Commit cec48383 authored by Mark Nauwelaerts's avatar Mark Nauwelaerts
Browse files

jpegdec: more sanity checks on input

Specifically, verify input components / colour space is as code
subsequently expects, thereby avoiding crashes or otherwise bogus output.
Presently, that means 3 components YCbCr colour space, and somewhat
limited sampling factors.

Fixes #600553.
parent be5ffd96
......@@ -1034,6 +1034,10 @@ gst_jpeg_dec_chain (GstPad * pad, GstBuffer * buf)
if (dec->cinfo.num_components > 3)
goto components_not_supported;
/* verify color space expectation to avoid going *boom* or bogus output */
if (dec->cinfo.jpeg_color_space != JCS_YCbCr)
goto unsupported_colorspace;
#ifndef GST_DISABLE_GST_DEBUG
{
gint i;
......@@ -1060,6 +1064,12 @@ gst_jpeg_dec_chain (GstPad * pad, GstBuffer * buf)
GST_WARNING_OBJECT (dec, "failed to start decompression cycle");
}
/* YUV sanity checks to get safe and reasonable I420 output */
g_assert (dec->cinfo.num_components == 3);
if (r_v > 2 || r_v < dec->cinfo.comp_info[0].v_samp_factor ||
r_h < dec->cinfo.comp_info[0].h_samp_factor)
goto invalid_yuv;
width = dec->cinfo.output_width;
height = dec->cinfo.output_height;
......@@ -1306,6 +1316,20 @@ components_not_supported:
ret = GST_FLOW_ERROR;
goto done;
}
unsupported_colorspace:
{
GST_ELEMENT_ERROR (dec, STREAM, DECODE, (NULL),
("Picture has unknown or unsupported colourspace"));
ret = GST_FLOW_ERROR;
goto done;
}
invalid_yuv:
{
GST_ELEMENT_ERROR (dec, STREAM, DECODE, (NULL),
("Picture is corrupt or unhandled YUV layout"));
ret = GST_FLOW_ERROR;
goto done;
}
}
static gboolean
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment