From 2c69544d0c60b1aa43b43f67fa5a887698d735c4 Mon Sep 17 00:00:00 2001
From: Seungha Yang <seungha@centricular.com>
Date: Tue, 3 Aug 2021 19:12:11 +0900
Subject: jpegdec: Fix crash when interlaced field height is not DCT block size
 aligned

In case of interlaced JPEG file, we are doubling stride.
The scratch scan line should take account of it as well.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/1042>
---
 ext/jpeg/gstjpegdec.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'ext')

diff --git a/ext/jpeg/gstjpegdec.c b/ext/jpeg/gstjpegdec.c
index 800a9f181..e9025914b 100644
--- a/ext/jpeg/gstjpegdec.c
+++ b/ext/jpeg/gstjpegdec.c
@@ -871,7 +871,7 @@ gst_jpeg_dec_decode_direct (GstJpegDec * dec, GstVideoFrame * frame,
   gint lines, v_samp[3];
   guchar *base[3], *last[3];
   gint stride[3];
-  guint height;
+  guint height, field_height;
 
   line[0] = y;
   line[1] = u;
@@ -884,7 +884,12 @@ gst_jpeg_dec_decode_direct (GstJpegDec * dec, GstVideoFrame * frame,
   if (G_UNLIKELY (v_samp[0] > 2 || v_samp[1] > 2 || v_samp[2] > 2))
     goto format_not_supported;
 
-  height = GST_VIDEO_FRAME_HEIGHT (frame);
+  height = field_height = GST_VIDEO_FRAME_HEIGHT (frame);
+
+  /* XXX: division by 2 here might not be a good idea yes. But we are doing this
+   * already in gst_jpeg_dec_handle_frame() for interlaced jpeg */
+  if (num_fields == 2)
+    field_height /= 2;
 
   for (i = 0; i < 3; i++) {
     base[i] = GST_VIDEO_FRAME_COMP_DATA (frame, i);
@@ -899,7 +904,7 @@ gst_jpeg_dec_decode_direct (GstJpegDec * dec, GstVideoFrame * frame,
     }
   }
 
-  if (height % (v_samp[0] * DCTSIZE) && (dec->scratch_size < stride[0])) {
+  if (field_height % (v_samp[0] * DCTSIZE) && (dec->scratch_size < stride[0])) {
     g_free (dec->scratch);
     dec->scratch = g_malloc (stride[0]);
     dec->scratch_size = stride[0];
-- 
cgit v1.2.1