Fix segault

[frescor/ffmpeg.git] / libavcodec / smacker.c

diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index a079522eb43ab485ed82246812dfb88fb11a1a7c..3b3d03e7e40814b637d085c1ccf27408bbf578f2 100644 (file)
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -17,11 +17,10 @@
  * You should have received a copy of the GNU Lesser General Public
  * License along with FFmpeg; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
  */
 
 /**
- * @file smacker.c
+ * @file libavcodec/smacker.c
  * Smacker decoder
  */
 
@@ -32,11 +31,11 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "common.h"
 #include "avcodec.h"
 
 #define ALT_BITSTREAM_READER_LE
-#include "bitstream.h"
+#include "get_bits.h"
+#include "bytestream.h"
 
 #define SMKTREE_BITS 9
 #define SMK_NODE 0x80000000
@@ -203,7 +202,7 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int
 
     if(get_bits1(gb)) {
         smacker_decode_tree(gb, &tmp1, 0, 0);
-        get_bits1(gb);
+        skip_bits1(gb);
         res = init_vlc(&vlc[0], SMKTREE_BITS, tmp1.length,
                     tmp1.lengths, sizeof(int), sizeof(int),
                     tmp1.bits, sizeof(uint32_t), sizeof(uint32_t), INIT_VLC_LE);
@@ -216,7 +215,7 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int
     }
     if(get_bits1(gb)){
         smacker_decode_tree(gb, &tmp2, 0, 0);
-        get_bits1(gb);
+        skip_bits1(gb);
         res = init_vlc(&vlc[1], SMKTREE_BITS, tmp2.length,
                     tmp2.lengths, sizeof(int), sizeof(int),
                     tmp2.bits, sizeof(uint32_t), sizeof(uint32_t), INIT_VLC_LE);
@@ -252,7 +251,7 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int
     huff.values = av_mallocz(huff.length * sizeof(int));
 
     smacker_decode_bigtree(gb, &huff, &ctx);
-    get_bits1(gb);
+    skip_bits1(gb);
     if(ctx.last[0] == -1) ctx.last[0] = huff.current++;
     if(ctx.last[1] == -1) ctx.last[1] = huff.current++;
     if(ctx.last[2] == -1) ctx.last[2] = huff.current++;
@@ -292,7 +291,7 @@ static int decode_header_trees(SmackVContext *smk) {
     } else {
         smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size);
     }
-    if(!get_bits(&gb, 1)) {
+    if(!get_bits1(&gb)) {
         av_log(smk->avctx, AV_LOG_INFO, "Skipping MCLR tree\n");
         smk->mclr_tbl = av_malloc(sizeof(int) * 2);
         smk->mclr_tbl[0] = 0;
@@ -300,7 +299,7 @@ static int decode_header_trees(SmackVContext *smk) {
     } else {
         smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size);
     }
-    if(!get_bits(&gb, 1)) {
+    if(!get_bits1(&gb)) {
         av_log(smk->avctx, AV_LOG_INFO, "Skipping FULL tree\n");
         smk->full_tbl = av_malloc(sizeof(int) * 2);
         smk->full_tbl[0] = 0;
@@ -308,7 +307,7 @@ static int decode_header_trees(SmackVContext *smk) {
     } else {
         smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size);
     }
-    if(!get_bits(&gb, 1)) {
+    if(!get_bits1(&gb)) {
         av_log(smk->avctx, AV_LOG_INFO, "Skipping TYPE tree\n");
         smk->type_tbl = av_malloc(sizeof(int) * 2);
         smk->type_tbl[0] = 0;
@@ -346,8 +345,10 @@ static av_always_inline int smk_get_code(GetBitContext *gb, int *recode, int *la
     return v;
 }
 
-static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, uint8_t *buf, int buf_size)
+static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPacket *avpkt)
 {
+    const uint8_t *buf = avpkt->data;
+    int buf_size = avpkt->size;
     SmackVContext * const smk = avctx->priv_data;
     uint8_t *out;
     uint32_t *pal;
@@ -356,7 +357,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, uint8
     int i;
     int stride;
 
-    if(buf_size == 769)
+    if(buf_size <= 769)
         return 0;
     if(smk->pic.data[0])
             avctx->release_buffer(avctx, &smk->pic);
@@ -369,7 +370,6 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, uint8
     }
 
     /* make the palette available on the way out */
-    out = buf + 1;
     pal = (uint32_t*)smk->pic.data[1];
     smk->pic.palette_has_changed = buf[0] & 1;
     smk->pic.key_frame = !!(buf[0] & 2);
@@ -378,19 +378,16 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, uint8
     else
         smk->pic.pict_type = FF_P_TYPE;
 
-    for(i = 0; i < 256; i++) {
-        int r, g, b;
-        r = *out++;
-        g = *out++;
-        b = *out++;
-        *pal++ = (r << 16) | (g << 8) | b;
-    }
+    buf++;
+    for(i = 0; i < 256; i++)
+        *pal++ = bytestream_get_be24(&buf);
+    buf_size -= 769;
 
     last_reset(smk->mmap_tbl, smk->mmap_last);
     last_reset(smk->mclr_tbl, smk->mclr_last);
     last_reset(smk->full_tbl, smk->full_last);
     last_reset(smk->type_tbl, smk->type_last);
-    init_get_bits(&gb, buf + 769, (buf_size - 769) * 8);
+    init_get_bits(&gb, buf, buf_size * 8);
 
