diff options
Diffstat (limited to 'libavcodec/escape124.c')
-rw-r--r-- | libavcodec/escape124.c | 119 |
1 files changed, 62 insertions, 57 deletions
diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c index 86a63a4..eb051eb 100644 --- a/libavcodec/escape124.c +++ b/libavcodec/escape124.c @@ -2,26 +2,26 @@ * Escape 124 Video Decoder * Copyright (C) 2008 Eli Friedman (eli.friedman@gmail.com) * - * This file is part of Libav. + * This file is part of FFmpeg. * - * Libav is free software; you can redistribute it and/or + * FFmpeg is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * - * Libav is distributed in the hope that it will be useful, + * FFmpeg is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with Libav; if not, write to the Free Software + * License along with FFmpeg; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #define BITSTREAM_READER_LE #include "avcodec.h" -#include "bitstream.h" +#include "get_bits.h" #include "internal.h" typedef union MacroBlock { @@ -48,11 +48,6 @@ typedef struct Escape124Context { CodeBook codebooks[3]; } Escape124Context; -static int can_safely_read(BitstreamContext *bc, int bits) -{ - return bitstream_bits_left(bc) >= bits; -} - /** * Initialize the decoder * @param avctx decoder context @@ -80,20 +75,20 @@ static av_cold int escape124_decode_close(AVCodecContext *avctx) Escape124Context *s = avctx->priv_data; for (i = 0; i < 3; i++) - av_free(s->codebooks[i].blocks); + av_freep(&s->codebooks[i].blocks); av_frame_free(&s->frame); return 0; } -static CodeBook unpack_codebook(BitstreamContext *bc, unsigned depth, +static CodeBook unpack_codebook(GetBitContext* gb, unsigned depth, unsigned size) { unsigned i, j; CodeBook cb = { 0 }; - if (!can_safely_read(bc, size * 34)) + if (size >= INT_MAX / 34 || get_bits_left(gb) < size * 34) return cb; if (size >= INT_MAX / sizeof(MacroBlock)) @@ -105,9 +100,9 @@ static CodeBook unpack_codebook(BitstreamContext *bc, unsigned depth, cb.depth = depth; cb.size = size; for (i = 0; i < size; i++) { - unsigned mask_bits = bitstream_read(bc, 4); - unsigned color0 = bitstream_read(bc, 15); - unsigned color1 = bitstream_read(bc, 15); + unsigned mask_bits = get_bits(gb, 4); + unsigned color0 = get_bits(gb, 15); + unsigned color1 = get_bits(gb, 15); for (j = 0; j < 4; j++) { if (mask_bits & (1 << j)) @@ -119,43 +114,47 @@ static CodeBook unpack_codebook(BitstreamContext *bc, unsigned depth, return cb; } -static unsigned decode_skip_count(BitstreamContext *bc) +static unsigned decode_skip_count(GetBitContext* gb) { unsigned value; // This function reads a maximum of 23 bits, // which is within the padding space - if (!can_safely_read(bc, 1)) + if (get_bits_left(gb) < 1) return -1; - value = bitstream_read_bit(bc); + value = get_bits1(gb); if (!value) return value; - value += bitstream_read(bc, 3); + value += get_bits(gb, 3); if (value != (1 + ((1 << 3) - 1))) return value; - value += bitstream_read(bc, 7); + value += get_bits(gb, 7); if (value != (1 + ((1 << 3) - 1)) + ((1 << 7) - 1)) return value; - return value + bitstream_read(bc, 12); + return value + get_bits(gb, 12); } -static MacroBlock decode_macroblock(Escape124Context *s, BitstreamContext *bc, - int *codebook_index, int superblock_index) +static MacroBlock decode_macroblock(Escape124Context* s, GetBitContext* gb, + int* codebook_index, int superblock_index) { // This function reads a maximum of 22 bits; the callers // guard this function appropriately unsigned block_index, depth; - int value = bitstream_read_bit(bc); + int value = get_bits1(gb); if (value) { - static const char transitions[3][2] = { {2, 1}, {0, 2}, {1, 0} }; - value = bitstream_read_bit(bc); + static const int8_t transitions[3][2] = { {2, 1}, {0, 2}, {1, 0} }; + value = get_bits1(gb); *codebook_index = transitions[*codebook_index][value]; } depth = s->codebooks[*codebook_index].depth; - block_index = bitstream_read(bc, depth); + + // depth = 0 means that this shouldn't read any bits; + // in theory, this is the same as get_bits(gb, 0), but + // that doesn't actually work. + block_index = get_bitsz(gb, depth); if (*codebook_index == 1) { block_index += superblock_index << s->codebooks[1].depth; @@ -200,12 +199,11 @@ static int escape124_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPacket *avpkt) { - const uint8_t *buf = avpkt->data; int buf_size = avpkt->size; Escape124Context *s = avctx->priv_data; AVFrame *frame = data; - BitstreamContext bc; + GetBitContext gb; unsigned frame_flags, frame_size; unsigned i; @@ -215,17 +213,19 @@ static int escape124_decode_frame(AVCodecContext *avctx, uint16_t* old_frame_data, *new_frame_data; unsigned old_stride, new_stride; + int ret; - bitstream_init8(&bc, buf, buf_size); + if ((ret = init_get_bits8(&gb, avpkt->data, avpkt->size)) < 0) + return ret; // This call also guards the potential depth reads for the // codebook unpacking. - if (!can_safely_read(&bc, 64)) + if (get_bits_left(&gb) < 64) return -1; - frame_flags = bitstream_read(&bc, 32); - frame_size = bitstream_read(&bc, 32); + frame_flags = get_bits_long(&gb, 32); + frame_size = get_bits_long(&gb, 32); // Leave last frame unchanged // FIXME: Is this necessary? I haven't seen it in any real samples @@ -233,7 +233,7 @@ static int escape124_decode_frame(AVCodecContext *avctx, if (!s->frame->data[0]) return AVERROR_INVALIDDATA; - av_log(NULL, AV_LOG_DEBUG, "Skipping frame\n"); + av_log(avctx, AV_LOG_DEBUG, "Skipping frame\n"); *got_frame = 1; if ((ret = av_frame_ref(frame, s->frame)) < 0) @@ -248,10 +248,14 @@ static int escape124_decode_frame(AVCodecContext *avctx, if (i == 2) { // This codebook can be cut off at places other than // powers of 2, leaving some of the entries undefined. - cb_size = bitstream_read(&bc, 20); + cb_size = get_bits_long(&gb, 20); + if (!cb_size) { + av_log(avctx, AV_LOG_ERROR, "Invalid codebook size 0.\n"); + return AVERROR_INVALIDDATA; + } cb_depth = av_log2(cb_size - 1) + 1; } else { - cb_depth = bitstream_read(&bc, 4); + cb_depth = get_bits(&gb, 4); if (i == 0) { // This is the most basic codebook: pow(2,depth) entries // for a depth-length key @@ -263,17 +267,20 @@ static int escape124_decode_frame(AVCodecContext *avctx, cb_size = s->num_superblocks << cb_depth; } } - av_free(s->codebooks[i].blocks); - s->codebooks[i] = unpack_codebook(&bc, cb_depth, cb_size); + if (s->num_superblocks >= INT_MAX >> cb_depth) { + av_log(avctx, AV_LOG_ERROR, "Depth or num_superblocks are too large\n"); + return AVERROR_INVALIDDATA; + } + + av_freep(&s->codebooks[i].blocks); + s->codebooks[i] = unpack_codebook(&gb, cb_depth, cb_size); if (!s->codebooks[i].blocks) return -1; } } - if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0) { - av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); + if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0) return ret; - } new_frame_data = (uint16_t*)frame->data[0]; new_stride = frame->linesize[0] / 2; @@ -289,7 +296,7 @@ static int escape124_decode_frame(AVCodecContext *avctx, if (skip == -1) { // Note that this call will make us skip the rest of the blocks // if the frame prematurely ends - skip = decode_skip_count(&bc); + skip = decode_skip_count(&gb); } if (skip) { @@ -299,10 +306,10 @@ static int escape124_decode_frame(AVCodecContext *avctx, copy_superblock(sb.pixels, 8, old_frame_data, old_stride); - while (can_safely_read(&bc, 1) && !bitstream_read_bit(&bc)) { + while (get_bits_left(&gb) >= 1 && !get_bits1(&gb)) { unsigned mask; - mb = decode_macroblock(s, &bc, &cb_index, superblock_index); - mask = bitstream_read(&bc, 16); + mb = decode_macroblock(s, &gb, &cb_index, superblock_index); + mask = get_bits(&gb, 16); multi_mask |= mask; for (i = 0; i < 16; i++) { if (mask & mask_matrix[i]) { @@ -311,29 +318,27 @@ static int escape124_decode_frame(AVCodecContext *avctx, } } - if (can_safely_read(&bc, 1) && !bitstream_read_bit(&bc)) { - unsigned inv_mask = bitstream_read(&bc, 4); + if (!get_bits1(&gb)) { + unsigned inv_mask = get_bits(&gb, 4); for (i = 0; i < 4; i++) { if (inv_mask & (1 << i)) { multi_mask ^= 0xF << i*4; } else { - multi_mask ^= bitstream_read(&bc, 4) << i * 4; + multi_mask ^= get_bits(&gb, 4) << i*4; } } for (i = 0; i < 16; i++) { if (multi_mask & mask_matrix[i]) { - if (!can_safely_read(&bc, 1)) - break; - mb = decode_macroblock(s, &bc, &cb_index, + mb = decode_macroblock(s, &gb, &cb_index, superblock_index); insert_mb_into_sb(&sb, mb, i); } } } else if (frame_flags & (1 << 16)) { - while (can_safely_read(&bc, 1) && !bitstream_read_bit(&bc)) { - mb = decode_macroblock(s, &bc, &cb_index, superblock_index); - insert_mb_into_sb(&sb, mb, bitstream_read(&bc, 4)); + while (get_bits_left(&gb) >= 1 && !get_bits1(&gb)) { + mb = decode_macroblock(s, &gb, &cb_index, superblock_index); + insert_mb_into_sb(&sb, mb, get_bits(&gb, 4)); } } @@ -353,9 +358,9 @@ static int escape124_decode_frame(AVCodecContext *avctx, skip--; } - av_log(NULL, AV_LOG_DEBUG, + av_log(avctx, AV_LOG_DEBUG, "Escape sizes: %i, %i, %i\n", - frame_size, buf_size, bitstream_tell(&bc) / 8); + frame_size, buf_size, get_bits_count(&gb) / 8); av_frame_unref(s->frame); if ((ret = av_frame_ref(s->frame, frame)) < 0) |