The branch, master has been updated
via 6696a9b8bd2eacf90d7bd199d37115ba12def793 (commit)
via e207520b82ec46c5cf12f7f71f38f142c88d51c8 (commit)
from 9ee7796c540ce9cec3fdff0dd246de842228707b (commit)
- Log -----------------------------------------------------------------
commit 6696a9b8bd2eacf90d7bd199d37115ba12def793
Author: Ramiro Polla <[email protected]>
AuthorDate: Tue Oct 1 20:50:05 2024 +0200
Commit: Ramiro Polla <[email protected]>
CommitDate: Thu Sep 4 15:28:41 2025 +0000
avcodec/mjpegdec: ignore APPx stubs unless AV_EF_EXPLODE is set
Consider APPx fields that are too short to contain an id field (32-bit)
as stubs, and ignore them if AV_EF_EXPLODE is not set.
This has been seen in the MJPEG output from some webcams (such as the
Logitech C270 and C920) and the JPEG images embedded in DNG images
from the Pentax K-1 camera.
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index c44d7f8181..3dde759fea 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1859,20 +1859,22 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
int len, id, i;
len = get_bits(&s->gb, 16);
- if (len < 6) {
- if (s->bayer) {
- // Pentax K-1 (digital camera) JPEG images embedded in DNG images
contain unknown APP0 markers
- av_log(s->avctx, AV_LOG_WARNING, "skipping APPx (len=%"PRId32")
for bayer-encoded image\n", len);
- skip_bits(&s->gb, len);
- return 0;
- } else
+ if (len < 2)
+ return AVERROR_INVALIDDATA;
+ len -= 2;
+
+ if (len < 4) {
+ if (s->avctx->err_recognition & AV_EF_EXPLODE)
return AVERROR_INVALIDDATA;
+ av_log(s->avctx, AV_LOG_VERBOSE, "skipping APPx stub (len=%" PRId32
")\n", len);
+ goto out;
}
+
if (8 * len > get_bits_left(&s->gb))
return AVERROR_INVALIDDATA;
id = get_bits_long(&s->gb, 32);
- len -= 6;
+ len -= 4;
if (s->avctx->debug & FF_DEBUG_STARTCODE)
av_log(s->avctx, AV_LOG_DEBUG, "APPx (%s / %8X) len=%d\n",
commit e207520b82ec46c5cf12f7f71f38f142c88d51c8
Author: Ramiro Polla <[email protected]>
AuthorDate: Thu Oct 17 13:00:11 2024 +0200
Commit: Ramiro Polla <[email protected]>
CommitDate: Thu Sep 4 15:28:41 2025 +0000
avcodec/mjpegdec: fix skipping of bytes for unknown APPx markers
The loop to skip the remaining bytes was off by one for all markers
except for Adob.
This patch uses post-decrement instead of pre-decrement in the while
loop to make the len value easier to understand, and updates the len
value to reflect this change for the Adob marker.
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 4d6379805c..c44d7f8181 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1934,7 +1934,7 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
}
if ( id == AV_RB32("Adob")
- && len >= 7
+ && len >= 8
&& show_bits(&s->gb, 8) == 'e'
&& show_bits_long(&s->gb, 32) != AV_RB32("e_CM")) {
skip_bits(&s->gb, 8); /* 'e' */
@@ -1944,7 +1944,7 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
s->adobe_transform = get_bits(&s->gb, 8);
if (s->avctx->debug & FF_DEBUG_PICT_INFO)
av_log(s->avctx, AV_LOG_INFO, "mjpeg: Adobe header found,
transform=%d\n", s->adobe_transform);
- len -= 7;
+ len -= 8;
goto out;
}
@@ -2153,7 +2153,7 @@ out:
if (len < 0)
av_log(s->avctx, AV_LOG_ERROR,
"mjpeg: error, decode_app parser read over the end\n");
- while (--len > 0)
+ while (len-- > 0)
skip_bits(&s->gb, 8);
return 0;
-----------------------------------------------------------------------
Summary of changes:
libavcodec/mjpegdec.c | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
hooks/post-receive
--
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
