bink: Prevent NULL dereferences with missing reference frame

[ffmpeg] / libavcodec / bink.c

diff --git a/libavcodec/bink.c b/libavcodec/bink.c
index 928bf53b3b648c5f96a1b722f839b26b6a6b747a..e4fdf4c93efda6f31342fcc14c729c14cf5ea2ee 100644 (file)
--- a/libavcodec/bink.c
+++ b/libavcodec/bink.c
@@ -3,27 +3,28 @@
  * Copyright (c) 2009 Konstantin Shishkov
  * Copyright (C) 2011 Peter Ross <pross@xvid.org>
  *
- * This file is part of FFmpeg.
+ * This file is part of Libav.
  *
- * FFmpeg is free software; you can redistribute it and/or
+ * Libav is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
  * version 2.1 of the License, or (at your option) any later version.
  *
- * FFmpeg is distributed in the hope that it will be useful,
+ * Libav is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
- * License along with FFmpeg; if not, write to the Free Software
+ * License along with Libav; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
-#include "libavcore/imgutils.h"
+#include "libavutil/imgutils.h"
 #include "avcodec.h"
 #include "dsputil.h"
 #include "binkdata.h"
+#include "binkdsp.h"
 #include "mathops.h"
 
 #define ALT_BITSTREAM_READER_LE
@@ -60,8 +61,8 @@ static const int binkb_bundle_signed[BINKB_NB_SRC] = {
     0, 0, 0, 1, 1, 0, 1, 0, 0, 0
 };
 
-static uint32_t binkb_intra_quant[16][64];
-static uint32_t binkb_inter_quant[16][64];
+static int32_t binkb_intra_quant[16][64];
+static int32_t binkb_inter_quant[16][64];
 
 /**
  * IDs for different data types used in Bink video codec
@@ -109,11 +110,11 @@ typedef struct Bundle {
 typedef struct BinkContext {
     AVCodecContext *avctx;
     DSPContext     dsp;
+    BinkDSPContext bdsp;
     AVFrame        pic, last;
     int            version;              ///< internal Bink file version
     int            has_alpha;
     int            swap_planes;
-    ScanTable      scantable;            ///< permutated scantable for DCT coeffs decoding
 
     Bundle         bundle[BINKB_NB_SRC]; ///< bundles for decoding all data types
     Tree           col_high[16];         ///< trees for decoding high nibble in "colours" data type
@@ -571,24 +572,17 @@ static inline int binkb_get_value(BinkContext *c, int bundle_num)
     return ret;
 }
 
-typedef const uint32_t quant_matrices[16][64];
-static const quant_matrices * bink_quant_matrices[2][2] = {
-    { &bink_inter_quant,  &bink_intra_quant  },
-    { &binkb_inter_quant, &binkb_intra_quant },
-};
-
 /**
  * Read 8x8 block of DCT coefficients.
  *
  * @param gb       context for reading bits
  * @param block    place for storing coefficients
  * @param scan     scan order table
- * @param is_binkb use version 'b' quantizer matrices
- * @param is_intra tells what set of quantizer matrices to use
+ * @param quant_matrices quantization matrices
  * @return 0 for success, negative value in other cases
  */
-static int read_dct_coeffs(GetBitContext *gb, DCTELEM block[64], const uint8_t *scan,
-                           int is_binkb, int is_intra, int q)
+static int read_dct_coeffs(GetBitContext *gb, int32_t block[64], const uint8_t *scan,
+                           const int32_t quant_matrices[16][64], int q)
 {
     int coef_list[128];
     int mode_list[128];
@@ -597,7 +591,7 @@ static int read_dct_coeffs(GetBitContext *gb, DCTELEM block[64], const uint8_t *
     int coef_count = 0;
     int coef_idx[64];
     int quant_idx;
-    const uint32_t *quant;
+    const int32_t *quant;
 
     coef_list[list_end] = 4;  mode_list[list_end++] = 0;
     coef_list[list_end] = 24; mode_list[list_end++] = 0;
@@ -630,7 +624,6 @@ static int read_dct_coeffs(GetBitContext *gb, DCTELEM block[64], const uint8_t *
                         coef_list[--list_start] = ccoef;
                         mode_list[  list_start] = 3;
                     } else {
-                        int t;
                         if (!bits) {
                             t = 1 - (get_bits1(gb) << 1);
                         } else {
@@ -674,7 +667,7 @@ static int read_dct_coeffs(GetBitContext *gb, DCTELEM block[64], const uint8_t *
         quant_idx = q;
     }
 
