PR #21413 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21413 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21413.patch
>From fed570770877974aecb2ad2e5bfa51d659ed3276 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Thu, 8 Jan 2026 15:09:18 +0100 Subject: [PATCH 1/4] avcodec/jpeg2000dec: Print M_b value when asking for a sample Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/jpeg2000dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 276c0a6e43..c3be434d3a 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -2271,7 +2271,7 @@ static inline int tile_codeblocks(const Jpeg2000DecoderContext *s, Jpeg2000Tile continue; if (M_b >= 31) { - avpriv_request_sample(s->avctx, "M_b >= 31"); + avpriv_request_sample(s->avctx, "M_b (%d) > 31", M_b); return AVERROR_PATCHWELCOME; } -- 2.49.1 >From bfe7f5b4b31ee9a2cc37cd5c1a8d1b7009c984cf Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Thu, 8 Jan 2026 15:11:00 +0100 Subject: [PATCH 2/4] avcodec/jpeg2000dec: Print bpno level when erroring out Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/jpeg2000dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index c3be434d3a..583e85b712 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -2044,7 +2044,7 @@ static int decode_cblk(const Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *cod while (passno--) { if (bpno < 0 || bpno > 29) { - av_log(s->avctx, AV_LOG_ERROR, "bpno became invalid\n"); + av_log(s->avctx, AV_LOG_ERROR, "bpno (%d) became invalid\n", bpno); return AVERROR_INVALIDDATA; } switch(pass_t) { -- 2.49.1 >From b9275a51326300e38a78d6c1aa1ee5cd51d7e825 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Thu, 8 Jan 2026 15:12:14 +0100 Subject: [PATCH 3/4] avcodec/jpeg2000dec: allow M_b == 31 Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/jpeg2000dec.c | 4 ++-- libavcodec/jpeg2000htdec.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 583e85b712..de548641d5 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -2100,7 +2100,7 @@ static int decode_cblk(const Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *cod for (int y = 0; y < height; y++) { for (int x = 0; x < width; x++) { int32_t sign, n, val; - const uint32_t mask = UINT32_MAX >> (M_b + 1); // bit mask for ROI detection + const uint32_t mask = (UINT32_MAX >> M_b) >> 1; // bit mask for ROI detection n = x + (y * t1->stride); val = t1->data[n]; @@ -2270,7 +2270,7 @@ static inline int tile_codeblocks(const Jpeg2000DecoderContext *s, Jpeg2000Tile band->coord[1][0] == band->coord[1][1]) continue; - if (M_b >= 31) { + if (M_b > 31) { avpriv_request_sample(s->avctx, "M_b (%d) > 31", M_b); return AVERROR_PATCHWELCOME; } diff --git a/libavcodec/jpeg2000htdec.c b/libavcodec/jpeg2000htdec.c index 54b37009c2..b92f0131a4 100644 --- a/libavcodec/jpeg2000htdec.c +++ b/libavcodec/jpeg2000htdec.c @@ -1219,7 +1219,7 @@ ff_jpeg2000_decode_htj2k(const Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c uint8_t *block_states = NULL; int32_t n, val; // Post-processing - const uint32_t mask = UINT32_MAX >> (M_b + 1); // bit mask for ROI detection + const uint32_t mask = (UINT32_MAX >> M_b) >> 1; // bit mask for ROI detection uint8_t num_rempass; -- 2.49.1 >From 635916108731e63d05c00d0f8adfd40f4684b74f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Thu, 8 Jan 2026 15:13:05 +0100 Subject: [PATCH 4/4] avcodec/jpeg2000dec: allow bpno of -1 Fixes: tickets/4663/levels30.jp2 The file decodes without error messages and no integer overflows The file before the broader M_b check did decode with error messages and integer overflows but also no visual artifacts Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/jpeg2000dec.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index de548641d5..3572751429 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -1900,7 +1900,7 @@ static void decode_sigpass(Jpeg2000T1Context *t1, int width, int height, int bpno, int bandno, int vert_causal_ctx_csty_symbol) { - int mask = 3 << (bpno - 1), y0, x, y; + int mask = (3u << bpno)>>1, y0, x, y; for (y0 = 0; y0 < height; y0 += 4) for (x = 0; x < width; x++) @@ -1933,7 +1933,7 @@ static void decode_refpass(Jpeg2000T1Context *t1, int width, int height, int phalf; int y0, x, y; - phalf = 1 << (bpno - 1); + phalf = 1 << bpno; for (y0 = 0; y0 < height; y0 += 4) for (x = 0; x < width; x++) @@ -1942,11 +1942,11 @@ static void decode_refpass(Jpeg2000T1Context *t1, int width, int height, int flags_mask = (vert_causal_ctx_csty_symbol && y == y0 + 3) ? ~(JPEG2000_T1_SIG_S | JPEG2000_T1_SIG_SW | JPEG2000_T1_SIG_SE | JPEG2000_T1_SGN_S) : -1; int ctxno = ff_jpeg2000_getrefctxno(t1->flags[(y + 1) * t1->stride + x + 1] & flags_mask); - t1->data[(y) * t1->stride + x] |= phalf; + t1->data[(y) * t1->stride + x] |= phalf >> 1; if (ff_mqc_decode(&t1->mqc, t1->mqc.cx_states + ctxno)) - t1->data[(y) * t1->stride + x] |= phalf << 1; + t1->data[(y) * t1->stride + x] |= phalf; else { - t1->data[(y) * t1->stride + x] &= ~(phalf << 1); + t1->data[(y) * t1->stride + x] &= ~(phalf); } t1->flags[(y + 1) * t1->stride + x + 1] |= JPEG2000_T1_REF; @@ -2043,7 +2043,7 @@ static int decode_cblk(const Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *cod ff_mqc_initdec(&t1->mqc, cblk->data, 0, 1); while (passno--) { - if (bpno < 0 || bpno > 29) { + if (bpno < -1 || bpno > 29) { av_log(s->avctx, AV_LOG_ERROR, "bpno (%d) became invalid\n", bpno); return AVERROR_INVALIDDATA; } -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
