summaryrefslogtreecommitdiff
path: root/libavcodec/ituh263dec.c
diff options
context:
space:
mode:
Diffstat (limited to 'libavcodec/ituh263dec.c')
-rw-r--r--libavcodec/ituh263dec.c336
1 files changed, 232 insertions, 104 deletions
diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c
index 9199f5c28d..edb68861ac 100644
--- a/libavcodec/ituh263dec.c
+++ b/libavcodec/ituh263dec.c
@@ -5,20 +5,20 @@
* Copyright (c) 2001 Juan J. Sierralta P
* Copyright (c) 2002-2004 Michael Niedermayer <michaelni@gmx.at>
*
- * This file is part of Libav.
+ * This file is part of FFmpeg.
*
- * Libav is free software; you can redistribute it and/or
+ * FFmpeg is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
- * Libav is distributed in the hope that it will be useful,
+ * FFmpeg is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
- * License along with Libav; if not, write to the Free Software
+ * License along with FFmpeg; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
@@ -27,6 +27,7 @@
* H.263 decoder.
*/
+#define UNCHECKED_BITSTREAM_READER 1
#include <limits.h>
#include "libavutil/attributes.h"
@@ -106,11 +107,9 @@ static VLC cbpc_b_vlc;
/* XXX: find a better solution to handle static init */
av_cold void ff_h263_decode_init_vlc(void)
{
- static int done = 0;
+ static volatile int done = 0;
if (!done) {
- done = 1;
-
INIT_VLC_STATIC(&ff_h263_intra_MCBPC_vlc, INTRA_MCBPC_VLC_BITS, 9,
ff_h263_intra_MCBPC_bits, 1, 1,
ff_h263_intra_MCBPC_code, 1, 1, 72);
@@ -133,6 +132,7 @@ av_cold void ff_h263_decode_init_vlc(void)
INIT_VLC_STATIC(&cbpc_b_vlc, CBPC_B_VLC_BITS, 4,
&ff_cbpc_b_tab[0][1], 2, 1,
&ff_cbpc_b_tab[0][0], 2, 1, 8);
+ done = 1;
}
}
@@ -167,7 +167,8 @@ static int h263_decode_gob_header(MpegEncContext *s)
/* We have a GBSC probably with GSTUFF */
skip_bits(&s->gb, 16); /* Drop the zeros */
left= get_bits_left(&s->gb);
- //MN: we must check the bits left or we might end in a infinite loop (or segfault)
+ left = FFMIN(left, 32);
+ //MN: we must check the bits left or we might end in an infinite loop (or segfault)
for(;left>13; left--){
if(get_bits1(&s->gb)) break; /* Seek the '1' bit */
}
@@ -175,17 +176,17 @@ static int h263_decode_gob_header(MpegEncContext *s)
return -1;
if(s->h263_slice_structured){
- if(get_bits1(&s->gb)==0)
+ if(check_marker(s->avctx, &s->gb, "before MBA")==0)
return -1;
ff_h263_decode_mba(s);
if(s->mb_num > 1583)
- if(get_bits1(&s->gb)==0)
+ if(check_marker(s->avctx, &s->gb, "after MBA")==0)
return -1;
s->qscale = get_bits(&s->gb, 5); /* SQUANT */
- if(get_bits1(&s->gb)==0)
+ if(check_marker(s->avctx, &s->gb, "after SQUANT")==0)
return -1;
skip_bits(&s->gb, 2); /* GFID */
}else{
@@ -206,27 +207,6 @@ static int h263_decode_gob_header(MpegEncContext *s)
}
/**
- * Find the next resync_marker.
- * @param p pointer to buffer to scan
- * @param end pointer to the end of the buffer
- * @return pointer to the next resync_marker, or end if none was found
- */
-const uint8_t *ff_h263_find_resync_marker(const uint8_t *restrict p, const uint8_t * restrict end)
-{
- assert(p < end);
-
- end-=2;
- p++;
- for(;p<end; p+=2){
- if(!*p){
- if (!p[-1] && p[1]) return p - 1;
- else if(!p[ 1] && p[2]) return p;
- }
- }
- return end+2;
-}
-
-/**
* Decode the group of blocks / video packet header.
