X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;ds=sidebyside;f=libavcodec%2F4xm.c;h=b2d4db26b0555520d6b32ebf2e975c7c152c42bb;hb=851960f6f8cf1f946fe42fa36cf6598fac68072c;hp=304dfc0c13a84789541fd47e05221bb007aa8657;hpb=10c26e928a92c413f569183af0b26a4eca4d6ef1;p=ffmpeg diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c index 304dfc0c13a..b2d4db26b05 100644 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@ -24,16 +24,18 @@ * 4XM codec. */ +#include + +#include "libavutil/frame.h" +#include "libavutil/imgutils.h" #include "libavutil/intreadwrite.h" #include "avcodec.h" +#include "blockdsp.h" +#include "bswapdsp.h" #include "bytestream.h" -#include "dsputil.h" #include "get_bits.h" #include "internal.h" -//#undef NDEBUG -//#include - #define BLOCK_TYPE_VLC_BITS 5 #define ACDC_VLC_BITS 9 @@ -130,8 +132,10 @@ typedef struct CFrameBuffer { typedef struct FourXContext { AVCodecContext *avctx; - DSPContext dsp; - AVFrame current_picture, last_picture; + BlockDSPContext bdsp; + BswapDSPContext bbdsp; + uint16_t *frame_buffer; + uint16_t *last_frame_buffer; GetBitContext pre_gb; ///< ac/dc prefix GetBitContext gb; GetByteContext g; @@ -139,7 +143,7 @@ typedef struct FourXContext { int mv[256]; VLC pre_vlc; int last_dc; - DECLARE_ALIGNED(16, DCTELEM, block)[6][64]; + DECLARE_ALIGNED(16, int16_t, block)[6][64]; void *bitstream_buffer; unsigned int bitstream_buffer_size; int version; @@ -154,7 +158,7 @@ typedef struct FourXContext { #define MULTIPLY(var, const) (((var) * (const)) >> 16) -static void idct(DCTELEM block[64]) +static void idct(int16_t block[64]) { int tmp0, tmp1, tmp2, tmp3, tmp4, tmp5, tmp6, tmp7; int tmp10, tmp11, tmp12, tmp13; @@ -256,15 +260,15 @@ static av_cold void init_vlcs(FourXContext *f) } } -static void init_mv(FourXContext *f) +static void init_mv(FourXContext *f, int linesize) { int i; for (i = 0; i < 256; i++) { if (f->version > 1) - f->mv[i] = mv[i][0] + mv[i][1] * f->current_picture.linesize[0] / 2; + f->mv[i] = mv[i][0] + mv[i][1] * linesize / 2; else - f->mv[i] = (i & 15) - 8 + ((i >> 4) - 8) * f->current_picture.linesize[0] / 2; + f->mv[i] = (i & 15) - 8 + ((i >> 4) - 8) * linesize / 2; } } @@ -329,51 +333,48 @@ static inline void mcdc(uint16_t *dst, uint16_t *src, int log2w, } break; default: - assert(0); + break; } } -static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, - int log2w, int log2h, int stride) +static int decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, + int log2w, int log2h, int stride) { - const int index = size2index[log2h][log2w]; - const int h = 1 << log2h; - int code = get_vlc2(&f->gb, - block_type_vlc[1 - (f->version > 1)][index].table, - BLOCK_TYPE_VLC_BITS, 1); - uint16_t *start = (uint16_t *)f->last_picture.data[0]; - uint16_t *end = start + stride * (f->avctx->height - h + 1) - (1 << log2w); + int index, h, code, ret, scale = 1; + uint16_t *start, *end; + unsigned dc = 0; - assert(code >= 0 && code <= 6); + if (log2h < 0 || log2w < 0) + return AVERROR_INVALIDDATA; - if (code == 0) { - src += f->mv[bytestream2_get_byte(&f->g)]; - if (start > src || src > end) { - av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n"); - return; - } - mcdc(dst, src, log2w, h, stride, 