* 4XM codec.
*/
+#include "libavutil/frame.h"
#include "libavutil/intreadwrite.h"
#include "avcodec.h"
#include "bytestream.h"
#include "get_bits.h"
#include "internal.h"
-//#undef NDEBUG
-//#include <assert.h>
-
#define BLOCK_TYPE_VLC_BITS 5
#define ACDC_VLC_BITS 9
typedef struct FourXContext {
AVCodecContext *avctx;
DSPContext dsp;
- AVFrame current_picture, last_picture;
+ AVFrame *last_picture;
GetBitContext pre_gb; ///< ac/dc prefix
GetBitContext gb;
GetByteContext g;
int mv[256];
VLC pre_vlc;
int last_dc;
- DECLARE_ALIGNED(16, DCTELEM, block)[6][64];
+ DECLARE_ALIGNED(16, int16_t, block)[6][64];
void *bitstream_buffer;
unsigned int bitstream_buffer_size;
int version;
#define MULTIPLY(var, const) (((var) * (const)) >> 16)
-static void idct(DCTELEM block[64])
+static void idct(int16_t block[64])
{
int tmp0, tmp1, tmp2, tmp3, tmp4, tmp5, tmp6, tmp7;
int tmp10, tmp11, tmp12, tmp13;
}
}
-static void init_mv(FourXContext *f)
+static void init_mv(FourXContext *f, int linesize)
{
int i;
for (i = 0; i < 256; i++) {
if (f->version > 1)
- f->mv[i] = mv[i][0] + mv[i][1] * f->current_picture.linesize[0] / 2;
+ f->mv[i] = mv[i][0] + mv[i][1] * linesize / 2;
else
- f->mv[i] = (i & 15) - 8 + ((i >> 4) - 8) * f->current_picture.linesize[0] / 2;
+ f->mv[i] = (i & 15) - 8 + ((i >> 4) - 8) * linesize / 2;
}
}
}
break;
default:
- assert(0);
+ break;
}
}
-static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src,
- int log2w, int log2h, int stride)
+static int decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src,
+ int log2w, int log2h, int stride)
{
const int index = size2index[log2h][log2w];
const int h = 1 << log2h;
int code = get_vlc2(&f->gb,
block_type_vlc[1 - (f->version > 1)][index].table,
BLOCK_TYPE_VLC_BITS, 1);
- uint16_t *start = (uint16_t *)f->last_picture.data[0];
+ uint16_t *start = (uint16_t *)f->last_picture->data[0];
uint16_t *end = start + stride * (f->avctx->height - h + 1) - (1 << log2w);
+ int ret;
+ int scale = 1;
+ unsigned dc = 0;
- assert(code >= 0 && code <= 6);
+ if (code < 0 || code > 6 || log2w < 0)
+ return AVERROR_INVALIDDATA;
- if (code == 0) {
- src += f->mv[bytestream2_get_byte(&f->g)];
- if (start > src || src > end) {
- av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
- return;
- }
- mcdc(dst, src, log2w, h, stride, 1, 0);
- } else if (code == 1) {
+ if (code == 1) {
log2h--;
- decode_p_block(f, dst, src, log2w, log2h, stride);
- decode_p_block(f, dst + (stride << log2h),
- src + (stride << log2h), log2w, log2h, stride);
+ if ((ret = decode_p_block(f, dst, src, log2w, log2h, stride)) < 0)
+ return ret;
+ return decode_p_block(f, dst + (stride << log2h),
+ src + (stride << log2h),
+ log2w, log2h, stride);
} else if (code == 2) {
log2w--;
- decode_p_block(f, dst , src, log2w, log2h, stride);
- decode_p_block(f, dst + (1 << log2w),
- src + (1 << log2w), log2w, log2h, stride);
- } else if (code == 3 && f->version < 2) {
- mcdc(dst, src, log2w, h, stride, 1, 0);
- } else if (code == 4) {
- src += f->mv[bytestream2_get_byte(&f->g)];
- if (start > src || src > end) {
- av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
- return;
- }
- mcdc(dst, src, log2w, h, stride, 1, bytestream2_get_le16(&f->g2));
- } else if (code == 5) {
- mcdc(dst, src, log2w, h, stride, 0, bytestream2_get_le16(&f->g2));
+ if ((ret = decode_p_block(f, dst , src, log2w, log2h, stride)) < 0)
+ return ret;
