X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavcodec%2Fvc1_block.c;h=b6ace3765831b8353d010cfdec04711063b81251;hb=30f7021aa0be2c978aefb73894b643c9bafbf51c;hp=86320db959a36b08935e33c3459e19f2b8d9999c;hpb=cd8087444bb459c7c62e21913adfef5ec09675cc;p=ffmpeg diff --git a/libavcodec/vc1_block.c b/libavcodec/vc1_block.c index 86320db959a..b6ace376583 100644 --- a/libavcodec/vc1_block.c +++ b/libavcodec/vc1_block.c @@ -430,12 +430,12 @@ static inline int ff_vc1_pred_dc(MpegEncContext *s, int overlap, int pq, int n, if (c_avail && (n != 1 && n != 3)) { q2 = FFABS(s->current_picture.qscale_table[mb_pos - 1]); if (q2 && q2 != q1) - c = (c * s->y_dc_scale_table[q2] * ff_vc1_dqscale[dqscale_index] + 0x20000) >> 18; + c = (int)((unsigned)c * s->y_dc_scale_table[q2] * ff_vc1_dqscale[dqscale_index] + 0x20000) >> 18; } if (a_avail && (n != 2 && n != 3)) { q2 = FFABS(s->current_picture.qscale_table[mb_pos - s->mb_stride]); if (q2 && q2 != q1) - a = (a * s->y_dc_scale_table[q2] * ff_vc1_dqscale[dqscale_index] + 0x20000) >> 18; + a = (int)((unsigned)a * s->y_dc_scale_table[q2] * ff_vc1_dqscale[dqscale_index] + 0x20000) >> 18; } if (a_avail && c_avail && (n != 3)) { int off = mb_pos; @@ -445,7 +445,7 @@ static inline int ff_vc1_pred_dc(MpegEncContext *s, int overlap, int pq, int n, off -= s->mb_stride; q2 = FFABS(s->current_picture.qscale_table[off]); if (q2 && q2 != q1) - b = (b * s->y_dc_scale_table[q2] * ff_vc1_dqscale[dqscale_index] + 0x20000) >> 18; + b = (int)((unsigned)b * s->y_dc_scale_table[q2] * ff_vc1_dqscale[dqscale_index] + 0x20000) >> 18; } if (c_avail && (!a_avail || abs(a - b) <= abs(b - c))) { @@ -508,13 +508,15 @@ static inline int vc1_coded_block_pred(MpegEncContext * s, int n, * @param codingset set of VLC to decode data * @see 8.1.3.4 */ -static void vc1_decode_ac_coeff(VC1Context *v, int *last, int *skip, +static int vc1_decode_ac_coeff(VC1Context *v, int *last, int *skip, int *value, int codingset) { GetBitContext *gb = &v->s.gb; int index, run, level, lst, sign; index = get_vlc2(gb, ff_vc1_ac_coeff_table[codingset].table, AC_VLC_BITS, 3); + if (index < 0) + return index; if (index != ff_vc1_ac_sizes[codingset] - 1) { run = vc1_index_decode_table[codingset][index][0]; level = vc1_index_decode_table[codingset][index][1]; @@ -524,6 +526,8 @@ static void vc1_decode_ac_coeff(VC1Context *v, int *last, int *skip, int escape = decode210(gb); if (escape != 2) { index = get_vlc2(gb, ff_vc1_ac_coeff_table[codingset].table, AC_VLC_BITS, 3); + if (index >= ff_vc1_ac_sizes[codingset] - 1U) + return AVERROR_INVALIDDATA; run = vc1_index_decode_table[codingset][index][0]; level = vc1_index_decode_table[codingset][index][1]; lst = index >= vc1_last_decode_table[codingset]; @@ -560,6 +564,8 @@ static void vc1_decode_ac_coeff(VC1Context *v, int *last, int *skip, *last = lst; *skip = run; *value = (level ^ -sign) + sign; + + return 0; } /** Decode intra block in intra frames - should be faster than decode_intra_block @@ -586,10 +592,6 @@ static int vc1_decode_i_block(VC1Context *v, int16_t block[64], int n, } else { dcdiff = get_vlc2(&s->gb, ff_msmp4_dc_chroma_vlc[s->dc_table_index].table, DC_VLC_BITS, 3); } - if (dcdiff < 0) { - av_log(s->avctx, AV_LOG_ERROR, "Illegal DC VLC\n"); - return -1; - } if (dcdiff) { const int m = (v->pq == 1 || v->pq == 2) ? 