const uint8_t *val_table, int nb_codes,
int use_static, int is_ac)
{
- uint8_t huff_size[256];
+ uint8_t huff_size[256] = { 0 };
uint16_t huff_code[256];
uint16_t huff_sym[256];
int i;
assert(nb_codes <= 256);
- memset(huff_size, 0, sizeof(huff_size));
ff_mjpeg_build_huffman_codes(huff_size, huff_code, bits_table, val_table);
for (i = 0; i < 256; i++)
if (is_ac)
huff_sym[0] = 16 * 256;
- return init_vlc_sparse(vlc, 9, nb_codes, huff_size, 1, 1,
- huff_code, 2, 2, huff_sym, 2, 2, use_static);
+ return ff_init_vlc_sparse(vlc, 9, nb_codes, huff_size, 1, 1,
+ huff_code, 2, 2, huff_sym, 2, 2, use_static);
}
static void build_basic_mjpeg_vlc(MJpegDecodeContext *s)
avcodec_get_frame_defaults(&s->picture);
s->avctx = avctx;
- dsputil_init(&s->dsp, avctx);
+ ff_dsputil_init(&s->dsp, avctx);
ff_init_scantable(s->dsp.idct_permutation, &s->scantable, ff_zigzag_direct);
s->buffer_size = 0;
s->buffer = NULL;
len -= n;
/* build VLC and flush previous vlc if present */
- free_vlc(&s->vlcs[class][index]);
+ ff_free_vlc(&s->vlcs[class][index]);
av_log(s->avctx, AV_LOG_DEBUG, "class=%d index=%d nb_codes=%d\n",
class, index, code_max + 1);
if (build_vlc(&s->vlcs[class][index], bits_table, val_table,
return -1;
if (class > 0) {
- free_vlc(&s->vlcs[2][index]);
+ ff_free_vlc(&s->vlcs[2][index]);
if (build_vlc(&s->vlcs[2][index], bits_table, val_table,
code_max + 1, 0, 0) < 0)
return -1;
if (nb_components <= 0 ||
nb_components > MAX_COMPONENTS)
return -1;
+ if (s->interlaced && (s->bottom_field == !s->interlace_polarity)) {
+ if (nb_components != s->nb_components) {
+ av_log(s->avctx, AV_LOG_ERROR, "nb_components changing in interlaced picture\n");
+ return AVERROR_INVALIDDATA;
+ }
+ }
if (s->ls && !(s->bits <= 8 || nb_components == 1)) {
av_log(s->avctx, AV_LOG_ERROR,
"only <= 8 bits/component or 16-bit gray accepted for JPEG-LS\n");
s->h_max = s->h_count[i];
if (s->v_count[i] > s->v_max)
s->v_max = s->v_count[i];
+ if (!s->h_count[i] || !s->v_count[i]) {
+ av_log(s->avctx, AV_LOG_ERROR, "h/v_count is 0\n");
+ return -1;
+ }
s->quant_index[i] = get_bits(&s->gb, 8);
if (s->quant_index[i] >= 4)
return -1;
s->first_picture = 0;
}
- if (s->interlaced && (s->bottom_field == !s->interlace_polarity))
+ if (s->interlaced && (s->bottom_field == !s->interlace_polarity)) {
+ if (s->progressive) {
+ av_log_ask_for_sample(s->avctx, "progressively coded interlaced pictures not supported\n");
+ return AVERROR_INVALIDDATA;
+ }
return 0;
+ }
/* XXX: not complete test ! */
pix_fmt_id = (s->h_count[0] << 28) | (s->v_count[0] << 24) |
if (s->restart_interval && !s->restart_count)
s->restart_count = s->restart_interval;
- if (get_bits_count(&s->gb)>s->gb.size_in_bits) {
+ if (get_bits_left(&s->gb) < 0) {
av_log(s->avctx, AV_LOG_ERROR, "overread %d\n",
- get_bits_count(&s->gb) - s->gb.size_in_bits);
+ -get_bits_left(&s->gb));
return -1;
}
for (i = 0; i < nb_components; i++) {
if(nb_components == 3 && s->nb_components == 3 && s->avctx->pix_fmt == PIX_FMT_GBR24P)
index = (i+2)%3;
+ if(nb_components == 1 && s->nb_components == 3 && s->avctx->pix_fmt == PIX_FMT_GBR24P)
+ index = (index+2)%3;
s->comp_index[i] = index;
len = get_bits(&s->gb, 16);
if (len < 5)
return -1;
- if (8 * len + get_bits_count(&s->gb) > s->gb.size_in_bits)
+ if (8 * len > get_bits_left(&s->gb))
return -1;
id = get_bits_long(&s->gb, 32);
static int mjpeg_decode_com(MJpegDecodeContext *s)
{
int len = get_bits(&s->gb, 16);
- if (len >= 2 &&
- 8 * len - 16 + get_bits_count(&s->gb) <= s->gb.size_in_bits) {
+ if (len >= 2 && 8 * len - 16 <= get_bits_left(&s->gb)) {
char *cbuf = av_malloc(len - 1);
if (cbuf) {
int i;
/* EOF */
if (start_code < 0) {
goto the_end;
+ } else if (unescaped_buf_size > (1U<<29)) {
+ av_log(avctx, AV_LOG_ERROR, "MJPEG packet 0x%x too big (0x%x/0x%x), corrupt data?\n",
+ start_code, unescaped_buf_size, buf_size);
+ return AVERROR_INVALIDDATA;
} else {
av_log(avctx, AV_LOG_DEBUG, "marker=%x avail_size_in_buf=%td\n",
start_code, buf_end - buf_ptr);
for (i = 0; i < 3; i++) {
for (j = 0; j < 4; j++)
- free_vlc(&s->vlcs[i][j]);
+ ff_free_vlc(&s->vlcs[i][j]);
}
for (i = 0; i < MAX_COMPONENTS; i++) {
av_freep(&s->blocks[i]);
projects / ffmpeg / blobdiff