* @return bit position of the resync_marker, or <0 if none was found
*/
@@ -323,18 +303,22 @@ static int h263p_decode_umotion(MpegEncContext * s, int pred)
{
code <<= 1;
code += get_bits1(&s->gb);
+ if (code >= 32768) {
+ avpriv_request_sample(s->avctx, "Huge DMV");
+ return 0xffff;
+ }
}
sign = code & 1;
code >>= 1;
code = (sign) ? (pred - code) : (pred + code);
- ff_dlog(s->avctx,"H.263+ UMV Motion = %d\n", code);
+ ff_tlog(s->avctx,"H.263+ UMV Motion = %d\n", code);
return code;
}
/**
- * read the next MVs for OBMC. yes this is a ugly hack, feel free to send a patch :)
+ * read the next MVs for OBMC. yes this is an ugly hack, feel free to send a patch :)
*/
static void preview_obmc(MpegEncContext *s){
GetBitContext gb= s->gb;
@@ -350,7 +334,7 @@ static void preview_obmc(MpegEncContext *s){
s->block_index[i]+= 1;
s->mb_x++;
- assert(s->pict_type == AV_PICTURE_TYPE_P);
+ av_assert2(s->pict_type == AV_PICTURE_TYPE_P);
do{
if (get_bits1(&s->gb)) {
@@ -384,14 +368,14 @@ static void preview_obmc(MpegEncContext *s){
/* 16x16 motion prediction */
mot_val= ff_h263_pred_motion(s, 0, 0, &pred_x, &pred_y);
if (s->umvplus)
- mx = h263p_decode_umotion(s, pred_x);
+ mx = h263p_decode_umotion(s, pred_x);
else
- mx = ff_h263_decode_motion(s, pred_x, 1);
+ mx = ff_h263_decode_motion(s, pred_x, 1);
if (s->umvplus)
- my = h263p_decode_umotion(s, pred_y);
+ my = h263p_decode_umotion(s, pred_y);
else
- my = ff_h263_decode_motion(s, pred_y, 1);
+ my = ff_h263_decode_motion(s, pred_y, 1);
mot_val[0 ]= mot_val[2 ]=
mot_val[0+stride]= mot_val[2+stride]= mx;
@@ -402,16 +386,16 @@ static void preview_obmc(MpegEncContext *s){
for(i=0;i<4;i++) {
mot_val = ff_h263_pred_motion(s, i, 0, &pred_x, &pred_y);
if (s->umvplus)
- mx = h263p_decode_umotion(s, pred_x);
+ mx = h263p_decode_umotion(s, pred_x);
else
- mx = ff_h263_decode_motion(s, pred_x, 1);
+ mx = ff_h263_decode_motion(s, pred_x, 1);
if (s->umvplus)
- my = h263p_decode_umotion(s, pred_y);
+ my = h263p_decode_umotion(s, pred_y);
else
- my = ff_h263_decode_motion(s, pred_y, 1);
+ my = ff_h263_decode_motion(s, pred_y, 1);
if (s->umvplus && (mx - pred_x) == 1 && (my - pred_y) == 1)
- skip_bits1(&s->gb); /* Bit stuffing to prevent PSC */
+ skip_bits1(&s->gb); /* Bit stuffing to prevent PSC */
mot_val[0] = mx;
mot_val[1] = my;
}
@@ -444,7 +428,7 @@ static void h263_decode_dquant(MpegEncContext *s){
static int h263_decode_block(MpegEncContext * s, int16_t * block,
int n, int coded)
{
- int code, level, i, j, last, run;
+ int level, i, j, run;
RLTable *rl = &ff_h263_rl_inter;
const uint8_t *scan_table;
GetBitContext gb= s->gb;
@@ -485,7 +469,7 @@ static int h263_decode_block(MpegEncContext * s, int16_t * block,
level = get_bits(&s->gb, 8);
