uint16_t *start = (uint16_t *)f->last_picture->data[0];
uint16_t *end = start + stride * (f->avctx->height - h + 1) - (1 << log2w);
int ret;
+ int scale = 1;
+ unsigned dc = 0;
if (code < 0 || code > 6 || log2w < 0)
return AVERROR_INVALIDDATA;
- if (code == 0) {
- src += f->mv[bytestream2_get_byte(&f->g)];
- if (start > src || src > end) {
- av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
- return AVERROR_INVALIDDATA;
- }
- mcdc(dst, src, log2w, h, stride, 1, 0);
- } else if (code == 1) {
+ if (code == 1) {
log2h--;
if ((ret = decode_p_block(f, dst, src, log2w, log2h, stride)) < 0)
return ret;
- if ((ret = decode_p_block(f, dst + (stride << log2h),
- src + (stride << log2h),
- log2w, log2h, stride)) < 0)
- return ret;
+ return decode_p_block(f, dst + (stride << log2h),
+ src + (stride << log2h),
+ log2w, log2h, stride);
} else if (code == 2) {
log2w--;
if ((ret = decode_p_block(f, dst , src, log2w, log2h, stride)) < 0)
return ret;
- if ((ret = decode_p_block(f, dst + (1 << log2w),
- src + (1 << log2w),
- log2w, log2h, stride)) < 0)
- return ret;
- } else if (code == 3 && f->version < 2) {
- if (start > src || src > end) {
- av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
- return AVERROR_INVALIDDATA;
- }
- mcdc(dst, src, log2w, h, stride, 1, 0);
- } else if (code == 4) {
- src += f->mv[bytestream2_get_byte(&f->g)];
- if (start > src || src > end) {
- av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
- return AVERROR_INVALIDDATA;
- }
- mcdc(dst, src, log2w, h, stride, 1, bytestream2_get_le16(&f->g2));
- } else if (code == 5) {
- if (start > src || src > end) {
- av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
- return AVERROR_INVALIDDATA;
- }
- mcdc(dst, src, log2w, h, stride, 0, bytestream2_get_le16(&f->g2));
+ return decode_p_block(f, dst + (1 << log2w),
+ src + (1 << log2w),
+ log2w, log2h, stride);
} else if (code == 6) {
if (log2w) {
dst[0] = bytestream2_get_le16(&f->g2);
dst[0] = bytestream2_get_le16(&f->g2);
dst[stride] = bytestream2_get_le16(&f->g2);
}
+ return 0;
+ }
+
+ if (code == 0) {
+ src += f->mv[bytestream2_get_byte(&f->g)];
+ } else if (code == 3 && f->version >= 2) {
+ return 0;
+ } else if (code == 4) {
+ src += f->mv[bytestream2_get_byte(&f->g)];
+ dc = bytestream2_get_le16(&f->g2);
+ } else if (code == 5) {
+ scale = 0;
+ dc = bytestream2_get_le16(&f->g2);
+ }
+
+ if (start > src || src > end) {
+ av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
+ return AVERROR_INVALIDDATA;
}
+
+ mcdc(dst, src, log2w, h, stride, scale, dc);
+
return 0;
}
unsigned int prestream_size;
const uint8_t *prestream;
+ if (bitstream_size > (1 << 26))
+ return AVERROR_INVALIDDATA;
+
if (length < bitstream_size + 12) {
av_log(f->avctx, AV_LOG_ERROR, "packet size too small\n");
return AVERROR_INVALIDDATA;
prestream = buf + bitstream_size + 12;
if (prestream_size + bitstream_size + 12 != length
- || bitstream_size > (1 << 26)
|| prestream_size > (1 << 26)) {
av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d %d\n",
prestream_size, bitstream_size, length);
if (buf_size < 20)
return AVERROR_INVALIDDATA;
+ if (avctx->width % 16 || avctx->height % 16) {
+ av_log(avctx, AV_LOG_ERROR,
+ "Dimensions non-multiple of 16 are invalid.\n");
+ return AVERROR_INVALIDDATA;
+ }
+
if (buf_size < AV_RL32(buf + 4) + 8) {
av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d\n",
buf_size, AV_RL32(buf + 4));