static inline int decode_bytes(const uint8_t *inbuffer, uint8_t *out, int bytes)
{
static const uint32_t tab[4] = {
- AV_BE2NE32C(0x37c511f2), AV_BE2NE32C(0xf237c511),
- AV_BE2NE32C(0x11f237c5), AV_BE2NE32C(0xc511f237),
+ AV_BE2NE32C(0x37c511f2u), AV_BE2NE32C(0xf237c511u),
+ AV_BE2NE32C(0x11f237c5u), AV_BE2NE32C(0xc511f237u),
};
int i, off;
uint32_t c;
* @param q pointer to the COOKContext
* @param quant_index_table pointer to the array
*/
-static void decode_envelope(COOKContext *q, COOKSubpacket *p,
- int *quant_index_table)
+static int decode_envelope(COOKContext *q, COOKSubpacket *p,
+ int *quant_index_table)
{
int i, j, vlc_index;
j = get_vlc2(&q->gb, q->envelope_quant_index[vlc_index - 1].table,
q->envelope_quant_index[vlc_index - 1].bits, 2);
quant_index_table[i] = quant_index_table[i - 1] + j - 12; // differential encoding
+ if (quant_index_table[i] > 63 || quant_index_table[i] < -63) {
+ av_log(q->avctx, AV_LOG_ERROR,
+ "Invalid quantizer %d at position %d, outside [-63, 63] range\n",
+ quant_index_table[i], i);
+ return AVERROR_INVALIDDATA;
+ }
}
+
+ return 0;
}
/**
int *category, int *category_index)
{
int exp_idx, bias, tmpbias1, tmpbias2, bits_left, num_bits, index, v, i, j;
- int exp_index2[102];
- int exp_index1[102];
+ int exp_index2[102] = { 0 };
+ int exp_index1[102] = { 0 };
- int tmp_categorize_array[128 * 2];
+ int tmp_categorize_array[128 * 2] = { 0 };
int tmp_categorize_array1_idx = p->numvector_size;
int tmp_categorize_array2_idx = p->numvector_size;
//av_log(q->avctx, AV_LOG_ERROR, "bits_left = %d\n",bits_left);
}
- memset(&exp_index1, 0, sizeof(exp_index1));
- memset(&exp_index2, 0, sizeof(exp_index2));
- memset(&tmp_categorize_array, 0, sizeof(tmp_categorize_array));
-
bias = -32;
/* Estimate bias. */
{
int i;
for (i = 0; i < q->num_vectors; i++)
- ++category[category_index[i]];
+ {
+ int idx = category_index[i];
+ if (++category[idx] >= FF_ARRAY_ELEMS(dither_tab))
+ --category[idx];
+ }
}
/**
* @param q pointer to the COOKContext
* @param mlt_buffer pointer to mlt coefficients
*/
-static void mono_decode(COOKContext *q, COOKSubpacket *p, float *mlt_buffer)
+static int mono_decode(COOKContext *q, COOKSubpacket *p, float *mlt_buffer)
{
- int category_index[128];
+ int category_index[128] = { 0 };
+ int category[128] = { 0 };
int quant_index_table[102];
- int category[128];
-
- memset(&category, 0, sizeof(category));
- memset(&category_index, 0, sizeof(category_index));
+ int res, i;
- decode_envelope(q, p, quant_index_table);
+ if ((res = decode_envelope(q, p, quant_index_table)) < 0)
+ return res;
q->num_vectors = get_bits(&q->gb, p->log2_numvector_size);
categorize(q, p, quant_index_table, category, category_index);
expand_category(q, category, category_index);
+ for (i=0; i<p->total_subbands; i++) {
+ if (category[i] > 7)
+ return AVERROR_INVALIDDATA;
+ }
decode_vectors(q, p, category, quant_index_table, mlt_buffer);
+
+ return 0;
}
* @param decouple_tab decoupling array
*
*/
-static void decouple_info(COOKContext *q, COOKSubpacket *p, int *decouple_tab)
+static int decouple_info(COOKContext *q, COOKSubpacket *p, int *decouple_tab)
{
int i;
int vlc = get_bits1(&q->gb);
int length = end - start + 1;
if (start > end)
- return;
+ return 0;
if (vlc)
for (i = 0; i < length; i++)
decouple_tab[start + i] = get_vlc2(&q->gb, p->ccpl.table, p->ccpl.bits, 2);
else
- for (i = 0; i < length; i++)
- decouple_tab[start + i] = get_bits(&q->gb, p->js_vlc_bits);
+ for (i = 0; i < length; i++) {
+ int v = get_bits(&q->gb, p->js_vlc_bits);
+ if (v == (1<<p->js_vlc_bits)-1) {
+ av_log(q->avctx, AV_LOG_ERROR, "decouple value too large\n");
+ return AVERROR_INVALIDDATA;
+ }
+ decouple_tab[start + i] = v;
+ }
+ return 0;
}
/*
* @param mlt_buffer1 pointer to left channel mlt coefficients
* @param mlt_buffer2 pointer to right channel mlt coefficients
*/
-static void joint_decode(COOKContext *q, COOKSubpacket *p, float *mlt_buffer1,
- float *mlt_buffer2)
+static int joint_decode(COOKContext *q, COOKSubpacket *p, float *mlt_buffer1,
+ float *mlt_buffer2)
{
- int i, j;
- int decouple_tab[SUBBAND_SIZE];
+ int i, j, res;
+ int decouple_tab[SUBBAND_SIZE] = { 0 };
float *decode_buffer = q->decode_buffer_0;
int idx, cpl_tmp;
float f1, f2;
const float *cplscale;
- memset(decouple_tab, 0, sizeof(decouple_tab));
memset(decode_buffer, 0, sizeof(q->decode_buffer_0));
/* Make sure the buffers are zeroed out. */
memset(mlt_buffer1, 0, 1024 * sizeof(*mlt_buffer1));
memset(mlt_buffer2, 0, 1024 * sizeof(*mlt_buffer2));
- decouple_info(q, p, decouple_tab);
- mono_decode(q, p, decode_buffer);
-
+ if ((res = decouple_info(q, p, decouple_tab)) < 0)
+ return res;
+ if ((res = mono_decode(q, p, decode_buffer)) < 0)
+ return res;
/* The two channels are stored interleaved in decode_buffer. */
for (i = 0; i < p->js_subband_start; i++) {
for (j = 0; j < SUBBAND_SIZE; j++) {
cpl_tmp = cplband[i];
idx -= decouple_tab[cpl_tmp];
cplscale = q->cplscales[p->js_vlc_bits - 2]; // choose decoupler table
- f1 = cplscale[decouple_tab[cpl_tmp]];
- f2 = cplscale[idx - 1];
+ f1 = cplscale[decouple_tab[cpl_tmp] + 1];
+ f2 = cplscale[idx];
q->decouple(q, p, i, f1, f2, decode_buffer, mlt_buffer1, mlt_buffer2);
idx = (1 << p->js_vlc_bits) - 1;
}
+
+ return 0;
}
/**
* @param inbuffer pointer to the inbuffer
* @param outbuffer pointer to the outbuffer
*/
-static void decode_subpacket(COOKContext *q, COOKSubpacket *p,
- const uint8_t *inbuffer, float *outbuffer)
+static int decode_subpacket(COOKContext *q, COOKSubpacket *p,
+ const uint8_t *inbuffer, float *outbuffer)
{
int sub_packet_size = p->size;
+ int res;
/* packet dump */
// for (i = 0; i < sub_packet_size ; i++)
// av_log(q->avctx, AV_LOG_ERROR, "%02x", inbuffer[i]);
decode_bytes_and_gain(q, p, inbuffer, &p->gains1);
if (p->joint_stereo) {
- joint_decode(q, p, q->decode_buffer_1, q->decode_buffer_2);
+ if ((res = joint_decode(q, p, q->decode_buffer_1, q->decode_buffer_2)) < 0)
+ return res;
} else {
- mono_decode(q, p, q->decode_buffer_1);
+ if ((res = mono_decode(q, p, q->decode_buffer_1)) < 0)
+ return res;
if (p->num_channels == 2) {
decode_bytes_and_gain(q, p, inbuffer + sub_packet_size / 2, &p->gains2);
- mono_decode(q, p, q->decode_buffer_2);
+ if ((res = mono_decode(q, p, q->decode_buffer_2)) < 0)
+ return res;
}
}
else
mlt_compensate_output(q, q->decode_buffer_2, &p->gains2,
p->mono_previous_buffer2, outbuffer, p->ch_idx + 1);
+
+ return 0;
}
i, q->subpacket[i].size, q->subpacket[i].joint_stereo, offset,
avctx->block_align);
- decode_subpacket(q, &q->subpacket[i], buf + offset, samples);
+ if ((ret = decode_subpacket(q, &q->subpacket[i], buf + offset, samples)) < 0)
+ return ret;
offset += q->subpacket[i].size;
chidx += q->subpacket[i].num_channels;
av_log(avctx, AV_LOG_DEBUG, "subpacket[%i] %i %i\n",
q->subpacket[s].gains2.now = q->subpacket[s].gain_3;
q->subpacket[s].gains2.previous = q->subpacket[s].gain_4;
+ if (q->num_subpackets + q->subpacket[s].num_channels > q->nb_channels) {
+ av_log(avctx, AV_LOG_ERROR, "Too many subpackets %d for channels %d\n", q->num_subpackets, q->nb_channels);
+ return AVERROR_INVALIDDATA;
+ }
+
q->num_subpackets++;
s++;
if (s > MAX_SUBPACKETS) {