From 580bb779360e9832e3b5581e349f76bca75ada08 Mon Sep 17 00:00:00 2001 From: Anssi Hannula Date: Fri, 30 Dec 2011 22:48:18 +0200 Subject: [PATCH 1/8] spdifenc: use special alignment for DTS-HD length_code Align IEC 61937 length_code for DTS-HD so that (length_code & 0xf) == 0x8. This is reportedly needed with some receivers. Signed-off-by: Ronald S. Bultje --- libavformat/spdifenc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/spdifenc.c b/libavformat/spdifenc.c index d541aba848..5a1b8e4cb0 100644 --- a/libavformat/spdifenc.c +++ b/libavformat/spdifenc.c @@ -220,7 +220,10 @@ static int spdif_header_dts4(AVFormatContext *s, AVPacket *pkt, int core_size, } ctx->out_bytes = sizeof(dtshd_start_code) + 2 + pkt_size; - ctx->length_code = ctx->out_bytes; + + /* Align so that (length_code & 0xf) == 0x8. This is reportedly needed + * with some receivers, but the exact requirement is unconfirmed. */ + ctx->length_code = FFALIGN(ctx->out_bytes + 0x8, 0x10) - 0x8; av_fast_malloc(&ctx->hd_buf, &ctx->hd_buf_size, ctx->out_bytes); if (!ctx->hd_buf) From f907615f0813e8499f06a7eebccf1c63fce87c8e Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Fri, 6 Jan 2012 00:17:37 +0100 Subject: [PATCH 2/8] parsers: initialize MpegEncContext.slice_context_count to 1 The mpeg4 video, H264 and VC-1 parser hold (directly or indirectly) a MpegEncContext in their private context. Since they do not call the common mpegvideo init function slice_context_count has explicitly set to 1. Prevents a null pointer dereference in the h264 parser and fixes bug 193. --- libavcodec/h264_parser.c | 1 + libavcodec/mpeg4video_parser.c | 1 + libavcodec/vc1_parser.c | 8 ++++++++ 3 files changed, 10 insertions(+) diff --git a/libavcodec/h264_parser.c b/libavcodec/h264_parser.c index 826c17a0f1..bcaa04a115 100644 --- a/libavcodec/h264_parser.c +++ b/libavcodec/h264_parser.c @@ -330,6 +330,7 @@ static int init(AVCodecParserContext *s) { H264Context *h = s->priv_data; h->thread_context[0] = h; + h->s.slice_context_count = 1; return 0; } diff --git a/libavcodec/mpeg4video_parser.c b/libavcodec/mpeg4video_parser.c index 162bc1d03e..89bbf3465d 100644 --- a/libavcodec/mpeg4video_parser.c +++ b/libavcodec/mpeg4video_parser.c @@ -99,6 +99,7 @@ static av_cold int mpeg4video_parse_init(AVCodecParserContext *s) if (!pc->enc) return -1; pc->first_picture = 1; + pc->enc->slice_context_count = 1; return 0; } diff --git a/libavcodec/vc1_parser.c b/libavcodec/vc1_parser.c index e6243d9ac0..0cc5ea0fa8 100644 --- a/libavcodec/vc1_parser.c +++ b/libavcodec/vc1_parser.c @@ -184,9 +184,17 @@ static int vc1_split(AVCodecContext *avctx, return 0; } +static int vc1_parse_init(AVCodecParserContext *s) +{ + VC1ParseContext *vpc = s->priv_data; + vpc->v.s.slice_context_count = 1; + return 0; +} + AVCodecParser ff_vc1_parser = { .codec_ids = { CODEC_ID_VC1 }, .priv_data_size = sizeof(VC1ParseContext), + .parser_init = vc1_parse_init, .parser_parse = vc1_parse, .parser_close = ff_parse1_close, .split = vc1_split, From 6e8bf6db489f66d6fa553fa04904464af768c540 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Wed, 21 Dec 2011 22:32:04 -0500 Subject: [PATCH 3/8] add bytestream2_tell() and bytestream2_seek() functions --- libavcodec/bytestream.h | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/libavcodec/bytestream.h b/libavcodec/bytestream.h index 8fbceacc4f..9ec74cf9a7 100644 --- a/libavcodec/bytestream.h +++ b/libavcodec/bytestream.h @@ -27,7 +27,7 @@ #include "libavutil/intreadwrite.h" typedef struct { - const uint8_t *buffer, *buffer_end; + const uint8_t *buffer, *buffer_end, *buffer_start; } GetByteContext; #define DEF_T(type, name, bytes, read, write) \ @@ -79,6 +79,7 @@ static av_always_inline void bytestream2_init(GetByteContext *g, const uint8_t *buf, int buf_size) { g->buffer = buf; + g->buffer_start = buf; g->buffer_end = buf + buf_size; } @@ -93,6 +94,34 @@ static av_always_inline void bytestream2_skip(GetByteContext *g, g->buffer += FFMIN(g->buffer_end - g->buffer, size); } +static av_always_inline int bytestream2_tell(GetByteContext *g) +{ + return (int)(g->buffer - g->buffer_start); +} + +static av_always_inline int bytestream2_seek(GetByteContext *g, int offset, + int whence) +{ + switch (whence) { + case SEEK_CUR: + offset = av_clip(offset, -(g->buffer - g->buffer_start), + g->buffer_end - g->buffer); + g->buffer += offset; + break; + case SEEK_END: + offset = av_clip(offset, -(g->buffer_end - g->buffer_start), 0); + g->buffer = g->buffer_end + offset; + break; + case SEEK_SET: + offset = av_clip(offset, 0, g->buffer_end - g->buffer_start); + g->buffer = g->buffer_start + offset; + break; + default: + return AVERROR(EINVAL); + } + return bytestream2_tell(g); +} + static av_always_inline unsigned int bytestream2_get_buffer(GetByteContext *g, uint8_t *dst, unsigned int size) From 301fb9213198e163516c66906650c9985f66cdd2 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Fri, 6 Jan 2012 01:34:16 +0100 Subject: [PATCH 4/8] h264: Only use symbols from the SVQ3 decoder under proper conditionals. Fixes --disable-everything --enable-decoder=h264 --disable-optimizations. --- libavcodec/h264.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 9502a7c147..82b7acd1ee 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -1817,7 +1817,7 @@ static av_always_inline void hl_decode_mb_predict_luma(H264Context *h, int mb_ty idct_dc_add(ptr, h->mb + (i*16+p*256 << pixel_shift), linesize); else idct_add (ptr, h->mb + (i*16+p*256 << pixel_shift), linesize); - }else + } else if (CONFIG_SVQ3_DECODER) ff_svq3_add_idct_c(ptr, h->mb + i*16+p*256, linesize, qscale, 0); } } @@ -1837,7 +1837,7 @@ static av_always_inline void hl_decode_mb_predict_luma(H264Context *h, int mb_ty dctcoef_set(h->mb+(p*256 << pixel_shift), pixel_shift, dc_mapping[i], dctcoef_get(h->mb_luma_dc[p], pixel_shift, i)); } } - }else + } else if (CONFIG_SVQ3_DECODER) ff_svq3_luma_dc_dequant_idct_c(h->mb+p*256, h->mb_luma_dc[p], qscale); } } @@ -1881,7 +1881,7 @@ static av_always_inline void hl_decode_mb_idct_luma(H264Context *h, int mb_type, } } } - }else{ + } else if (CONFIG_SVQ3_DECODER) { for(i=0; i<16; i++){ if(h->non_zero_count_cache[ scan8[i+p*16] ] || h->mb[i*16+p*256]){ //FIXME benchmark weird rule, & below uint8_t * const ptr= dest_y + block_offset[i]; @@ -2080,7 +2080,7 @@ static av_always_inline void hl_decode_mb_internal(H264Context *h, int simple, i h->h264dsp.h264_idct_add8(dest, block_offset, h->mb, uvlinesize, h->non_zero_count_cache); - }else{ + } else if (CONFIG_SVQ3_DECODER) { h->h264dsp.h264_chroma_dc_dequant_idct(h->mb + 16*16*1, h->dequant4_coeff[IS_INTRA(mb_type) ? 1:4][h->chroma_qp[0]][0]); h->h264dsp.h264_chroma_dc_dequant_idct(h->mb + 16*16*2, h->dequant4_coeff[IS_INTRA(mb_type) ? 2:5][h->chroma_qp[1]][0]); for(j=1; j<3; j++){ From 3aa3fc45feab2316261e16987f0d5bc0f03f72f7 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Tue, 27 Dec 2011 11:37:31 +0100 Subject: [PATCH 5/8] cabac: remove unused function renorm_cabac_decoder --- libavcodec/cabac.h | 9 --------- 1 file changed, 9 deletions(-) diff --git a/libavcodec/cabac.h b/libavcodec/cabac.h index aff6495e29..b0d056def0 100644 --- a/libavcodec/cabac.h +++ b/libavcodec/cabac.h @@ -97,15 +97,6 @@ static void refill(CABACContext *c){ c->bytestream+= CABAC_BITS/8; } -static inline void renorm_cabac_decoder(CABACContext *c){ - while(c->range < 0x100){ - c->range+= c->range; - c->low+= c->low; - if(!(c->low & CABAC_MASK)) - refill(c); - } -} - static inline void renorm_cabac_decoder_once(CABACContext *c){ int shift= (uint32_t)(c->range - 0x100)>>31; c->range<<= shift; From f86209b43de91e84675f7d1be6a1572ecccb2110 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Fri, 6 Jan 2012 17:18:07 +0000 Subject: [PATCH 6/8] vqf: add more known extensions Signed-off-by: Ronald S. Bultje --- libavformat/vqf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/vqf.c b/libavformat/vqf.c index aba763d38f..3e79299362 100644 --- a/libavformat/vqf.c +++ b/libavformat/vqf.c @@ -265,5 +265,5 @@ AVInputFormat ff_vqf_demuxer = { .read_header = vqf_read_header, .read_packet = vqf_read_packet, .read_seek = vqf_read_seek, - .extensions = "vqf", + .extensions = "vqf,vql,vqe", }; From 57cd6d709565e84e84385f8f2a9641ca3fa718be Mon Sep 17 00:00:00 2001 From: Chris Evans Date: Thu, 5 Jan 2012 21:25:41 +0100 Subject: [PATCH 7/8] vorbis: Avoid some out-of-bounds reads Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler --- libavcodec/vorbis.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/libavcodec/vorbis.c b/libavcodec/vorbis.c index 86df2886f2..0b26870421 100644 --- a/libavcodec/vorbis.c +++ b/libavcodec/vorbis.c @@ -152,7 +152,7 @@ void ff_vorbis_ready_floor1_list(vorbis_floor1_entry * list, int values) } } -static inline void render_line_unrolled(intptr_t x, intptr_t y, int x1, +static inline void render_line_unrolled(intptr_t x, uint8_t y, int x1, intptr_t sy, int ady, int adx, float *buf) { @@ -175,7 +175,7 @@ static inline void render_line_unrolled(intptr_t x, intptr_t y, int x1, } } -static void render_line(int x0, int y0, int x1, int y1, float *buf) +static void render_line(int x0, uint8_t y0, int x1, int y1, float *buf) { int dy = y1 - y0; int adx = x1 - x0; @@ -185,10 +185,10 @@ static void render_line(int x0, int y0, int x1, int y1, float *buf) if (ady*2 <= adx) { // optimized common case render_line_unrolled(x0, y0, x1, sy, ady, adx, buf); } else { - int base = dy / adx; - int x = x0; - int y = y0; - int err = -adx; + int base = dy / adx; + int x = x0; + uint8_t y = y0; + int err = -adx; ady -= FFABS(base) * adx; while (++x < x1) { y += base; @@ -206,7 +206,8 @@ void ff_vorbis_floor1_render_list(vorbis_floor1_entry * list, int values, uint16_t *y_list, int *flag, int multiplier, float *out, int samples) { - int lx, ly, i; + int lx, i; + uint8_t ly; lx = 0; ly = y_list[0] * multiplier; for (i = 1; i < values; i++) { From b348c852aa8312d361123df0fa20e16feff7c2f1 Mon Sep 17 00:00:00 2001 From: Laurentiu Ion Date: Fri, 6 Jan 2012 20:42:00 +0200 Subject: [PATCH 8/8] flicvideo: fix invalid reads Prevent invalid reads using bytestream2 functions. Fixes bug #126. Signed-off-by: Justin Ruggles --- libavcodec/flicvideo.c | 166 +++++++++++++++++++---------------------- 1 file changed, 77 insertions(+), 89 deletions(-) diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c index 8e8a813258..b7bbfb4f5d 100644 --- a/libavcodec/flicvideo.c +++ b/libavcodec/flicvideo.c @@ -41,6 +41,8 @@ #include "libavutil/intreadwrite.h" #include "avcodec.h" +#include "bytestream.h" +#include "mathops.h" #define FLI_256_COLOR 4 #define FLI_DELTA 7 @@ -132,7 +134,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, { FlicDecodeContext *s = avctx->priv_data; - int stream_ptr = 0; + GetByteContext g2; int stream_ptr_after_color_chunk; int pixel_ptr; int palette_ptr; @@ -163,6 +165,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, unsigned char *pixels; unsigned int pixel_limit; + bytestream2_init(&g2, buf, buf_size); + s->frame.reference = 1; s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE; if (avctx->reget_buffer(avctx, &s->frame) < 0) { @@ -172,25 +176,22 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, pixels = s->frame.data[0]; pixel_limit = s->avctx->height * s->frame.linesize[0]; - - frame_size = AV_RL32(&buf[stream_ptr]); - stream_ptr += 6; /* skip the magic number */ - num_chunks = AV_RL16(&buf[stream_ptr]); - stream_ptr += 10; /* skip padding */ + frame_size = bytestream2_get_le32(&g2); + bytestream2_skip(&g2, 2); /* skip the magic number */ + num_chunks = bytestream2_get_le16(&g2); + bytestream2_skip(&g2, 8); /* skip padding */ frame_size -= 16; /* iterate through the chunks */ while ((frame_size > 0) && (num_chunks > 0)) { - chunk_size = AV_RL32(&buf[stream_ptr]); - stream_ptr += 4; - chunk_type = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + chunk_size = bytestream2_get_le32(&g2); + chunk_type = bytestream2_get_le16(&g2); switch (chunk_type) { case FLI_256_COLOR: case FLI_COLOR: - stream_ptr_after_color_chunk = stream_ptr + chunk_size - 6; + stream_ptr_after_color_chunk = bytestream2_tell(&g2) + chunk_size - 6; /* check special case: If this file is from the Magic Carpet * game and uses 6-bit colors even though it reports 256-color @@ -201,15 +202,14 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, else color_shift = 2; /* set up the palette */ - color_packets = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + color_packets = bytestream2_get_le16(&g2); palette_ptr = 0; for (i = 0; i < color_packets; i++) { /* first byte is how many colors to skip */ - palette_ptr += buf[stream_ptr++]; + palette_ptr += bytestream2_get_byte(&g2); /* next byte indicates how many entries to change */ - color_changes = buf[stream_ptr++]; + color_changes = bytestream2_get_byte(&g2); /* if there are 0 color changes, there are actually 256 */ if (color_changes == 0) @@ -222,9 +222,9 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, if ((unsigned)palette_ptr >= 256) palette_ptr = 0; - r = buf[stream_ptr++] << color_shift; - g = buf[stream_ptr++] << color_shift; - b = buf[stream_ptr++] << color_shift; + r = bytestream2_get_byte(&g2) << color_shift; + g = bytestream2_get_byte(&g2) << color_shift; + b = bytestream2_get_byte(&g2) << color_shift; entry = (r << 16) | (g << 8) | b; if (s->palette[palette_ptr] != entry) s->new_palette = 1; @@ -233,20 +233,19 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, } /* color chunks sometimes have weird 16-bit alignment issues; - * therefore, take the hardline approach and set the stream_ptr + * therefore, take the hardline approach and skip * to the value calculated w.r.t. the size specified by the color * chunk header */ - stream_ptr = stream_ptr_after_color_chunk; + if (stream_ptr_after_color_chunk - bytestream2_tell(&g2) > 0) + bytestream2_skip(&g2, stream_ptr_after_color_chunk - bytestream2_tell(&g2)); break; case FLI_DELTA: y_ptr = 0; - compressed_lines = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + compressed_lines = bytestream2_get_le16(&g2); while (compressed_lines > 0) { - line_packets = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + line_packets = bytestream2_get_le16(&g2); if ((line_packets & 0xC000) == 0xC000) { // line skip opcode line_packets = -line_packets; @@ -265,14 +264,14 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, pixel_countdown = s->avctx->width; for (i = 0; i < line_packets; i++) { /* account for the skip bytes */ - pixel_skip = buf[stream_ptr++]; + pixel_skip = bytestream2_get_byte(&g2); pixel_ptr += pixel_skip; pixel_countdown -= pixel_skip; - byte_run = (signed char)(buf[stream_ptr++]); + byte_run = sign_extend(bytestream2_get_byte(&g2), 8); if (byte_run < 0) { byte_run = -byte_run; - palette_idx1 = buf[stream_ptr++]; - palette_idx2 = buf[stream_ptr++]; + palette_idx1 = bytestream2_get_byte(&g2); + palette_idx2 = bytestream2_get_byte(&g2); CHECK_PIXEL_PTR(byte_run * 