diff options
Diffstat (limited to 'libavcodec/truemotion2.c')
-rw-r--r-- | libavcodec/truemotion2.c | 226 |
1 files changed, 139 insertions, 87 deletions
diff --git a/libavcodec/truemotion2.c b/libavcodec/truemotion2.c index cc3b0b7..4d27f0c 100644 --- a/libavcodec/truemotion2.c +++ b/libavcodec/truemotion2.c @@ -2,20 +2,20 @@ * Duck/ON2 TrueMotion 2 Decoder * Copyright (c) 2005 Konstantin Shishkov * - * This file is part of Libav. + * This file is part of FFmpeg. * - * Libav is free software; you can redistribute it and/or + * FFmpeg is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * - * Libav is distributed in the hope that it will be useful, + * FFmpeg is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with Libav; if not, write to the Free Software + * License along with FFmpeg; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ @@ -27,11 +27,10 @@ #include <inttypes.h> #include "avcodec.h" -#include "bitstream.h" #include "bswapdsp.h" #include "bytestream.h" +#include "get_bits.h" #include "internal.h" -#include "vlc.h" #define TM2_ESCAPE 0x80000000 #define TM2_DELTAS 64 @@ -63,9 +62,13 @@ typedef struct TM2Context { AVCodecContext *avctx; AVFrame *pic; - BitstreamContext bc; + GetBitContext gb; + int error; BswapDSPContext bdsp; + uint8_t *buffer; + int buffer_size; + /* TM2 streams */ int *tokens[TM2_NUM_STREAMS]; int tok_lens[TM2_NUM_STREAMS]; @@ -88,7 +91,7 @@ typedef struct TM2Context { * Huffman codes for each of streams */ typedef struct TM2Codes { - VLC vlc; ///< table for Libav bitstream reader + VLC vlc; ///< table for FFmpeg bitstream reader int bits; int *recode; ///< table for converting from code indexes to values int length; @@ -109,16 +112,20 @@ typedef struct TM2Huff { int *lens; ///< codelengths } TM2Huff; +/** + * + * @returns the length of the longest code or an AVERROR code + */ static int tm2_read_tree(TM2Context *ctx, uint32_t prefix, int length, TM2Huff *huff) { - int ret; + int ret, ret2; if (length > huff->max_bits) { av_log(ctx->avctx, AV_LOG_ERROR, "Tree exceeded its given depth (%i)\n", huff->max_bits); return AVERROR_INVALIDDATA; } - if (!bitstream_read_bit(&ctx->bc)) { /* literal */ + if (!get_bits1(&ctx->gb)) { /* literal */ if (length == 0) { length = 1; } @@ -126,18 +133,18 @@ static int tm2_read_tree(TM2Context *ctx, uint32_t prefix, int length, TM2Huff * av_log(ctx->avctx, AV_LOG_DEBUG, "Too many literals\n"); return AVERROR_INVALIDDATA; } - huff->nums[huff->num] = bitstream_read(&ctx->bc, huff->val_bits); + huff->nums[huff->num] = get_bits_long(&ctx->gb, huff->val_bits); huff->bits[huff->num] = prefix; huff->lens[huff->num] = length; huff->num++; - return 0; + return length; } else { /* non-terminal node */ - if ((ret = tm2_read_tree(ctx, prefix << 1, length + 1, huff)) < 0) - return ret; + if ((ret2 = tm2_read_tree(ctx, prefix << 1, length + 1, huff)) < 0) + return ret2; if ((ret = tm2_read_tree(ctx, (prefix << 1) | 1, length + 1, huff)) < 0) return ret; } - return 0; + return FFMAX(ret, ret2); } static int tm2_build_huff_table(TM2Context *ctx, TM2Codes *code) @@ -145,10 +152,10 @@ static int tm2_build_huff_table(TM2Context *ctx, TM2Codes *code) TM2Huff huff; int res = 0; - huff.val_bits = bitstream_read(&ctx->bc, 5); - huff.max_bits = bitstream_read(&ctx->bc, 5); - huff.min_bits = bitstream_read(&ctx->bc, 