mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-11-23 10:11:08 +00:00
Code Issues 1 Projects Releases Wiki Activity

jpegdec: Fix crash when interlaced field height is not DCT block size aligned

Browse source 
In case of interlaced JPEG file, we are doubling stride.
The scratch scan line should take account of it as well.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/1042>
This commit is contained in:
Seungha Yang 2021-08-03 19:12:11 +09:00 committed by GStreamer Marge Bot
parent fedd6c2a28
commit 2c69544d0c
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
ext/jpeg/gstjpegdec.c
View file

@ -871,7 +871,7 @@ gst_jpeg_dec_decode_direct (GstJpegDec * dec, GstVideoFrame * frame,
gint lines, v_samp[3]; gint lines, v_samp[3];
guchar *base[3], *last[3]; guchar *base[3], *last[3];
gint stride[3]; gint stride[3];
guint height; guint height, field_height;
line[0] = y; line[0] = y;
line[1] = u; line[1] = u;
@ -884,7 +884,12 @@ gst_jpeg_dec_decode_direct (GstJpegDec * dec, GstVideoFrame * frame,
if (G_UNLIKELY (v_samp[0] > 2 || v_samp[1] > 2 || v_samp[2] > 2)) if (G_UNLIKELY (v_samp[0] > 2 || v_samp[1] > 2 || v_samp[2] > 2))
goto format_not_supported; goto format_not_supported;
height = GST_VIDEO_FRAME_HEIGHT (frame); height = field_height = GST_VIDEO_FRAME_HEIGHT (frame);
/* XXX: division by 2 here might not be a good idea yes. But we are doing this
* already in gst_jpeg_dec_handle_frame() for interlaced jpeg */
if (num_fields == 2)
field_height /= 2;
for (i = 0; i < 3; i++) { for (i = 0; i < 3; i++) {
base[i] = GST_VIDEO_FRAME_COMP_DATA (frame, i); base[i] = GST_VIDEO_FRAME_COMP_DATA (frame, i);
@ -899,7 +904,7 @@ gst_jpeg_dec_decode_direct (GstJpegDec * dec, GstVideoFrame * frame,
} }
} }
if (height % (v_samp[0] * DCTSIZE) && (dec->scratch_size < stride[0])) { if (field_height % (v_samp[0] * DCTSIZE) && (dec->scratch_size < stride[0])) {
g_free (dec->scratch); g_free (dec->scratch);
dec->scratch = g_malloc (stride[0]); dec->scratch = g_malloc (stride[0]);
dec->scratch_size = stride[0]; dec->scratch_size = stride[0];