}
break;
default:
- av_assert2(0);
+ av_assert0(0);
}
}
-static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src,
- int log2w, int log2h, int stride)
+static int decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src,
+ int log2w, int log2h, int stride)
{
const int index = size2index[log2h][log2w];
const int h = 1 << log2h;
BLOCK_TYPE_VLC_BITS, 1);
uint16_t *start = (uint16_t *)f->last_picture->data[0];
uint16_t *end = start + stride * (f->avctx->height - h + 1) - (1 << log2w);
+ int ret;
+ int scale = 1;
+ unsigned dc = 0;
- av_assert2(code >= 0 && code <= 6);
+ av_assert0(code >= 0 && code <= 6 && log2w >= 0);
- if (code == 0) {
- if (bytestream2_get_bytes_left(&f->g) < 1) {
- av_log(f->avctx, AV_LOG_ERROR, "bytestream overread\n");
- return;
- }
- src += f->mv[bytestream2_get_byteu(&f->g)];
- if (start > src || src > end) {
- av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
- return;
- }
- mcdc(dst, src, log2w, h, stride, 1, 0);
- } else if (code == 1) {
+ if (code == 1) {
log2h--;
- decode_p_block(f, dst, src, log2w, log2h, stride);
- decode_p_block(f, dst + (stride << log2h),
- src + (stride << log2h), log2w, log2h, stride);
+ if ((ret = decode_p_block(f, dst, src, log2w, log2h, stride)) < 0)
+ return ret;
+ return decode_p_block(f, dst + (stride << log2h),
+ src + (stride << log2h),
+ log2w, log2h, stride);
} else if (code == 2) {
log2w--;
- decode_p_block(f, dst , src, log2w, log2h, stride);
- decode_p_block(f, dst + (1 << log2w),
- src + (1 << log2w), log2w, log2h, stride);
- } else if (code == 3 && f->version < 2) {
- mcdc(dst, src, log2w, h, stride, 1, 0);
- } else if (code == 4) {
- if (bytestream2_get_bytes_left(&f->g) < 1) {
- av_log(f->avctx, AV_LOG_ERROR, "bytestream overread\n");
- return;
- }
- src += f->mv[bytestream2_get_byteu(&f->g)];
- if (start > src || src > end) {
- av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
- return;
- }
- if (bytestream2_get_bytes_left(&f->g2) < 2){
- av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n");
- return;
- }
- mcdc(dst, src, log2w, h, stride, 1, bytestream2_get_le16u(&f->g2));
- } else if (code == 5) {
- if (bytestream2_get_bytes_left(&f->g2) < 2) {
- av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n");
- return;
- }
- mcdc(dst, src, log2w, h, stride, 0, bytestream2_get_le16u(&f->g2));
+ if ((ret = decode_p_block(f, dst , src, log2w, log2h, stride)) < 0)
+ return ret;
+ return decode_p_block(f, dst + (1 << log2w),
+ src + (1 << log2w),
+ log2w, log2h, stride);
} else if (code == 6) {
if (bytestream2_get_bytes_left(&f->g2) < 4) {
av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n");
- return;
+ return AVERROR_INVALIDDATA;
}
if (log2w) {
dst[0] = bytestream2_get_le16u(&f->g2);
dst[0] = bytestream2_get_le16u(&f->g2);
dst[stride] = bytestream2_get_le16u(&f->g2);
}
+ return 0;
+ }
+
+ if ((code&3)==0 && bytestream2_get_bytes_left(&f->g) < 1) {
+ av_log(f->avctx, AV_LOG_ERROR, "bytestream overread\n");
+ return AVERROR_INVALIDDATA;
+ }
+
+ if (code == 0) {
+ src += f->mv[bytestream2_get_byte(&f->g)];
+ } else if (code == 3 && f->version >= 2) {
+ return 0;
+ } else if (code == 4) {
+ src += f->mv[bytestream2_get_byte(&f->g)];
+ if (bytestream2_get_bytes_left(&f->g2) < 2){
+ av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n");
+ return AVERROR_INVALIDDATA;
+ }
+ dc = bytestream2_get_le16(&f->g2);
+ } else if (code == 5) {
+ if (bytestream2_get_bytes_left(&f->g2) < 2){
+ av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n");
+ return AVERROR_INVALIDDATA;
+ }
+ av_assert0(start <= src && src <= end);
+ scale = 0;
+ dc = bytestream2_get_le16(&f->g2);
+ }
+
+ if (start > src || src > end) {
+ av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
+ return AVERROR_INVALIDDATA;
}
+
+ mcdc(dst, src, log2w, h, stride, scale, dc);
+
+ return 0;
}
static int decode_p_frame(FourXContext *f, AVFrame *frame,
int x, y;
const int width = f->avctx->width;