5); - huff.nodes = bitstream_read(&ctx->bc, 17); + huff.val_bits = get_bits(&ctx->gb, 5); + huff.max_bits = get_bits(&ctx->gb, 5); + huff.min_bits = get_bits(&ctx->gb, 5); + huff.nodes = get_bits_long(&ctx->gb, 17); huff.num = 0; /* check for correct codes parameters */ @@ -169,9 +176,10 @@ static int tm2_build_huff_table(TM2Context *ctx, TM2Codes *code) /* allocate space for codes - it is exactly ceil(nodes / 2) entries */ huff.max_num = (huff.nodes + 1) >> 1; - huff.nums = av_mallocz(huff.max_num * sizeof(int)); - huff.bits = av_mallocz(huff.max_num * sizeof(uint32_t)); - huff.lens = av_mallocz(huff.max_num * sizeof(int)); + huff.nums = av_calloc(huff.max_num, sizeof(int)); + huff.bits = av_calloc(huff.max_num, sizeof(uint32_t)); + huff.lens = av_calloc(huff.max_num, sizeof(int)); + if (!huff.nums || !huff.bits || !huff.lens) { res = AVERROR(ENOMEM); goto out; @@ -179,6 +187,11 @@ static int tm2_build_huff_table(TM2Context *ctx, TM2Codes *code) res = tm2_read_tree(ctx, 0, 0, &huff); + if (res >= 0 && res != huff.max_bits) { + av_log(ctx->avctx, AV_LOG_ERROR, "Got less bits than expected: %i of %i\n", + res, huff.max_bits); + res = AVERROR_INVALIDDATA; + } if (huff.num != huff.max_num) { av_log(ctx->avctx, AV_LOG_ERROR, "Got less codes than expected: %i of %i\n", huff.num, huff.max_num); @@ -197,7 +210,7 @@ static int tm2_build_huff_table(TM2Context *ctx, TM2Codes *code) else { code->bits = huff.max_bits; code->length = huff.max_num; - code->recode = av_malloc(code->length * sizeof(int)); + code->recode = av_malloc_array(code->length, sizeof(int)); if (!code->recode) { res = AVERROR(ENOMEM); goto out; @@ -223,10 +236,12 @@ static void tm2_free_codes(TM2Codes *code) ff_free_vlc(&code->vlc); } -static inline int tm2_get_token(BitstreamContext *bc, TM2Codes *code) +static inline int tm2_get_token(GetBitContext *gb, TM2Codes *code) { int val; - val = bitstream_read_vlc(bc, code->vlc.table, code->bits, 1); + val = get_vlc2(gb, code->vlc.table, code->bits, 1); + if(val<0) + return -1; return code->recode[val]; } @@ -255,18 +270,19 @@ static int tm2_read_deltas(TM2Context *ctx, int stream_id) int d, mb; int i, v; - d = bitstream_read(&ctx->bc, 9); - mb = bitstream_read(&ctx->bc, 5); + d = get_bits(&ctx->gb, 9); + mb = get_bits(&ctx->gb, 5); - if ((d < 1) || (d > TM2_DELTAS) || (mb < 1) || (mb > 32)) { + av_assert2(mb < 32); + if ((d < 1) || (d > TM2_DELTAS) || (mb < 1)) { av_log(ctx->avctx, AV_LOG_ERROR, "Incorrect delta table: %i deltas x %i bits\n", d, mb); return AVERROR_INVALIDDATA; } for (i = 0; i < d; i++) { - v = bitstream_read(&ctx->bc, mb); + v = get_bits_long(&ctx->gb, mb); if (v & (1 << (mb - 1))) - ctx->deltas[stream_id][i] = v - (1 << mb); + ctx->deltas[stream_id][i] = v - (1U << mb); else ctx->deltas[stream_id][i] = v; } @@ -284,18 +300,23 @@ static int tm2_read_stream(TM2Context *ctx, const uint8_t *buf, int stream_id, i TM2Codes codes; GetByteContext gb; + if (buf_size < 4) { + av_log(ctx->avctx, AV_LOG_ERROR, "not enough space for len left\n"); + return AVERROR_INVALIDDATA; + } + /* get stream length in dwords */ bytestream2_init(&gb, buf, buf_size); len = bytestream2_get_be32(&gb); - skip = len * 4 + 4; if (len == 0) return 4; - if (len >= INT_MAX / 4 - 1 || len < 0 || skip > buf_size) { + if (len >= INT_MAX / 4 - 1 || len < 0 || len * 4 + 4 > buf_size) { av_log(ctx->avctx, AV_LOG_ERROR, "Error, invalid stream size.\n"); return AVERROR_INVALIDDATA; } + skip = len * 4 + 4; toks = bytestream2_get_be32(&gb); if (toks & 1) { @@ -307,10 +328,10 @@ static int tm2_read_stream(TM2Context *ctx, const uint8_t *buf, int stream_id, i pos = bytestream2_tell(&gb); if (skip <= pos) return AVERROR_INVALIDDATA; - bitstream_init8(&ctx->bc, buf + pos, skip - pos); + init_get_bits(&ctx->gb, buf + pos, (skip - pos) * 8); if ((ret = tm2_read_deltas(ctx, stream_id)) < 0) return ret; - bytestream2_skip(&gb, ((bitstream_tell(&ctx->bc) + 31) >> 5) << 2); + bytestream2_skip(&gb, ((get_bits_count(&ctx->gb) + 31) >> 5) << 2); } } /* skip unused fields */ @@ -324,61 +345,83 @@ static int tm2_read_stream(TM2Context *ctx, const uint8_t *buf, int stream_id, i pos = bytestream2_tell(&gb); if (skip <= pos) return AVERROR_INVALIDDATA; - bitstream_init8(&ctx->bc, buf + pos, skip - pos); + init_get_bits(&ctx->gb, buf + pos, (skip - pos) * 8); if ((ret = tm2_build_huff_table(ctx, &codes)) < 0) return ret; - bytestream2_skip(&gb, ((bitstream_tell(&ctx->bc) + 31) >> 5) << 2); + bytestream2_skip(&gb, ((get_bits_count(&ctx->gb) + 31) >> 5) << 2); toks >>= 1; /* check if we have sane number of tokens */ if ((toks < 0) || (toks > 0xFFFFFF)) { av_log(ctx->avctx, AV_LOG_ERROR, "Incorrect number of tokens: %i\n", toks); - tm2_free_codes(&codes); - return AVERROR_INVALIDDATA; + ret = AVERROR_INVALIDDATA; + goto end; + } + ret = av_reallocp_array(&ctx->tokens[stream_id], toks, sizeof(int)); + if (ret < 0) { + ctx->tok_lens[stream_id] = 0; + goto end; } - ctx->tokens[stream_id] = av_realloc(ctx->tokens[stream_id], toks * sizeof(int)); ctx->tok_lens[stream_id] = toks; len = bytestream2_get_be32(&gb); if (len > 0) { pos = bytestream2_tell(&gb); - if (skip <= pos) - return AVERROR_INVALIDDATA; - bitstream_init8(&ctx->bc, buf + pos, skip - pos); + if (skip <= pos) { + ret = AVERROR_INVALIDDATA; + goto end; + } + init_get_bits(&ctx->gb, buf + pos, (skip - pos) * 8); for (i = 0; i < toks; i++) { - if (bitstream_bits_left(&ctx->bc) <= 0) { + if (get_bits_left(&ctx->gb) <= 0) { av_log(ctx->avctx, AV_LOG_ERROR, "Incorrect number of tokens: %i\n", toks); - return AVERROR_INVALIDDATA; + ret = AVERROR_INVALIDDATA; + goto end; } - ctx->tokens[stream_id][i] = tm2_get_token(&ctx->bc, &codes); - if (stream_id <= TM2_MOT && ctx->tokens[stream_id][i] >= TM2_DELTAS) { + ctx->tokens[stream_id][i] = tm2_get_token(&ctx->gb, &codes); + if (stream_id <= TM2_MOT && ctx->tokens[stream_id][i] >= TM2_DELTAS || ctx->tokens[stream_id][i]<0) { av_log(ctx->avctx, AV_LOG_ERROR, "Invalid delta token index %d for type %d, n=%d\n", ctx->tokens[stream_id][i], stream_id, i); - return AVERROR_INVALIDDATA; + ret = AVERROR_INVALIDDATA; + goto end; } } } else { + if (len < 0) { + ret = AVERROR_INVALIDDATA; + goto end; + } for (i = 0; i < toks; i++) { ctx->tokens[stream_id][i] = codes.recode[0]; if (stream_id <= TM2_MOT && ctx->tokens[stream_id][i] >= TM2_DELTAS) { av_log(ctx->avctx, AV_LOG_ERROR, "Invalid delta token index %d for type %d, n=%d\n", ctx->tokens[stream_id][i], stream_id, i); - return AVERROR_INVALIDDATA; + ret = AVERROR_INVALIDDATA; + goto end; } } } - tm2_free_codes(&codes); - return skip; + ret = skip; + +end: + tm2_free_codes(&codes); + return ret; } static inline int GET_TOK(TM2Context *ctx,int