+ return decode_p_block(f, dst + (1 << log2w),
+ src + (1 << log2w),
+ log2w, log2h, stride);
} else if (code == 6) {
if (log2w) {
dst[0] = bytestream2_get_le16(&f->g2);
dst[0] = bytestream2_get_le16(&f->g2);
dst[stride] = bytestream2_get_le16(&f->g2);
}
+ return 0;
}
+
+ if (code == 0) {
+ src += f->mv[bytestream2_get_byte(&f->g)];
+ } else if (code == 3 && f->version >= 2) {
+ return 0;
+ } else if (code == 4) {
+ src += f->mv[bytestream2_get_byte(&f->g)];
+ dc = bytestream2_get_le16(&f->g2);
+ } else if (code == 5) {
+ scale = 0;
+ dc = bytestream2_get_le16(&f->g2);
+ }
+
+ if (start > src || src > end) {
+ av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
+ return AVERROR_INVALIDDATA;
+ }
+
+ mcdc(dst, src, log2w, h, stride, scale, dc);
+
+ return 0;
}
-static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length)
+static int decode_p_frame(FourXContext *f, AVFrame *frame,
+ const uint8_t *buf, int length)
{
int x, y;
const int width = f->avctx->width;
const int height = f->avctx->height;
- uint16_t *src = (uint16_t *)f->last_picture.data[0];
- uint16_t *dst = (uint16_t *)f->current_picture.data[0];
- const int stride = f->current_picture.linesize[0] >> 1;
+ uint16_t *dst = (uint16_t *)frame->data[0];
+ const int stride = frame->linesize[0] >> 1;
+ uint16_t *src;
unsigned int bitstream_size, bytestream_size, wordstream_size, extra,
bytestream_offset, wordstream_offset;
+ int ret;
+
+ if (!f->last_picture->data[0]) {
+ if ((ret = ff_get_buffer(f->avctx, f->last_picture,
+ AV_GET_BUFFER_FLAG_REF)) < 0) {
+ av_log(f->avctx, AV_LOG_ERROR, "get_buffer() failed\n");
+ return ret;
+ }
+ memset(f->last_picture->data[0], 0,
+ f->avctx->height * FFABS(f->last_picture->linesize[0]));
+ }
+
+ src = (uint16_t *)f->last_picture->data[0];
if (f->version > 1) {
+ if (length < 20)
+ return AVERROR_INVALIDDATA;
extra = 20;
bitstream_size = AV_RL32(buf + 8);
wordstream_size = AV_RL32(buf + 12);
bytestream2_init(&f->g, buf + bytestream_offset,
length - bytestream_offset);
- init_mv(f);
+ init_mv(f, frame->linesize[0]);
for (y = 0; y < height; y += 8) {
for (x = 0; x < width; x += 8)
- decode_p_block(f, dst + x, src + x, 3, 3, stride);
+ if ((ret = decode_p_block(f, dst + x, src + x, 3, 3, stride)) < 0)
+ return ret;
src += 8 * stride;
dst += 8 * stride;
}
* decode block and dequantize.
* Note this is almost identical to MJPEG.
*/
-static int decode_i_block(FourXContext *f, DCTELEM *block)
+static int decode_i_block(FourXContext *f, int16_t *block)
{
int code, i, j, level, val;
return 0;
}
-static inline void idct_put(FourXContext *f, int x, int y)
+static inline void idct_put(FourXContext *f, AVFrame *frame, int x, int y)
{
- DCTELEM (*block)[64] = f->block;
- int stride = f->current_picture.linesize[0] >> 1;
+ int16_t (*block)[64] = f->block;
+ int stride = frame->linesize[0] >> 1;
int i;
- uint16_t *dst = ((uint16_t*)f->current_picture.data[0]) + y * stride + x;
+ uint16_t *dst = ((uint16_t*)frame->data[0]) + y * stride + x;
for (i = 0; i < 4; i++) {
block[i][0] += 0x80 * 8 * 8;
* cr = (-1b - 4g + 5r) / 14 */
for (y = 0; y < 8; y++) {
for (x = 0; x < 8; x++) {
- DCTELEM *temp = block[(x >> 2) + 2 * (y >> 2)] +
+ int16_t *temp = block[(x >> 2) + 2 * (y >> 2)] +
2 * (x & 3) + 2 * 8 * (y & 3); // FIXME optimize
int cb = block[4][x + 8 * y];
int cr = block[5][x + 8 * y];
}
static const uint8_t *read_huffman_tables(FourXContext *f,
