because hardware decoders may only support a
subset of possible methods.
2018-02-21 23:37:58 +00:00
Michael Niedermayer
1bfc1aa004 avcodec/mjpegdec: Fix integer overflow in DC dequantization
Fixes: runtime error: signed integer overflow: -65535 * 65312 cannot be represented in type 'int'
Fixes: 4900/clusterfuzz-testcase-minimized-5769019744321536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-01-27 04:29:30 +01:00
Martin Vignali
4ada428aae avcodec: remove remaining uses of avcodec_get_chroma_sub_sample
Replace them with av_pix_fmt_get_chroma_sub_sample.

Signed-off-by: James Almer <jamrial@gmail.com>
2017-11-06 19:13:03 -03:00
James Almer
ae100046ca avcodec/exif: remove GetByteContext usage from avpriv_exif_decode_ifd()
This prevents potential ABI issues with GetByteContext.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-10-26 00:45:49 -03:00
Derek Buitenhuis
9e02f35f6a mjpeg: Add support for ICC side data
JPEGs store embedded profiles under the APP2 marker, signified
with a "ICC_PROFILE" null-terminated string header, and can be
split across multiple APP2 markers, out of order.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2017-08-25 13:44:41 +01:00
Michael Niedermayer
c28f648b19 avcodec/mjpegdec: Clip DC also on the negative side.
Fixes: runtime error: signed integer overflow: -16711425 + -2130772346 cannot be represented in type 'int'
Fixes: 2533/clusterfuzz-testcase-minimized-5372857678823424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-07-12 16:32:27 +02:00
Michael Niedermayer
4705edbbb9 avcodec/mjpegdec: Check that reference frame matches the current frame
Fixes: out of array read
Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-05 22:43:23 +02:00
Michael Niedermayer
40fa6a2fa2 avcodec/mjpegdec: Fix runtime error: signed integer overflow: -32767 * 130560 cannot be represented in type 'int'
Fixes: 1724/clusterfuzz-testcase-minimized-4842395432648704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-22 02:16:39 +02:00
Michael Niedermayer
a78ae465fd avcodec/mjpegdec: Fix runtime error: signed integer overflow: -24543 * 2031616 cannot be represented in type 'int'
Fixes: 943/clusterfuzz-testcase-5114865297391616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-04 20:42:54 +02:00
Muhammad Faiz
31f61b0d4f avcodec: do not use AVFrame accessor
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: Muhammad Faiz <mfcc64@gmail.com>
2017-04-23 14:27:47 +07:00
Clément Bœsch
8d94d9798a lavc/mjpegdec: allow failure while decoding APP
Fix decoding frame.jpg from ticket #267

Regression since 9c7ee3749 / 212c6a1d7
2017-04-07 18:05:20 +02:00
Clément Bœsch
9c7ee37490 Merge commit '212c6a1d70df011b6f2a2aa02f7677503287bd00'
* commit '212c6a1d70df011b6f2a2aa02f7677503287bd00':
  mjpegdec: Check return values of functions that may fail

Merged-by: Clément Bœsch <u@pkh.me>
2017-04-07 10:17:53 +02:00
Clément Bœsch
e3287077ec Merge commit '67deba8a416d818f3d95aef0aa916589090396e2'
* commit '67deba8a416d818f3d95aef0aa916589090396e2':
  Use avpriv_report_missing_feature() where appropriate

Merged-by: Clément Bœsch <cboesch@gopro.com>
2017-03-31 10:40:34 +02:00
Clément Bœsch
67e370ee52 lavc: fix usages of av_get_codec_tag_string() 2017-03-29 14:49:29 +02:00
Michael Niedermayer
23f3f92361 avcodec/mjpegdec: quant_matrixes can be up to 65535, use uint16_t
Fixes invalid shift
Fixes: 870/clusterfuzz-testcase-5649105424482304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-20 01:38:04 +01:00
Michael Niedermayer
656a17e126 avcodec/mjpegdec: Check quant_matrixes values for being non zero
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-20 01:38:02 +01:00
Clément Bœsch
1a48a51bfc Merge commit 'b53d8c3ccfeff77874f5ca7c68136b6d87a0a69c'
* commit 'b53d8c3ccfeff77874f5ca7c68136b6d87a0a69c':
  mjpegdec: Drop disabled code

The last chunk is replaced with a comment describing the structure.

Merged-by: Clément Bœsch <u@pkh.me>
2017-03-19 16:03:25 +01:00
Michael Niedermayer
800d02abe0 avcodec/mjpegdec: Fix runtime error: left shift of negative value -127
Fixes: 733/clusterfuzz-testcase-4682158096515072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-09 23:28:10 +01:00
Michael Niedermayer
4b72d5cd6f avcodec/mjpegdec: Fix runtime error: left shift of negative value -511
Fixes: 693/clusterfuzz-testcase-6109776066904064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-03 01:03:29 +01:00
Michael Niedermayer
c91bdd4524 avcodec/mjpegdec: Fix runtime error: left shift of negative value -507
Fixes: 611/clusterfuzz-testcase-5613455820193792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-19 21:49:03 +01:00
Michael Niedermayer
3782656631 avcodec/mjpegdec: Check for for the bitstream end in mjpeg_decode_scan_progressive_ac()
Fixes timeout
Fixes: 496/clusterfuzz-testcase-5805083497332736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-01 01:36:50 +01:00
Matthieu Bouron
2ae8278832 lavc/mjpegdec: consume SOS data even if the frame is discarded
Speeds up next marker search when a SOS marker is found but the frame is
discarded (which happens in avformat_find_stream_info).
2017-01-29 21:54:16 +01:00
Michael Niedermayer
755933cb5c avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan()
Fixes timeout
Fixes: 445/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer
Fixes: 456/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_JPEGLS_fuzzer

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-01-24 17:50:03 +01:00
Carl Eugen Hoyos
4acea512f3 lavc/mjpegdec: Do not overread too short JFIF tags.
Fixes ticket #6055.
2017-01-01 18:53:27 +01:00
Michael Niedermayer
25d9643f11 avcodec/mjpegdec: Check for rgb before flipping
Fixes assertion failure due to unsupported case

Fixes: 356/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-31 03:21:05 +01:00
Diego Biurrun
212c6a1d70 mjpegdec: Check return values of functions that may fail 2016-11-29 13:13:35 +01:00