[FFmpeg-devel] [PATCH] Fix mjpegdec possible crash#

Michael Niedermayer michaelni
Thu Nov 25 17:26:28 CET 2010

On Thu, Nov 25, 2010 at 06:22:37PM +0300, Anatoly Nenashev wrote:
> Hi!
> In some cases with broken mjpeg/mxpeg streams there is a problem with  
> allocation of MJpegDecodeContext field named "blocks".
> It is possible when encoded stream is non-progressive but SOF2 header  
> marker is available in it. Thus if SOF2 header is not successfully  
> decoded then s->blocks is not allocated but s->progressive is set to 1.  
> So it is a reason to crash in decode_dc_progressive.

I dont see how decode_dc_progressive() could be reached when
ff_mjpeg_decode_sof() has failed in mjpeg. but i might be missing something

Yes with your mxpeg patch it can probably be reached but the bug is in you
setting got_picture=1 without the most recent SOF being successfully parsed

Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The real ebay dictionary, page 2
"100% positive feedback" - "All either got their money back or didnt complain"
"Best seller ever, very honest" - "Seller refunded buyer after failed scam"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20101125/ef9e46c6/attachment.pgp>

More information about the ffmpeg-devel mailing list