[FFmpeg-devel] [PATCH v5] Canopus Lossless decoder

Michael Niedermayer michaelni at gmx.at
Thu Aug 2 02:49:02 CEST 2012


On Wed, Aug 01, 2012 at 02:49:50PM -0400, Derek Buitenhuis wrote:
> At the moment it only does BGR24, but I plan to add the rest after.
> 
[...]
> +static int read_code_table(CLLCContext *ctx, GetBitContext *gb, VLC *vlc)
> +{
> +    uint8_t symbols[256];
> +    uint8_t bits[256];
> +    uint16_t codes[256];
> +    int num_lens, num_codes, prefix;
> +    int i, j, count;
> +
> +    prefix = 0;
> +    count  = 0;
> +
> +    num_lens = get_bits(gb, 5);
> +
> +    for (i = 0; i < num_lens; i++) {
> +        num_codes = get_bits(gb, 9);
> +
> +        for (j = 0; j < num_codes; j++) {
> +            symbols[count] = get_bits(gb, 8);
> +            bits[count]    = i + 1;
> +            codes[count]   = prefix++;
> +
> +            count++;
> +        }
> +
> +        prefix <<= 1;
> +    }

the tables have 256 entries, it looks like this can write more with
the "right" input


[...]
> +static int cllc_decode_frame(AVCodecContext *avctx, void *data,
> +                             int *got_picture_ptr, AVPacket *avpkt)
> +{
> +    CLLCContext *ctx = avctx->priv_data;
> +    AVFrame *pic = avctx->coded_frame;
> +    uint8_t *src = avpkt->data;
> +    uint8_t *swapped_buf_new;
> +    uint32_t info_tag, info_offset;
> +    GetBitContext gb;
> +    int coding_type, ret;
> +
> +    if (pic->data[0])
> +        avctx->release_buffer(avctx, pic);
> +
> +    pic->reference = 0;
> +
> +    /* Make sure our bswap16'd buffer is big enough */
> +    swapped_buf_new = av_fast_realloc(ctx->swapped_buf,
> +                                      &ctx->swapped_buf_size, avpkt->size);
> +    if (!swapped_buf_new) {
> +        av_log(avctx, AV_LOG_ERROR, "Could not realloc swapped buffer.\n");
> +        return AVERROR(ENOMEM);
> +    }
> +    ctx->swapped_buf = swapped_buf_new;
> +
> +    /* Skip the INFO header if present */
> +    info_offset = 0;
> +    info_tag    = AV_RL32(src);
> +    if (info_tag == MKTAG('I', 'N', 'F', 'O')) {
> +        info_offset = AV_RL32(src + 4);
> +        if (info_offset > UINT32_MAX - 8 || info_offset > avpkt->size - 8) {

if avpkt->size  is smaller than 8 the right side would overflow

[...]

except these the patch should be ok

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Into a blind darkness they enter who follow after the Ignorance,
they as if into a greater darkness enter who devote themselves
to the Knowledge alone. -- Isha Upanishad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120802/82040b5a/attachment.asc>


More information about the ffmpeg-devel mailing list