summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--libavcodec/vqavideo.c2
-rw-r--r--libavcodec/wmalosslessdec.c78
-rw-r--r--libavcodec/wmavoice.c5
-rw-r--r--libavformat/asfdec.c2
-rw-r--r--libavformat/mov.c2
-rw-r--r--libavformat/mov_chan.c1
-rw-r--r--libavformat/xwma.c11
7 files changed, 73 insertions, 28 deletions
diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index 9018837962..85725ccc87 100644
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -401,7 +401,7 @@ static int vqa_decode_chunk(VqaContext *s)
bytestream2_seek(&s->gb, cpl0_chunk, SEEK_SET);
chunk_size = bytestream2_get_be32(&s->gb);
/* sanity check the palette size */
- if (chunk_size / 3 > 256) {
+ if (chunk_size / 3 > 256 || chunk_size > bytestream2_get_bytes_left(&s->gb)) {
av_log(s->avctx, AV_LOG_ERROR, "problem: found a palette chunk with %d colors\n",
chunk_size / 3);
return AVERROR_INVALIDDATA;
diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
index 2137722b6a..af676f171a 100644
--- a/libavcodec/wmalosslessdec.c
+++ b/libavcodec/wmalosslessdec.c
@@ -34,6 +34,7 @@
#define MAX_SUBFRAMES 32 ///< max number of subframes per channel
#define MAX_BANDS 29 ///< max number of scale factor bands
#define MAX_FRAMESIZE 32768 ///< maximum compressed frame size
+#define MAX_ORDER 256
#define WMALL_BLOCK_MIN_BITS 6 ///< log2 of min block size
#define WMALL_BLOCK_MAX_BITS 12 ///< log2 of max block size
@@ -95,10 +96,8 @@ typedef struct WmallDecodeCtx {
uint32_t frame_num; ///< current frame number (not used for decoding)
GetBitContext gb; ///< bitstream reader context
int buf_bit_size; ///< buffer size in bits
- int16_t *samples_16; ///< current samplebuffer pointer (16-bit)
- int16_t *samples_16_end; ///< maximum samplebuffer pointer
- int *samples_32; ///< current samplebuffer pointer (24-bit)
- int *samples_32_end; ///< maximum samplebuffer pointer
+ int16_t *samples_16[WMALL_MAX_CHANNELS]; ///< current samplebuffer pointer (16-bit)
+ int32_t *samples_32[WMALL_MAX_CHANNELS]; ///< current samplebuffer pointer (24-bit)
uint8_t drc_gain; ///< gain for the DRC tool
int8_t skip_frame; ///< skip output step
int8_t parsed_all_subframes; ///< all subframes decoded?
@@ -139,9 +138,9 @@ typedef struct WmallDecodeCtx {
int scaling;
int coefsend;
int bitsend;
- int16_t coefs[256];
- int16_t lms_prevvalues[512];
- int16_t lms_updates[512];
+ int16_t coefs[MAX_ORDER];
+ int16_t lms_prevvalues[MAX_ORDER * 2];
+ int16_t lms_updates[MAX_ORDER * 2];
int recent;
} cdlms[2][9];
@@ -331,21 +330,28 @@ static int decode_tilehdr(WmallDecodeCtx *s)
/* loop until the frame data is split between the subframes */
do {
- int subframe_len;
+ int subframe_len, in_use = 0;
/* check which channels contain the subframe */
for (c = 0; c < s->num_channels; c++) {
if (num_samples[c] == min_channel_len) {
if (fixed_channel_layout || channels_for_cur_subframe == 1 ||
(min_channel_len == s->samples_per_frame - s->min_samples_per_subframe)) {
- contains_subframe[c] = 1;
+ contains_subframe[c] = in_use = 1;
} else {
- contains_subframe[c] = get_bits1(&s->gb);
+ if (get_bits1(&s->gb))
+ contains_subframe[c] = in_use = 1;
}
} else
contains_subframe[c] = 0;
}
+ if (!in_use) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "Found empty subframe\n");
+ return AVERROR_INVALIDDATA;
+ }
+
