X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fmv30.c;h=21f52679c068d5819788249cb4946085c708dda5;hb=a247ac640df3da573cd661065bf53f37863e2b46;hp=7e67133cf7da60a772c9e2b54a444b996a166ecf;hpb=b1cc6b9496ee6373f7ef46b825b886ffecc09d92;p=ffmpeg diff --git a/libavcodec/mv30.c b/libavcodec/mv30.c index 7e67133cf7d..21f52679c06 100644 --- a/libavcodec/mv30.c +++ b/libavcodec/mv30.c @@ -35,6 +35,8 @@ #include "internal.h" #include "aandcttab.h" +#define CBP_VLC_BITS 9 + typedef struct MV30Context { GetBitContext gb; @@ -102,25 +104,25 @@ static void get_qtable(int16_t *table, int quant, const uint8_t *quant_tab) } } -static inline void idct_1d(int *blk, int step) +static inline void idct_1d(unsigned *blk, int step) { - const int t0 = blk[0 * step] + blk[4 * step]; - const int t1 = blk[0 * step] - blk[4 * step]; - const int t2 = blk[2 * step] + blk[6 * step]; - const int t3 = (((blk[2 * step] - blk[6 * step]) * 362) >> 8) - t2; - const int t4 = t0 + t2; - const int t5 = t0 - t2; - const int t6 = t1 + t3; - const int t7 = t1 - t3; - const int t8 = blk[5 * step] + blk[3 * step]; - const int t9 = blk[5 * step] - blk[3 * step]; - const int tA = blk[1 * step] + blk[7 * step]; - const int tB = blk[1 * step] - blk[7 * step]; - const int tC = t8 + tA; - const int tD = (tB + t9) * 473 >> 8; - const int tE = ((t9 * -669 >> 8) - tC) + tD; - const int tF = ((tA - t8) * 362 >> 8) - tE; - const int t10 = ((tB * 277 >> 8) - tD) + tF; + const unsigned t0 = blk[0 * step] + blk[4 * step]; + const unsigned t1 = blk[0 * step] - blk[4 * step]; + const unsigned t2 = blk[2 * step] + blk[6 * step]; + const unsigned t3 = ((int)((blk[2 * step] - blk[6 * step]) * 362U) >> 8) - t2; + const unsigned t4 = t0 + t2; + const unsigned t5 = t0 - t2; + const unsigned t6 = t1 + t3; + const unsigned t7 = t1 - t3; + const unsigned t8 = blk[5 * step] + blk[3 * step]; + const unsigned t9 = blk[5 * step] - blk[3 * step]; + const unsigned tA = blk[1 * step] + blk[7 * step]; + const unsigned tB = blk[1 * step] - blk[7 * step]; + const unsigned tC = t8 + tA; + const unsigned tD = (int)((tB + t9) * 473U) >> 8; + const unsigned tE = (((int)(t9 * -669U) >> 8) - tC) + tD; + const unsigned tF = ((int)((tA - t8) * 362U) >> 8) - tE; + const unsigned t10 = (((int)(tB * 277U) >> 8) - tD) + tF; blk[0 * step] = t4 + tC; blk[1 * step] = t6 + tE; @@ -198,12 +200,12 @@ static void idct_add(uint8_t *dst, int stride, static inline void idct2_1d(int *blk, int step) { - const int t0 = blk[0 * step]; - const int t1 = blk[1 * step]; - const int t2 = t1 * 473 >> 8; - const int t3 = t2 - t1; - const int t4 = (t1 * 362 >> 8) - t3; - const int t5 = ((t1 * 277 >> 8) - t2) + t4; + const unsigned int t0 = blk[0 * step]; + const unsigned int t1 = blk[1 * step]; + const unsigned int t2 = (int)(t1 * 473U) >> 8; + const unsigned int t3 = t2 - t1; + const unsigned int t4 = ((int)(t1 * 362U) >> 8) - t3; + const unsigned int t5 = (((int)(t1 * 277U) >> 8) - t2) + t4; blk[0 * step] = t1 + t0; blk[1 * step] = t0 + t3; @@ -305,14 +307,14 @@ static int decode_intra_block(AVCodecContext *avctx, int mode, case 1: fill = sign_extend(bytestream2_get_ne16(gbyte), 16); pfill[0] += fill; - block[0] = ((pfill[0] * qtab[0]) >> 5) + 128; + block[0] = ((int)((unsigned)pfill[0] * qtab[0]) >> 5) + 128; s->bdsp.fill_block_tab[1](dst, block[0], linesize, 8); break; case 2: memset(block, 0, sizeof(*block) * 64); fill = sign_extend(bytestream2_get_ne16(gbyte), 16); pfill[0] += fill; - block[0] = pfill[0] * qtab[0]; + block[0] = (unsigned)pfill[0] * qtab[0]; block[1] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[1]; block[8] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[8]; block[9] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[9]; @@ -321,7 +323,7 @@ static int decode_intra_block(AVCodecContext *avctx, int mode, case 3: fill = sign_extend(bytestream2_get_ne16(gbyte), 16); pfill[0] += fill; - block[0] = pfill[0] * qtab[0]; + block[0] = (unsigned)pfill[0] * qtab[0]; for (int i = 1; i < 64; i++) block[zigzag[i]] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[zigzag[i]]; idct_put(dst, linesize, block); @@ -346,14 +348,14 @@ static int decode_inter_block(AVCodecContext *avctx, int mode, case 1: fill = sign_extend(bytestream2_get_ne16(gbyte), 16); pfill[0] += fill; - block[0] = (pfill[0] * qtab[0]) >> 5; + block[0] = (int)((unsigned)pfill[0] * qtab[0]) >> 5; update_inter_block(dst, linesize, src, in_linesize, block[0]); break; case 2: memset(block, 0, sizeof(*block) * 64); fill = sign_extend(bytestream2_get_ne16(gbyte), 16); pfill[0] += fill; - block[0] = pfill[0] * qtab[0]; + block[0] = (unsigned)pfill[0] * qtab[0]; block[1] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[1]; block[8] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[8]; block[9] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[9]; @@ -362,7 +364,7 @@ static int decode_inter_block(AVCodecContext *avctx, int mode, case 3: fill = sign_extend(bytestream2_get_ne16(gbyte), 16); pfill[0] += fill; - block[0] = pfill[0] * qtab[0]; + block[0] = (unsigned)pfill[0] * qtab[0]; for (int i = 1; i < 64; i++) block[zigzag[i]] = sign_extend(bytestream2_get_ne16(gbyte), 16) * qtab[zigzag[i]]; idct_add(dst, linesize, src, in_linesize, block); @@ -377,10 +379,7 @@ static int decode_coeffs(GetBitContext *gb, int16_t *coeffs, int nb_codes) memset(coeffs, 0, nb_codes * sizeof(*coeffs)); for (int i = 0; i < nb_codes;) { - int value = get_vlc2(gb, cbp_tab.table, cbp_tab.bits, 1); - - if (value < 0) - return AVERROR_INVALIDDATA; + int value = get_vlc2(gb, cbp_tab.table, CBP_VLC_BITS, 1); if (value > 0) { int x = get_bits(gb, value); @@ -410,6 +409,9 @@ static int decode_intra(AVCodecContext *avctx, GetBitContext *gb, AVFrame *frame int ret; mgb = *gb; + if (get_bits_left(gb) < s->mode_size * 8) + return AVERROR_INVALIDDATA; + skip_bits_long(gb, s->mode_size * 8); linesize[0] = frame->linesize[0]; @@ -528,8 +530,13 @@ static int decode_inter(AVCodecContext *avctx, GetBitContext *gb, for (int x = 0; x < avctx->width; x += 16) { if (cnt >= 4) cnt = 0; - if (cnt == 0) + if (cnt == 0) { + if (get_bits_left(&mask) < 8) { + ret = AVERROR_INVALIDDATA; + goto fail; + } flags = get_bits(&mask, 8); + } dst[0] = frame->data[0] + linesize[0] * y + x; dst[1] = frame->data[0] + linesize[0] * y + x + 8; @@ -545,8 +552,8 @@ static int decode_inter(AVCodecContext *avctx, GetBitContext *gb, int px = x + mv_x; int py = y + mv_y; - if (px < 0 || px >= avctx->width || - py < 0 || py >= avctx->height) + if (px < 0 || px > FFALIGN(avctx->width , 16) - 16 || + py < 0 || py > FFALIGN(avctx->height, 16) - 16) return AVERROR_INVALIDDATA; src[0] = prev->data[0] + in_linesize[0] * py + px; @@ -646,18 +653,14 @@ static int decode_frame(AVCodecContext *avctx, void *data, return avpkt->size; } -static const uint16_t cbp_codes[] = { - 0, 1, 4, 5, 6, 0xE, 0x1E, 0x3E, 0x7E, 0xFE, 0x1FE, 0x1FF, -}; - static const uint8_t cbp_bits[] = { 2, 2, 3, 3, 3, 4, 5, 6, 7, 8, 9, 9, }; static av_cold void init_static_data(void) { - INIT_VLC_SPARSE_STATIC(&cbp_tab, 9, FF_ARRAY_ELEMS(cbp_bits), - cbp_bits, 1, 1, cbp_codes, 2, 2, NULL, 0, 0, 512); + INIT_VLC_STATIC_FROM_LENGTHS(&cbp_tab, CBP_VLC_BITS, FF_ARRAY_ELEMS(cbp_bits), + cbp_bits, 1, NULL, 0, 0, 0, 0, 1 << CBP_VLC_BITS); } static av_cold int decode_init(AVCodecContext *avctx) @@ -699,7 +702,7 @@ static av_cold int decode_close(AVCodecContext *avctx) return 0; } -AVCodec ff_mv30_decoder = { +const AVCodec ff_mv30_decoder = { .name = "mv30", .long_name = NULL_IF_CONFIG_SMALL("MidiVid 3.0"), .type = AVMEDIA_TYPE_VIDEO,