|
|
@ -107,16 +107,16 @@ enum SmkBlockTypes { |
|
|
|
* Can read SMKTREE_DECODE_MAX_RECURSION before the first check; |
|
|
|
* Can read SMKTREE_DECODE_MAX_RECURSION before the first check; |
|
|
|
* does not overread gb on success. |
|
|
|
* does not overread gb on success. |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
static int smacker_decode_tree(GetBitContext *gb, HuffContext *hc, int length) |
|
|
|
static int smacker_decode_tree(AVCodecContext *avctx, GetBitContext *gb, HuffContext *hc, int length) |
|
|
|
{ |
|
|
|
{ |
|
|
|
if (length > SMKTREE_DECODE_MAX_RECURSION || length > 3 * SMKTREE_BITS) { |
|
|
|
if (length > SMKTREE_DECODE_MAX_RECURSION || length > 3 * SMKTREE_BITS) { |
|
|
|
av_log(NULL, AV_LOG_ERROR, "Maximum tree recursion level exceeded.\n"); |
|
|
|
av_log(avctx, AV_LOG_ERROR, "Maximum tree recursion level exceeded.\n"); |
|
|
|
return AVERROR_INVALIDDATA; |
|
|
|
return AVERROR_INVALIDDATA; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if(!get_bits1(gb)){ //Leaf
|
|
|
|
if(!get_bits1(gb)){ //Leaf
|
|
|
|
if (hc->current >= 256) { |
|
|
|
if (hc->current >= 256) { |
|
|
|
av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n"); |
|
|
|
av_log(avctx, AV_LOG_ERROR, "Tree size exceeded!\n"); |
|
|
|
return AVERROR_INVALIDDATA; |
|
|
|
return AVERROR_INVALIDDATA; |
|
|
|
} |
|
|
|
} |
|
|
|
if (get_bits_left(gb) < 8) |
|
|
|
if (get_bits_left(gb) < 8) |
|
|
@ -126,10 +126,10 @@ static int smacker_decode_tree(GetBitContext *gb, HuffContext *hc, int length) |
|
|
|
} else { //Node
|
|
|
|
} else { //Node
|
|
|
|
int r; |
|
|
|
int r; |
|
|
|
length++; |
|
|
|
length++; |
|
|
|
r = smacker_decode_tree(gb, hc, length); |
|
|
|
r = smacker_decode_tree(avctx, gb, hc, length); |
|
|
|
if(r) |
|
|
|
if(r) |
|
|
|
return r; |
|
|
|
return r; |
|
|
|
return smacker_decode_tree(gb, hc, length); |
|
|
|
return smacker_decode_tree(avctx, gb, hc, length); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
@ -138,7 +138,7 @@ static int smacker_decode_tree(GetBitContext *gb, HuffContext *hc, int length) |
|
|
|
* |
|
|
|
* |
|
|
|
* Checks before the first read, can overread by 6 * SMKTREE_BITS on success. |
|
|
|
* Checks before the first read, can overread by 6 * SMKTREE_BITS on success. |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
static int smacker_decode_bigtree(GetBitContext *gb, DBCtx *ctx, int length) |
|
|
|
static int smacker_decode_bigtree(AVCodecContext *avctx, GetBitContext *gb, DBCtx *ctx, int length) |
|
|
|
{ |
|
|
|
{ |
|
|
|
// Larger length can cause segmentation faults due to too deep recursion.
|
|
|
|
// Larger length can cause segmentation faults due to too deep recursion.
|
|
|
|
if (length > SMKTREE_DECODE_BIG_MAX_RECURSION) { |
|
|
|
if (length > SMKTREE_DECODE_BIG_MAX_RECURSION) { |
|
|
@ -176,12 +176,12 @@ static int smacker_decode_bigtree(GetBitContext *gb, DBCtx *ctx, int length) |
|
|
|
int r = 0, r_new, t; |
|
|
|
int r = 0, r_new, t; |
|
|
|
|
|
|
|
|
|
|
|
t = ctx->current++; |
|
|
|
t = ctx->current++; |
|
|
|
r = smacker_decode_bigtree(gb, ctx, length + 1); |
|
|
|
r = smacker_decode_bigtree(avctx, gb, ctx, length + 1); |
|
|
|
if(r < 0) |
|
|
|
if(r < 0) |
|
|
|
return r; |
|
|
|
return r; |
|
|
|
ctx->values[t] = SMK_NODE | r; |
|
|
|
ctx->values[t] = SMK_NODE | r; |
|
|
|
r++; |
|
|
|
r++; |
|
|
|
r_new = smacker_decode_bigtree(gb, ctx, length + 1); |
|
|
|
r_new = smacker_decode_bigtree(avctx, gb, ctx, length + 1); |
|
|
|
if (r_new < 0) |
|
|
|
if (r_new < 0) |
|
|
|
return r_new; |
|
|
|
return r_new; |
|
|
|
return r + r_new; |
|
|
|
return r + r_new; |
|
|
@ -215,7 +215,7 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int |
|
|
|
i ? "high" : "low"); |
|
|
|
i ? "high" : "low"); |
|
|
|
continue; |
|
|
|
continue; |
|
|
|
} |
|
|
|
} |
|
|
|
err = smacker_decode_tree(gb, &h, 0); |
|
|
|
err = smacker_decode_tree(smk->avctx, gb, &h, 0); |
|
|
|
if (err < 0) |
|
|
|
if (err < 0) |
|
|
|
goto error; |
|
|
|
goto error; |
|
|
|
skip_bits1(gb); |
|
|
|
skip_bits1(gb); |
|
|
@ -253,7 +253,7 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int |
|
|
|
} |
|
|
|
} |
|
|
|
*recodes = ctx.values; |
|
|
|
*recodes = ctx.values; |
|
|
|
|
|
|
|
|
|
|
|
err = smacker_decode_bigtree(gb, &ctx, 0); |
|
|
|
err = smacker_decode_bigtree(smk->avctx, gb, &ctx, 0); |
|
|
|
if (err < 0) |
|
|
|
if (err < 0) |
|
|
|
goto error; |
|
|
|
goto error; |
|
|
|
skip_bits1(gb); |
|
|
|
skip_bits1(gb); |
|
|
@ -649,7 +649,7 @@ static int smka_decode_frame(AVCodecContext *avctx, AVFrame *frame, |
|
|
|
HuffContext h; |
|
|
|
HuffContext h; |
|
|
|
h.current = 0; |
|
|
|
h.current = 0; |
|
|
|
skip_bits1(&gb); |
|
|
|
skip_bits1(&gb); |
|
|
|
if ((ret = smacker_decode_tree(&gb, &h, 0)) < 0) |
|
|
|
if ((ret = smacker_decode_tree(avctx, &gb, &h, 0)) < 0) |
|
|
|
goto error; |
|
|
|
goto error; |
|
|
|
skip_bits1(&gb); |
|
|
|
skip_bits1(&gb); |
|
|
|
if (h.current > 1) { |
|
|
|
if (h.current > 1) { |
|
|
|