X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fshorten.c;h=00d166177996c9ec8c48758fa011d952024369e2;hb=e17567a831dede1f24e3a1a4c305a93012d7a8ce;hp=dd3551624a5966c3eb8d1b17f13512f954f64015;hpb=4c364eb2b856fc33cf7b42f7c7b979e69fde5f3a;p=ffmpeg diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index dd3551624a5..00d16617799 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -23,7 +23,6 @@ * @file * Shorten decoder * @author Jeff Muizelaar - * */ #include @@ -83,7 +82,7 @@ typedef struct ShortenContext { GetBitContext gb; int min_framesize, max_framesize; - int channels; + unsigned channels; int32_t *decoded[MAX_CHANNELS]; int32_t *decoded_base[MAX_CHANNELS]; @@ -119,9 +118,7 @@ static av_cold int shorten_decode_init(AVCodecContext *avctx) static int allocate_buffers(ShortenContext *s) { - int i, chan; - int *coeffs; - void *tmp_ptr; + int i, chan, err; for (chan = 0; chan < s->channels; chan++) { if (FFMAX(1, s->nmean) >= UINT_MAX / sizeof(int32_t)) { @@ -135,26 +132,21 @@ static int allocate_buffers(ShortenContext *s) return AVERROR_INVALIDDATA; } - tmp_ptr = - av_realloc(s->offset[chan], sizeof(int32_t) * FFMAX(1, s->nmean)); - if (!tmp_ptr) - return AVERROR(ENOMEM); - s->offset[chan] = tmp_ptr; + if ((err = av_reallocp(&s->offset[chan], + sizeof(int32_t) * + FFMAX(1, s->nmean))) < 0) + return err; - tmp_ptr = av_realloc(s->decoded_base[chan], (s->blocksize + s->nwrap) * - sizeof(s->decoded_base[0][0])); - if (!tmp_ptr) - return AVERROR(ENOMEM); - s->decoded_base[chan] = tmp_ptr; + if ((err = av_reallocp(&s->decoded_base[chan], (s->blocksize + s->nwrap) * + sizeof(s->decoded_base[0][0]))) < 0) + return err; for (i = 0; i < s->nwrap; i++) s->decoded_base[chan][i] = 0; s->decoded[chan] = s->decoded_base[chan] + s->nwrap; } - coeffs = av_realloc(s->coeffs, s->nwrap * sizeof(*s->coeffs)); - if (!coeffs) - return AVERROR(ENOMEM); - s->coeffs = coeffs; + if ((err = av_reallocp(&s->coeffs, s->nwrap * sizeof(*s->coeffs))) < 0) + return err; return 0; } @@ -202,31 +194,38 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header, { int len; short wave_format; + GetByteContext gb; - if (bytestream_get_le32(&header) != MKTAG('R', 'I', 'F', 'F')) { + bytestream2_init(&gb, header, header_size); + + if (bytestream2_get_le32(&gb) != MKTAG('R', 'I', 'F', 'F')) { av_log(avctx, AV_LOG_ERROR, "missing RIFF tag\n"); return AVERROR_INVALIDDATA; } - header += 4; /* chunk size */ + bytestream2_skip(&gb, 4); /* chunk size */ - if (bytestream_get_le32(&header) != MKTAG('W', 'A', 'V', 'E')) { + if (bytestream2_get_le32(&gb) != MKTAG('W', 'A', 'V', 'E')) { av_log(avctx, AV_LOG_ERROR, "missing WAVE tag\n"); return AVERROR_INVALIDDATA; } - while (bytestream_get_le32(&header) != MKTAG('f', 'm', 't', ' ')) { - len = bytestream_get_le32(&header); - header += len; + while (bytestream2_get_le32(&gb) != MKTAG('f', 'm', 't', ' ')) { + len = bytestream2_get_le32(&gb); + bytestream2_skip(&gb, len); + if (bytestream2_get_bytes_left(&gb) < 16) { + av_log(avctx, AV_LOG_ERROR, "no fmt chunk found\n"); + return AVERROR_INVALIDDATA; + } } - len = bytestream_get_le32(&header); + len = bytestream2_get_le32(&gb); if (len < 16) { av_log(avctx, AV_LOG_ERROR, "fmt chunk was too short\n"); return AVERROR_INVALIDDATA; } - wave_format = bytestream_get_le16(&header); + wave_format = bytestream2_get_le16(&gb); switch (wave_format) { case WAVE_FORMAT_PCM: @@ -236,11 +235,11 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header, return AVERROR(ENOSYS); } - header += 2; // skip channels (already got from shorten header) - avctx->sample_rate = bytestream_get_le32(&header); - header += 4; // skip bit rate (represents original uncompressed bit rate) - header += 2; // skip block align (not needed) - avctx->bits_per_coded_sample = bytestream_get_le16(&header); + bytestream2_skip(&gb, 