generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

dfa: convert to bytestream2 API

Browse Source 
Protects from overreads.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 29b0d94b43)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This commit is contained in:
Paul B Mahol
2012-03-13 01:58:12 +00:00
committed by Reinhard Tartler
parent 9e575e54a0
commit 12941dbe2c
1 changed files with 74 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
libavcodec/dfa.c
View File

@@ -21,7 +21,6 @@
*/ */
#include "avcodec.h" #include "avcodec.h"
#include "libavutil/intreadwrite.h"
#include "bytestream.h" #include "bytestream.h"
#include "libavutil/imgutils.h" #include "libavutil/imgutils.h"
@@ -51,19 +50,16 @@ static av_cold int dfa_decode_init(AVCodecContext *avctx)
return 0; return 0;
} }
static int decode_copy(uint8_t *frame, int width, int height, static int decode_copy(GetByteContext *gb, uint8_t *frame, int width, int height)
const uint8_t *src, const uint8_t *src_end)
{ {
const int size = width * height; const int size = width * height;
if (src_end - src < size) if (bytestream2_get_buffer(gb, frame, size) != size)
return -1; return -1;
bytestream_get_buffer(&src, frame, size);
return 0; return 0;
} }
static int decode_tsw1(uint8_t *frame, int width, int height, static int decode_tsw1(GetByteContext *gb, uint8_t *frame, int width, int height)
const uint8_t *src, const uint8_t *src_end)
{ {
const uint8_t *frame_start = frame; const uint8_t *frame_start = frame;
const uint8_t *frame_end = frame + width * height; const uint8_t *frame_end = frame + width * height;
@@ -71,22 +67,22 @@ static int decode_tsw1(uint8_t *frame, int width, int height,
int v, count, segments; int v, count, segments;
unsigned offset; unsigned offset;
segments = bytestream_get_le32(&src); segments = bytestream2_get_le32(gb);
offset = bytestream_get_le32(&src); offset = bytestream2_get_le32(gb);
if (frame_end - frame <= offset) if (frame_end - frame <= offset)
return -1; return -1;
frame += offset; frame += offset;
while (segments--) { while (segments--) {
if (mask == 0x10000) { if (bytestream2_get_bytes_left(gb) < 2)
if (src >= src_end)
return -1; return -1;
bitbuf = bytestream_get_le16(&src); if (mask == 0x10000) {
bitbuf = bytestream2_get_le16u(gb);
mask = 1; mask = 1;
} }
if (src_end - src < 2 || frame_end - frame < 2) if (frame_end - frame < 2)
return -1; return -1;
if (bitbuf & mask) { if (bitbuf & mask) {
v = bytestream_get_le16(&src); v = bytestream2_get_le16(gb);
offset = (v & 0x1FFF) << 1; offset = (v & 0x1FFF) << 1;
count = ((v >> 13) + 2) << 1; count = ((v >> 13) + 2) << 1;
if (frame - frame_start < offset || frame_end - frame < count) if (frame - frame_start < offset || frame_end - frame < count)
@@ -94,8 +90,8 @@ static int decode_tsw1(uint8_t *frame, int width, int height,
av_memcpy_backptr(frame, offset, count); av_memcpy_backptr(frame, offset, count);
frame += count; frame += count;
} else { } else {
*frame++ = *src++; *frame++ = bytestream2_get_byte(gb);
*frame++ = *src++; *frame++ = bytestream2_get_byte(gb);
} }
mask <<= 1; mask <<= 1;
} }
@@ -103,26 +99,25 @@ static int decode_tsw1(uint8_t *frame, int width, int height,
return 0; return 0;
} }
static int decode_dsw1(uint8_t *frame, int width, int height, static int decode_dsw1(GetByteContext *gb, uint8_t *frame, int width, int height)
const uint8_t *src, const uint8_t *src_end)
{ {
const uint8_t *frame_start = frame; const uint8_t *frame_start = frame;
const uint8_t *frame_end = frame + width * height; const uint8_t *frame_end = frame + width * height;
int mask = 0x10000, bitbuf = 0; int mask = 0x10000, bitbuf = 0;
int v, offset, count, segments; int v, offset, count, segments;
segments = bytestream_get_le16(&src); segments = bytestream2_get_le16(gb);
while (segments--) { while (segments--) {
if (mask == 0x10000) { if (bytestream2_get_bytes_left(gb) < 2)
if (src >= src_end)
return -1; return -1;
bitbuf = bytestream_get_le16(&src); if (mask == 0x10000) {
bitbuf = bytestream2_get_le16u(gb);
mask = 1; mask = 1;
} }
if (src_end - src < 2 || frame_end - frame < 2) if (frame_end - frame < 2)
return -1; return -1;
if (bitbuf & mask) { if (bitbuf & mask) {
v = bytestream_get_le16(&src); v = bytestream2_get_le16(gb);
offset = (v & 0x1FFF) << 1; offset = (v & 0x1FFF) << 1;
count = ((v >> 13) + 2) << 1; count = ((v >> 13) + 2) << 1;
if (frame - frame_start < offset || frame_end - frame < count) if (frame - frame_start < offset || frame_end - frame < count)
@@ -132,10 +127,10 @@ static int decode_dsw1(uint8_t *frame, int width, int height,
frame[v] = frame[v - offset]; frame[v] = frame[v - offset];
frame += count; frame += count;
} else if (bitbuf & (mask << 1)) { } else if (bitbuf & (mask << 1)) {
frame += bytestream_get_le16(&src); frame += bytestream2_get_le16(gb);
} else { } else {
*frame++ = *src++; *frame++ = bytestream2_get_byte(gb);
*frame++ = *src++; *frame++ = bytestream2_get_byte(gb);
} }
mask <<= 2; mask <<= 2;
} }
@@ -143,26 +138,25 @@ static int decode_dsw1(uint8_t *frame, int width, int height,
return 0; return 0;
} }
static int decode_dds1(uint8_t *frame, int width, int height, static int decode_dds1(GetByteContext *gb, uint8_t *frame, int width, int height)
const uint8_t *src, const uint8_t *src_end)
{ {
const uint8_t *frame_start = frame; const uint8_t *frame_start = frame;
const uint8_t *frame_end = frame + width * height; const uint8_t *frame_end = frame + width * height;
int mask = 0x10000, bitbuf = 0; int mask = 0x10000, bitbuf = 0;
int i, v, offset, count, segments; int i, v, offset, count, segments;
segments = bytestream_get_le16(&src); segments = bytestream2_get_le16(gb);
while (segments--) { while (segments--) {
if (mask == 0x10000) { if (bytestream2_get_bytes_left(gb) < 2)
if (src >= src_end)
return -1; return -1;
bitbuf = bytestream_get_le16(&src); if (mask == 0x10000) {
bitbuf = bytestream2_get_le16u(gb);
mask = 1; mask = 1;
} }
if (src_end - src < 2 || frame_end - frame < 2) if (frame_end - frame < 2)
return -1; return -1;
if (bitbuf & mask) { if (bitbuf & mask) {
v = bytestream_get_le16(&src); v = bytestream2_get_le16(gb);
offset = (v & 0x1FFF) << 2; offset = (v & 0x1FFF) << 2;
count = ((v >> 13) + 2) << 1; count = ((v >> 13) + 2) << 1;
if (frame - frame_start < offset || frame_end - frame < count*2 + width) if (frame - frame_start < offset || frame_end - frame < count*2 + width)
@@ -174,13 +168,13 @@ static int decode_dds1(uint8_t *frame, int width, int height,
frame += 2; frame += 2;
} }
} else if (bitbuf & (mask << 1)) { } else if (bitbuf & (mask << 1)) {
frame += bytestream_get_le16(&src) * 2; frame += bytestream2_get_le16(gb) * 2;
} else { } else {
frame[0] = frame[1] = frame[0] = frame[1] =
frame[width] = frame[width + 1] = *src++; frame[width] = frame[width + 1] = bytestream2_get_byte(gb);
frame += 2; frame += 2;
frame[0] = frame[1] = frame[0] = frame[1] =
frame[width] = frame[width + 1] = *src++; frame[width] = frame[width + 1] = bytestream2_get_byte(gb);
frame += 2; frame += 2;
} }
mask <<= 2; mask <<= 2;
@@ -189,40 +183,40 @@ static int decode_dds1(uint8_t *frame, int width, int height,
return 0; return 0;
} }
static int decode_bdlt(uint8_t *frame, int width, int height, static int decode_bdlt(GetByteContext *gb, uint8_t *frame, int width, int height)
const uint8_t *src, const uint8_t *src_end)
{ {
uint8_t *line_ptr; uint8_t *line_ptr;
int count, lines, segments; int count, lines, segments;
count = bytestream_get_le16(&src); count = bytestream2_get_le16(gb);
if (count >= height) if (count >= height)
return -1; return -1;
frame += width * count; frame += width * count;
lines = bytestream_get_le16(&src); lines = bytestream2_get_le16(gb);
if (count + lines > height || src >= src_end) if (count + lines > height)
return -1; return -1;
while (lines--) { while (lines--) {
if (bytestream2_get_bytes_left(gb) < 1)
return -1;
line_ptr = frame; line_ptr = frame;
frame += width; frame += width;
segments = *src++; segments = bytestream2_get_byteu(gb);
while (segments--) { while (segments--) {
if (src_end - src < 3) if (frame - line_ptr <= bytestream2_peek_byte(gb))
return -1; return -1;
if (frame - line_ptr <= *src) line_ptr += bytestream2_get_byte(gb);
return -1; count = (int8_t)bytestream2_get_byte(gb);
line_ptr += *src++;
count = (int8_t)*src++;
if (count >= 0) { if (count >= 0) {
if (frame - line_ptr < count || src_end - src < count) if (frame - line_ptr < count)
return -1;
if (bytestream2_get_buffer(gb, line_ptr, count) != count)
return -1; return -1;
bytestream_get_buffer(&src, line_ptr, count);
} else { } else {
count = -count; count = -count;
if (frame - line_ptr < count || src >= src_end) if (frame - line_ptr < count)
return -1; return -1;
memset(line_ptr, *src++, count); memset(line_ptr, bytestream2_get_byte(gb), count);
} }
line_ptr += count; line_ptr += count;
} }
@@ -231,49 +225,49 @@ static int decode_bdlt(uint8_t *frame, int width, int height,
return 0; return 0;
} }
static int decode_wdlt(uint8_t *frame, int width, int height, static int decode_wdlt(GetByteContext *gb, uint8_t *frame, int width, int height)
const uint8_t *src, const uint8_t *src_end)
{ {
const uint8_t *frame_end = frame + width * height; const uint8_t *frame_end = frame + width * height;
uint8_t *line_ptr; uint8_t *line_ptr;
int count, i, v, lines, segments; int count, i, v, lines, segments;
lines = bytestream_get_le16(&src); lines = bytestream2_get_le16(gb);
if (lines > height || src >= src_end) if (lines > height)
return -1; return -1;
while (lines--) { while (lines--) {
segments = bytestream_get_le16(&src); if (bytestream2_get_bytes_left(gb) < 2)
return -1;
segments = bytestream2_get_le16u(gb);
while ((segments & 0xC000) == 0xC000) { while ((segments & 0xC000) == 0xC000) {
unsigned delta = -((int16_t)segments * width); unsigned delta = -((int16_t)segments * width);
if (frame_end - frame <= delta) if (frame_end - frame <= delta)
return -1; return -1;
frame += delta; frame += delta;
segments = bytestream_get_le16(&src); segments = bytestream2_get_le16(gb);
} }
if (segments & 0x8000) { if (segments & 0x8000) {
frame[width - 1] = segments & 0xFF; frame[width - 1] = segments & 0xFF;
segments = bytestream_get_le16(&src); segments = bytestream2_get_le16(gb);
} }
line_ptr = frame; line_ptr = frame;
frame += width; frame += width;
while (segments--) { while (segments--) {
if (src_end - src < 2) if (frame - line_ptr <= bytestream2_peek_byte(gb))
return -1; return -1;
if (frame - line_ptr <= *src) line_ptr += bytestream2_get_byte(gb);
return -1; count = (int8_t)bytestream2_get_byte(gb);
line_ptr += *src++;
count = (int8_t)*src++;
if (count >= 0) { if (count >= 0) {
