[FFmpeg-devel] [PATCH] MJPEG check that dc_index and ac_index have a VLC table associated

[Reimar Döffinger]

Hello,
this fixes from issue 1240 mjpeg/smclockmjpeg.avi.1.171
The problem is that the vlc tables 2 and 3 are only initialized if they
are stored in the file, thus causing a NULL dereference when they are
used otherwise.
I think just checking for a valid VLC table is the most reliable way to
fix this, like this:
Index: libavcodec/mjpegdec.c
===================================================================
--- libavcodec/mjpegdec.c       (revision 19334)
+++ libavcodec/mjpegdec.c       (working copy)
@@ -922,24 +923,8 @@
         if (s->dc_index[i] <  0 || s->ac_index[i] < 0 ||
             s->dc_index[i] >= 4 || s->ac_index[i] >= 4)
             goto out_of_range;
-#if 0 //buggy
-        switch(s->start_code)
-        {
-            case SOF0:
-                if (dc_index[i] > 1 || ac_index[i] > 1)
-                    goto out_of_range;
-                break;
-            case SOF1:
-            case SOF2:
-                if (dc_index[i] > 3 || ac_index[i] > 3)
-                    goto out_of_range;
-                break;
-            case SOF3:
-                if (dc_index[i] > 3 || ac_index[i] != 0)
-                    goto out_of_range;
-                break;
-        }
-#endif
+        if (!s->vlcs[0][s->dc_index[i]].table || !s->vlcs[1][s->dc_index[i]].table)
+            goto out_of_range;
     }
 
     predictor= get_bits(&s->gb, 8); /* JPEG Ss / lossless JPEG predictor /JPEG-LS NEAR */

Removing the #if 0 code is not the same thing, but it seems
useless to me and probably implements something similar (just that the
comment says it is buggy, which is useless info, too)...