if((level&0x7F) == 0){
av_log(s->avctx, AV_LOG_ERROR, "illegal dc %d at %d %d\n", level, s->mb_x, s->mb_y);
- if (s->avctx->err_recognition & AV_EF_BITSTREAM)
+ if (s->avctx->err_recognition & (AV_EF_BITSTREAM|AV_EF_COMPLIANT))
return -1;
}
if (level == 255)
@@ -503,39 +487,67 @@ static int h263_decode_block(MpegEncContext * s, int16_t * block,
return 0;
}
retry:
+ {
+ OPEN_READER(re, &s->gb);
+ i--; // offset by -1 to allow direct indexing of scan_table
for(;;) {
- code = get_vlc2(&s->gb, rl->vlc.table, TEX_VLC_BITS, 2);
- if (code < 0){
- av_log(s->avctx, AV_LOG_ERROR, "illegal ac vlc code at %dx%d\n", s->mb_x, s->mb_y);
- return -1;
- }
- if (code == rl->n) {
+ UPDATE_CACHE(re, &s->gb);
+ GET_RL_VLC(level, run, re, &s->gb, rl->rl_vlc[0], TEX_VLC_BITS, 2, 0);
+ if (run == 66) {
+ if (level){
+ CLOSE_READER(re, &s->gb);
+ av_log(s->avctx, AV_LOG_ERROR, "illegal ac vlc code at %dx%d\n", s->mb_x, s->mb_y);
+ return -1;
+ }
/* escape */
if (CONFIG_FLV_DECODER && s->h263_flv > 1) {
- ff_flv2_decode_ac_esc(&s->gb, &level, &run, &last);
+ int is11 = SHOW_UBITS(re, &s->gb, 1);
+ SKIP_CACHE(re, &s->gb, 1);
+ run = SHOW_UBITS(re, &s->gb, 7) + 1;
+ if (is11) {
+ SKIP_COUNTER(re, &s->gb, 1 + 7);
+ UPDATE_CACHE(re, &s->gb);
+ level = SHOW_SBITS(re, &s->gb, 11);
+ SKIP_COUNTER(re, &s->gb, 11);
+ } else {
+ SKIP_CACHE(re, &s->gb, 7);
+ level = SHOW_SBITS(re, &s->gb, 7);
+ SKIP_COUNTER(re, &s->gb, 1 + 7 + 7);
+ }
} else {
- last = get_bits1(&s->gb);
- run = get_bits(&s->gb, 6);
- level = (int8_t)get_bits(&s->gb, 8);
+ run = SHOW_UBITS(re, &s->gb, 7) + 1;
+ SKIP_CACHE(re, &s->gb, 7);
+ level = (int8_t)SHOW_UBITS(re, &s->gb, 8);
+ SKIP_COUNTER(re, &s->gb, 7 + 8);
if(level == -128){
+ UPDATE_CACHE(re, &s->gb);
if (s->codec_id == AV_CODEC_ID_RV10) {
/* XXX: should patch encoder too */
- level = get_sbits(&s->gb, 12);
+ level = SHOW_SBITS(re, &s->gb, 12);
+ SKIP_COUNTER(re, &s->gb, 12);
}else{
- level = get_bits(&s->gb, 5);
- level |= get_sbits(&s->gb, 6)<<5;
+ level = SHOW_UBITS(re, &s->gb, 5);
+ SKIP_CACHE(re, &s->gb, 5);
+ level |= SHOW_SBITS(re, &s->gb, 6) * (1<<5);
+ SKIP_COUNTER(re, &s->gb, 5 + 6);
}
}
}
} else {
- run = rl->table_run[code];
- level = rl->table_level[code];
- last = code >= rl->last;
- if (get_bits1(&s->gb))
+ if (SHOW_UBITS(re, &s->gb, 1))
level = -level;
+ SKIP_COUNTER(re, &s->gb, 1);
}
i += run;
if (i >= 64){
+ CLOSE_READER(re, &s->gb);
+ // redo update without last flag, revert -1 offset
+ i = i - run + ((run-1)&63) + 1;
+ if (i < 64) {
+ // only last marker, no overrun
+ block[scan_table[i]] = level;
+ break;
+ }
if(s->alt_inter_vlc && rl == &ff_h263_rl_inter && !s->mb_intra){
//Looks like a hack but no, it's the way it is supposed to work ...