if (frame - line_ptr < count*2 || src_end - src < count*2) if (frame - line_ptr < count * 2)
return -1;
if (bytestream2_get_buffer(gb, line_ptr, count * 2) != count * 2)
return -1; return -1;
bytestream_get_buffer(&src, line_ptr, count*2);
line_ptr += count * 2; line_ptr += count * 2;
} else { } else {
count = -count; count = -count;
if (frame - line_ptr < count*2 || src_end - src < 2) if (frame - line_ptr < count * 2)
return -1; return -1;
v = bytestream_get_le16(&src); v = bytestream2_get_le16(gb);
for (i = 0; i < count; i++) for (i = 0; i < count; i++)
bytestream_put_le16(&line_ptr, v); bytestream_put_le16(&line_ptr, v);
} }
@@ -283,22 +277,19 @@ static int decode_wdlt(uint8_t *frame, int width, int height,
return 0; return 0;
} }
static int decode_unk6(uint8_t *frame, int width, int height, static int decode_unk6(GetByteContext *gb, uint8_t *frame, int width, int height)
const uint8_t *src, const uint8_t *src_end)
{ {
return -1; return -1;
} }
static int decode_blck(uint8_t *frame, int width, int height, static int decode_blck(GetByteContext *gb, uint8_t *frame, int width, int height)
const uint8_t *src, const uint8_t *src_end)
{ {
memset(frame, 0, width * height); memset(frame, 0, width * height);
return 0; return 0;
} }
typedef int (*chunk_decoder)(uint8_t *frame, int width, int height, typedef int (*chunk_decoder)(GetByteContext *gb, uint8_t *frame, int width, int height);
const uint8_t *src, const uint8_t *src_end);
static const chunk_decoder decoder[8] = { static const chunk_decoder decoder[8] = {
decode_copy, decode_tsw1, decode_bdlt, decode_wdlt, decode_copy, decode_tsw1, decode_bdlt, decode_wdlt,
@@ -314,9 +305,8 @@ static int dfa_decode_frame(AVCodecContext *avctx,
AVPacket *avpkt) AVPacket *avpkt)
{ {
DfaContext *s = avctx->priv_data; DfaContext *s = avctx->priv_data;
GetByteContext gb;
const uint8_t *buf = avpkt->data; const uint8_t *buf = avpkt->data;
const uint8_t *buf_end = avpkt->data + avpkt->size;
const uint8_t *tmp_buf;
uint32_t chunk_type, chunk_size; uint32_t chunk_type, chunk_size;
uint8_t *dst; uint8_t *dst;
int ret; int ret;
@@ -330,27 +320,22 @@ static int dfa_decode_frame(AVCodecContext *avctx,
return ret; return ret;
} }
while (buf < buf_end) { bytestream2_init(&gb, avpkt->data, avpkt->size);
chunk_size = AV_RL32(buf + 4); while (bytestream2_get_bytes_left(&gb) > 0) {
chunk_type = AV_RL32(buf + 8); bytestream2_skip(&gb, 4);
buf += 12; chunk_size = bytestream2_get_le32(&gb);
if (buf_end - buf < chunk_size) { chunk_type = bytestream2_get_le32(&gb);
av_log(avctx, AV_LOG_ERROR, "Chunk size is too big (%d bytes)\n", chunk_size);
return -1;
}
if (!chunk_type) if (!chunk_type)
break; break;
if (chunk_type == 1) { if (chunk_type == 1) {
pal_elems = FFMIN(chunk_size / 3, 256); pal_elems = FFMIN(chunk_size / 3, 256);
tmp_buf = buf;
for (i = 0; i < pal_elems; i++) { for (i = 0; i < pal_elems; i++) {
s->pal[i] = bytestream_get_be24(&tmp_buf) << 2; s->pal[i] = bytestream2_get_be24(&gb) << 2;
s->pal[i] |= (s->pal[i] >> 6) & 0x333; s->pal[i] |= (s->pal[i] >> 6) & 0x333;
} }
s->pic.palette_has_changed = 1; s->pic.palette_has_changed = 1;
} else if (chunk_type <= 9) { } else if (chunk_type <= 9) {
if (decoder[chunk_type - 2](s->frame_buf, avctx->width, avctx->height, if (decoder[chunk_type - 2](&gb, s->frame_buf, avctx->width, avctx->height)) {
buf, buf + chunk_size)) {
av_log(avctx, AV_LOG_ERROR, "Error decoding %s chunk\n", av_log(avctx, AV_LOG_ERROR, "Error decoding %s chunk\n",
chunk_name[chunk_type - 2]); chunk_name[chunk_type - 2]);
return -1; return -1;