X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Frv10.c;h=bc81f08b9c4972146c2fb1e1986ad8b09b4e85f2;hb=2bcbd98459915baefc15043d02f4a942ebcd33da;hp=3ba8102b50df9071434835f199a220cda33f3cba;hpb=4a29b471869353c3077fb4b25b6518eb1047afb7;p=ffmpeg diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c index 3ba8102b50d..bc81f08b9c4 100644 --- a/libavcodec/rv10.c +++ b/libavcodec/rv10.c @@ -40,6 +40,11 @@ #define DC_VLC_BITS 14 //FIXME find a better solution +typedef struct RVDecContext { + MpegEncContext m; + int sub_id; +} RVDecContext; + static const uint16_t rv_lum_code[256] = { 0x3e7f, 0x0f00, 0x0f01, 0x0f02, 0x0f03, 0x0f04, 0x0f05, 0x0f06, @@ -186,7 +191,7 @@ static const uint8_t rv_chrom_bits[256] = static VLC rv_dc_lum, rv_dc_chrom; -int rv_decode_dc(MpegEncContext *s, int n) +int ff_rv_decode_dc(MpegEncContext *s, int n) { int code; @@ -293,8 +298,9 @@ static int rv10_decode_picture_header(MpegEncContext *s) return mb_count; } -static int rv20_decode_picture_header(MpegEncContext *s) +static int rv20_decode_picture_header(RVDecContext *rv) { + MpegEncContext *s = &rv->m; int seq, mb_pos, i; int rpr_bits; @@ -325,10 +331,10 @@ static int rv20_decode_picture_header(MpegEncContext *s) return -1; } - if(RV_GET_MINOR_VER(s->avctx->sub_id) >= 2) + if(RV_GET_MINOR_VER(rv->sub_id) >= 2) s->loop_filter = get_bits1(&s->gb); - if(RV_GET_MINOR_VER(s->avctx->sub_id) <= 1) + if(RV_GET_MINOR_VER(rv->sub_id) <= 1) seq = get_bits(&s->gb, 8) << 7; else seq = get_bits(&s->gb, 13) << 2; @@ -351,18 +357,19 @@ static int rv20_decode_picture_header(MpegEncContext *s) av_log(s->avctx, AV_LOG_DEBUG, "attempting to change resolution to %dx%d\n", new_w, new_h); if (av_image_check_size(new_w, new_h, 0, s->avctx) < 0) return -1; - MPV_common_end(s); + ff_MPV_common_end(s); avcodec_set_dimensions(s->avctx, new_w, new_h); s->width = new_w; s->height = new_h; - if (MPV_common_init(s) < 0) + if (ff_MPV_common_init(s) < 0) return -1; } if(s->avctx->debug & FF_DEBUG_PICT_INFO){ av_log(s->avctx, AV_LOG_DEBUG, "F %d/%d\n", f, rpr_bits); } - } + } else if (av_image_check_size(s->width, s->height, 0, s->avctx) < 0) + return AVERROR_INVALIDDATA; mb_pos = ff_h263_decode_mba(s); @@ -392,7 +399,7 @@ static int rv20_decode_picture_header(MpegEncContext *s) av_log(s->avctx, AV_LOG_DEBUG, "\n");*/ s->no_rounding= get_bits1(&s->gb); - if(RV_GET_MINOR_VER(s->avctx->sub_id) <= 1 && s->pict_type == AV_PICTURE_TYPE_B) + if(RV_GET_MINOR_VER(rv->sub_id) <= 1 && s->pict_type == AV_PICTURE_TYPE_B) skip_bits(&s->gb, 5); // binary decoder reads 3+2 bits here but they don't seem to be used s->f_code = 1; @@ -402,8 +409,7 @@ av_log(s->avctx, AV_LOG_DEBUG, "\n");*/ // s->obmc=1; // s->umvplus=1; s->modified_quant=1; - if(!s->avctx->lowres) - s->loop_filter=1; + s->loop_filter=1; if(s->avctx->debug & FF_DEBUG_PICT_INFO){ av_log(s->avctx, AV_LOG_INFO, "num:%5d x:%2d y:%2d type:%d qscale:%2d rnd:%d\n", @@ -417,7 +423,8 @@ av_log(s->avctx, AV_LOG_DEBUG, "\n");*/ static av_cold int rv10_decode_init(AVCodecContext *avctx) { - MpegEncContext *s = avctx->priv_data; + RVDecContext *rv = avctx->priv_data; + MpegEncContext *s = &rv->m; static int done=0; int major_ver, minor_ver, micro_ver; @@ -426,7 +433,7 @@ static av_cold int rv10_decode_init(AVCodecContext *avctx) return -1; } - MPV_decode_defaults(s); + ff_MPV_decode_defaults(s); s->avctx= avctx; s->out_format = FMT_H263; @@ -437,11 +444,11 @@ static av_cold int rv10_decode_init(AVCodecContext *avctx) s->orig_height= s->height = avctx->coded_height; s->h263_long_vectors= ((uint8_t*)avctx->extradata)[3] & 1; - avctx->sub_id= AV_RB32((uint8_t*)avctx->extradata + 4); + rv->sub_id = AV_RB32((uint8_t*)avctx->extradata + 4); - major_ver = RV_GET_MAJOR_VER(avctx->sub_id); - minor_ver = RV_GET_MINOR_VER(avctx->sub_id); - micro_ver = RV_GET_MICRO_VER(avctx->sub_id); + major_ver = RV_GET_MAJOR_VER(rv->sub_id); + minor_ver = RV_GET_MINOR_VER(rv->sub_id); + micro_ver = RV_GET_MICRO_VER(rv->sub_id); s->low_delay = 1; switch (major_ver) { @@ -456,21 +463,21 @@ static av_cold int rv10_decode_init(AVCodecContext *avctx) } break; default: - av_log(s->avctx, AV_LOG_ERROR, "unknown header %X\n", avctx->sub_id); + av_log(s->avctx, AV_LOG_ERROR, "unknown header %X\n", rv->sub_id); av_log_missing_feature(avctx, "RV1/2 version", 1); return AVERROR_PATCHWELCOME; } if(avctx->debug & FF_DEBUG_PICT_INFO){ - av_log(avctx, AV_LOG_DEBUG, "ver:%X ver0:%X\n", avctx->sub_id, avctx->extradata_size >= 4 ? ((uint32_t*)avctx->extradata)[0] : -1); + av_log(avctx, AV_LOG_DEBUG, "ver:%X ver0:%X\n", rv->sub_id, avctx->extradata_size >= 4 ? ((uint32_t*)avctx->extradata)[0] : -1); } avctx->pix_fmt = PIX_FMT_YUV420P; - if (MPV_common_init(s) < 0) + if (ff_MPV_common_init(s) < 0) return -1; - h263_decode_init_vlc(s); + ff_h263_decode_init_vlc(s); /* init rv vlc */ if (!done) { @@ -490,21 +497,23 @@ static av_cold int rv10_decode_end(AVCodecContext *avctx) { MpegEncContext *s = avctx->priv_data; - MPV_common_end(s); + ff_MPV_common_end(s); return 0; } static int rv10_decode_packet(AVCodecContext *avctx, const uint8_t *buf, int buf_size, int buf_size2) { - MpegEncContext *s = avctx->priv_data; - int mb_count, mb_pos, left, start_mb_x; + RVDecContext *rv = avctx->priv_data; + MpegEncContext *s = &rv->m; + int mb_count, mb_pos, left, start_mb_x, active_bits_size; - init_get_bits(&s->gb, buf, buf_size*8); + active_bits_size = buf_size * 8; + init_get_bits(&s->gb, buf, FFMAX(buf_size, buf_size2) * 8); if(s->codec_id ==CODEC_ID_RV10) mb_count = rv10_decode_picture_header(s); else - mb_count = rv20_decode_picture_header(s); + mb_count = rv20_decode_picture_header(rv); if (mb_count < 0) { av_log(s->avctx, AV_LOG_ERROR, "HEADER ERROR\n"); return -1; @@ -525,10 +534,10 @@ static int rv10_decode_packet(AVCodecContext *avctx, if ((s->mb_x == 0 && s->mb_y == 0) || s->current_picture_ptr==NULL) { if(s->current_picture_ptr){ //FIXME write parser so we always have complete frames? ff_er_frame_end(s); - MPV_frame_end(s); + ff_MPV_frame_end(s); s->mb_x= s->mb_y = s->resync_mb_x = s->resync_mb_y= 0; } - if(MPV_frame_start(s, avctx) < 0) + if(ff_MPV_frame_start(s, avctx) < 0) return -1; ff_er_frame_start(s); } else { @@ -583,19 +592,32 @@ static int rv10_decode_packet(AVCodecContext *avctx, s->mv_type = MV_TYPE_16X16; ret=ff_h263_decode_mb(s, s->block); - if (ret != SLICE_ERROR && s->gb.size_in_bits < get_bits_count(&s->gb) && 8*buf_size2 >= get_bits_count(&s->gb)){ - av_log(avctx, AV_LOG_DEBUG, "update size from %d to %d\n", s->gb.size_in_bits, 8*buf_size2); - s->gb.size_in_bits= 8*buf_size2; + // Repeat the slice end check from ff_h263_decode_mb with our active + // bitstream size + if (ret != SLICE_ERROR) { + int v = show_bits(&s->gb, 16); + + if (get_bits_count(&s->gb) + 16 > active_bits_size) + v >>= get_bits_count(&s->gb) + 16 - active_bits_size; + + if (!v) + ret = SLICE_END; + } + if (ret != SLICE_ERROR && active_bits_size < get_bits_count(&s->gb) && + 8 * buf_size2 >= get_bits_count(&s->gb)) { + active_bits_size = buf_size2 * 8; + av_log(avctx, AV_LOG_DEBUG, "update size from %d to %d\n", + 8 * buf_size, active_bits_size); ret= SLICE_OK; } - if (ret == SLICE_ERROR || s->gb.size_in_bits < get_bits_count(&s->gb)) { + if (ret == SLICE_ERROR || active_bits_size < get_bits_count(&s->gb)) { av_log(s->avctx, AV_LOG_ERROR, "ERROR at MB %d %d\n", s->mb_x, s->mb_y); return -1; } if(s->pict_type != AV_PICTURE_TYPE_B) ff_h263_update_motion_val(s); - MPV_decode_mb(s, s->block); + ff_MPV_decode_mb(s, s->block); if(s->loop_filter) ff_h263_loop_filter(s); @@ -609,9 +631,9 @@ static int rv10_decode_packet(AVCodecContext *avctx, if(ret == SLICE_END) break; } - ff_er_add_slice(s, start_mb_x, s->resync_mb_y, s->mb_x-1, s->mb_y, AC_END|DC_END|MV_END); + ff_er_add_slice(s, start_mb_x, s->resync_mb_y, s->mb_x-1, s->mb_y, ER_MB_END); - return s->gb.size_in_bits; + return active_bits_size; } static int get_slice_offset(AVCodecContext *avctx, const uint8_t *buf, int n) @@ -641,15 +663,22 @@ static int rv10_decode_frame(AVCodecContext *avctx, if(!avctx->slice_count){ slice_count = (*buf++) + 1; + buf_size--; slices_hdr = buf + 4; buf += 8 * slice_count; + buf_size -= 8 * slice_count; + if (buf_size <= 0) + return AVERROR_INVALIDDATA; }else slice_count = avctx->slice_count; for(i=0; i= buf_size) + return AVERROR_INVALIDDATA; + if(i+1 == slice_count) size= buf_size - offset; else @@ -660,18 +689,22 @@ static int rv10_decode_frame(AVCodecContext *avctx, else size2= get_slice_offset(avctx, slices_hdr, i+2) - offset; + if (size <= 0 || size2 <= 0 || + offset + FFMAX(size, size2) > buf_size) + return AVERROR_INVALIDDATA; + if(rv10_decode_packet(avctx, buf+offset, size, size2) > 8*size) i++; } if(s->current_picture_ptr != NULL && s->mb_y>=s->mb_height){ ff_er_frame_end(s); - MPV_frame_end(s); + ff_MPV_frame_end(s); if (s->pict_type == AV_PICTURE_TYPE_B || s->low_delay) { - *pict= *(AVFrame*)s->current_picture_ptr; + *pict = s->current_picture_ptr->f; } else if (s->last_picture_ptr != NULL) { - *pict= *(AVFrame*)s->last_picture_ptr; + *pict = s->last_picture_ptr->f; } if(s->last_picture_ptr || s->low_delay){ @@ -681,34 +714,32 @@ static int rv10_decode_frame(AVCodecContext *avctx, s->current_picture_ptr= NULL; //so we can detect if frame_end wasnt called (find some nicer solution...) } - return buf_size; + return avpkt->size; } AVCodec ff_rv10_decoder = { .name = "rv10", .type = AVMEDIA_TYPE_VIDEO, .id = CODEC_ID_RV10, - .priv_data_size = sizeof(MpegEncContext), + .priv_data_size = sizeof(RVDecContext), .init = rv10_decode_init, .close = rv10_decode_end, .decode = rv10_decode_frame, .capabilities = CODEC_CAP_DR1, - .max_lowres = 3, - .long_name = NULL_IF_CONFIG_SMALL("RealVideo 1.0"), - .pix_fmts= ff_pixfmt_list_420, + .long_name = NULL_IF_CONFIG_SMALL("RealVideo 1.0"), + .pix_fmts = ff_pixfmt_list_420, }; AVCodec ff_rv20_decoder = { .name = "rv20", .type = AVMEDIA_TYPE_VIDEO, .id = CODEC_ID_RV20, - .priv_data_size = sizeof(MpegEncContext), + .priv_data_size = sizeof(RVDecContext), .init = rv10_decode_init, .close = rv10_decode_end, .decode = rv10_decode_frame, .capabilities = CODEC_CAP_DR1 | CODEC_CAP_DELAY, - .flush= ff_mpeg_flush, - .max_lowres = 3, - .long_name = NULL_IF_CONFIG_SMALL("RealVideo 2.0"), - .pix_fmts= ff_pixfmt_list_420, + .flush = ff_mpeg_flush, + .long_name = NULL_IF_CONFIG_SMALL("RealVideo 2.0"), + .pix_fmts = ff_pixfmt_list_420, };