/* get subframe length, subframe_len == 0 is not allowed */
if ((subframe_len = decode_subframe_length(s, min_channel_len)) <= 0)
return AVERROR_INVALIDDATA;
@@ -423,15 +429,23 @@ static void decode_mclms(WmallDecodeCtx *s)
}
}
-static void decode_cdlms(WmallDecodeCtx *s)
+static int decode_cdlms(WmallDecodeCtx *s)
{
int c, i;
int cdlms_send_coef = get_bits1(&s->gb);
for (c = 0; c < s->num_channels; c++) {
s->cdlms_ttl[c] = get_bits(&s->gb, 3) + 1;
- for (i = 0; i < s->cdlms_ttl[c]; i++)
+ for (i = 0; i < s->cdlms_ttl[c]; i++) {
s->cdlms[c][i].order = (get_bits(&s->gb, 7) + 1) * 8;
+ if (s->cdlms[c][i].order > MAX_ORDER) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "Order[%d][%d] %d > max (%d), not supported\n",
+ c, i, s->cdlms[c][i].order, MAX_ORDER);
+ s->cdlms[0][0].order = 0;
+ return AVERROR_INVALIDDATA;
+ }
+ }
for (i = 0; i < s->cdlms_ttl[c]; i++)
s->cdlms[c][i].scaling = get_bits(&s->gb, 4);
@@ -457,6 +471,8 @@ static void decode_cdlms(WmallDecodeCtx *s)
}
}
}
+
+ return 0;
}
static int decode_channel_residues(WmallDecodeCtx *s, int ch, int tile_size)
@@ -820,7 +836,7 @@ static int decode_subframe(WmallDecodeCtx *s)
int offset = s->samples_per_frame;
int subframe_len = s->samples_per_frame;
int total_samples = s->samples_per_frame * s->num_channels;
- int i, j, rawpcm_tile, padding_zeroes;
+ int i, j, rawpcm_tile, padding_zeroes, res;
s->subframe_offset = get_bits_count(&s->gb);
@@ -865,8 +881,8 @@ static int decode_subframe(WmallDecodeCtx *s)
s->do_arith_coding = get_bits1(&s->gb);
if (s->do_arith_coding) {
- av_dlog(s->avctx, "do_arith_coding == 1");
- abort();
+ av_log_missing_feature(s->avctx, "arithmetic coding", 1);
+ return AVERROR_PATCHWELCOME;
}
s->do_ac_filter = get_bits1(&s->gb);
s->do_inter_ch_decorr = get_bits1(&s->gb);
@@ -878,11 +894,16 @@ static int decode_subframe(WmallDecodeCtx *s)
if (s->do_mclms)
decode_mclms(s);
- decode_cdlms(s);
+ if ((res = decode_cdlms(s)) < 0)
+ return res;
s->movave_scaling = get_bits(&s->gb, 3);
s->quant_stepsize = get_bits(&s->gb, 8) + 1;
reset_codec(s);
+ } else if (!s->cdlms[0][0].order) {
+ av_log(s->avctx, AV_LOG_DEBUG,
+ "Waiting for seekable tile\n");
+ return -1;
}
rawpcm_tile = get_bits1(&s->gb);
@@ -945,13 +966,20 @@ static int decode_subframe(WmallDecodeCtx *s)
s->channel_residues[i][j] *= s->quant_stepsize;
/* Write to proper output buffer depending on bit-depth */
- for (i = 0; i < subframe_len; i++)
- for (j = 0; j < s->num_channels; j++) {
- if (s->bits_per_sample == 16)
- *s->samples_16++ = (int16_t) s->channel_residues[j][i];
- else
- *s->samples_32++ = s->channel_residues[j][i];
+ for (i = 0; i < s->channels_for_cur_subframe; i++) {
+ int c = s->channel_indexes_for_cur_subframe[i];
+ int subframe_len = s->channel[c].subframe_len[s->channel[c].cur_subframe];
+
+ for (j = 0; j < subframe_len; j++) {
+ if (s->bits_per_sample == 16) {
+ *s->samples_16[c] = (int16_t) s->channel_residues[c][j];
+ s->samples_16[c] += s->num_channels;
+ } else {
+ *s->samples_32[c] = s->channel_residues[c][j];
+ s->samples_32[c] += s->num_channels;
+ }
}
+ }
/* handled one subframe */
for (i = 0; i < s->channels_for_cur_subframe; i++) {
@@ -984,8 +1012,10 @@ static int decode_frame(WmallDecodeCtx *s)
s->packet_loss = 1;
return ret;
}
- s->samples_16 = (int16_t *)s->frame.data[0];
