[FFmpeg-devel] Fix mjpeg decoder runaway from internal buffer

Michael Niedermayer michaelni
Tue Oct 19 17:14:04 CEST 2010


On Tue, Oct 19, 2010 at 06:50:21PM +0400, Anatoly Nenashev wrote:
> On 19.10.2010 18:31, Michael Niedermayer wrote:
>> On Tue, Oct 19, 2010 at 05:51:55PM +0400, Anatoliy Nenashev wrote:
>>    
>>> Hi!
>>> In some cases there is a situation when mjpeg decoder runaway from
>>> allocated s->buffer.
>>> Usually it happens in VLC decoder for DC-AC coefficients when input
>>> frame is cirrupted.
>>> In this case it is caused by "specific" garbage at the end of the memory
>>> allocated for s->buffer.
>>>
>>> Here is a fix to prevent this situation.
>>>      
>> i dont see how this would prevent overreading the buffer. And no i dont
>> care that on your computer with your sample this week it works.
>> unless you can show that this always works (which i doubt) its not
>> a correct solution.
>>
>
> 0xFF  value aligned to byte is deprecated for VLC value because it is  
> used for markers. Thats why VLC decoder will  stop within error  when  
> intersects s->buffer_size position.

what you write makes no sense. any VLC is allowed, 0xFF occuring
in the bitstream are explicitly escaped. If i missed something in the
jpeg spec that disallows such vlcs then please refer to this part of the spec

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Those who are too smart to engage in politics are punished by being
governed by those who are dumber. -- Plato 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20101019/8c90f515/attachment.pgp>



More information about the ffmpeg-devel mailing list