rl = &ff_rl_intra_aic;
@@ -549,9 +561,7 @@ retry:
}
j = scan_table[i];
block[j] = level;
- if (last)
- break;
- i++;
+ }
}
not_coded:
if (s->mb_intra && s->h263_aic) {
@@ -566,11 +576,13 @@ static int h263_skip_b_part(MpegEncContext *s, int cbp)
{
LOCAL_ALIGNED_16(int16_t, dblock, [64]);
int i, mbi;
+ int bli[6];
/* we have to set s->mb_intra to zero to decode B-part of PB-frame correctly
* but real value should be restored in order to be used later (in OBMC condition)
*/
mbi = s->mb_intra;
+ memcpy(bli, s->block_last_index, sizeof(bli));
s->mb_intra = 0;
for (i = 0; i < 6; i++) {
if (h263_decode_block(s, dblock, i, cbp&32) < 0)
@@ -578,6 +590,7 @@ static int h263_skip_b_part(MpegEncContext *s, int cbp)
cbp+=cbp;
}
s->mb_intra = mbi;
+ memcpy(s->block_last_index, bli, sizeof(bli));
return 0;
}
@@ -599,6 +612,73 @@ static int h263_get_modb(GetBitContext *gb, int pb_frame, int *cbpb)
return mv;
}
+#define tab_size ((signed)FF_ARRAY_ELEMS(s->direct_scale_mv[0]))
+#define tab_bias (tab_size / 2)
+static inline void set_one_direct_mv(MpegEncContext *s, Picture *p, int i)
+{
+ int xy = s->block_index[i];
+ uint16_t time_pp = s->pp_time;
+ uint16_t time_pb = s->pb_time;
+ int p_mx, p_my;
+
+ p_mx = p->motion_val[0][xy][0];
+ if ((unsigned)(p_mx + tab_bias) < tab_size) {
+ s->mv[0][i][0] = s->direct_scale_mv[0][p_mx + tab_bias];
+ s->mv[1][i][0] = s->direct_scale_mv[1][p_mx + tab_bias];
+ } else {
+ s->mv[0][i][0] = p_mx * time_pb / time_pp;
+ s->mv[1][i][0] = p_mx * (time_pb - time_pp) / time_pp;
+ }
+ p_my = p->motion_val[0][xy][1];
+ if ((unsigned)(p_my + tab_bias) < tab_size) {
+ s->mv[0][i][1] = s->direct_scale_mv[0][p_my + tab_bias];
+ s->mv[1][i][1] = s->direct_scale_mv[1][p_my + tab_bias];
+ } else {
+ s->mv[0][i][1] = p_my * time_pb / time_pp;
+ s->mv[1][i][1] = p_my * (time_pb - time_pp) / time_pp;
+ }
+}
+
+/**
+ * @return the mb_type
+ */
+static int set_direct_mv(MpegEncContext *s)
+{
+ const int mb_index = s->mb_x + s->mb_y * s->mb_stride;
+ Picture *p = &s->next_picture;
+ int colocated_mb_type = p->mb_type[mb_index];
+ int i;
+
+ if (s->codec_tag == AV_RL32("U263") && p->f->pict_type == AV_PICTURE_TYPE_I) {
+ p = &s->last_picture;
+ colocated_mb_type = p->mb_type[mb_index];
+ }
+
+ if (IS_8X8(colocated_mb_type)) {
+ s->mv_type = MV_TYPE_8X8;
+ for (i = 0; i < 4; i++)
+ set_one_direct_mv(s, p, i);
+ return MB_TYPE_DIRECT2 | MB_TYPE_8x8 | MB_TYPE_L0L1;
+ } else {
+ set_one_direct_mv(s, p, 0);
+ s->mv[0][1][0] =
+ s->mv[0][2][0] =
+ s->mv[0][3][0] = s->mv[0][0][0];
+ s->mv[0][1][1] =
+ s->mv[0][2][1] =
+ s->mv[0][3][1] = s->mv[0][0][1];
+ s->mv[1][1][0] =
+ s->mv[1][2][0] =