- const uint8_t * const buf)
+ const uint8_t * const buf,
+ int len)
{
int frequency[512] = { 0 };
uint8_t flag[512];
for (;;) {
int i;
+ len -= end - start + 1;
+
+ if (end < start || len < 0)
+ return NULL;
+
for (i = start; i <= end; i++)
frequency[i] = *ptr++;
start = *ptr++;
if (start == 0)
break;
+ if (--len < 0)
+ return NULL;
+
end = *ptr++;
}
frequency[256] = 1;
return red / 3 * 1024 + green / 3 * 32 + blue / 3;
}
-static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length)
+static int decode_i2_frame(FourXContext *f, AVFrame *frame, const uint8_t *buf, int length)
{
int x, y, x2, y2;
const int width = f->avctx->width;
const int height = f->avctx->height;
const int mbs = (FFALIGN(width, 16) >> 4) * (FFALIGN(height, 16) >> 4);
- uint16_t *dst = (uint16_t*)f->current_picture.data[0];
- const int stride = f->current_picture.linesize[0]>>1;
+ uint16_t *dst = (uint16_t*)frame->data[0];
+ const int stride = frame->linesize[0]>>1;
GetByteContext g3;
if (length < mbs * 8) {
color[1] = bytestream2_get_le16u(&g3);
if (color[0] & 0x8000)
- av_log(NULL, AV_LOG_ERROR, "unk bit 1\n");
+ av_log(f->avctx, AV_LOG_ERROR, "unk bit 1\n");
if (color[1] & 0x8000)
- av_log(NULL, AV_LOG_ERROR, "unk bit 2\n");
+ av_log(f->avctx, AV_LOG_ERROR, "unk bit 2\n");
color[2] = mix(color[0], color[1]);
color[3] = mix(color[1], color[0]);
return 0;
}
-static int decode_i_frame(FourXContext *f, const uint8_t *buf, int length)
+static int decode_i_frame(FourXContext *f, AVFrame *frame, const uint8_t *buf, int length)
{
int x, y, ret;
const int width = f->avctx->width;
unsigned int prestream_size;
const uint8_t *prestream;
+ if (bitstream_size > (1 << 26))
+ return AVERROR_INVALIDDATA;
+
if (length < bitstream_size + 12) {
av_log(f->avctx, AV_LOG_ERROR, "packet size too small\n");
return AVERROR_INVALIDDATA;
prestream = buf + bitstream_size + 12;
if (prestream_size + bitstream_size + 12 != length
- || bitstream_size > (1 << 26)
|| prestream_size > (1 << 26)) {
av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d %d\n",
prestream_size, bitstream_size, length);
return AVERROR_INVALIDDATA;
}
- prestream = read_huffman_tables(f, prestream);
+ prestream = read_huffman_tables(f, prestream, prestream_size);
+ if (!prestream) {
+ av_log(f->avctx, AV_LOG_ERROR, "Error reading Huffman tables.\n");
+ return AVERROR_INVALIDDATA;
+ }
init_get_bits(&f->gb, buf + 4, 8 * bitstream_size);
if ((ret = decode_i_mb(f)) < 0)
return ret;
- idct_put(f, x, y);
+ idct_put(f, frame, x, y);
}
}
int buf_size = avpkt->size;
FourXContext *const f = avctx->priv_data;
AVFrame *picture = data;
- AVFrame *p, temp;
int i, frame_4cc, frame_size, ret;
- frame_4cc = AV_RL32(buf);
- if (buf_size != AV_RL32(buf + 4) + 8 || buf_size < 20)
+ if (buf_size < 20)
+ return AVERROR_INVALIDDATA;
+
+ if (avctx->width % 16 || avctx->height % 16) {
+ av_log(avctx, AV_LOG_ERROR,
+ "Dimensions non-multiple of 16 are invalid.\n");
+ return AVERROR_INVALIDDATA;
+ }
+
+ if (buf_size < AV_RL32(buf + 4) + 8) {
av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d\n",
buf_size, AV_RL32(buf + 4));
+ return AVERROR_INVALIDDATA;
+ }
+
+ frame_4cc = AV_RL32(buf);
if (frame_4cc == AV_RL32("cfrm")) {
int free_index = -1;
+ int id, whole_size;
const int data_size = buf_size - 20;
- const int id = AV_RL32(buf + 12);
- const int whole_size = AV_RL32(buf + 16);
CFrameBuffer *cfrm;
+ if (data_size < 0)