- s->samples_32 = (int32_t *)s->frame.data[0];
+ for (i = 0; i < s->num_channels; i++) {
+ s->samples_16[i] = (int16_t *)s->frame.data[0] + i;
+ s->samples_32[i] = (int32_t *)s->frame.data[0] + i;
+ }
/* get frame length */
if (s->len_prefix)
diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
index d4b7a3e1cd..66c0ce40d3 100644
--- a/libavcodec/wmavoice.c
+++ b/libavcodec/wmavoice.c
@@ -1440,8 +1440,7 @@ static int synth_frame(AVCodecContext *ctx, GetBitContext *gb, int frame_idx,
int pitch[MAX_BLOCKS], last_block_pitch;
/* Parse frame type ("frame header"), see frame_descs */
- int bd_idx = s->vbm_tree[get_vlc2(gb, frame_type_vlc.table, 6, 3)],
- block_nsamples = MAX_FRAMESIZE / frame_descs[bd_idx].n_blocks;
+ int bd_idx = s->vbm_tree[get_vlc2(gb, frame_type_vlc.table, 6, 3)], block_nsamples;
if (bd_idx < 0) {
av_log(ctx, AV_LOG_ERROR,
@@ -1449,6 +1448,8 @@ static int synth_frame(AVCodecContext *ctx, GetBitContext *gb, int frame_idx,
return -1;
}
+ block_nsamples = MAX_FRAMESIZE / frame_descs[bd_idx].n_blocks;
+
/* Pitch calculation for ACB_TYPE_ASYMMETRIC ("pitch-per-frame") */
if (frame_descs[bd_idx].acb_type == ACB_TYPE_ASYMMETRIC) {
/* Pitch is provided per frame, which is interpreted as the pitch of
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index cdec63b481..2adb1780c4 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -1080,6 +1080,8 @@ static int ff_asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pk
//printf("packet %d %d\n", asf_st->pkt.size, asf->packet_frag_size);
asf_st->pkt.size = 0;
asf_st->pkt.data = 0;
+ asf_st->pkt.side_data_elems = 0;
+ asf_st->pkt.side_data = NULL;
break; // packet completed
}
}
diff --git a/libavformat/mov.c b/libavformat/mov.c
index de290aa70c..2687a88816 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2874,7 +2874,7 @@ static int mov_read_packet(AVFormatContext *s, AVPacket *pkt)
pkt->stream_index = sc->ffindex;
pkt->dts = sample->timestamp;
- if (sc->ctts_data) {
+ if (sc->ctts_data && sc->ctts_index < sc->ctts_count) {
pkt->pts = pkt->dts + sc->dts_shift + sc->ctts_data[sc->ctts_index].duration;
/* update ctts context */
sc->ctts_sample++;
diff --git a/libavformat/mov_chan.c b/libavformat/mov_chan.c
index 5728ebd898..a0fbecc991 100644
--- a/libavformat/mov_chan.c
+++ b/libavformat/mov_chan.c
@@ -155,6 +155,7 @@ static const struct MovChannelLayoutMap mov_ch_layout_map_misc[] = {
static const struct MovChannelLayoutMap mov_ch_layout_map_1ch[] = {
{ MOV_CH_LAYOUT_MONO, AV_CH_LAYOUT_MONO }, // C
+ { 0, 0 },
};
static const struct MovChannelLayoutMap mov_ch_layout_map_2ch[] = {
diff --git a/libavformat/xwma.c b/libavformat/xwma.c
index ea7cc4f36e..bd3af35b72 100644
--- a/libavformat/xwma.c
+++ b/libavformat/xwma.c
@@ -115,6 +115,17 @@ static int xwma_read_header(AVFormatContext *s)
}
}
+ if (!st->codec->channels) {
+ av_log(s, AV_LOG_WARNING, "Invalid channel count: %d\n",
+ st->codec->channels);
+ return AVERROR_INVALIDDATA;
+ }
+ if (!st->codec->bits_per_coded_sample) {
+ av_log(s, AV_LOG_WARNING, "Invalid bits_per_coded_sample: %d\n",
+ st->codec->bits_per_coded_sample);
+ return AVERROR_INVALIDDATA;
+ }
+
/* set the sample rate */
avpriv_set_pts_info(st, 64, 1, st->codec->sample_rate);
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-07 11:39:32 +0000