3 - v->pq : 0; if (dcdiff == 119 /* ESC index value */) { @@ -639,7 +641,9 @@ static int vc1_decode_i_block(VC1Context *v, int16_t block[64], int n, zz_table = v->zz_8x8[1]; while (!last) { - vc1_decode_ac_coeff(v, &last, &skip, &value, codingset); + int ret = vc1_decode_ac_coeff(v, &last, &skip, &value, codingset); + if (ret < 0) + return ret; i += skip; if (i > 63) break; @@ -732,10 +736,6 @@ static int vc1_decode_i_block_adv(VC1Context *v, int16_t block[64], int n, } else { dcdiff = get_vlc2(&s->gb, ff_msmp4_dc_chroma_vlc[s->dc_table_index].table, DC_VLC_BITS, 3); } - if (dcdiff < 0) { - av_log(s->avctx, AV_LOG_ERROR, "Illegal DC VLC\n"); - return -1; - } if (dcdiff) { const int m = (quant == 1 || quant == 2) ? 3 - quant : 0; if (dcdiff == 119 /* ESC index value */) { @@ -812,7 +812,9 @@ static int vc1_decode_i_block_adv(VC1Context *v, int16_t block[64], int n, } while (!last) { - vc1_decode_ac_coeff(v, &last, &skip, &value, codingset); + int ret = vc1_decode_ac_coeff(v, &last, &skip, &value, codingset); + if (ret < 0) + return ret; i += skip; if (i > 63) break; @@ -836,7 +838,7 @@ static int vc1_decode_i_block_adv(VC1Context *v, int16_t block[64], int n, q2 = FFABS(q2) * 2 + ((q2 < 0) ? 0 : v->halfpq) - 1; if (q2 && q1 != q2) { for (k = 1; k < 8; k++) - block[k << sh] += (ac_val[k] * q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; + block[k << sh] += (int)(ac_val[k] * (unsigned)q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; } else { for (k = 1; k < 8; k++) block[k << sh] += ac_val[k]; @@ -879,7 +881,7 @@ static int vc1_decode_i_block_adv(VC1Context *v, int16_t block[64], int n, q2 = FFABS(q2) * 2 + ((q2 < 0) ? 0 : v->halfpq) - 1; if (q2 && q1 != q2) { for (k = 1; k < 8; k++) - ac_val2[k] = (ac_val2[k] * q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; + ac_val2[k] = (int)(ac_val2[k] * q2 * (unsigned)ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; } for (k = 1; k < 8; k++) { block[k << sh] = ac_val2[k] * scale; @@ -934,10 +936,6 @@ static int vc1_decode_intra_block(VC1Context *v, int16_t block[64], int n, } else { dcdiff = get_vlc2(&s->gb, ff_msmp4_dc_chroma_vlc[s->dc_table_index].table, DC_VLC_BITS, 3); } - if (dcdiff < 0) { - av_log(s->avctx, AV_LOG_ERROR, "Illegal DC VLC\n"); - return -1; - } if (dcdiff) { const int m = (quant == 1 || quant == 2) ? 3 - quant : 0; if (dcdiff == 119 /* ESC index value */) { @@ -995,7 +993,9 @@ static int vc1_decode_intra_block(VC1Context *v, int16_t block[64], int n, int k; while (!last) { - vc1_decode_ac_coeff(v, &last, &skip, &value, codingset); + int ret = vc1_decode_ac_coeff(v, &last, &skip, &value, codingset); + if (ret < 0) + return ret; i += skip; if (i > 63) break; @@ -1024,10 +1024,10 @@ static int vc1_decode_intra_block(VC1Context *v, int16_t block[64], int n, if (q2 && q1 != q2) { if (dc_pred_dir) { // left for (k = 1; k < 8; k++) - block[k << v->left_blk_sh] += (ac_val[k] * q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; + block[k << v->left_blk_sh] += (int)(ac_val[k] * q2 * (unsigned)ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; } else { //top for (k = 1; k < 8; k++) - block[k << v->top_blk_sh] += (ac_val[k + 8] * q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; + block[k << v->top_blk_sh] += (int)(ac_val[k + 8] * q2 * (unsigned)ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; } } else { if (dc_pred_dir) { // left @@ -1068,7 +1068,7 @@ static int vc1_decode_intra_block(VC1Context *v, int16_t block[64], int n, q2 = FFABS(q2) * 2 + ((q2 < 0) ? 0 : v->halfpq) - 1; if (q2 && q1 != q2) { for (k = 1; k < 8; k++) - ac_val2[k] = (ac_val2[k] * q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; + ac_val2[k] = (int)(ac_val2[k] * (unsigned)q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; } } } else { // top @@ -1081,7 +1081,7 @@ static int vc1_decode_intra_block(VC1Context *v, int16_t block[64], int n, q2 = FFABS(q2) * 2 + ((q2 < 0) ? 0 : v->halfpq) - 1; if (q2 && q1 != q2) { for (k = 1; k < 8; k++) - ac_val2[k + 8] = (ac_val2[k + 8] * q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; + ac_val2[k + 8] = (int)(ac_val2[k + 8] * (unsigned)q2 * ff_vc1_dqscale[q1 - 1] + 0x20000) >> 18; } } } @@ -1161,7 +1161,9 @@ static int vc1_decode_p_block(VC1Context *v, int16_t block[64], int n, i = 0; last = 0; while (!last) { - vc1_decode_ac_coeff(v, &last, &skip, &value, v->codingset2); + int ret = vc1_decode_ac_coeff(v, &last, &skip, &value, v->codingset2); + if (ret < 0) + return ret; i += skip; if (i > 63) break; @@ -1189,7 +1191,9 @@ static int vc1_decode_p_block(VC1Context *v, int16_t block[64], int n, i = 0; off = (j & 1) * 4 + (j & 2) * 16; while (!last) { - vc1_decode_ac_coeff(v, &last, &skip, &value, v->codingset2); + int ret = vc1_decode_ac_coeff(v, &last, &skip, &value, v->codingset2); + if (ret < 0) + return ret; i += skip; if (i > 15) break; @@ -1216,7 +1220,9 @@ static int vc1_decode_p_block(VC1Context *v, int16_t block[64], int n, i = 0; off = j * 32; while (!last) { - vc1_decode_ac_coeff(v, &last, &skip, &value, v->codingset2); + int ret = vc1_decode_ac_coeff(v, &last, &skip, &value, v->codingset2); + if (ret < 0) + return ret; i += skip; if (i > 31) break; @@ -1243,7 +1249,9 @@ static int vc1_decode_p_block(VC1Context *v, int16_t block[64], int n, i = 0; off = j * 4; while (!last) { - vc1_decode_ac_coeff(v, &last, &skip, &value, v->codingset2); + int ret = vc1_decode_ac_coeff(v, &last, &skip, &value, v->codingset2); + if (ret < 0) + return ret; i += skip; if (i > 31) break; @@ -1358,13 +1366,15 @@ static int vc1_decode_p_mb(VC1Context *v) v->vc1dsp.vc1_inv_trans_8x8(v->block[v->cur_blk_idx][block_map[i]]); if (v->rangeredfrm) for (j = 0; j < 64; j++) - v->block[v->cur_blk_idx][block_map[i]][j] <<= 1; + v->block[v->cur_blk_idx][block_map[i]][j] *= 2; block_cbp |= 0xF << (i << 2); block_intra |= 1 << i; } else if (val) { pat = vc1_decode_p_block(v, v->block[v->cur_blk_idx][block_map[i]], i, mquant, ttmb, first_block, s->dest[dst_idx] + off, (i & 4) ? s->uvlinesize : s->linesize, CONFIG_GRAY && (i & 4) && (s->avctx->flags & AV_CODEC_FLAG_GRAY), &block_tt); + if (pat < 0) + return pat; block_cbp |= pat << (i << 2); if (!v->ttmbf && ttmb < 8) ttmb = -1; @@ -1459,7 +1469,7 @@ static int vc1_decode_p_mb(VC1Context *v) v->vc1dsp.vc1_inv_trans_8x8(v->block[v->cur_blk_idx][block_map[i]]); if (v->rangeredfrm) for (j = 0; j < 64; j++) - v->block[v->cur_blk_idx][block_map[i]][j] <<= 1; + v->block[v->cur_blk_idx][block_map[i]][j] *= 2; block_cbp |= 0xF << (i << 2); block_intra |= 1 << i; } else if (is_coded[i]) { @@ -1468,6 +1478,8 @@ static int vc1_decode_p_mb(VC1Context *v) (i & 4) ? s->uvlinesize : s->linesize, CONFIG_GRAY && (i & 4) && (s->avctx->flags & AV_CODEC_FLAG_GRAY), &block_tt); + if (pat < 0) + return pat; block_cbp |= pat << (i << 2); if (!v->ttmbf && ttmb < 8) ttmb = -1; @@ -1678,6 +1690,8 @@ static int vc1_decode_p_mb_intfr(VC1Context *v) first_block, s->dest[dst_idx] + off, (i & 4) ? s->uvlinesize : (s->linesize << fieldtx), CONFIG_GRAY && (i & 4) && (s->avctx->flags & AV_CODEC_FLAG_GRAY), &block_tt); + if (pat < 0) + return pat; block_cbp |= pat << (i << 2); if (!v->ttmbf && ttmb < 8) ttmb = -1; @@ -1814,6 +1828,8 @@ static int vc1_decode_p_mb_intfi(VC1Context *v) (i & 4) ? s->uvlinesize : s->linesize, CONFIG_GRAY && (i & 4) && (s->avctx->flags & AV_CODEC_FLAG_GRAY), &block_tt); + if (pat < 0) + return pat; block_cbp |= pat << (i << 2); if (!v->ttmbf && ttmb < 8) ttmb = -1; @@ -1833,7 +1849,7 @@ static int vc1_decode_p_mb_intfi(VC1Context *v) /** Decode one B-frame MB (in Main profile) */ -static void vc1_decode_b_mb(VC1Context *v) +static int vc1_decode_b_mb(VC1Context *v) { MpegEncContext *s = &v->s; GetBitContext *gb = &s->gb; @@ -1899,7 +1915,7 @@ static void vc1_decode_b_mb(VC1Context *v) bmvtype = BMV_TYPE_INTERPOLATED; ff_vc1_pred_b_mv(v, dmv_x, dmv_y, direct, bmvtype); vc1_b_mc(v, dmv_x, dmv_y, direct, bmvtype); - return; + return 0; } if (direct) { cbp = get_vlc2(&v->s.gb, v->cbpcy_vlc->table, VC1_CBPCY_P_VLC_BITS, 2); @@ -1916,7 +1932,7 @@ static void vc1_decode_b_mb(VC1Context *v) /* no coded blocks - effectively skipped */ ff_vc1_pred_b_mv(v, dmv_x, dmv_y, direct, bmvtype); vc1_b_mc(v, dmv_x, dmv_y, direct, bmvtype); - return; + return 0; } if (s->mb_intra && !mb_has_coeffs) { GET_MQUANT(); @@ -1931,7 +1947,7 @@ static void vc1_decode_b_mb(VC1Context *v) /* interpolated skipped block */ ff_vc1_pred_b_mv(v, dmv_x, dmv_y, direct, bmvtype); vc1_b_mc(v, dmv_x, dmv_y, direct, bmvtype); - return; + return 0; } } ff_vc1_pred_b_mv(v, dmv_x, dmv_y, direct, bmvtype); @@ -1969,26 +1985,29 @@ static void vc1_decode_b_mb(VC1Context *v) v->vc1dsp.vc1_inv_trans_8x8(s->block[i]); if (v->rangeredfrm) for (j = 0; j < 64; j++) - s->block[i][j] <<= 1; + s->block[i][j] *= 2; s->idsp.put_signed_pixels_clamped(s->block[i], s->dest[dst_idx] + off, i & 4 ? s->uvlinesize : s->linesize); } else if (val) { - vc1_decode_p_block(v, s->block[i], i, mquant, ttmb, - first_block, s->dest[dst_idx] + off, - (i & 4) ? s->uvlinesize : s->linesize, - CONFIG_GRAY && (i & 4) && (s->avctx->flags & AV_CODEC_FLAG_GRAY), NULL); + int pat = vc1_decode_p_block(v, s->block[i], i, mquant, ttmb, + first_block, s->dest[dst_idx] + off, + (i & 4) ? s->uvlinesize : s->linesize, + CONFIG_GRAY && (i & 4) && (s->avctx->flags & AV_CODEC_FLAG_GRAY), NULL); + if (pat < 0) + return pat; if (!v->ttmbf && ttmb < 8) ttmb = -1; first_block = 0; } } + return 0; } /** Decode one B-frame MB (in interlaced field B picture) */ -static void vc1_decode_b_mb_intfi(VC1Context *v) +static int vc1_decode_b_mb_intfi(VC1Context *v) { MpegEncContext *s = &v->s; GetBitContext *gb = &s->gb; @@ -2093,7 +2112,7 @@ static void vc1_decode_b_mb_intfi(VC1Context *v) dmv_x[1] = dmv_y[1] = pred_flag[0] = 0; if (!s->next_picture_ptr->field_picture) { av_log(s->avctx, AV_LOG_ERROR, "Mixed field/frame direct mode not supported\n"); - return; + return AVERROR_INVALIDDATA; } } ff_vc1_pred_b_mv_intfi(v, 0, dmv_x, dmv_y, 1, pred_flag); @@ -2138,6 +2157,8 @@ static void vc1_decode_b_mb_intfi(VC1Context *v) first_block, s->dest[dst_idx] + off, (i & 4) ? s->uvlinesize : s->linesize, CONFIG_GRAY && (i & 4) && (s->avctx->flags & AV_CODEC_FLAG_GRAY), &block_tt); + if (pat < 0) + return pat; block_cbp |= pat << (i << 2); if (!v->ttmbf && ttmb < 8) ttmb = -1; @@ -2147,6 +2168,8 @@ static void vc1_decode_b_mb_intfi(VC1Context *v) } v->cbp[s->mb_x] = block_cbp; v->ttblk[s->mb_x] = block_tt; + + return 0; } /** Decode one B-frame MB (in interlaced frame B picture) @@ -2433,6 +2456,8 @@ static int vc1_decode_b_mb_intfr(VC1Context *v) first_block, s->dest[dst_idx] + off, (i & 4) ? s->uvlinesize : (s->linesize << fieldtx), CONFIG_GRAY && (i & 4) && (s->avctx->flags & AV_CODEC_FLAG_GRAY), &block_tt); + if (pat < 0) + return pat; block_cbp |= pat << (i << 2); if (!v->ttmbf && ttmb < 8) ttmb = -1; @@ -2582,23 +2607,23 @@ static void vc1_decode_i_blocks(VC1Context *v) if (v->rangeredfrm) for (k = 0; k < 6; k++) for (j = 0; j < 64; j++) - v->block[v->cur_blk_idx][block_map[k]][j] <<= 1; + v->block[v->cur_blk_idx][block_map[k]][j] *= 2; vc1_put_blocks_clamped(v, 1); } else { if (v->rangeredfrm) for (k = 0; k < 6; k++) for (j = 0; j < 64; j++) - v->block[v->cur_blk_idx][block_map[k]][j] = (v->block[v->cur_blk_idx][block_map[k]][j] - 64) << 1; + v->block[v->cur_blk_idx][block_map[k]][j] = (v->block[v->cur_blk_idx][block_map[k]][j] - 64) * 2; vc1_put_blocks_clamped(v, 0); } if (v->s.loop_filter) ff_vc1_i_loop_filter(v); - if (get_bits_count(&s->gb) > v->bits) { + if (get_bits_left(&s->gb) < 0) { ff_er_add_slice(&s->er, 0, 0, s->mb_x, s->mb_y, ER_MB_ERROR); av_log(s->avctx, AV_LOG_ERROR, "Bits overconsumption: %i > %i\n", - get_bits_count(&s->gb), v->bits); + get_bits_count(&s->gb), s->gb.size_in_bits); return; } @@ -2624,7 +2649,7 @@ static void vc1_decode_i_blocks(VC1Context *v) /** Decode blocks of I-frame for advanced profile */ -static void vc1_decode_i_blocks_adv(VC1Context *v) +static int vc1_decode_i_blocks_adv(VC1Context *v) { int k; MpegEncContext *s = &v->s; @@ -2635,6 +2660,9 @@ static void vc1_decode_i_blocks_adv(VC1Context *v) int mqdiff; GetBitContext *gb = &s->gb; + if (get_bits_left(gb) <= 1) + return AVERROR_INVALIDDATA; + /* select coding mode used for VLC tables selection */ switch (v->y_ac_table_index) { case 0: @@ -2688,6 +2716,11 @@ static void vc1_decode_i_blocks_adv(VC1Context *v) // do actual MB decoding and displaying if (v->fieldtx_is_raw) v->fieldtx_plane[mb_pos] = get_bits1(&v->s.gb); + if (get_bits_left(&v->s.gb) <= 