2); for (j = 0; j < byte_run; j++, pixel_countdown -= 2) { pixels[pixel_ptr++] = palette_idx1; @@ -281,8 +280,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, } else { CHECK_PIXEL_PTR(byte_run * 2); for (j = 0; j < byte_run * 2; j++, pixel_countdown--) { - palette_idx1 = buf[stream_ptr++]; - pixels[pixel_ptr++] = palette_idx1; + pixels[pixel_ptr++] = bytestream2_get_byte(&g2); } } } @@ -294,34 +292,31 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, case FLI_LC: /* line compressed */ - starting_line = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + starting_line = bytestream2_get_le16(&g2); y_ptr = 0; y_ptr += starting_line * s->frame.linesize[0]; - compressed_lines = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + compressed_lines = bytestream2_get_le16(&g2); while (compressed_lines > 0) { pixel_ptr = y_ptr; CHECK_PIXEL_PTR(0); pixel_countdown = s->avctx->width; - line_packets = buf[stream_ptr++]; + line_packets = bytestream2_get_byte(&g2); if (line_packets > 0) { for (i = 0; i < line_packets; i++) { /* account for the skip bytes */ - pixel_skip = buf[stream_ptr++]; + pixel_skip = bytestream2_get_byte(&g2); pixel_ptr += pixel_skip; pixel_countdown -= pixel_skip; - byte_run = (signed char)(buf[stream_ptr++]); + byte_run = sign_extend(bytestream2_get_byte(&g2),8); if (byte_run > 0) { CHECK_PIXEL_PTR(byte_run); for (j = 0; j < byte_run; j++, pixel_countdown--) { - palette_idx1 = buf[stream_ptr++]; - pixels[pixel_ptr++] = palette_idx1; + pixels[pixel_ptr++] = bytestream2_get_byte(&g2); } } else if (byte_run < 0) { byte_run = -byte_run; - palette_idx1 = buf[stream_ptr++]; + palette_idx1 = bytestream2_get_byte(&g2); CHECK_PIXEL_PTR(byte_run); for (j = 0; j < byte_run; j++, pixel_countdown--) { pixels[pixel_ptr++] = palette_idx1; @@ -349,12 +344,12 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, pixel_ptr = y_ptr; /* disregard the line packets; instead, iterate through all * pixels on a row */ - stream_ptr++; + bytestream2_skip(&g2, 1); pixel_countdown = s->avctx->width; while (pixel_countdown > 0) { - byte_run = (signed char)(buf[stream_ptr++]); + byte_run = sign_extend(bytestream2_get_byte(&g2), 8); if (byte_run > 0) { - palette_idx1 = buf[stream_ptr++]; + palette_idx1 = bytestream2_get_byte(&g2); CHECK_PIXEL_PTR(byte_run); for (j = 0; j < byte_run; j++) { pixels[pixel_ptr++] = palette_idx1; @@ -367,8 +362,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, byte_run = -byte_run; CHECK_PIXEL_PTR(byte_run); for (j = 0; j < byte_run; j++) { - palette_idx1 = buf[stream_ptr++]; - pixels[pixel_ptr++] = palette_idx1; + pixels[pixel_ptr++] = bytestream2_get_byte(&g2); pixel_countdown--; if (pixel_countdown < 0) av_log(avctx, AV_LOG_ERROR, "pixel_countdown < 0 (%d) at line %d\n", @@ -386,20 +380,19 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, if (chunk_size - 6 > s->avctx->width * s->avctx->height) { av_log(avctx, AV_LOG_ERROR, "In chunk FLI_COPY : source data (%d bytes) " \ "bigger than image, skipping chunk\n", chunk_size - 6); - stream_ptr += chunk_size - 6; + bytestream2_skip(&g2, chunk_size - 6); } else { for (y_ptr = 0; y_ptr < s->frame.linesize[0] * s->avctx->height; y_ptr += s->frame.linesize[0]) { - memcpy(&pixels[y_ptr], &buf[stream_ptr], - s->avctx->width); - stream_ptr += s->avctx->width; + bytestream2_get_buffer(&g2, &pixels[y_ptr], + s->avctx->width); } } break; case FLI_MINI: /* some sort of a thumbnail? disregard this chunk... */ - stream_ptr += chunk_size - 6; + bytestream2_skip(&g2, chunk_size - 6); break; default: @@ -413,9 +406,11 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx, /* by the end of the chunk, the stream ptr should equal the frame * size (minus 1, possibly); if it doesn't, issue a warning */ - if ((stream_ptr != buf_size) && (stream_ptr != buf_size - 1)) + if ((bytestream2_get_bytes_left(&g2) != 0) && + (bytestream2_get_bytes_left(&g2) != 1)) av_log(avctx, AV_LOG_ERROR, "Processed FLI chunk where chunk size = %d " \ - "and final chunk ptr = %d\n", buf_size, stream_ptr); + "and final chunk ptr = %d\n", buf_size, + buf_size - bytestream2_get_bytes_left(&g2)); /* make the palette available on the way out */ memcpy(s->frame.data[1], s->palette, AVPALETTE_SIZE); @@ -438,7 +433,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, /* Format is the pixel format, the packets are processed the same. */ FlicDecodeContext *s = avctx->priv_data; - int stream_ptr = 0; + GetByteContext g2; int pixel_ptr; unsigned char palette_idx1; @@ -461,6 +456,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, int pixel; unsigned int pixel_limit; + bytestream2_init(&g2, buf, buf_size); + s->frame.reference = 1; s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE; if (avctx->reget_buffer(avctx, &s->frame) < 0) { @@ -471,19 +468,17 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, pixels = s->frame.data[0]; pixel_limit = s->avctx->height * s->frame.linesize[0]; - frame_size = AV_RL32(&buf[stream_ptr]); - stream_ptr += 6; /* skip the magic number */ - num_chunks = AV_RL16(&buf[stream_ptr]); - stream_ptr += 10; /* skip padding */ + frame_size = bytestream2_get_le32(&g2); + bytestream2_skip(&g2, 2); /* skip the magic number */ + num_chunks = bytestream2_get_le16(&g2); + bytestream2_skip(&g2, 8); /* skip padding */ frame_size -= 16; /* iterate through the chunks */ while ((frame_size > 0) && (num_chunks > 0)) { - chunk_size = AV_RL32(&buf[stream_ptr]); - stream_ptr += 4; - chunk_type = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + chunk_size = bytestream2_get_le32(&g2); + chunk_type = bytestream2_get_le16(&g2); switch (chunk_type) { case FLI_256_COLOR: @@ -492,17 +487,15 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, * include one of these chunks in their first frame. * Why I do not know, it seems rather extraneous. */ /* av_log(avctx, AV_LOG_ERROR, "Unexpected Palette chunk %d in non-paletised FLC\n",chunk_type);*/ - stream_ptr = stream_ptr + chunk_size - 6; + bytestream2_skip(&g2, chunk_size - 6); break; case FLI_DELTA: case FLI_DTA_LC: y_ptr = 0; - compressed_lines = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + compressed_lines = bytestream2_get_le16(&g2); while (compressed_lines > 0) { - line_packets = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + line_packets = bytestream2_get_le16(&g2); if (line_packets < 0) { line_packets = -line_packets; y_ptr += line_packets * s->frame.linesize[0]; @@ -513,14 +506,13 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, pixel_countdown = s->avctx->width; for (i = 0; i < line_packets; i++) { /* account for the skip bytes */ - pixel_skip = buf[stream_ptr++]; + pixel_skip = bytestream2_get_byte(&g2); pixel_ptr += (pixel_skip*2); /* Pixel is 2 bytes wide */ pixel_countdown -= pixel_skip; - byte_run = (signed char)(buf[stream_ptr++]); + byte_run = sign_extend(bytestream2_get_byte(&g2), 8); if (byte_run < 0) { byte_run = -byte_run; - pixel = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + pixel = bytestream2_get_le16(&g2); CHECK_PIXEL_PTR(2 * byte_run); for (j = 0; j < byte_run; j++, pixel_countdown -= 2) { *((signed short*)(&pixels[pixel_ptr])) = pixel; @@ -529,8 +521,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, } else { CHECK_PIXEL_PTR(2 * byte_run); for (j = 0; j < byte_run; j++, pixel_countdown--) { - *((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + *((signed short*)(&pixels[pixel_ptr])) = bytestream2_get_le16(&g2); pixel_ptr += 2; } } @@ -543,7 +534,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, case FLI_LC: av_log(avctx, AV_LOG_ERROR, "Unexpected FLI_LC chunk in non-paletised FLC\n"); - stream_ptr = stream_ptr + chunk_size - 6; + bytestream2_skip(&g2, chunk_size - 6); break; case FLI_BLACK: @@ -558,13 +549,13 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, pixel_ptr = y_ptr; /* disregard the line packets; instead, iterate through all * pixels on a row */ - stream_ptr++; + bytestream2_skip(&g2, 1); pixel_countdown = (s->avctx->width * 2); while (pixel_countdown > 0) { - byte_run = (signed char)(buf[stream_ptr++]); + byte_run = sign_extend(bytestream2_get_byte(&g2), 8); if (byte_run > 0) { - palette_idx1 = buf[stream_ptr++]; + palette_idx1 = bytestream2_get_byte(&g2); CHECK_PIXEL_PTR(byte_run); for (j = 0; j < byte_run; j++) { pixels[pixel_ptr++] = palette_idx1; @@ -577,7 +568,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, byte_run = -byte_run; CHECK_PIXEL_PTR(byte_run); for (j = 0; j < byte_run; j++) { - palette_idx1 = buf[stream_ptr++]; + palette_idx1 = bytestream2_get_byte(&g2); pixels[pixel_ptr++] = palette_idx1; pixel_countdown--; if (pixel_countdown < 0) @@ -610,14 +601,13 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, pixel_ptr = y_ptr; /* disregard the line packets; instead, iterate through all * pixels on a row */ - stream_ptr++; + bytestream2_skip(&g2, 1); pixel_countdown = s->avctx->width; /* Width is in pixels, not bytes */ while (pixel_countdown > 0) { - byte_run = (signed char)(buf[stream_ptr++]); + byte_run = sign_extend(bytestream2_get_byte(&g2), 8); if (byte_run > 0) { - pixel = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + pixel = bytestream2_get_le16(&g2); CHECK_PIXEL_PTR(2 * byte_run); for (j = 0; j < byte_run; j++) { *((signed short*)(&pixels[pixel_ptr])) = pixel; @@ -631,8 +621,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, byte_run = -byte_run; CHECK_PIXEL_PTR(2 * byte_run); for (j = 0; j < byte_run; j++) { - *((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]); - stream_ptr += 2; + *((signed short*)(&pixels[pixel_ptr])) = bytestream2_get_le16(&g2); pixel_ptr += 2; pixel_countdown--; if (pixel_countdown < 0) @@ -652,7 +641,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, if (chunk_size - 6 > (unsigned int)(s->avctx->width * s->avctx->height)*2) { av_log(avctx, AV_LOG_ERROR, "In chunk FLI_COPY : source data (%d bytes) " \ "bigger than image, skipping chunk\n", chunk_size - 6); - stream_ptr += chunk_size - 6; + bytestream2_skip(&g2, chunk_size - 6); } else { for (y_ptr = 0; y_ptr < s->frame.linesize[0] * s->avctx->height; @@ -661,18 +650,17 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, pixel_countdown = s->avctx->width; pixel_ptr = 0; while (pixel_countdown > 0) { - *((signed short*)(&pixels[y_ptr + pixel_ptr])) = AV_RL16(&buf[stream_ptr+pixel_ptr]); + *((signed short*)(&pixels[y_ptr + pixel_ptr])) = bytestream2_get_le16(&g2); pixel_ptr += 2; pixel_countdown--; } - stream_ptr += s->avctx->width*2; } } break; case FLI_MINI: /* some sort of a thumbnail? disregard this chunk... */ - stream_ptr += chunk_size - 6; + bytestream2_skip(&g2, chunk_size - 6); break; default: @@ -686,9 +674,9 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx, /* by the end of the chunk, the stream ptr should equal the frame * size (minus 1, possibly); if it doesn't, issue a warning */ - if ((stream_ptr != buf_size) && (stream_ptr != buf_size - 1)) + if ((bytestream2_get_bytes_left(&g2) != 0) && (bytestream2_get_bytes_left(&g2) != 1)) av_log(avctx, AV_LOG_ERROR, "Processed FLI chunk where chunk size = %d " \ - "and final chunk ptr = %d\n", buf_size, stream_ptr); + "and final chunk ptr = %d\n", buf_size, bytestream2_tell(&g2)); *data_size=sizeof(AVFrame);