jpegdec: Fix crash when interlaced field height is not DCT block size aligned

In case of interlaced JPEG file, we are doubling stride.
The scratch scan line should take account of it as well.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/1042>

diff --git a/ext/jpeg/gstjpegdec.c b/ext/jpeg/gstjpegdec.c
index 800a9f1..e902591 100644 (file)
--- a/ext/jpeg/gstjpegdec.c
+++ b/ext/jpeg/gstjpegdec.c
@@ -871,7 +871,7 @@ gst_jpeg_dec_decode_direct (GstJpegDec * dec, GstVideoFrame * frame,
   gint lines, v_samp[3];
   guchar *base[3], *last[3];
   gint stride[3];
-  guint height;
+  guint height, field_height;
 
   line[0] = y;
   line[1] = u;
@@ -884,7 +884,12 @@ gst_jpeg_dec_decode_direct (GstJpegDec * dec, GstVideoFrame * frame,
   if (G_UNLIKELY (v_samp[0] > 2 || v_samp[1] > 2 || v_samp[2] > 2))
     goto format_not_supported;
 
-  height = GST_VIDEO_FRAME_HEIGHT (frame);
+  height = field_height = GST_VIDEO_FRAME_HEIGHT (frame);
+
+  /* XXX: division by 2 here might not be a good idea yes. But we are doing this
+   * already in gst_jpeg_dec_handle_frame() for interlaced jpeg */
+  if (num_fields == 2)
+    field_height /= 2;
 
   for (i = 0; i < 3; i++) {
     base[i] = GST_VIDEO_FRAME_COMP_DATA (frame, i);
@@ -899,7 +904,7 @@ gst_jpeg_dec_decode_direct (GstJpegDec * dec, GstVideoFrame * frame,
     }
   }
 
-  if (height % (v_samp[0] * DCTSIZE) && (dec->scratch_size < stride[0])) {
+  if (field_height % (v_samp[0] * DCTSIZE) && (dec->scratch_size < stride[0])) {
     g_free (dec->scratch);
     dec->scratch = g_malloc (stride[0]);
     dec->scratch_size = stride[0];