+ s->mv[1][3][0] = s->mv[1][0][0];
+ s->mv[1][1][1] =
+ s->mv[1][2][1] =
+ s->mv[1][3][1] = s->mv[1][0][1];
+ s->mv_type = MV_TYPE_8X8;
+ // Note see prev line
+ return MB_TYPE_DIRECT2 | MB_TYPE_16x16 | MB_TYPE_L0L1;
+ }
+}
+
int ff_h263_decode_mb(MpegEncContext *s,
int16_t block[6][64])
{
@@ -607,7 +687,7 @@ int ff_h263_decode_mb(MpegEncContext *s,
const int xy= s->mb_x + s->mb_y * s->mb_stride;
int cbpb = 0, pb_mv_count = 0;
- assert(!s->h263_pred);
+ av_assert2(!s->h263_pred);
if (s->pict_type == AV_PICTURE_TYPE_P) {
do{
@@ -627,7 +707,7 @@ int ff_h263_decode_mb(MpegEncContext *s,
cbpc = get_vlc2(&s->gb, ff_h263_inter_MCBPC_vlc.table, INTER_MCBPC_VLC_BITS, 2);
if (cbpc < 0){
av_log(s->avctx, AV_LOG_ERROR, "cbpc damaged at %d %d\n", s->mb_x, s->mb_y);
- return -1;
+ return SLICE_ERROR;
}
}while(cbpc == 20);
@@ -641,6 +721,11 @@ int ff_h263_decode_mb(MpegEncContext *s,
pb_mv_count = h263_get_modb(&s->gb, s->pb_frame, &cbpb);
cbpy = get_vlc2(&s->gb, ff_h263_cbpy_vlc.table, CBPY_VLC_BITS, 1);
+ if (cbpy < 0) {
+ av_log(s->avctx, AV_LOG_ERROR, "cbpy damaged at %d %d\n", s->mb_x, s->mb_y);
+ return SLICE_ERROR;
+ }
+
if(s->alt_inter_vlc==0 || (cbpc & 3)!=3)
cbpy ^= 0xF;
@@ -661,7 +746,7 @@ int ff_h263_decode_mb(MpegEncContext *s,
mx = ff_h263_decode_motion(s, pred_x, 1);
if (mx >= 0xffff)
- return -1;
+ return SLICE_ERROR;
if (s->umvplus)
my = h263p_decode_umotion(s, pred_y);
@@ -669,7 +754,7 @@ int ff_h263_decode_mb(MpegEncContext *s,
my = ff_h263_decode_motion(s, pred_y, 1);
if (my >= 0xffff)
- return -1;
+ return SLICE_ERROR;
s->mv[0][0][0] = mx;
s->mv[0][0][1] = my;
@@ -681,18 +766,18 @@ int ff_h263_decode_mb(MpegEncContext *s,
for(i=0;i<4;i++) {
mot_val = ff_h263_pred_motion(s, i, 0, &pred_x, &pred_y);
if (s->umvplus)
- mx = h263p_decode_umotion(s, pred_x);
+ mx = h263p_decode_umotion(s, pred_x);
else
- mx = ff_h263_decode_motion(s, pred_x, 1);
+ mx = ff_h263_decode_motion(s, pred_x, 1);
if (mx >= 0xffff)
- return -1;
+ return SLICE_ERROR;
if (s->umvplus)
- my = h263p_decode_umotion(s, pred_y);
+ my = h263p_decode_umotion(s, pred_y);
else
- my = ff_h263_decode_motion(s, pred_y, 1);
+ my = ff_h263_decode_motion(s, pred_y, 1);
if (my >= 0xffff)
- return -1;
+ return SLICE_ERROR;
s->mv[0][i][0] = mx;
s->mv[0][i][1] = my;
if (s->umvplus && (mx - pred_x) == 1 && (my - pred_y) == 1)
@@ -718,7 +803,7 @@ int ff_h263_decode_mb(MpegEncContext *s,
mb_type= get_vlc2(&s->gb, h263_mbtype_b_vlc.table, H263_MBTYPE_B_VLC_BITS, 2);
if (mb_type < 0){
av_log(s->avctx, AV_LOG_ERROR, "b mb_type damaged at %d %d\n", s->mb_x, s->mb_y);
- return -1;
+ return SLICE_ERROR;
}
mb_type= h263_mb_type_b_map[ mb_type ];
@@ -737,7 +822,7 @@ int ff_h263_decode_mb(MpegEncContext *s,
if (cbpy < 0){
av_log(s->avctx, AV_LOG_ERROR, "b cbpy damaged at %d %d\n", s->mb_x, s->mb_y);
- return -1;
+ return SLICE_ERROR;
}
if(s->alt_inter_vlc==0 || (cbpc & 3)!=3)
@@ -747,28 +832,40 @@ int ff_h263_decode_mb(MpegEncContext *s,
}else
cbp=0;
- assert(!s->mb_intra);
+ av_assert2(!s->mb_intra);
if(IS_QUANT(mb_type)){
h263_decode_dquant(s);
}
if(IS_DIRECT(mb_type)){
- if (!s->pp_time)
- return AVERROR_INVALIDDATA;
s->mv_dir = MV_DIR_FORWARD | MV_DIR_BACKWARD | MV_DIRECT;
- mb_type |= ff_mpeg4_set_direct_mv(s, 0, 0);
+ mb_type |= set_direct_mv(s);
}else{
s->mv_dir = 0;
s->mv_type= MV_TYPE_16X16;
//FIXME UMV
if(USES_LIST(mb_type, 0)){
- int16_t *mot_val= ff_h263_pred_motion(s, 0, 0, &mx, &my);
+ int16_t *mot_val= ff_h263_pred_motion(s, 0, 0, &pred_x, &pred_y);
s->mv_dir = MV_DIR_FORWARD;
- mx = ff_h263_decode_motion(s, mx, 1);
- my = ff_h263_decode_motion(s, my, 1);
+ if (s->umvplus)
+ mx = h263p_decode_umotion(s, pred_x);
+ else
+ mx = ff_h263_decode_motion(s, pred_x, 1);
+ if (mx >= 0xffff)
+ return SLICE_ERROR;
+
+ if (s->umvplus)
+ my = h263p_decode_umotion(s, pred_y);
+ else
+ my = ff_h263_decode_motion(s, pred_y, 1);
+ if (my >= 0xffff)
+ return SLICE_ERROR;
+
+ if (s->umvplus && (mx - pred_x) == 1 && (my - pred_y) == 1)
+ skip_bits1(&s->gb); /* Bit stuffing to prevent PSC */
s->mv[0][0][0] = mx;
s->mv[0][0][1] = my;
@@ -777,11 +874,25 @@ int ff_h263_decode_mb(MpegEncContext *s,
}
if(USES_LIST(mb_type, 1)){
- int16_t *mot_val= ff_h263_pred_motion(s, 0, 1, &mx, &my);
+ int16_t *mot_val= ff_h263_pred_motion(s, 0, 1, &pred_x, &pred_y);
s->mv_dir |= MV_DIR_BACKWARD;
- mx = ff_h263_decode_motion(s, mx, 1);
- my = ff_h263_decode_motion(s, my, 1);
+ if (s->umvplus)
+ mx = h263p_decode_umotion(s, pred_x);
+ else
+ mx = ff_h263_decode_motion(s, pred_x, 1);
+ if (mx >= 0xffff)
+ return SLICE_ERROR;
+
+ if (s->umvplus)
+ my = h263p_decode_umotion(s, pred_y);
+ else
+ my = ff_h263_decode_motion(s, pred_y, 1);
+ if (my >= 0xffff)
+ return SLICE_ERROR;
+
+ if (s->umvplus && (mx - pred_x) == 1 && (my - pred_y) == 1)
+ skip_bits1(&s->gb); /* Bit stuffing to prevent PSC */
s->mv[1][0][0] = mx;
s->mv[1][0][1] = my;
@@ -796,7 +907,7 @@ int ff_h263_decode_mb(MpegEncContext *s,
cbpc = get_vlc2(&s->gb, ff_h263_intra_MCBPC_vlc.table, INTRA_MCBPC_VLC_BITS, 2);
if (cbpc < 0){
av_log(s->avctx, AV_LOG_ERROR, "I cbpc damaged at %d %d\n", s->mb_x, s->mb_y);
- return -1;
+ return SLICE_ERROR;
}
}while(cbpc == 8);
@@ -821,7 +932,7 @@ intra:
cbpy = get_vlc2(&s->gb, ff_h263_cbpy_vlc.table, CBPY_VLC_BITS, 1);
if(cbpy<0){