type) { if (ctx->tok_ptrs[type] >= ctx->tok_lens[type]) { av_log(ctx->avctx, AV_LOG_ERROR, "Read token from stream %i out of bounds (%i>=%i)\n", type, ctx->tok_ptrs[type], ctx->tok_lens[type]); + ctx->error = 1; return 0; } - if (type <= TM2_MOT) + if (type <= TM2_MOT) { + if (ctx->tokens[type][ctx->tok_ptrs[type]] >= TM2_DELTAS) { + av_log(ctx->avctx, AV_LOG_ERROR, "token %d is too large\n", ctx->tokens[type][ctx->tok_ptrs[type]]); + return 0; + } return ctx->deltas[type][ctx->tokens[type][ctx->tok_ptrs[type]++]]; + } return ctx->tokens[type][ctx->tok_ptrs[type]++]; } @@ -413,15 +456,15 @@ static inline int GET_TOK(TM2Context *ctx,int type) /* recalculate last and delta values for next blocks */ #define TM2_RECALC_BLOCK(CHR, stride, last, CD) {\ - CD[0] = CHR[1] - last[1];\ - CD[1] = (int)CHR[stride + 1] - (int)CHR[1];\ + CD[0] = (unsigned)CHR[ 1] - (unsigned)last[1];\ + CD[1] = (unsigned)CHR[stride + 1] - (unsigned) CHR[1];\ last[0] = (int)CHR[stride + 0];\ last[1] = (int)CHR[stride + 1];} /* common operations - add deltas to 4x4 block of luma or 2x2 blocks of chroma */ static inline void tm2_apply_deltas(TM2Context *ctx, int* Y, int stride, int *deltas, int *last) { - int ct, d; + unsigned ct, d; int i, j; for (j = 0; j < 4; j++){ @@ -437,7 +480,7 @@ static inline void tm2_apply_deltas(TM2Context *ctx, int* Y, int stride, int *de } } -static inline void tm2_high_chroma(int *data, int stride, int *last, int *CD, int *deltas) +static inline void tm2_high_chroma(int *data, int stride, int *last, unsigned *CD, int *deltas) { int i, j; for (j = 0; j < 2; j++) { @@ -450,7 +493,7 @@ static inline void tm2_high_chroma(int *data, int stride, int *last, int *CD, in } } -static inline void tm2_low_chroma(int *data, int stride, int *clast, int *CD, int *deltas, int bx) +static inline void tm2_low_chroma(int *data, int stride, int *clast, unsigned *CD, int *deltas, int bx) { int t; int l; @@ -460,8 +503,8 @@ static inline void tm2_low_chroma(int *data, int stride, int *clast, int *CD, in prev = clast[-3]; else prev = 0; - t = (CD[0] + CD[1]) >> 1; - l = (prev - CD[0] - CD[1] + clast[1]) >> 1; + t = (int)(CD[0] + CD[1]) >> 1; + l = (int)(prev - CD[0] - CD[1] + clast[1]) >> 1; CD[1] = CD[0] + CD[1] - t; CD[0] = t; clast[0] = l; @@ -685,6 +728,11 @@ static inline void tm2_motion_block(TM2Context *ctx, AVFrame *pic, int bx, int b mx = av_clip(mx, -(bx * 4 + 4), ctx->avctx->width - bx * 4); my = av_clip(my, -(by * 4 + 4), ctx->avctx->height - by * 4); + if (4*bx+mx<0 || 4*by+my<0 || 4*bx+mx+4 > ctx->avctx->width || 4*by+my+4 > ctx->avctx->height) { + av_log(ctx->avctx, AV_LOG_ERROR, "MV out of picture\n"); + return; + } + Yo += my * oYstride + mx; Uo += (my >> 1) * oUstride + (mx >> 1); Vo += (my >> 1) * oVstride + (mx >> 1); @@ -776,6 +824,8 @@ static int tm2_decode_blocks(TM2Context *ctx, AVFrame *p) default: av_log(ctx->avctx, AV_LOG_ERROR, "Skipping unknown block type %i\n", type); } + if (ctx->error) + return AVERROR_INVALIDDATA; } } @@ -855,37 +905,37 @@ static int decode_frame(AVCodecContext *avctx, AVFrame * const p = l->pic; int offset = TM2_HEADER_SIZE; int i, t, ret; - uint8_t *swbuf; - swbuf = av_malloc(buf_size + AV_INPUT_BUFFER_PADDING_SIZE); - if (!swbuf) { + l->error = 0; + + av_fast_padded_malloc(&l->buffer, &l->buffer_size, buf_size); + if (!l->buffer) { av_log(avctx, AV_LOG_ERROR, "Cannot allocate temporary buffer\n"); return AVERROR(ENOMEM); } - if ((ret = ff_reget_buffer(avctx, p)) < 0) { - av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); - av_free(swbuf); + if ((ret = ff_reget_buffer(avctx, p)) < 0) return ret; - } - l->bdsp.bswap_buf((uint32_t *) swbuf, (const uint32_t *) buf, + l->bdsp.bswap_buf((uint32_t *) l->buffer, (const uint32_t *) buf, buf_size >> 2); - if ((ret = tm2_read_header(l, swbuf)) < 0) { - av_free(swbuf); + if ((ret = tm2_read_header(l, l->buffer)) < 0) { return ret; } for (i = 0; i < TM2_NUM_STREAMS; i++) { if (offset >= buf_size) { - av_free(swbuf); + av_log(avctx, AV_LOG_ERROR, "no space for tm2_read_stream\n"); return AVERROR_INVALIDDATA; } - t = tm2_read_stream(l, swbuf + offset, tm2_stream_order[i], + + t = tm2_read_stream(l, l->buffer + offset, tm2_stream_order[i], buf_size - offset); if (t < 0) { - av_free(swbuf); + int j = tm2_stream_order[i]; + if (l->tok_lens[j]) + memset(l->tokens[j], 0, sizeof(**l->tokens) * l->tok_lens[j]); return t; } offset += t; @@ -899,7 +949,6 @@ static int decode_frame(AVCodecContext *avctx, l->cur = !l->cur; *got_frame = 1; ret = av_frame_ref(data, l->pic); - av_free(swbuf); return (ret < 0) ? ret : buf_size; } @@ -923,8 +972,8 @@ static av_cold int decode_init(AVCodecContext *avctx) ff_bswapdsp_init(&l->bdsp); - l->last = av_malloc(4 * sizeof(*l->last) * (w >> 2)); - l->clast = av_malloc(4 * sizeof(*l->clast) * (w >> 2)); + l->last = av_malloc_array(w >> 2, 4 * sizeof(*l->last) ); + l->clast = av_malloc_array(w >> 2, 4 * sizeof(*l->clast)); for (i = 0; i < TM2_NUM_STREAMS; i++) { l->tokens[i] = NULL; @@ -933,15 +982,15 @@ static av_cold int decode_init(AVCodecContext *avctx) w += 8; h += 8; - l->Y1_base = av_malloc(sizeof(*l->Y1_base) * w * h); - l->Y2_base = av_malloc(sizeof(*l->Y2_base) * w * h); + l->Y1_base = av_calloc(w * h, sizeof(*l->Y1_base)); + l->Y2_base = av_calloc(w * h, sizeof(*l->Y2_base)); l->y_stride = w; w = (w + 1) >> 1; h = (h + 1) >> 1; - l->U1_base = av_malloc(sizeof(*l->U1_base) * w * h); - l->V1_base = av_malloc(sizeof(*l->V1_base) * w * h); - l->U2_base = av_malloc(sizeof(*l->U2_base) * w * h); - l->V2_base = av_malloc(sizeof(*l->V1_base) * w * h); + l->U1_base = av_calloc(w * h, sizeof(*l->U1_base)); + l->V1_base = av_calloc(w * h, sizeof(*l->V1_base)); + l->U2_base = av_calloc(w * h, sizeof(*l->U2_base)); + l->V2_base = av_calloc(w * h, sizeof(*l->V1_base)); l->uv_stride = w; l->cur = 0; if (!l->Y1_base || !l->Y2_base || !l->U1_base || @@ -955,6 +1004,7 @@ static av_cold int decode_init(AVCodecContext *avctx) av_freep(&l->V2_base); av_freep(&l->last); av_freep(&l->clast); + av_frame_free(&l->pic); return AVERROR(ENOMEM); } l->Y1 = l->Y1_base + l->y_stride * 4 + 4; @@ -975,15 +1025,17 @@ static av_cold int decode_end(AVCodecContext *avctx) av_free(l->last); av_free(l->clast); for (i = 0; i < TM2_NUM_STREAMS; i++) - av_free(l->tokens[i]); + av_freep(&l->tokens[i]); if (l->Y1) { - av_free(l->Y1_base); - av_free(l->U1_base); - av_free(l->V1_base); - av_free(l->Y2_base); - av_free(l->U2_base); - av_free(l->V2_base); + av_freep(&l->Y1_base); + av_freep(&l->U1_base); + av_freep(&l->V1_base); + av_freep(&l->Y2_base); + av_freep(&l->U2_base); + av_freep(&l->V2_base); } + av_freep(&l->buffer); + l->buffer_size = 0; av_frame_free(&l->pic); |