@ -49,10 +49,6 @@ typedef struct Escape124Context {
CodeBook codebooks [ 3 ] ; CodeBook codebooks [ 3 ] ;
} Escape124Context ; } Escape124Context ;
static int can_safely_read ( GetBitContext * gb , uint64_t bits ) {
return get_bits_left ( gb ) > = bits ;
}
/**
/**
* Initialize the decoder * Initialize the decoder
* @ param avctx decoder context * @ param avctx decoder context
@ -90,7 +86,7 @@ static CodeBook unpack_codebook(GetBitContext* gb, unsigned depth,
unsigned i , j ; unsigned i , j ;
CodeBook cb = { 0 } ; CodeBook cb = { 0 } ;
if ( ! can_safely_read ( gb , ( uint64_t ) size * 34 ) ) if ( size > = INT_MAX / 34 | | get_bits_left ( gb ) < size * 34 )
return cb ; return cb ;
if ( size > = INT_MAX / sizeof ( MacroBlock ) ) if ( size > = INT_MAX / sizeof ( MacroBlock ) )
@ -121,7 +117,7 @@ static unsigned decode_skip_count(GetBitContext* gb)
unsigned value ; unsigned value ;
// This function reads a maximum of 23 bits,
// This function reads a maximum of 23 bits,
// which is within the padding space
// which is within the padding space
if ( ! can_safely_read ( gb , 1 ) ) if ( get_bits_left ( gb ) < 1 )
return - 1 ; return - 1 ;
value = get_bits1 ( gb ) ; value = get_bits1 ( gb ) ;
if ( ! value ) if ( ! value )
@ -222,7 +218,7 @@ static int escape124_decode_frame(AVCodecContext *avctx,
// This call also guards the potential depth reads for the
// This call also guards the potential depth reads for the
// codebook unpacking.
// codebook unpacking.
if ( ! can_safely_read ( & gb , 64 ) ) if ( get_bits_left ( & gb ) < 64 )
return - 1 ; return - 1 ;
frame_flags = get_bits_long ( & gb , 32 ) ; frame_flags = get_bits_long ( & gb , 32 ) ;
@ -298,7 +294,7 @@ static int escape124_decode_frame(AVCodecContext *avctx,
copy_superblock ( sb . pixels , 8 , copy_superblock ( sb . pixels , 8 ,
old_frame_data , old_stride ) ; old_frame_data , old_stride ) ;
while ( can_safely_read ( & gb , 1 ) & & ! get_bits1 ( & gb ) ) { while ( get_bits_left ( & gb ) > = 1 & & ! get_bits1 ( & gb ) ) {
unsigned mask ; unsigned mask ;
mb = decode_macroblock ( s , & gb , & cb_index , superblock_index ) ; mb = decode_macroblock ( s , & gb , & cb_index , superblock_index ) ;
mask = get_bits ( & gb , 16 ) ; mask = get_bits ( & gb , 16 ) ;
@ -310,7 +306,7 @@ static int escape124_decode_frame(AVCodecContext *avctx,
} }
} }
if ( can_safely_read ( & gb , 1 ) & & ! get_bits1 ( & gb ) ) { if ( ! get_bits1 ( & gb ) ) {
unsigned inv_mask = get_bits ( & gb , 4 ) ; unsigned inv_mask = get_bits ( & gb , 4 ) ;
for ( i = 0 ; i < 4 ; i + + ) { for ( i = 0 ; i < 4 ; i + + ) {
if ( inv_mask & ( 1 < < i ) ) { if ( inv_mask & ( 1 < < i ) ) {
@ -322,15 +318,13 @@ static int escape124_decode_frame(AVCodecContext *avctx,
for ( i = 0 ; i < 16 ; i + + ) { for ( i = 0 ; i < 16 ; i + + ) {
if ( multi_mask & mask_matrix [ i ] ) { if ( multi_mask & mask_matrix [ i ] ) {
if ( ! can_safely_read ( & gb , 1 ) )
break ;
mb = decode_macroblock ( s , & gb , & cb_index , mb = decode_macroblock ( s , & gb , & cb_index ,
superblock_index ) ; superblock_index ) ;
insert_mb_into_sb ( & sb , mb , i ) ; insert_mb_into_sb ( & sb , mb , i ) ;
} }
} }
} else if ( frame_flags & ( 1 < < 16 ) ) { } else if ( frame_flags & ( 1 < < 16 ) ) {
while ( can_safely_read ( & gb , 1 ) & & ! get_bits1 ( & gb ) ) { while ( get_bits_left ( & gb ) > = 1 & & ! get_bits1 ( & gb ) ) {
mb = decode_macroblock ( s , & gb , & cb_index , superblock_index ) ; mb = decode_macroblock ( s , & gb , & cb_index , superblock_index ) ;
insert_mb_into_sb ( & sb , mb , get_bits ( & gb , 4 ) ) ; insert_mb_into_sb ( & sb , mb , get_bits ( & gb , 4 ) ) ;
} }
Paul B Mahol
11 years ago