Skip to content

F
ffmpeg.wasm-core
Commit 676da248 authored by Luca Barbato's avatar Luca Barbato
Browse files
Options

vmd: refactor the inner decode loop 

Simplify a little, assume empty frames are acceptable and
do not pointlessly reinit the bytestream2 contexts using
possibly wrong size values.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
parent c8f3cb91
Hide whitespace changes
Inline Side-by-side
Showing with 82 additions and 78 deletions
libavcodec/vmdav.c
View file @ 676da248
...@@ -268,91 +268,95 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame) ...@@ -268,91 +268,95 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame)
} }
s->size -= PALETTE_COUNT * 3 + 2; s->size -= PALETTE_COUNT * 3 + 2;
} }
if (s->size > 0) {
/* originally UnpackFrame in VAG's code */
bytestream2_init(&gb, gb.buffer, s->buf + s->size - gb.buffer);
if (bytestream2_get_bytes_left(&gb) < 1)
return AVERROR_INVALIDDATA;
meth = bytestream2_get_byteu(&gb);
if (meth & 0x80) {
lz_unpack(gb.buffer, bytestream2_get_bytes_left(&gb),
s->unpack_buffer, s->unpack_buffer_size);
meth &= 0x7F;
bytestream2_init(&gb, s->unpack_buffer, s->unpack_buffer_size);
}
dp = &frame->data[0][frame_y * frame->linesize[0] + frame_x]; if (!s->size)
pp = &s->prev_frame.data[0][frame_y * s->prev_frame.linesize[0] + frame_x]; return 0;
switch (meth) {
case 1: /* originally UnpackFrame in VAG's code */
for (i = 0; i < frame_height; i++) { if (bytestream2_get_bytes_left(&gb) < 1)
ofs = 0; return AVERROR_INVALIDDATA;
do { meth = bytestream2_get_byteu(&gb);
len = bytestream2_get_byte(&gb); if (meth & 0x80) {
if (len & 0x80) { lz_unpack(gb.buffer, bytestream2_get_bytes_left(&gb),
len = (len & 0x7F) + 1; s->unpack_buffer, s->unpack_buffer_size);
if (ofs + len > frame_width || bytestream2_get_bytes_left(&gb) < len) meth &= 0x7F;
return AVERROR_INVALIDDATA; bytestream2_init(&gb, s->unpack_buffer, s->unpack_buffer_size);
bytestream2_get_buffer(&gb, &dp[ofs], len); }
ofs += len;
} else {
/* interframe pixel copy */
if (ofs + len + 1 > frame_width || !s->prev_frame.data[0])
return AVERROR_INVALIDDATA;
memcpy(&dp[ofs], &pp[ofs], len + 1);
ofs += len + 1;
}
} while (ofs < frame_width);
if (ofs > frame_width) {
av_log(s->avctx, AV_LOG_ERROR, "VMD video: offset > width (%d > %d)\n",
ofs, frame_width);
return AVERROR_INVALIDDATA;
}
dp += frame->linesize[0];
pp += s->prev_frame.linesize[0];
}
break;
case 2: dp = &frame->data[0][frame_y * frame->linesize[0] + frame_x];
for (i = 0; i < frame_height; i++) { pp = &s->prev_frame.data[0][frame_y * s->prev_frame.linesize[0] + frame_x];
bytestream2_get_buffer(&gb, dp, frame_width); switch (meth) {
dp += frame->linesize[0]; case 1:
pp += s->prev_frame.linesize[0]; for (i = 0; i < frame_height; i++) {
ofs = 0;
do {
len = bytestream2_get_byte(&gb);
if (len & 0x80) {
len = (len & 0x7F) + 1;
if (ofs + len > frame_width ||
bytestream2_get_bytes_left(&gb) < len)
return AVERROR_INVALIDDATA;
bytestream2_get_buffer(&gb, &dp[ofs], len);
ofs += len;
} else {
/* interframe pixel copy */
if (ofs + len + 1 > frame_width || !s->prev_frame.data[0])
return AVERROR_INVALIDDATA;
memcpy(&dp[ofs], &pp[ofs], len + 1);
ofs += len + 1;
}
} while (ofs < frame_width);
if (ofs > frame_width) {
av_log(s->avctx, AV_LOG_ERROR,
"VMD video: offset > width (%d > %d)\n",
ofs, frame_width);
return AVERROR_INVALIDDATA;
} }
break; dp += frame->linesize[0];
pp += s->prev_frame.linesize[0];
}
break;
case 3: case 2:
for (i = 0; i < frame_height; i++) { for (i = 0; i < frame_height; i++) {
ofs = 0; bytestream2_get_buffer(&gb, dp, frame_width);
do { dp += frame->linesize[0];
len = bytestream2_get_byte(&gb); pp += s->prev_frame.linesize[0];
if (len & 0x80) { }
len = (len & 0x7F) + 1; break;
if (bytestream2_get_byte(&gb) == 0xFF)
len = rle_unpack(gb.buffer, &dp[ofs], case 3:
len, bytestream2_get_bytes_left(&gb), for (i = 0; i < frame_height; i++) {
frame_width - ofs); ofs = 0;
else do {
bytestream2_get_buffer(&gb, &dp[ofs], len); len = bytestream2_get_byte(&gb);
bytestream2_skip(&gb, len); if (len & 0x80) {
} else { len = (len & 0x7F) + 1;
/* interframe pixel copy */ if (bytestream2_get_byte(&gb) == 0xFF)
if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) len = rle_unpack(gb.buffer, &dp[ofs],
return AVERROR_INVALIDDATA; len, bytestream2_get_bytes_left(&gb),
memcpy(&dp[ofs], &pp[ofs], len + 1); frame_width - ofs);
ofs += len + 1; else
} bytestream2_get_buffer(&gb, &dp[ofs], len);
} while (ofs < frame_width); bytestream2_skip(&gb, len);
if (ofs > frame_width) { } else {
av_log(s->avctx, AV_LOG_ERROR, "VMD video: offset > width (%d > %d)\n", /* interframe pixel copy */
ofs, frame_width); if (ofs + len + 1 > frame_width || !s->prev_frame.data[0])
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
memcpy(&dp[ofs], &pp[ofs], len + 1);
ofs += len + 1;
} }
dp += frame->linesize[0]; } while (ofs < frame_width);
pp += s->prev_frame.linesize[0]; if (ofs > frame_width) {
av_log(s->avctx, AV_LOG_ERROR,
"VMD video: offset > width (%d > %d)\n",
ofs, frame_width);
return AVERROR_INVALIDDATA;
} }
break; dp += frame->linesize[0];
pp += s->prev_frame.linesize[0];
} }
break;
} }
return 0; return 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment