[FFmpeg-devel] [PR] avcodec/mjpegdec: require progress in AVRn interlaced field loop (PR #23346)

Thu, 04 Jun 2026 14:11:23 -0700 

PR #23346 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23346
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23346.patch

Fixes: Timeout
Fixes: 
500554625/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MEDIA100_fuzzer-5094103347167232
Fixes: 
511253447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-5780722463080448
Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <[email protected]>




>From d2b5433b5efc54e45512043573b41128b06d31ef Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <[email protected]>
Date: Thu, 4 Jun 2026 20:51:43 +0200
Subject: [PATCH] avcodec/mjpegdec: require progress in AVRn interlaced field
 loop

Fixes: Timeout
Fixes: 
500554625/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MEDIA100_fuzzer-5094103347167232
Fixes: 
511253447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-5780722463080448
Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <[email protected]>
---
 libavcodec/mjpegdec.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index e6c4f4acfc..a3277d1e79 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1438,6 +1438,7 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s)
     int linesize[MAX_COMPONENTS];
     GetBitContext mb_bitmask_gb = {0}; // initialize to silence gcc warning
     int bytes_per_pixel = 1 + (s->bits > 8);
+    int field_pos = -1;
     int ret;
 
     if (s->avctx->codec_id == AV_CODEC_ID_MXPEG) {
@@ -1572,8 +1573,10 @@ next_field:
         bytestream2_get_bytes_left(&s->gB) > 2 &&
         bytestream2_tell(&s->gB) > 2 &&
         s->gB.buffer[-2] == 0xFF &&
-        s->gB.buffer[-1] == 0xD1) {
+        s->gB.buffer[-1] == 0xD1 &&
+        bytestream2_tell(&s->gB) != field_pos) {
         av_log(s->avctx, AV_LOG_DEBUG, "AVRn interlaced picture marker 
found\n");
+        field_pos = bytestream2_tell(&s->gB);
         s->bottom_field ^= 1;
 
         goto next_field;
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to