1) { + ff_er_add_slice(&s->er, 0, s->start_mb_y, s->mb_x, s->mb_y, ER_MB_ERROR); + return 0; + } + cbp = get_vlc2(&v->s.gb, ff_msmp4_mb_i_vlc.table, MB_INTRA_VLC_BITS, 2); if (v->acpred_is_raw) v->s.ac_pred = get_bits1(&v->s.gb); @@ -2733,12 +2766,12 @@ static void vc1_decode_i_blocks_adv(VC1Context *v) if (v->s.loop_filter) ff_vc1_i_loop_filter(v); - if (get_bits_count(&s->gb) > v->bits) { + if (get_bits_left(&s->gb) < 0) { // TODO: may need modification to handle slice coding ff_er_add_slice(&s->er, 0, s->start_mb_y, s->mb_x, s->mb_y, ER_MB_ERROR); av_log(s->avctx, AV_LOG_ERROR, "Bits overconsumption: %i > %i\n", - get_bits_count(&s->gb), v->bits); - return; + get_bits_count(&s->gb), s->gb.size_in_bits); + return 0; } inc_blk_idx(v->topleft_blk_idx); inc_blk_idx(v->top_blk_idx); @@ -2756,6 +2789,7 @@ static void vc1_decode_i_blocks_adv(VC1Context *v) ff_mpeg_draw_horiz_band(s, (s->end_mb_y - 1) * 16, 16); ff_er_add_slice(&s->er, 0, s->start_mb_y << v->field_mode, s->mb_width - 1, (s->end_mb_y << v->field_mode) - 1, ER_MB_END); + return 0; } static void vc1_decode_p_blocks(VC1Context *v) @@ -2797,6 +2831,12 @@ static void vc1_decode_p_blocks(VC1Context *v) for (; s->mb_x < s->mb_width; s->mb_x++) { ff_update_block_index(s); + if (v->fcm == ILACE_FIELD || (v->fcm == PROGRESSIVE && v->mv_type_is_raw) || v->skip_is_raw) + if (get_bits_left(&v->s.gb) <= 1) { + ff_er_add_slice(&s->er, 0, s->start_mb_y, s->mb_x, s->mb_y, ER_MB_ERROR); + return; + } + if (v->fcm == ILACE_FIELD) { vc1_decode_p_mb_intfi(v); if (apply_loop_filter) @@ -2810,11 +2850,11 @@ static void vc1_decode_p_blocks(VC1Context *v) if (apply_loop_filter) ff_vc1_p_loop_filter(v); } - if (get_bits_count(&s->gb) > v->bits || get_bits_count(&s->gb) < 0) { + if (get_bits_left(&s->gb) < 0 || get_bits_count(&s->gb) < 0) { // TODO: may need modification to handle slice coding ff_er_add_slice(&s->er, 0, s->start_mb_y, s->mb_x, s->mb_y, ER_MB_ERROR); av_log(s->avctx, AV_LOG_ERROR, "Bits overconsumption: %i > %i at %ix%i\n", - get_bits_count(&s->gb), v->bits, s->mb_x, s->mb_y); + get_bits_count(&s->gb), s->gb.size_in_bits, s->mb_x, s->mb_y); return; } inc_blk_idx(v->topleft_blk_idx); @@ -2880,6 +2920,12 @@ static void vc1_decode_b_blocks(VC1Context *v) for (; s->mb_x < s->mb_width; s->mb_x++) { ff_update_block_index(s); + if (v->fcm == ILACE_FIELD || v->skip_is_raw || v->dmb_is_raw) + if (get_bits_left(&v->s.gb) <= 1) { + ff_er_add_slice(&s->er, 0, s->start_mb_y, s->mb_x, s->mb_y, ER_MB_ERROR); + return; + } + if (v->fcm == ILACE_FIELD) { vc1_decode_b_mb_intfi(v); if (v->s.loop_filter) @@ -2893,11 +2939,11 @@ static void vc1_decode_b_blocks(VC1Context *v) if (v->s.loop_filter) ff_vc1_i_loop_filter(v); } - if (get_bits_count(&s->gb) > v->bits || get_bits_count(&s->gb) < 0) { + if (get_bits_left(&s->gb) < 0 || get_bits_count(&s->gb) < 0) { // TODO: may need modification to handle slice coding ff_er_add_slice(&s->er, 0, s->start_mb_y, s->mb_x, s->mb_y, ER_MB_ERROR); av_log(s->avctx, AV_LOG_ERROR, "Bits overconsumption: %i > %i at %ix%i\n", - get_bits_count(&s->gb), v->bits, s->mb_x, s->mb_y); + get_bits_count(&s->gb), s->gb.size_in_bits, s->mb_x, s->mb_y); return; } }