+ return AVERROR_INVALIDDATA;
+
+ id = AV_RL32(buf + 12);
+ whole_size = AV_RL32(buf + 16);
+
for (i = 0; i < CFRAME_BUFFER_COUNT; i++)
if (f->cfrm[i].id && f->cfrm[i].id < avctx->frame_number)
av_log(f->avctx, AV_LOG_ERROR, "lost c frame %d\n",
av_log(f->avctx, AV_LOG_ERROR, "cframe id mismatch %d %d\n",
id, avctx->frame_number);
+ if (f->version <= 1)
+ return AVERROR_INVALIDDATA;
+
cfrm->size = cfrm->id = 0;
frame_4cc = AV_RL32("pfrm");
} else
frame_size = buf_size - 12;
}
- temp = f->current_picture;
- f->current_picture = f->last_picture;
- f->last_picture = temp;
-
- p = &f->current_picture;
- avctx->coded_frame = p;
-
// alternatively we would have to use our own buffer management
avctx->flags |= CODEC_FLAG_EMU_EDGE;
- if (p->data[0])
- avctx->release_buffer(avctx, p);
-
- p->reference = 1;
- if ((ret = ff_get_buffer(avctx, p)) < 0) {
+ if ((ret = ff_get_buffer(avctx, picture, AV_GET_BUFFER_FLAG_REF)) < 0) {
av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
return ret;
}
if (frame_4cc == AV_RL32("ifr2")) {
- p->pict_type = AV_PICTURE_TYPE_I;
- if ((ret = decode_i2_frame(f, buf - 4, frame_size + 4)) < 0)
+ picture->pict_type = AV_PICTURE_TYPE_I;
+ if ((ret = decode_i2_frame(f, picture, buf - 4, frame_size + 4)) < 0)
return ret;
} else if (frame_4cc == AV_RL32("ifrm")) {
- p->pict_type = AV_PICTURE_TYPE_I;
- if ((ret = decode_i_frame(f, buf, frame_size)) < 0)
+ picture->pict_type = AV_PICTURE_TYPE_I;
+ if ((ret = decode_i_frame(f, picture, buf, frame_size)) < 0)
return ret;
} else if (frame_4cc == AV_RL32("pfrm") || frame_4cc == AV_RL32("pfr2")) {
- if (!f->last_picture.data[0]) {
- f->last_picture.reference = 1;
- if ((ret = ff_get_buffer(avctx, &f->last_picture)) < 0) {
- av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
- return ret;
- }
- memset(f->last_picture.data[0], 0, avctx->height * FFABS(f->last_picture.linesize[0]));
- }
-
- p->pict_type = AV_PICTURE_TYPE_P;
- if ((ret = decode_p_frame(f, buf, frame_size)) < 0)
+ picture->pict_type = AV_PICTURE_TYPE_P;
+ if ((ret = decode_p_frame(f, picture, buf, frame_size)) < 0)
return ret;
} else if (frame_4cc == AV_RL32("snd_")) {
av_log(avctx, AV_LOG_ERROR, "ignoring snd_ chunk length:%d\n",
buf_size);
}
- p->key_frame = p->pict_type == AV_PICTURE_TYPE_I;
+ picture->key_frame = picture->pict_type == AV_PICTURE_TYPE_I;
- *picture = *p;
+ av_frame_unref(f->last_picture);
+ if ((ret = av_frame_ref(f->last_picture, picture)) < 0)
+ return ret;
*got_frame = 1;
emms_c();
return buf_size;
}
-
-static av_cold void common_init(AVCodecContext *avctx)
-{
- FourXContext * const f = avctx->priv_data;
-
- ff_dsputil_init(&f->dsp, avctx);
-
- f->avctx = avctx;
-}
-
static av_cold int decode_init(AVCodecContext *avctx)
{
FourXContext * const f = avctx->priv_data;
}
f->version = AV_RL32(avctx->extradata) >> 16;
- common_init(avctx);
+ ff_dsputil_init(&f->dsp, avctx);
+ f->avctx = avctx;
init_vlcs(f);
if (f->version > 2)
else
avctx->pix_fmt = AV_PIX_FMT_BGR555;
+ f->last_picture = av_frame_alloc();
+ if (!f->last_picture)
+ return AVERROR(ENOMEM);
+
return 0;
}
f->cfrm[i].allocated_size = 0;
}
ff_free_vlc(&f->pre_vlc);
- if (f->current_picture.data[0])
- avctx->release_buffer(avctx, &f->current_picture);
- if (f->last_picture.data[0])
- avctx->release_buffer(avctx, &f->last_picture);
+ av_frame_free(&f->last_picture);
return 0;
}
projects / ffmpeg / blobdiff