* You should have received a copy of the GNU Lesser General Public
* License along with FFmpeg; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
*/
/**
#define ALT_BITSTREAM_READER_LE
#include "bitstream.h"
+#include "bytestream.h"
#define SMKTREE_BITS 9
#define SMK_NODE 0x80000000
if(get_bits1(gb)) {
smacker_decode_tree(gb, &tmp1, 0, 0);
- get_bits1(gb);
+ skip_bits1(gb);
res = init_vlc(&vlc[0], SMKTREE_BITS, tmp1.length,
tmp1.lengths, sizeof(int), sizeof(int),
tmp1.bits, sizeof(uint32_t), sizeof(uint32_t), INIT_VLC_LE);
}
if(get_bits1(gb)){
smacker_decode_tree(gb, &tmp2, 0, 0);
- get_bits1(gb);
+ skip_bits1(gb);
res = init_vlc(&vlc[1], SMKTREE_BITS, tmp2.length,
tmp2.lengths, sizeof(int), sizeof(int),
tmp2.bits, sizeof(uint32_t), sizeof(uint32_t), INIT_VLC_LE);
huff.values = av_mallocz(huff.length * sizeof(int));
smacker_decode_bigtree(gb, &huff, &ctx);
- get_bits1(gb);
+ skip_bits1(gb);
if(ctx.last[0] == -1) ctx.last[0] = huff.current++;
if(ctx.last[1] == -1) ctx.last[1] = huff.current++;
if(ctx.last[2] == -1) ctx.last[2] = huff.current++;
} else {
smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size);
}
- if(!get_bits(&gb, 1)) {
+ if(!get_bits1(&gb)) {
av_log(smk->avctx, AV_LOG_INFO, "Skipping MCLR tree\n");
smk->mclr_tbl = av_malloc(sizeof(int) * 2);
smk->mclr_tbl[0] = 0;
} else {
smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size);
}
- if(!get_bits(&gb, 1)) {
+ if(!get_bits1(&gb)) {
av_log(smk->avctx, AV_LOG_INFO, "Skipping FULL tree\n");
smk->full_tbl = av_malloc(sizeof(int) * 2);
smk->full_tbl[0] = 0;
} else {
smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size);
}
- if(!get_bits(&gb, 1)) {
+ if(!get_bits1(&gb)) {
av_log(smk->avctx, AV_LOG_INFO, "Skipping TYPE tree\n");
smk->type_tbl = av_malloc(sizeof(int) * 2);
smk->type_tbl[0] = 0;
return v;
}
-static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, uint8_t *buf, int buf_size)
+static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, const uint8_t *buf, int buf_size)
{
SmackVContext * const smk = avctx->priv_data;
uint8_t *out;
int i;
int stride;
- if(buf_size == 769)
+ if(buf_size <= 769)
return 0;
if(smk->pic.data[0])
avctx->release_buffer(avctx, &smk->pic);
}
/* make the palette available on the way out */
- out = buf + 1;
pal = (uint32_t*)smk->pic.data[1];
smk->pic.palette_has_changed = buf[0] & 1;
smk->pic.key_frame = !!(buf[0] & 2);
else
smk->pic.pict_type = FF_P_TYPE;
- for(i = 0; i < 256; i++) {
- int r, g, b;
- r = *out++;
- g = *out++;
- b = *out++;
- *pal++ = (r << 16) | (g << 8) | b;
- }
+ buf++;
+ for(i = 0; i < 256; i++)
+ *pal++ = bytestream_get_be24(&buf);
+ buf_size -= 769;
last_reset(smk->mmap_tbl, smk->mmap_last);
last_reset(smk->mclr_tbl, smk->mclr_last);
last_reset(smk->full_tbl, smk->full_last);
last_reset(smk->type_tbl, smk->type_last);
- init_get_bits(&gb, buf + 769, (buf_size - 769) * 8);
+ init_get_bits(&gb, buf, buf_size * 8);
blk = 0;
bw = avctx->width >> 2;
/**
* Decode Smacker audio data
*/
-static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, uint8_t *buf, int buf_size)
+static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, const uint8_t *buf, int buf_size)
{
GetBitContext gb;
HuffContext h[4];
}
stereo = get_bits1(&gb);
bits = get_bits1(&gb);
+ if (unp_size & 0xC0000000 || (unp_size << !bits) > *data_size) {
+ av_log(avctx, AV_LOG_ERROR, "Frame is too large to fit in buffer\n");
+ return -1;
+ }
memset(vlc, 0, sizeof(VLC) * 4);
memset(h, 0, sizeof(HuffContext) * 4);
h[i].bits = av_mallocz(256 * 4);
h[i].lengths = av_mallocz(256 * sizeof(int));
h[i].values = av_mallocz(256 * sizeof(int));
- get_bits1(&gb);
+ skip_bits1(&gb);
smacker_decode_tree(&gb, &h[i], 0, 0);
- get_bits1(&gb);
+ skip_bits1(&gb);
if(h[i].current > 1) {
res = init_vlc(&vlc[i], SMKTREE_BITS, h[i].length,
h[i].lengths, sizeof(int), sizeof(int),
projects / ffmpeg / blobdiff