Skip to content

F
ffmpeg.wasm-core
Commit 675c6d1e authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

avcodec/jpeglsdec: Apply transform only to initialized lines 

Fixes: Timeout (110sec -> 1sec)
Fixes: 17123/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-5636452758585344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent fe7fbf3a
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 2 deletions
libavcodec/jpeglsdec.c
View file @ 675c6d1e
...@@ -352,6 +352,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, ...@@ -352,6 +352,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
uint8_t *zero, *last, *cur; uint8_t *zero, *last, *cur;
JLSState *state; JLSState *state;
int off = 0, stride = 1, width, shift, ret = 0; int off = 0, stride = 1, width, shift, ret = 0;
int decoded_height = 0;
zero = av_mallocz(s->picture_ptr->linesize[0]); zero = av_mallocz(s->picture_ptr->linesize[0]);
if (!zero) if (!zero)
...@@ -427,6 +428,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, ...@@ -427,6 +428,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
skip_bits(&s->gb, 16); /* skip RSTn */ skip_bits(&s->gb, 16); /* skip RSTn */
} }
} }
decoded_height = i;
} else if (ilv == 1) { /* line interleaving */ } else if (ilv == 1) { /* line interleaving */
int j; int j;
int Rc[3] = { 0, 0, 0 }; int Rc[3] = { 0, 0, 0 };
...@@ -452,6 +454,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, ...@@ -452,6 +454,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
last = cur; last = cur;
cur += s->picture_ptr->linesize[0]; cur += s->picture_ptr->linesize[0];
} }
decoded_height = i;
} else if (ilv == 2) { /* sample interleaving */ } else if (ilv == 2) { /* sample interleaving */
avpriv_report_missing_feature(s->avctx, "Sample interleaved images"); avpriv_report_missing_feature(s->avctx, "Sample interleaved images");
ret = AVERROR_PATCHWELCOME; ret = AVERROR_PATCHWELCOME;
...@@ -517,7 +520,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, ...@@ -517,7 +520,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
if (s->bits <= 8) { if (s->bits <= 8) {
uint8_t *src = s->picture_ptr->data[0]; uint8_t *src = s->picture_ptr->data[0];
for (i = 0; i < s->height; i++) { for (i = 0; i < decoded_height; i++) {
for (x = off; x < w; x += stride) for (x = off; x < w; x += stride)
src[x] <<= shift; src[x] <<= shift;
src += s->picture_ptr->linesize[0]; src += s->picture_ptr->linesize[0];
...@@ -525,7 +528,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, ...@@ -525,7 +528,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
} else { } else {
uint16_t *src = (uint16_t *)s->picture_ptr->data[0]; uint16_t *src = (uint16_t *)s->picture_ptr->data[0];
for (i = 0; i < s->height; i++) { for (i = 0; i < decoded_height; i++) {
for (x = 0; x < w; x++) for (x = 0; x < w; x++)
src[x] <<= shift; src[x] <<= shift;
src += s->picture_ptr->linesize[0] / 2; src += s->picture_ptr->linesize[0] / 2;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment