diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2019-09-19 18:52:50 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2019-10-08 16:24:58 +0200 |
| commit | 675c6d1e171085cc85068fd29c5dfe2b3dd22bda (patch) | |
| tree | b26c650a56132caa937e620cb5b83ee1c1bc76ee /libavcodec/jpeglsdec.c | |
| parent | fe7fbf3a2273b2f13c3190fcda58b9663b535157 (diff) | |
| download | ffmpeg-675c6d1e171085cc85068fd29c5dfe2b3dd22bda.tar.gz | |
avcodec/jpeglsdec: Apply transform only to initialized lines
Fixes: Timeout (110sec -> 1sec)
Fixes: 17123/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-5636452758585344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/jpeglsdec.c')
| -rw-r--r-- | libavcodec/jpeglsdec.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index 79f7fc1322..0b1e139048 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -352,6 +352,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, uint8_t *zero, *last, *cur; JLSState *state; int off = 0, stride = 1, width, shift, ret = 0; + int decoded_height = 0; zero = av_mallocz(s->picture_ptr->linesize[0]); if (!zero) @@ -427,6 +428,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, skip_bits(&s->gb, 16); /* skip RSTn */ } } + decoded_height = i; } else if (ilv == 1) { /* line interleaving */ int j; int Rc[3] = { 0, 0, 0 }; @@ -452,6 +454,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, last = cur; cur += s->picture_ptr->linesize[0]; } + decoded_height = i; } else if (ilv == 2) { /* sample interleaving */ avpriv_report_missing_feature(s->avctx, "Sample interleaved images"); ret = AVERROR_PATCHWELCOME; @@ -517,7 +520,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, if (s->bits <= 8) { uint8_t *src = s->picture_ptr->data[0]; - for (i = 0; i < s->height; i++) { + for (i = 0; i < decoded_height; i++) { for (x = off; x < w; x += stride) src[x] <<= shift; src += s->picture_ptr->linesize[0]; @@ -525,7 +528,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near, } else { uint16_t *src = (uint16_t *)s->picture_ptr->data[0]; - for (i = 0; i < s->height; i++) { + for (i = 0; i < decoded_height; i++) { for (x = 0; x < w; x++) src[x] <<= shift; src += s->picture_ptr->linesize[0] / 2; |