-    quant = (*bink_quant_matrices[is_binkb][is_intra])[quant_idx];
+    quant = quant_matrices[quant_idx];
 
     block[0] = (block[0] * quant[0]) >> 11;
     for (i = 0; i < coef_count; i++) {
@@ -797,7 +790,8 @@ static int binkb_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
     int v, col[2];
     const uint8_t *scan;
     int xoff, yoff;
-    DECLARE_ALIGNED(16, DCTELEM, block[64]);
+    LOCAL_ALIGNED_16(DCTELEM, block, [64]);
+    LOCAL_ALIGNED_16(int32_t, dctblock, [64]);
     int coordmap[64];
     int ybias = is_key ? -15 : 0;
     int qp;
@@ -852,11 +846,11 @@ static int binkb_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
                     dst[coordmap[*scan++]] = binkb_get_value(c, BINKB_SRC_COLORS);
                 break;
             case 2:
-                c->dsp.clear_block(block);
-                block[0] = binkb_get_value(c, BINKB_SRC_INTRA_DC);
+                memset(dctblock, 0, sizeof(*dctblock) * 64);
+                dctblock[0] = binkb_get_value(c, BINKB_SRC_INTRA_DC);
                 qp = binkb_get_value(c, BINKB_SRC_INTRA_Q);
-                read_dct_coeffs(gb, block, c->scantable.permutated, 1, 1, qp);
-                c->dsp.idct_put(dst, stride, block);
+                read_dct_coeffs(gb, dctblock, bink_scan, binkb_intra_quant, qp);
+                c->bdsp.idct_put(dst, stride, dctblock);
                 break;
             case 3:
                 xoff = binkb_get_value(c, BINKB_SRC_X_OFF);
@@ -885,11 +879,11 @@ static int binkb_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
                 } else {
                     put_pixels8x8_overlapped(dst, ref, stride);
                 }
-                c->dsp.clear_block(block);
-                block[0] = binkb_get_value(c, BINKB_SRC_INTER_DC);
+                memset(dctblock, 0, sizeof(*dctblock) * 64);
+                dctblock[0] = binkb_get_value(c, BINKB_SRC_INTER_DC);
                 qp = binkb_get_value(c, BINKB_SRC_INTER_Q);
-                read_dct_coeffs(gb, block, c->scantable.permutated, 1, 0, qp);
-                c->dsp.idct_add(dst, stride, block);
+                read_dct_coeffs(gb, dctblock, bink_scan, binkb_inter_quant, qp);
+                c->bdsp.idct_add(dst, stride, dctblock);
                 break;
             case 5:
                 v = binkb_get_value(c, BINKB_SRC_COLORS);
@@ -944,6 +938,7 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
     int xoff, yoff;
     LOCAL_ALIGNED_16(DCTELEM, block, [64]);
     LOCAL_ALIGNED_16(uint8_t, ublock, [64]);
+    LOCAL_ALIGNED_16(int32_t, dctblock, [64]);
     int coordmap[64];
 
     const int stride = c->pic.linesize[plane_idx];
@@ -955,8 +950,9 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
     for (i = 0; i < BINK_NB_SRC; i++)
         read_bundle(gb, c, i);
 
-    ref_start = c->last.data[plane_idx];
-    ref_end   = c->last.data[plane_idx]
+    ref_start = c->last.data[plane_idx] ? c->last.data[plane_idx]
+                                        : c->pic.data[plane_idx];
+    ref_end   = ref_start
                 + (bw - 1 + c->last.linesize[plane_idx] * (bh - 1)) * 8;
 
     for (i = 0; i < 64; i++)
@@ -985,7 +981,8 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
         if (by == bh)
             break;
         dst  = c->pic.data[plane_idx]  + 8*by*stride;
-        prev = c->last.data[plane_idx] + 8*by*stride;
+        prev = (c->last.data[plane_idx] ? c->last.data[plane_idx]
+                                        : c->pic.data[plane_idx]) + 8*by*stride;
         for (bx = 0; bx < bw; bx++, dst += 8, prev += 8) {
             blk = get_value(c, BINK_SRC_BLOCK_TYPES);
             // 16x16 block type on odd line means part of the already decoded block, so skip it
@@ -1026,11 +1023,10 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
                         ublock[*scan++] = get_value(c, BINK_SRC_COLORS);
                     break;
                 case INTRA_BLOCK:
-                    c->dsp.clear_block(block);
-                    block[0] = get_value(c, BINK_SRC_INTRA_DC);
-                    read_dct_coeffs(gb, block, c->scantable.permutated, 0, 1, -1);
-                    c->dsp.idct(block);
-                    c->dsp.put_pixels_nonclamped(block, ublock, 8);
+                    memset(dctblock, 0, sizeof(*dctblock) * 64);
+                    dctblock[0] = get_value(c, BINK_SRC_INTRA_DC);
+                    read_dct_coeffs(gb, dctblock, bink_scan, bink_intra_quant, -1);
+                    c->bdsp.idct_put(ublock, 8, dctblock);
                     break;
                 case FILL_BLOCK:
                     v = get_value(c, BINK_SRC_COLORS);
@@ -1055,7 +1051,7 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
                     return -1;
                 }
                 if (blk != FILL_BLOCK)
-                c->dsp.scale_block(ublock, dst, stride);
+                c->bdsp.scale_block(ublock, dst, stride);
                 bx++;
                 dst  += 8;
                 prev += 8;
@@ -1110,10 +1106,10 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
                 c->dsp.add_pixels8(dst, block, stride);
                 break;
             case INTRA_BLOCK:
-                c->dsp.clear_block(block);
-                block[0] = get_value(c, BINK_SRC_INTRA_DC);
-                read_dct_coeffs(gb, block, c->scantable.permutated, 0, 1, -1);
-                c->dsp.idct_put(dst, stride, block);
+                memset(dctblock, 0, sizeof(*dctblock) * 64);
+                dctblock[0] = get_value(c, BINK_SRC_INTRA_DC);
+                read_dct_coeffs(gb, dctblock, bink_scan, bink_intra_quant, -1);
+                c->bdsp.idct_put(dst, stride, dctblock);
                 break;
             case FILL_BLOCK:
                 v = get_value(c, BINK_SRC_COLORS);
@@ -1124,10 +1120,10 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
                 yoff = get_value(c, BINK_SRC_Y_OFF);
                 ref = prev + xoff + yoff * stride;
                 c->dsp.put_pixels_tab[1][0](dst, ref, stride, 8);
-                c->dsp.clear_block(block);
-                block[0] = get_value(c, BINK_SRC_INTER_DC);
-                read_dct_coeffs(gb, block, c->scantable.permutated, 0, 0, -1);
-                c->dsp.idct_add(dst, stride, block);
+                memset(dctblock, 0, sizeof(*dctblock) * 64);
+                dctblock[0] = get_value(c, BINK_SRC_INTER_DC);
+                read_dct_coeffs(gb, dctblock, bink_scan, bink_inter_quant, -1);
+                c->bdsp.idct_add(dst, stride, dctblock);
                 break;
             case PATTERN_BLOCK:
                 for (i = 0; i < 2; i++)
@@ -1215,8 +1211,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
 /**
  * Caclulate quantization tables for version b
  */
-static av_cold void binkb_calc_quant()
+static av_cold void binkb_calc_quant(void)
 {
+    uint8_t inv_bink_scan[64];
     double s[64];
     int i, j;
 
@@ -1235,17 +1232,21 @@ static av_cold void binkb_calc_quant()
         }
     }
 
+    for (i = 0; i < 64; i++)
+        inv_bink_scan[bink_scan[i]] = i;
+
     for (j = 0; j < 16; j++) {
         for (i = 0; i < 64; i++) {
+            int k = inv_bink_scan[i];
             if (s[i] == 1.0) {
-                binkb_intra_quant[j][i] = (1L << 12) * binkb_intra_seed[i] *
+                binkb_intra_quant[j][k] = (1L << 12) * binkb_intra_seed[i] *
                                           binkb_num[j]/binkb_den[j];
-                binkb_inter_quant[j][i] = (1L << 12) * binkb_inter_seed[i] *
+                binkb_inter_quant[j][k] = (1L << 12) * binkb_inter_seed[i] *
                                           binkb_num[j]/binkb_den[j];
             } else {
-                binkb_intra_quant[j][i] = (1L << 12) * binkb_intra_seed[i] * s[i] *
+                binkb_intra_quant[j][k] = (1L << 12) * binkb_intra_seed[i] * s[i] *
                                           binkb_num[j]/(double)binkb_den[j];
-                binkb_inter_quant[j][i] = (1L << 12) * binkb_inter_seed[i] * s[i] *
+                binkb_inter_quant[j][k] = (1L << 12) * binkb_inter_seed[i] * s[i] *
                                           binkb_num[j]/(double)binkb_den[j];
             }
         }
@@ -1290,7 +1291,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
 
     avctx->idct_algo = FF_IDCT_BINK;
     dsputil_init(&c->dsp, avctx);
-    ff_init_scantable(c->dsp.idct_permutation, &c->scantable, bink_scan);
+    ff_binkdsp_init(&c->bdsp);
 
     init_bundles(c);
 
@@ -1318,13 +1319,12 @@ static av_cold int decode_end(AVCodecContext *avctx)
 }
 
 AVCodec ff_bink_decoder = {
-    "binkvideo",
-    AVMEDIA_TYPE_VIDEO,
-    CODEC_ID_BINKVIDEO,
-    sizeof(BinkContext),
-    decode_init,
-    NULL,
-    decode_end,
-    decode_frame,
+    .name           = "binkvideo",
+    .type           = AVMEDIA_TYPE_VIDEO,
+    .id             = CODEC_ID_BINKVIDEO,
+    .priv_data_size = sizeof(BinkContext),
+    .init           = decode_init,
+    .close          = decode_end,
+    .decode         = decode_frame,
     .long_name = NULL_IF_CONFIG_SMALL("Bink video"),
 };