     blk = 0;
     bw = avctx->width >> 2;
@@ -437,11 +434,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, uint8
                 case 0:
                     for(i = 0; i < 4; i++) {
                         pix = smk_get_code(&gb, smk->full_tbl, smk->full_last);
-                        out[2] = pix & 0xFF;
-                        out[3] = pix >> 8;
+                        AV_WL16(out+2,pix);
                         pix = smk_get_code(&gb, smk->full_tbl, smk->full_last);
-                        out[0] = pix & 0xFF;
-                        out[1] = pix >> 8;
+                        AV_WL16(out,pix);
                         out += stride;
                     }
                     break;
@@ -464,13 +459,13 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, uint8
                 case 2:
                     for(i = 0; i < 2; i++) {
                         uint16_t pix1, pix2;
-                        pix1 = smk_get_code(&gb, smk->full_tbl, smk->full_last);
                         pix2 = smk_get_code(&gb, smk->full_tbl, smk->full_last);
-                        out[0] = pix1 & 0xFF; out[1] = pix1 >> 8;
-                        out[2] = pix2 & 0xFF; out[3] = pix2 >> 8;
+                        pix1 = smk_get_code(&gb, smk->full_tbl, smk->full_last);
+                        AV_WL16(out,pix1);
+                        AV_WL16(out+2,pix2);
                         out += stride;
-                        out[0] = pix1 & 0xFF; out[1] = pix1 >> 8;
-                        out[2] = pix2 & 0xFF; out[3] = pix2 >> 8;
+                        AV_WL16(out,pix1);
+                        AV_WL16(out+2,pix2);
                         out += stride;
                     }
                     break;
@@ -513,14 +508,12 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, uint8
  * Init smacker decoder
  *
  */
-static int decode_init(AVCodecContext *avctx)
+static av_cold int decode_init(AVCodecContext *avctx)
 {
     SmackVContext * const c = avctx->priv_data;
 
     c->avctx = avctx;
 
-    c->pic.data[0] = NULL;
-
     if (avcodec_check_dimensions(avctx, avctx->width, avctx->height) < 0) {
         return 1;
     }
@@ -547,7 +540,7 @@ static int decode_init(AVCodecContext *avctx)
  * Uninit smacker decoder
  *
  */
-static int decode_end(AVCodecContext *avctx)
+static av_cold int decode_end(AVCodecContext *avctx)
 {
     SmackVContext * const smk = avctx->priv_data;
 
@@ -563,20 +556,24 @@ static int decode_end(AVCodecContext *avctx)
 }
 
 
-static int smka_decode_init(AVCodecContext *avctx)
+static av_cold int smka_decode_init(AVCodecContext *avctx)
 {
+    avctx->channel_layout = (avctx->channels==2) ? CH_LAYOUT_STEREO : CH_LAYOUT_MONO;
     return 0;
 }
 
 /**
  * Decode Smacker audio data
  */
-static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, uint8_t *buf, int buf_size)
+static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPacket *avpkt)
 {
+    const uint8_t *buf = avpkt->data;
+    int buf_size = avpkt->size;
     GetBitContext gb;
     HuffContext h[4];
     VLC vlc[4];
     int16_t *samples = data;
+    int8_t *samples8 = data;
     int val;
     int i, res;
     int unp_size;
@@ -594,6 +591,10 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
     }
     stereo = get_bits1(&gb);
     bits = get_bits1(&gb);
+    if (unp_size & 0xC0000000 || unp_size > *data_size) {
+        av_log(avctx, AV_LOG_ERROR, "Frame is too large to fit in buffer\n");
+        return -1;
+    }
 
     memset(vlc, 0, sizeof(VLC) * 4);
     memset(h, 0, sizeof(HuffContext) * 4);
@@ -605,9 +606,9 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
         h[i].bits = av_mallocz(256 * 4);
         h[i].lengths = av_mallocz(256 * sizeof(int));
         h[i].values = av_mallocz(256 * sizeof(int));
-        get_bits1(&gb);
+        skip_bits1(&gb);
         smacker_decode_tree(&gb, &h[i], 0, 0);
-        get_bits1(&gb);
+        skip_bits1(&gb);
         if(h[i].current > 1) {
             res = init_vlc(&vlc[i], SMKTREE_BITS, h[i].length,
                     h[i].lengths, sizeof(int), sizeof(int),
@@ -656,7 +657,7 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
         for(i = stereo; i >= 0; i--)
             pred[i] = get_bits(&gb, 8);
         for(i = 0; i < stereo; i++)
-            *samples++ = (pred[i] - 0x80) << 8;
+            *samples8++ = pred[i];
         for(i = 0; i < unp_size; i++) {
             if(i & stereo){
                 if(vlc[1].table)
@@ -664,17 +665,16 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
                 else
                     res = 0;
                 pred[1] += (int8_t)h[1].values[res];
-                *samples++ = (pred[1] - 0x80) << 8;
+                *samples8++ = pred[1];
             } else {
                 if(vlc[0].table)
                     res = get_vlc2(&gb, vlc[0].table, SMKTREE_BITS, 3);
                 else
                     res = 0;
                 pred[0] += (int8_t)h[0].values[res];
-                *samples++ = (pred[0] - 0x80) << 8;
+                *samples8++ = pred[0];
             }
         }
-        unp_size *= 2;
     }
 
     for(i = 0; i < 4; i++) {
@@ -700,7 +700,8 @@ AVCodec smacker_decoder = {
     decode_init,
     NULL,
     decode_end,
-    decode_frame
+    decode_frame,
+    .long_name = NULL_IF_CONFIG_SMALL("Smacker video"),
 };
 
 AVCodec smackaud_decoder = {
@@ -711,6 +712,7 @@ AVCodec smackaud_decoder = {
     smka_decode_init,
     NULL,
     NULL,
-    smka_decode_frame
+    smka_decode_frame,
+    .long_name = NULL_IF_CONFIG_SMALL("Smacker audio"),
 };