Commit cc35f6f4 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/mjpegdec: Reinitialize IDCT on BPP changes

Fixes misaligned access
Fixes: dc9262a469f6f315f74c087a7b3a7f35/signal_sigsegv_2e95bcd_9_9c0f9f4a9ba82aa9b3ab2b91ce4d5277.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent d24888ef
...@@ -98,6 +98,15 @@ static void parse_avid(MJpegDecodeContext *s, uint8_t *buf, int len) ...@@ -98,6 +98,15 @@ static void parse_avid(MJpegDecodeContext *s, uint8_t *buf, int len)
av_log(s->avctx, AV_LOG_INFO, "AVID: len:%d %d\n", len, len > 14 ? buf[12] : -1); av_log(s->avctx, AV_LOG_INFO, "AVID: len:%d %d\n", len, len > 14 ? buf[12] : -1);
} }
static void init_idct(AVCodecContext *avctx)
{
MJpegDecodeContext *s = avctx->priv_data;
ff_idctdsp_init(&s->idsp, avctx);
ff_init_scantable(s->idsp.idct_permutation, &s->scantable,
ff_zigzag_direct);
}
av_cold int ff_mjpeg_decode_init(AVCodecContext *avctx) av_cold int ff_mjpeg_decode_init(AVCodecContext *avctx)
{ {
MJpegDecodeContext *s = avctx->priv_data; MJpegDecodeContext *s = avctx->priv_data;
...@@ -112,9 +121,7 @@ av_cold int ff_mjpeg_decode_init(AVCodecContext *avctx) ...@@ -112,9 +121,7 @@ av_cold int ff_mjpeg_decode_init(AVCodecContext *avctx)
s->avctx = avctx; s->avctx = avctx;
ff_blockdsp_init(&s->bdsp, avctx); ff_blockdsp_init(&s->bdsp, avctx);
ff_hpeldsp_init(&s->hdsp, avctx->flags); ff_hpeldsp_init(&s->hdsp, avctx->flags);
ff_idctdsp_init(&s->idsp, avctx); init_idct(avctx);
ff_init_scantable(s->idsp.idct_permutation, &s->scantable,
ff_zigzag_direct);
s->buffer_size = 0; s->buffer_size = 0;
s->buffer = NULL; s->buffer = NULL;
s->start_code = -1; s->start_code = -1;
...@@ -267,7 +274,6 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) ...@@ -267,7 +274,6 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
/* XXX: verify len field validity */ /* XXX: verify len field validity */
len = get_bits(&s->gb, 16); len = get_bits(&s->gb, 16);
s->avctx->bits_per_raw_sample =
bits = get_bits(&s->gb, 8); bits = get_bits(&s->gb, 8);
if (bits > 16 || bits < 1) { if (bits > 16 || bits < 1) {
...@@ -275,6 +281,11 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) ...@@ -275,6 +281,11 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
if (s->avctx->bits_per_raw_sample != bits) {
av_log(s->avctx, AV_LOG_INFO, "Changeing bps to %d\n", bits);
s->avctx->bits_per_raw_sample = bits;
init_idct(s->avctx);
}
if (s->pegasus_rct) if (s->pegasus_rct)
bits = 9; bits = 9;
if (bits == 9 && !s->pegasus_rct) if (bits == 9 && !s->pegasus_rct)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment