/**
* CCITT Fax Group 3 and 4 decompression
- * @file faxcompr.c
+ * @file libavcodec/faxcompr.c
* @author Konstantin Shishkov
*/
#include "avcodec.h"
static VLC ccitt_vlc[2], ccitt_group3_2d_vlc;
-av_cold void ff_ccitt_unpack_init()
+av_cold void ff_ccitt_unpack_init(void)
{
static VLC_TYPE code_table1[528][2];
static VLC_TYPE code_table2[648][2];
static int decode_group3_1d_line(AVCodecContext *avctx, GetBitContext *gb,
- int pix_left, int *runs)
+ unsigned int pix_left, int *runs, const int *runend)
{
- int mode = 0, run = 0;
+ int mode = 0;
+ unsigned int run=0;
unsigned int t;
for(;;){
t = get_vlc2(gb, ccitt_vlc[mode].table, 9, 2);
run += t;
if(t < 64){
- pix_left -= run;
*runs++ = run;
- if(pix_left <= 0){
- if(!pix_left)
+ if(runs >= runend){
+ av_log(avctx, AV_LOG_ERROR, "Run overrun\n");
+ return -1;
+ }
+ if(pix_left <= run){
+ if(pix_left == run)
break;
- runs[-1] += pix_left;
av_log(avctx, AV_LOG_ERROR, "Run went out of bounds\n");
return -1;
}
+ pix_left -= run;
run = 0;
mode = !mode;
}else if((int)t == -1){
}
static int decode_group3_2d_line(AVCodecContext *avctx, GetBitContext *gb,
- int pix_left, int *runs, const int *ref)
+ unsigned int width, int *runs, const int *runend, const int *ref)
{
- int mode = 0, offs = 0, run = 0, saved_run = 0, t;
+ int mode = 0, saved_run = 0, t;
int run_off = *ref++;
- int *run_start = runs;
+ unsigned int offs=0, run= 0;
- while(pix_left > 0){
+ runend--; // for the last written 0
+
+ while(offs < width){
int cmode = get_vlc2(gb, ccitt_group3_2d_vlc.table, 9, 1);
if(cmode == -1){
av_log(avctx, AV_LOG_ERROR, "Incorrect mode VLC\n");
return -1;
}
- //sync line pointers
- if(runs != run_start)while(run_off <= offs && run_off < avctx->width){
- run_off += *ref++;
- run_off += *ref++;
- }
if(!cmode){//pass mode
run_off += *ref++;
run = run_off - offs;
+ offs= run_off;
run_off += *ref++;
- pix_left -= run;
- if(pix_left < 0){
+ if(offs > width){
av_log(avctx, AV_LOG_ERROR, "Run went out of bounds\n");
return -1;
}
- offs += run;
saved_run += run;
}else if(cmode == 1){//horizontal mode
int k;
break;
}
*runs++ = run + saved_run;
+ if(runs >= runend){
+ av_log(avctx, AV_LOG_ERROR, "Run overrun\n");
+ return -1;
+ }
saved_run = 0;
- if(pix_left < run){
+ offs += run;
+ if(offs > width || run > width){
av_log(avctx, AV_LOG_ERROR, "Run went out of bounds\n");
return -1;
}
- pix_left -= run;
- offs += run;
mode = !mode;
}
}else if(cmode == 9 || cmode == 10){
return -1;
}else{//vertical mode
run = run_off - offs + (cmode - 5);
- if(cmode >= 5)
- run_off += *ref++;
- else
- run_off -= *--ref;
- pix_left -= run;
- if(pix_left < 0){
+ run_off -= *--ref;
+ offs += run;
+ if(offs > width || run > width){
av_log(avctx, AV_LOG_ERROR, "Run went out of bounds\n");
return -1;
}
- offs += run;
*runs++ = run + saved_run;
+ if(runs >= runend){
+ av_log(avctx, AV_LOG_ERROR, "Run overrun\n");
+ return -1;
+ }
saved_run = 0;
mode = !mode;
}
+ //sync line pointers
+ while(run_off <= offs){
+ run_off += *ref++;
+ run_off += *ref++;
+ }
}
*runs++ = saved_run;
*runs++ = 0;
{
int j;
GetBitContext gb;
- int *runs, *ref;
+ int *runs, *ref, *runend;
int ret;
+ int runsize= avctx->width + 2;
- runs = av_malloc((avctx->width + 2) * sizeof(runs[0]));
- ref = av_malloc((avctx->width + 2) * sizeof(ref[0]));
+ runs = av_malloc(runsize * sizeof(runs[0]));
+ ref = av_malloc(runsize * sizeof(ref[0]));
ref[0] = avctx->width;
ref[1] = 0;
ref[2] = 0;
init_get_bits(&gb, src, srcsize*8);
for(j = 0; j < height; j++){
+ runend = runs + runsize;
if(compr == TIFF_G4){
- ret = decode_group3_2d_line(avctx, &gb, avctx->width, runs, ref);
+ ret = decode_group3_2d_line(avctx, &gb, avctx->width, runs, runend, ref);
if(ret < 0){
av_free(runs);
av_free(ref);
if(find_group3_syncmarker(&gb, srcsize*8) < 0)
break;
if(compr==TIFF_CCITT_RLE || get_bits1(&gb))
- ret = decode_group3_1d_line(avctx, &gb, avctx->width, runs);
+ ret = decode_group3_1d_line(avctx, &gb, avctx->width, runs, runend);
else
- ret = decode_group3_2d_line(avctx, &gb, avctx->width, runs, ref);
+ ret = decode_group3_2d_line(avctx, &gb, avctx->width, runs, runend, ref);
}
if(ret < 0){
put_line(dst, stride, avctx->width, ref);
projects / ffmpeg / blobdiff