X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fmpc7.c;h=14abff470df199763c8e555436930740ec09af3d;hb=6101e5322f083a806fd92a6261ff3197fdd0f5e7;hp=0bde329e086e2246844f904de367fb66087bbf63;hpb=feb997577b66367a0c4269100888640699ee890d;p=ffmpeg

diff --git a/libavcodec/mpc7.c b/libavcodec/mpc7.c
index 0bde329e086..14abff470df 100644
--- a/libavcodec/mpc7.c
+++ b/libavcodec/mpc7.c
@@ -53,7 +53,7 @@ static av_cold int mpc7_decode_init(AVCodecContext * avctx)
     int i, j;
     MPCContext *c = avctx->priv_data;
     GetBitContext gb;
-    uint8_t buf[16];
+    LOCAL_ALIGNED_16(uint8_t, buf, [16]);
     static int vlc_initialized = 0;
 
     static VLC_TYPE scfi_table[1 << MPC7_SCFI_BITS][2];
@@ -74,7 +74,7 @@ static av_cold int mpc7_decode_init(AVCodecContext * avctx)
     }
     memset(c->oldDSCF, 0, sizeof(c->oldDSCF));
     av_lfg_init(&c->rnd, 0xDEADBEEF);
-    dsputil_init(&c->dsp, avctx);
+    ff_dsputil_init(&c->dsp, avctx);
     ff_mpadsp_init(&c->mpadsp);
     c->dsp.bswap_buf((uint32_t*)buf, (const uint32_t*)avctx->extradata, 4);
     ff_mpc_init();
@@ -200,34 +200,46 @@ static int mpc7_decode_frame(AVCodecContext * avctx, void *data,
                              int *got_frame_ptr, AVPacket *avpkt)
 {
     const uint8_t *buf = avpkt->data;
-    int buf_size = avpkt->size;
+    int buf_size;
     MPCContext *c = avctx->priv_data;
     GetBitContext gb;
     int i, ch;
     int mb = -1;
     Band *bands = c->bands;
-    int off, ret;
+    int off, ret, last_frame, skip;
     int bits_used, bits_avail;
 
     memset(bands, 0, sizeof(*bands) * (c->maxbands + 1));
-    if(buf_size <= 4){
-        av_log(avctx, AV_LOG_ERROR, "Too small buffer passed (%i bytes)\n", buf_size);
-        return AVERROR(EINVAL);
+
+    buf_size = avpkt->size & ~3;
+    if (buf_size <= 0) {
+        av_log(avctx, AV_LOG_ERROR, "packet size is too small (%i bytes)\n",
+               avpkt->size);
+        return AVERROR_INVALIDDATA;
+    }
+    if (buf_size != avpkt->size) {
+        av_log(avctx, AV_LOG_WARNING, "packet size is not a multiple of 4. "
+               "extra bytes at the end will be skipped.\n");
     }
 
+    skip       = buf[0];
+    last_frame = buf[1];
+    buf       += 4;
+    buf_size  -= 4;
+
     /* get output buffer */
-    c->frame.nb_samples = buf[1] ? c->lastframelen : MPC_FRAME_SIZE;
+    c->frame.nb_samples = last_frame ? c->lastframelen : MPC_FRAME_SIZE;
     if ((ret = avctx->get_buffer(avctx, &c->frame)) < 0) {
         av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
         return ret;
     }
 
-    av_fast_padded_malloc(&c->buffer, &c->buffer_size, FFALIGN(buf_size - 1, 4));
-    if (!c->buffer)
+    av_fast_padded_malloc(&c->bits, &c->buf_size, buf_size);
+    if (!c->bits)
         return AVERROR(ENOMEM);
-    c->dsp.bswap_buf((uint32_t*)c->buffer, (const uint32_t*)(buf + 4), (buf_size - 4) >> 2);
-    init_get_bits(&gb, c->buffer, (buf_size - 4)* 8);
-    skip_bits_long(&gb, buf[0]);
+    c->dsp.bswap_buf((uint32_t *)c->bits, (const uint32_t *)buf, buf_size >> 2);
+    init_get_bits(&gb, c->bits, buf_size * 8);
+    skip_bits_long(&gb, skip);
 
     /* read subband indexes */
     for(i = 0; i <= c->maxbands; i++){
@@ -236,6 +248,10 @@ static int mpc7_decode_frame(AVCodecContext * avctx, void *data,
             if(i) t = get_vlc2(&gb, hdr_vlc.table, MPC7_HDR_BITS, 1) - 5;
             if(t == 4) bands[i].res[ch] = get_bits(&gb, 4);
             else bands[i].res[ch] = bands[i-1].res[ch] + t;
+            if (bands[i].res[ch] < -1 || bands[i].res[ch] > 17) {
+                av_log(avctx, AV_LOG_ERROR, "subband index invalid\n");
+                return AVERROR_INVALIDDATA;
+            }
         }
 
         if(bands[i].res[0] || bands[i].res[1]){
@@ -284,21 +300,21 @@ static int mpc7_decode_frame(AVCodecContext * avctx, void *data,
     ff_mpc_dequantize_and_synth(c, mb, c->frame.data[0], 2);
 
     bits_used = get_bits_count(&gb);
-    bits_avail = (buf_size - 4) * 8;
-    if(!buf[1] && ((bits_avail < bits_used) || (bits_used + 32 <= bits_avail))){
-        av_log(NULL,0, "Error decoding frame: used %i of %i bits\n", bits_used, bits_avail);
+    bits_avail = buf_size * 8;
+    if (!last_frame && ((bits_avail < bits_used) || (bits_used + 32 <= bits_avail))) {
+        av_log(avctx, AV_LOG_ERROR, "Error decoding frame: used %i of %i bits\n", bits_used, bits_avail);
         return -1;
     }
     if(c->frames_to_skip){
         c->frames_to_skip--;
         *got_frame_ptr = 0;
-        return buf_size;
+        return avpkt->size;
     }
 
     *got_frame_ptr   = 1;
     *(AVFrame *)data = c->frame;
 
-    return buf_size;
+    return avpkt->size;
 }
 
 static void mpc7_decode_flush(AVCodecContext *avctx)
@@ -312,8 +328,8 @@ static void mpc7_decode_flush(AVCodecContext *avctx)
 static av_cold int mpc7_decode_close(AVCodecContext *avctx)
 {
     MPCContext *c = avctx->priv_data;
-    av_freep(&c->buffer);
-    c->buffer_size = 0;
+    av_freep(&c->bits);
+    c->buf_size = 0;
     return 0;
 }
 
@@ -325,7 +341,7 @@ AVCodec ff_mpc7_decoder = {
     .init           = mpc7_decode_init,
     .close          = mpc7_decode_close,
     .decode         = mpc7_decode_frame,
-    .flush = mpc7_decode_flush,
+    .flush          = mpc7_decode_flush,
     .capabilities   = CODEC_CAP_DR1,
-    .long_name = NULL_IF_CONFIG_SMALL("Musepack SV7"),
+    .long_name      = NULL_IF_CONFIG_SMALL("Musepack SV7"),
 };