[Ffmpeg-devel] segfault decoding a jpeg
Luca Ognibene
luogni
Wed Jul 6 16:09:28 CEST 2005
I've a segfault decoding this jpeg:
http://www.freedesktop.org/~skaboy/test-pipe-4003.jpg
The file loads fine in ImageMagick, Firefox and so on..
I'm attaching to this mail a simple test case.
The backtrace is the following:
Program received signal SIGSEGV, Segmentation fault.
mjpeg_decode_com (s=0x8049590) at bswap.h:29
29 {
(gdb) bt
#0 mjpeg_decode_com (s=0x8049590) at bswap.h:29
#1 0x4010d234 in mjpeg_decode_frame (avctx=0x80491c0, data=0x80494b0, data_size=0xbffffffd, buf=0xbffe7487 "", buf_size=72417) at mjpeg.c:1893
#2 0x400e25b5 in avcodec_decode_video (avctx=0x80491c0, picture=0xbffffffd, got_picture_ptr=0xbffff8fc, buf=0xbffffffd "", buf_size=72417) at utils.c:621
#3 0x08048b70 in video_decode_example ()
#4 0x08048d8b in main ()
It's trying to decode a comment. In mjpeg_decode_com, line 1732 'len' is a very high (>30000) value..
If i change the check to "if (len >= 2 && len < 10000) {" than decoding
works fine.. but i don't think this is a good fix :)
If anyone can point me in the right direction..
I'm using current ffmpeg cvs.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: decodejpeg.c
Type: text/x-csrc
Size: 4839 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20050706/7fda5a8a/attachment.c>
More information about the ffmpeg-devel
mailing list