1, 0); - } else if (code == 1) { - log2h--; - decode_p_block(f, dst, src, log2w, log2h, stride); - decode_p_block(f, dst + (stride << log2h), - src + (stride << log2h), log2w, log2h, stride); + index = size2index[log2h][log2w]; + if (index < 0) + return AVERROR_INVALIDDATA; + + h = 1 << log2h; + code = get_vlc2(&f->gb, block_type_vlc[1 - (f->version > 1)][index].table, + BLOCK_TYPE_VLC_BITS, 1); + if (code < 0 || code > 6) + return AVERROR_INVALIDDATA; + + start = f->last_frame_buffer; + end = start + stride * (f->avctx->height - h + 1) - (1 << log2w); + + if (code == 1) { + if (--log2h < 0) + return AVERROR_INVALIDDATA; + if ((ret = decode_p_block(f, dst, src, log2w, log2h, stride)) < 0) + return ret; + return decode_p_block(f, dst + (stride << log2h), + src + (stride << log2h), + log2w, log2h, stride); } else if (code == 2) { log2w--; - decode_p_block(f, dst , src, log2w, log2h, stride); - decode_p_block(f, dst + (1 << log2w), - src + (1 << log2w), log2w, log2h, stride); - } else if (code == 3 && f->version < 2) { - mcdc(dst, src, log2w, h, stride, 1, 0); - } else if (code == 4) { - src += f->mv[bytestream2_get_byte(&f->g)]; - if (start > src || src > end) { - av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n"); - return; - } - mcdc(dst, src, log2w, h, stride, 1, bytestream2_get_le16(&f->g2)); - } else if (code == 5) { - mcdc(dst, src, log2w, h, stride, 0, bytestream2_get_le16(&f->g2)); + if ((ret = decode_p_block(f, dst , src, log2w, log2h, stride)) < 0) + return ret; + return decode_p_block(f, dst + (1 << log2w), + src + (1 << log2w), + log2w, log2h, stride); } else if (code == 6) { if (log2w) { dst[0] = bytestream2_get_le16(&f->g2); @@ -382,7 +383,29 @@ static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, dst[0] = bytestream2_get_le16(&f->g2); dst[stride] = bytestream2_get_le16(&f->g2); } + return 0; + } + + if (code == 0) { + src += f->mv[bytestream2_get_byte(&f->g)]; + } else if (code == 3 && f->version >= 2) { + return 0; + } else if (code == 4) { + src += f->mv[bytestream2_get_byte(&f->g)]; + dc = bytestream2_get_le16(&f->g2); + } else if (code == 5) { + scale = 0; + dc = bytestream2_get_le16(&f->g2); + } + + if (start > src || src > end) { + av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n"); + return AVERROR_INVALIDDATA; } + + mcdc(dst, src, log2w, h, stride, scale, dc); + + return 0; } static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length) @@ -390,13 +413,17 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length) int x, y; const int width = f->avctx->width; const int height = f->avctx->height; - uint16_t *src = (uint16_t *)f->last_picture.data[0]; - uint16_t *dst = (uint16_t *)f->current_picture.data[0]; - const int stride = f->current_picture.linesize[0] >> 1; + uint16_t *dst = f->frame_buffer; + uint16_t *src; unsigned int bitstream_size, bytestream_size, wordstream_size, extra, bytestream_offset, wordstream_offset; + int ret; + + src = f->last_frame_buffer; if (f->version > 1) { + if (length < 20) + return AVERROR_INVALIDDATA; extra = 20; bitstream_size = AV_RL32(buf + 8); wordstream_size = AV_RL32(buf + 12); @@ -419,13 +446,13 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length) } av_fast_malloc(&f->bitstream_buffer, &f->bitstream_buffer_size, - bitstream_size + FF_INPUT_BUFFER_PADDING_SIZE); + bitstream_size + AV_INPUT_BUFFER_PADDING_SIZE); if (!f->bitstream_buffer) return AVERROR(ENOMEM); - f->dsp.bswap_buf(f->bitstream_buffer, (const uint32_t*)(buf + extra), - bitstream_size / 4); + f->bbdsp.bswap_buf(f->bitstream_buffer, (const uint32_t *) (buf + extra), + bitstream_size / 4); memset((uint8_t*)f->bitstream_buffer + bitstream_size, - 0, FF_INPUT_BUFFER_PADDING_SIZE); + 0, AV_INPUT_BUFFER_PADDING_SIZE); init_get_bits(&f->gb, f->bitstream_buffer, 8 * bitstream_size); wordstream_offset = extra + bitstream_size; @@ -435,13 +462,14 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length) bytestream2_init(&f->g, buf + bytestream_offset, length - bytestream_offset); - init_mv(f); + init_mv(f, width * 2); for (y = 0; y < height; y += 8) { for (x = 0; x < width; x += 8) - decode_p_block(f, dst + x, src + x, 3, 3, stride); - src += 8 * stride; - dst += 8 * stride; + if ((ret = decode_p_block(f, dst + x, src + x, 3, 3, width)) < 0) + return ret; + src += 8 * width; + dst += 8 * width; } return 0; @@ -451,7 +479,7 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length) * decode block and dequantize. * Note this is almost identical to MJPEG. */ -static int decode_i_block(FourXContext *f, DCTELEM *block) +static int decode_i_block(FourXContext *f, int16_t *block) { int code, i, j, level, val; @@ -496,17 +524,17 @@ static int decode_i_block(FourXContext *f, DCTELEM *block) static inline void idct_put(FourXContext *f, int x, int y) { - DCTELEM (*block)[64] = f->block; - int stride = f->current_picture.linesize[0] >> 1; + int16_t (*block)[64] = f->block; + int stride = f->avctx->width; int i; - uint16_t *dst = ((uint16_t*)f->current_picture.data[0]) + y * stride + x; + uint16_t *dst = f->frame_buffer + y * stride + x; for (i = 0; i < 4; i++) { block[i][0] += 0x80 * 8 * 8; idct(block[i]); } - if (!(f->avctx->flags & CODEC_FLAG_GRAY)) { + if (!(f->avctx->flags & AV_CODEC_FLAG_GRAY)) { for (i = 4; i < 6; i++) idct(block[i]); } @@ -517,7 +545,7 @@ static inline void idct_put(FourXContext *f, int x, int y) * cr = (-1b - 4g + 5r) / 14 */ for (y = 0; y < 8; y++) { for (x = 0; x < 8; x++) { - DCTELEM *temp = block[(x >> 2) + 2 * (y >> 2)] + + int16_t *temp = block[(x >> 2) + 2 * (y >> 2)] + 2 * (x & 3) + 2 * 8 * (y & 3); // FIXME optimize int cb = block[4][x + 8 * y]; int cr = block[5][x + 8 * y]; @@ -545,7 +573,7 @@ static int decode_i_mb(FourXContext *f) int ret; int i; - f->dsp.clear_blocks(f->block[0]); + f->bdsp.clear_blocks(f->block[0]); for (i = 0; i < 6; i++) if ((ret = decode_i_block(f, f->block[i])) < 0) @@ -555,7 +583,8 @@ static int decode_i_mb(FourXContext *f) } static const uint8_t *read_huffman_tables(FourXContext *f, - const uint8_t * const buf) + const uint8_t * const buf, + int len) { int frequency[512] = { 0 }; uint8_t flag[512]; @@ -573,12 +602,20 @@ static const uint8_t *read_huffman_tables(FourXContext *f, for (;;) { int i; + len -= end - start + 1; + + if (end < start || len < 0) + return NULL; + for (i = start; i <= end; i++) frequency[i] = *ptr++; start = *ptr++; if (start == 0) break; + if (--len < 0) + return NULL; + end = *ptr++; } frequency[256] = 1; @@ -653,8 +690,7 @@ static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length) const int width = f->avctx->width; const int height = f->avctx->height; const int mbs = (FFALIGN(width, 16) >> 4) * (FFALIGN(height, 16) >> 4); - uint16_t *dst = (uint16_t*)f->current_picture.data[0]; - const int stride = f->current_picture.linesize[0]>>1; + uint16_t *dst = f->frame_buffer; GetByteContext g3; if (length < mbs * 8) { @@ -671,9 +707,9 @@ static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length) color[1] = bytestream2_get_le16u(&g3); if (color[0] & 0x8000) - av_log(NULL, AV_LOG_ERROR, "unk bit 1\n"); + av_log(f->avctx, AV_LOG_ERROR, "unk bit 1\n"); if (color[1] & 0x8000) - av_log(NULL, AV_LOG_ERROR, "unk bit 2\n"); + av_log(f->avctx, AV_LOG_ERROR, "unk bit 2\n"); color[2] = mix(color[0], color[1]); color[3] = mix(color[1], color[0]); @@ -682,12 +718,12 @@ static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length) for (y2 = 0; y2 < 16; y2++) { for (x2 = 0; x2 < 16; x2++) { int index = 2 * (x2 >> 2) + 8 * (y2 >> 2); - dst[y2 * stride + x2] = color[(bits >> index) & 3]; + dst[y2 * width + x2] = color[(bits >> index) & 3]; } } dst += 16; } - dst += 16 * stride - x; + dst += 16 * width - x; } return 0; @@ -703,6 +739,9 @@ static int decode_i_frame(FourXContext *f, const uint8_t *buf, int length) unsigned int prestream_size; const uint8_t *prestream; + if (bitstream_size > (1 << 26)) + return AVERROR_INVALIDDATA; + if (length < bitstream_size + 12) { av_log(f->avctx, AV_LOG_ERROR, "packet size too small\n"); return AVERROR_INVALIDDATA; @@ -713,27 +752,30 @@ static int decode_i_frame(FourXContext *f, const uint8_t *buf, int length) prestream = buf + bitstream_size + 12; if (prestream_size + bitstream_size + 12 != length - || bitstream_size > (1 << 26) || prestream_size > (1 << 26)) { av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d %d\n", prestream_size, bitstream_size, length); return AVERROR_INVALIDDATA; } - prestream = read_huffman_tables(f, prestream); + prestream = read_huffman_tables(f, prestream, prestream_size); + if (!prestream) { + av_log(f->avctx, AV_LOG_ERROR, "Error reading Huffman tables.\n"); + return AVERROR_INVALIDDATA; + } init_get_bits(&f->gb, buf + 4, 8 * bitstream_size); prestream_size = length + buf - prestream; av_fast_malloc(&f->bitstream_buffer, &f->bitstream_buffer_size, - prestream_size + FF_INPUT_BUFFER_PADDING_SIZE); + prestream_size + AV_INPUT_BUFFER_PADDING_SIZE); if (!f->bitstream_buffer) return AVERROR(ENOMEM); - f->dsp.bswap_buf(f->bitstream_buffer, (const uint32_t*)prestream, - prestream_size / 4); + f->bbdsp.bswap_buf(f->bitstream_buffer, (const uint32_t *) prestream, + prestream_size / 4); memset((uint8_t*)f->bitstream_buffer + prestream_size, - 0, FF_INPUT_BUFFER_PADDING_SIZE); + 0, AV_INPUT_BUFFER_PADDING_SIZE); init_get_bits(&f->pre_gb, f->bitstream_buffer, 8 * prestream_size); f->last_dc = 0 * 128 * 8 * 8; @@ -760,21 +802,34 @@ static int decode_frame(AVCodecContext *avctx, void *data, int buf_size = avpkt->size; FourXContext *const f = avctx->priv_data; AVFrame *picture = data; - AVFrame *p, temp; int i, frame_4cc, frame_size, ret; - frame_4cc = AV_RL32(buf); - if (buf_size != AV_RL32(buf + 4) + 8 || buf_size < 20) - av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d\n", + if (buf_size < 20) + return AVERROR_INVALIDDATA; + + if (avctx->width % 16 || avctx->height % 16) { + av_log(avctx, AV_LOG_ERROR, + "Dimensions non-multiple of 16 are invalid.\n"); + return AVERROR_INVALIDDATA; + } + + if (buf_size < AV_RL32(buf + 4) + 8) { + av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %"PRIu32"\n", buf_size, AV_RL32(buf + 4)); + return AVERROR_INVALIDDATA; + } + + frame_4cc = AV_RL32(buf); if (frame_4cc == AV_RL32("cfrm")) { int free_index = -1; + int id, whole_size; const int data_size = buf_size - 20; - const int id = AV_RL32(buf + 12); - const int whole_size = AV_RL32(buf + 16); CFrameBuffer *cfrm; + id = AV_RL32(buf + 12); + whole_size = AV_RL32(buf + 16); + for (i = 0; i < CFRAME_BUFFER_COUNT; i++) if (f->cfrm[i].id && f->cfrm[i].id < avctx->frame_number) av_log(f->avctx, AV_LOG_ERROR, "lost c frame %d\n", @@ -794,7 +849,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, cfrm = &f->cfrm[i]; cfrm->data = av_fast_realloc(cfrm->data, &cfrm->allocated_size, - cfrm->size + data_size + FF_INPUT_BUFFER_PADDING_SIZE); + cfrm->size + data_size + AV_INPUT_BUFFER_PADDING_SIZE); // explicit check needed as memcpy below might not catch a NULL if (!cfrm->data) { av_log(f->avctx, AV_LOG_ERROR, "realloc failure"); @@ -812,6 +867,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, av_log(f->avctx, AV_LOG_ERROR, "cframe id mismatch %d %d\n", id, avctx->frame_number); + if (f->version <= 1) + return AVERROR_INVALIDDATA; + cfrm->size = cfrm->id = 0; frame_4cc = AV_RL32("pfrm"); } else @@ -821,44 +879,22 @@ static int decode_frame(AVCodecContext *avctx, void *data, frame_size = buf_size - 12; } - temp = f->current_picture; - f->current_picture = f->last_picture; - f->last_picture = temp; - - p = &f->current_picture; - avctx->coded_frame = p; - - // alternatively we would have to use our own buffer management - avctx->flags |= CODEC_FLAG_EMU_EDGE; - if (p->data[0]) - avctx->release_buffer(avctx, p); - - p->reference = 1; - if ((ret = ff_get_buffer(avctx, p)) < 0) { + if ((ret = ff_get_buffer(avctx, picture, 0)) < 0) { av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); return ret; } if (frame_4cc == AV_RL32("ifr2")) { - p->pict_type = AV_PICTURE_TYPE_I; + picture->pict_type = AV_PICTURE_TYPE_I; if ((ret = decode_i2_frame(f, buf - 4, frame_size + 4)) < 0) return ret; } else if (frame_4cc == AV_RL32("ifrm")) { - p->pict_type = AV_PICTURE_TYPE_I; + picture->pict_type = AV_PICTURE_TYPE_I; if ((ret = decode_i_frame(f, buf, frame_size)) < 0) return ret; } else if (frame_4cc == AV_RL32("pfrm") || frame_4cc == AV_RL32("pfr2")) { - if (!f->last_picture.data[0]) { - f->last_picture.reference = 1; - if ((ret = ff_get_buffer(avctx, &f->last_picture)) < 0) { - av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); - return