if (huff_tab->tab_sel == 7) {
/* custom huffman table (explicitly encoded) */
new_huff.num_rows = get_bits(gb, 4);
+ if (!new_huff.num_rows) {
+ av_log(avctx, AV_LOG_ERROR, "Empty custom Huffman table!\n");
+ return AVERROR_INVALIDDATA;
+ }
for (i = 0; i < new_huff.num_rows; i++)
new_huff.xbits[i] = get_bits(gb, 4);
result = ff_ivi_create_huff_from_desc(&huff_tab->cust_desc,
&huff_tab->cust_tab, 0);
if (result) {
+ huff_tab->cust_desc.num_rows = 0; // reset faulty description
av_log(avctx, AV_LOG_ERROR,
"Error while initializing custom vlc table!\n");
- return -1;
+ return result;
}
}
huff_tab->tab = &huff_tab->cust_tab;
band->width = b_width;
band->height = b_height;
band->pitch = width_aligned;
- band->bufs[0] = av_malloc(buf_size);
- band->bufs[1] = av_malloc(buf_size);
+ band->aheight = height_aligned;
+ band->bufs[0] = av_mallocz(buf_size);
+ band->bufs[1] = av_mallocz(buf_size);
if (!band->bufs[0] || !band->bufs[1])
return AVERROR(ENOMEM);
/* allocate the 3rd band buffer for scalability mode */
if (cfg->luma_bands > 1) {
- band->bufs[2] = av_malloc(buf_size);
+ band->bufs[2] = av_mallocz(buf_size);
if (!band->bufs[2])
return AVERROR(ENOMEM);
}
for (x = 0; x < band->width; x += t_width) {
tile->xpos = x;
tile->ypos = y;
+ tile->mb_size = band->mb_size;
tile->width = FFMIN(band->width - x, t_width);
tile->height = FFMIN(band->height - y, t_height);
tile->is_empty = tile->data_size = 0;
mv_x >>= 1;
mv_y >>= 1; /* convert halfpel vectors into fullpel ones */
}
+ if (mb->type) {
+ int dmv_x, dmv_y, cx, cy;
+
+ dmv_x = mb->mv_x >> band->is_halfpel;
+ dmv_y = mb->mv_y >> band->is_halfpel;
+ cx = mb->mv_x & band->is_halfpel;
+ cy = mb->mv_y & band->is_halfpel;
+
+ if ( mb->xpos + dmv_x < 0
+ || mb->xpos + dmv_x + band->mb_size + cx > band->pitch
+ || mb->ypos + dmv_y < 0
+ || mb->ypos + dmv_y + band->mb_size + cy > band->aheight) {
+ return AVERROR_INVALIDDATA;
+ }
+ }
}
for (blk = 0; blk < num_blocks; blk++) {
#ifdef DEBUG
-uint16_t ivi_calc_band_checksum (IVIBandDesc *band)
+static uint16_t ivi_calc_band_checksum(IVIBandDesc *band)
{
int x, y;
int16_t *src, checksum;
return checksum;
}
-
-int ivi_check_band (IVIBandDesc *band, const uint8_t *ref, int pitch)
-{
- int x, y, result;
- uint8_t t1, t2;
- int16_t *src;
-
- src = band->buf;
- result = 0;
-
- for (y = 0; y < band->height; src += band->pitch, y++) {
- for (x = 0; x < band->width; x++) {
- t1 = av_clip(src[x] + 128, 0, 255);
- t2 = ref[x];
- if (t1 != t2) {
- av_log(NULL, AV_LOG_ERROR, "Data mismatch: row %d, column %d\n",
- y / band->blk_size, x / band->blk_size);
- result = -1;
- }
- }
- ref += pitch;
- }
-
- return result;
-}
#endif
void ff_ivi_output_plane(IVIPlaneDesc *plane, uint8_t *dst, int dst_pitch)
IVITile *tile;
band->buf = band->bufs[ctx->dst_buf];
+ if (!band->buf) {
+ av_log(avctx, AV_LOG_ERROR, "Band buffer points to no data!\n");
+ return AVERROR_INVALIDDATA;
+ }
band->ref_buf = band->bufs[ctx->ref_buf];
band->data_ptr = ctx->frame_data + (get_bits_count(&ctx->gb) >> 3);
for (t = 0; t < band->num_tiles; t++) {
tile = &band->tiles[t];
+ if (tile->mb_size != band->mb_size) {
+ av_log(avctx, AV_LOG_ERROR, "MB sizes mismatch: %d vs. %d\n",
+ band->mb_size, tile->mb_size);
+ return AVERROR_INVALIDDATA;
+ }
tile->is_empty = get_bits1(&ctx->gb);
if (tile->is_empty) {
ff_ivi_process_empty_tile(avctx, band, tile,
"Error while decoding picture header: %d\n", result);
return -1;
}
+ if (ctx->gop_invalid)
+ return AVERROR_INVALIDDATA;
if (ctx->gop_flags & IVI5_IS_PROTECTED) {
av_log(avctx, AV_LOG_ERROR, "Password-protected clip!\n");
/* If the bidirectional mode is enabled, next I and the following P frame will */
/* be sent together. Unfortunately the approach below seems to be the only way */
/* to handle the B-frames mode. That's exactly the same Intel decoders do. */
- if (avctx->codec_id == CODEC_ID_INDEO4 && ctx->frame_type == 0/*FRAMETYPE_INTRA*/) {
+ if (avctx->codec_id == AV_CODEC_ID_INDEO4 && ctx->frame_type == 0/*FRAMETYPE_INTRA*/) {
while (get_bits(&ctx->gb, 8)); // skip version string
skip_bits_long(&ctx->gb, 64); // skip padding, TODO: implement correct 8-bytes alignment
if (get_bits_left(&ctx->gb) > 18 && show_bits(&ctx->gb, 18) == 0x3FFF8)
avctx->release_buffer(avctx, &ctx->frame);
ctx->frame.reference = 0;
+ avcodec_set_dimensions(avctx, ctx->planes[0].width, ctx->planes[0].height);
if ((result = avctx->get_buffer(avctx, &ctx->frame)) < 0) {
av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
return result;
}
if (ctx->is_scalable) {
- if (avctx->codec_id == CODEC_ID_INDEO4)
+ if (avctx->codec_id == AV_CODEC_ID_INDEO4)
ff_ivi_recompose_haar(&ctx->planes[0], ctx->frame.data[0], ctx->frame.linesize[0], 4);
else
ff_ivi_recompose53 (&ctx->planes[0], ctx->frame.data[0], ctx->frame.linesize[0], 4);
avctx->release_buffer(avctx, &ctx->frame);
#if IVI4_STREAM_ANALYSER
- if (avctx->codec_id == CODEC_ID_INDEO4) {
+ if (avctx->codec_id == AV_CODEC_ID_INDEO4) {
if (ctx->is_scalable)
av_log(avctx, AV_LOG_ERROR, "This video uses scalability mode!\n");
if (ctx->uses_tiling)
projects / ffmpeg / blobdiff