2); // skip channels (already got from shorten header) + avctx->sample_rate = bytestream2_get_le32(&gb); + bytestream2_skip(&gb, 4); // skip bit rate (represents original uncompressed bit rate) + bytestream2_skip(&gb, 2); // skip block align (not needed) + avctx->bits_per_coded_sample = bytestream2_get_le16(&gb); if (avctx->bits_per_coded_sample != 16) { av_log(avctx, AV_LOG_ERROR, "unsupported number of bits per sample\n"); @@ -266,7 +265,8 @@ static void output_buffer(int16_t **samples, int nchan, int blocksize, } } -static const int fixed_coeffs[3][3] = { +static const int fixed_coeffs[][3] = { + { 0, 0, 0 }, { 1, 0, 0 }, { 2, -1, 0 }, { 3, -3, 1 } @@ -295,7 +295,12 @@ static int decode_subframe_lpc(ShortenContext *s, int command, int channel, } else { /* fixed LPC coeffs */ pred_order = command; - coeffs = fixed_coeffs[pred_order - 1]; + if (pred_order >= FF_ARRAY_ELEMS(fixed_coeffs)) { + av_log(s->avctx, AV_LOG_ERROR, "invalid pred_order %d\n", + pred_order); + return AVERROR_INVALIDDATA; + } + coeffs = fixed_coeffs[pred_order]; qshift = 0; } @@ -339,7 +344,11 @@ static int read_header(ShortenContext *s) s->internal_ftype = get_uint(s, TYPESIZE); s->channels = get_uint(s, CHANSIZE); - if (s->channels <= 0 || s->channels > MAX_CHANNELS) { + if (!s->channels) { + av_log(s->avctx, AV_LOG_ERROR, "No channels reported\n"); + return AVERROR_INVALIDDATA; + } + if (s->channels > MAX_CHANNELS) { av_log(s->avctx, AV_LOG_ERROR, "too many channels: %d\n", s->channels); s->channels = 0; return AVERROR_INVALIDDATA; @@ -348,7 +357,8 @@ static int read_header(ShortenContext *s) /* get blocksize if version > 0 */ if (s->version > 0) { - int skip_bytes, blocksize; + int skip_bytes; + unsigned blocksize; blocksize = get_uint(s, av_log2(DEFAULT_BLOCK_SIZE)); if (!blocksize || blocksize > MAX_BLOCKSIZE) { @@ -420,7 +430,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data, void *tmp_ptr; s->max_framesize = 1024; // should hopefully be enough for the first header tmp_ptr = av_fast_realloc(s->bitstream, &s->allocated_bitstream_size, - s->max_framesize); + s->max_framesize + AV_INPUT_BUFFER_PADDING_SIZE); if (!tmp_ptr) { av_log(avctx, AV_LOG_ERROR, "error allocating bitstream buffer\n"); return AVERROR(ENOMEM); @@ -499,12 +509,14 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data, break; case FN_BITSHIFT: s->bitshift = get_ur_golomb_shorten(&s->gb, BITSHIFTSIZE); + if (s->bitshift < 0) + return AVERROR_INVALIDDATA; break; case FN_BLOCKSIZE: { - int blocksize = get_uint(s, av_log2(s->blocksize)); + unsigned blocksize = get_uint(s, av_log2(s->blocksize)); if (blocksize > s->blocksize) { - av_log(avctx, AV_LOG_ERROR, - "Increasing block size is not supported\n"); + avpriv_report_missing_feature(avctx, + "Increasing block size"); return AVERROR_PATCHWELCOME; } if (!blocksize || blocksize > MAX_BLOCKSIZE) { @@ -588,7 +600,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data, if (s->cur_chan == s->channels) { /* get output buffer */ frame->nb_samples = s->blocksize; - if ((ret = ff_get_buffer(avctx, frame)) < 0) { + if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) { av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); return ret; } @@ -638,14 +650,14 @@ static av_cold int shorten_decode_close(AVCodecContext *avctx) AVCodec ff_shorten_decoder = { .name = "shorten", + .long_name = NULL_IF_CONFIG_SMALL("Shorten"), .type = AVMEDIA_TYPE_AUDIO, .id = AV_CODEC_ID_SHORTEN, .priv_data_size = sizeof(ShortenContext), .init = shorten_decode_init, .close = shorten_decode_close, .decode = shorten_decode_frame, - .capabilities = CODEC_CAP_DELAY | CODEC_CAP_DR1, - .long_name = NULL_IF_CONFIG_SMALL("Shorten"), + .capabilities = AV_CODEC_CAP_DELAY | AV_CODEC_CAP_DR1, .sample_fmts = (const enum AVSampleFormat[]) { AV_SAMPLE_FMT_S16P, AV_SAMPLE_FMT_NONE }, };