ret; - } - memset(f->last_picture.data[0], 0, avctx->height * FFABS(f->last_picture.linesize[0])); - } - - p->pict_type = AV_PICTURE_TYPE_P; + picture->pict_type = AV_PICTURE_TYPE_P; if ((ret = decode_p_frame(f, buf, frame_size)) < 0) return ret; } else if (frame_4cc == AV_RL32("snd_")) { @@ -869,9 +905,13 @@ static int decode_frame(AVCodecContext *avctx, void *data, buf_size); } - p->key_frame = p->pict_type == AV_PICTURE_TYPE_I; + picture->key_frame = picture->pict_type == AV_PICTURE_TYPE_I; + + av_image_copy_plane(picture->data[0], picture->linesize[0], + (const uint8_t*)f->frame_buffer, avctx->width * 2, + avctx->width * 2, avctx->height); + FFSWAP(uint16_t *, f->frame_buffer, f->last_frame_buffer); - *picture = *p; *got_frame = 1; emms_c(); @@ -879,27 +919,49 @@ static int decode_frame(AVCodecContext *avctx, void *data, return buf_size; } - -static av_cold void common_init(AVCodecContext *avctx) +static av_cold int decode_end(AVCodecContext *avctx) { FourXContext * const f = avctx->priv_data; + int i; - ff_dsputil_init(&f->dsp, avctx); + av_freep(&f->frame_buffer); + av_freep(&f->last_frame_buffer); + av_freep(&f->bitstream_buffer); + f->bitstream_buffer_size = 0; + for (i = 0; i < CFRAME_BUFFER_COUNT; i++) { + av_freep(&f->cfrm[i].data); + f->cfrm[i].allocated_size = 0; + } + ff_free_vlc(&f->pre_vlc); - f->avctx = avctx; + return 0; } static av_cold int decode_init(AVCodecContext *avctx) { FourXContext * const f = avctx->priv_data; + int ret; if (avctx->extradata_size != 4 || !avctx->extradata) { av_log(avctx, AV_LOG_ERROR, "extradata wrong or missing\n"); - return 1; + return AVERROR_INVALIDDATA; + } + + ret = av_image_check_size(avctx->width, avctx->height, 0, avctx); + if (ret < 0) + return ret; + + f->frame_buffer = av_mallocz(avctx->width * avctx->height * 2); + f->last_frame_buffer = av_mallocz(avctx->width * avctx->height * 2); + if (!f->frame_buffer || !f->last_frame_buffer) { + decode_end(avctx); + return AVERROR(ENOMEM); } f->version = AV_RL32(avctx->extradata) >> 16; - common_init(avctx); + ff_blockdsp_init(&f->bdsp, avctx); + ff_bswapdsp_init(&f->bbdsp); + f->avctx = avctx; init_vlcs(f); if (f->version > 2) @@ -910,35 +972,14 @@ static av_cold int decode_init(AVCodecContext *avctx) return 0; } - -static av_cold int decode_end(AVCodecContext *avctx) -{ - FourXContext * const f = avctx->priv_data; - int i; - - av_freep(&f->bitstream_buffer); - f->bitstream_buffer_size = 0; - for (i = 0; i < CFRAME_BUFFER_COUNT; i++) { - av_freep(&f->cfrm[i].data); - f->cfrm[i].allocated_size = 0; - } - ff_free_vlc(&f->pre_vlc); - if (f->current_picture.data[0]) - avctx->release_buffer(avctx, &f->current_picture); - if (f->last_picture.data[0]) - avctx->release_buffer(avctx, &f->last_picture); - - return 0; -} - AVCodec ff_fourxm_decoder = { .name = "4xm", + .long_name = NULL_IF_CONFIG_SMALL("4X Movie"), .type = AVMEDIA_TYPE_VIDEO, .id = AV_CODEC_ID_4XM, .priv_data_size = sizeof(FourXContext), .init = decode_init, .close = decode_end, .decode = decode_frame, - .capabilities = CODEC_CAP_DR1, - .long_name = NULL_IF_CONFIG_SMALL("4X Movie"), + .capabilities = AV_CODEC_CAP_DR1, };