const int height = f->avctx->height;
- uint16_t *src = (uint16_t *)f->last_picture->data[0];
uint16_t *dst = (uint16_t *)frame->data[0];
const int stride = frame->linesize[0] >> 1;
+ uint16_t *src;
unsigned int bitstream_size, bytestream_size, wordstream_size, extra,
bytestream_offset, wordstream_offset;
+ int ret;
+
+ if (!f->last_picture->data[0]) {
+ if ((ret = ff_get_buffer(f->avctx, f->last_picture,
+ AV_GET_BUFFER_FLAG_REF)) < 0) {
+ return ret;
+ }
+ for (y=0; y<f->avctx->height; y++)
+ memset(f->last_picture->data[0] + y*f->last_picture->linesize[0], 0, 2*f->avctx->width);
+ }
+
+ src = (uint16_t *)f->last_picture->data[0];
if (f->version > 1) {
extra = 20;
if (length < extra)
- return -1;
+ return AVERROR_INVALIDDATA;
bitstream_size = AV_RL32(buf + 8);
wordstream_size = AV_RL32(buf + 12);
bytestream_size = AV_RL32(buf + 16);
for (y = 0; y < height; y += 8) {
for (x = 0; x < width; x += 8)
- decode_p_block(f, dst + x, src + x, 3, 3, stride);
+ if ((ret = decode_p_block(f, dst + x, src + x, 3, 3, stride)) < 0)
+ return ret;
src += 8 * stride;
dst += 8 * stride;
}
}
static const uint8_t *read_huffman_tables(FourXContext *f,
- const uint8_t * const buf, int buf_size)
+ const uint8_t * const buf,
+ int buf_size)
{
int frequency[512] = { 0 };
uint8_t flag[512];
av_log(f->avctx, AV_LOG_ERROR, "invalid data in read_huffman_tables\n");
return NULL;
}
+
for (i = start; i <= end; i++)
frequency[i] = *ptr++;
start = *ptr++;
color[1] = bytestream2_get_le16u(&g3);
if (color[0] & 0x8000)
- av_log(NULL, AV_LOG_ERROR, "unk bit 1\n");
+ av_log(f->avctx, AV_LOG_ERROR, "unk bit 1\n");
if (color[1] & 0x8000)
- av_log(NULL, AV_LOG_ERROR, "unk bit 2\n");
+ av_log(f->avctx, AV_LOG_ERROR, "unk bit 2\n");
color[2] = mix(color[0], color[1]);
color[3] = mix(color[1], color[0]);
return AVERROR_INVALIDDATA;
}
- prestream = read_huffman_tables(f, prestream, buf + length - prestream);
+ prestream = read_huffman_tables(f, prestream, prestream_size);
if (!prestream) {
av_log(f->avctx, AV_LOG_ERROR, "Error reading Huffman tables.\n");
return AVERROR_INVALIDDATA;
AVFrame *picture = data;
int i, frame_4cc, frame_size, ret;
- if (buf_size < 12)
+ if (buf_size < 20)
return AVERROR_INVALIDDATA;
- frame_4cc = AV_RL32(buf);
- if (buf_size != AV_RL32(buf + 4) + 8 || buf_size < 20)
+
+ if (buf_size < AV_RL32(buf + 4) + 8) {
av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d\n",
buf_size, AV_RL32(buf + 4));
+ return AVERROR_INVALIDDATA;
+ }
+
+ frame_4cc = AV_RL32(buf);
if (frame_4cc == AV_RL32("cfrm")) {
int free_index = -1;
+ int id, whole_size;
const int data_size = buf_size - 20;
- const int id = AV_RL32(buf + 12);
- const int whole_size = AV_RL32(buf + 16);
CFrameBuffer *cfrm;
- if (data_size < 0 || whole_size < 0) {
- av_log(f->avctx, AV_LOG_ERROR, "sizes invalid\n");
+ if (f->version <= 1) {
+ av_log(f->avctx, AV_LOG_ERROR, "cfrm in version %d\n", f->version);
return AVERROR_INVALIDDATA;
}
- if (f->version <= 1) {
- av_log(f->avctx, AV_LOG_ERROR, "cfrm in version %d\n", f->version);
+ id = AV_RL32(buf + 12);
+ whole_size = AV_RL32(buf + 16);
+
+ if (data_size < 0 || whole_size < 0) {
+ av_log(f->avctx, AV_LOG_ERROR, "sizes invalid\n");
return AVERROR_INVALIDDATA;
}
av_log(f->avctx, AV_LOG_ERROR, "cframe id mismatch %d %d\n",
id, avctx->frame_number);
+ if (f->version <= 1)
+ return AVERROR_INVALIDDATA;
+
cfrm->size = cfrm->id = 0;
frame_4cc = AV_RL32("pfrm");
} else
return ret;
}
} else if (frame_4cc == AV_RL32("pfrm") || frame_4cc == AV_RL32("pfr2")) {
- if (!f->last_picture->data[0]) {
- if ((ret = ff_get_buffer(avctx, f->last_picture,
- AV_GET_BUFFER_FLAG_REF)) < 0)
- return ret;
- for (i=0; i<avctx->height; i++)
- memset(f->last_picture->data[0] + i*f->last_picture->linesize[0], 0, 2*avctx->width);
- }
-
f->current_picture->pict_type = AV_PICTURE_TYPE_P;
if ((ret = decode_p_frame(f, f->current_picture, buf, frame_size)) < 0) {
av_log(f->avctx, AV_LOG_ERROR, "decode p frame failed\n");