av_log(s->avctx, AV_LOG_ERROR, "I cbpy damaged at %d %d\n", s->mb_x, s->mb_y);
- return -1;
+ return SLICE_ERROR;
}
cbp = (cbpc & 3) | (cbpy << 2);
if (dquant) {
@@ -851,6 +962,9 @@ intra:
}
end:
+ if (get_bits_left(&s->gb) < 0)
+ return AVERROR_INVALIDDATA;
+
/* per-MB end of slice check */
{
int v= show_bits(&s->gb, 16);
@@ -874,6 +988,10 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
align_get_bits(&s->gb);
+ if (show_bits(&s->gb, 2) == 2 && s->avctx->frame_number == 0) {
+ av_log(s->avctx, AV_LOG_WARNING, "Header looks like RTP instead of H.263\n");
+ }
+
startcode= get_bits(&s->gb, 22-8);
for(i= get_bits_left(&s->gb); i>24; i-=8) {
@@ -889,14 +1007,13 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
}
/* temporal reference */
i = get_bits(&s->gb, 8); /* picture timestamp */
- if( (s->picture_number&~0xFF)+i < s->picture_number)
- i+= 256;
+
+ i -= (i - (s->picture_number & 0xFF) + 128) & ~0xFF;
+
s->picture_number= (s->picture_number&~0xFF) + i;
/* PTYPE starts here */
- if (get_bits1(&s->gb) != 1) {
- /* marker */
- av_log(s->avctx, AV_LOG_ERROR, "Bad marker\n");
+ if (check_marker(s->avctx, &s->gb, "in PTYPE") != 1) {
return -1;
}
if (get_bits1(&s->gb) != 0) {
@@ -920,6 +1037,8 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
/* H.263v1 */
width = ff_h263_format[format][0];
height = ff_h263_format[format][1];
+ if (!width)
+ return -1;
s->pict_type = AV_PICTURE_TYPE_I + get_bits1(&s->gb);
@@ -961,6 +1080,8 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
s->h263_aic = get_bits1(&s->gb); /* Advanced Intra Coding (AIC) */
s->loop_filter= get_bits1(&s->gb);
s->unrestricted_mv = s->umvplus || s->obmc || s->loop_filter;
+ if(s->avctx->lowres)
+ s->loop_filter = 0;
s->h263_slice_structured= get_bits1(&s->gb);
if (get_bits1(&s->gb) != 0) {
@@ -1013,7 +1134,7 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
6-14 - reserved
*/
width = (get_bits(&s->gb, 9) + 1) * 4;
- skip_bits1(&s->gb);
+ check_marker(s->avctx, &s->gb, "in dimensions");
height = get_bits(&s->gb, 9) * 4;
ff_dlog(s->avctx, "\nH.263+ Custom picture: %dx%d\n",width,height);
if (s->aspect_ratio_info == FF_ASPECT_EXTENDED) {
@@ -1028,6 +1149,7 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
height = ff_h263_format[format][1];
s->avctx->sample_aspect_ratio= (AVRational){12,11};
}
+ s->avctx->sample_aspect_ratio.den <<= s->ehc_mode;
if ((width == 0) || (height == 0))
return -1;
s->width = width;
@@ -1067,6 +1189,12 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
av_log(s->avctx, AV_LOG_ERROR, "unordered slices not supported\n");
}
}
+ if (s->pict_type == AV_PICTURE_TYPE_B) {
+ skip_bits(&s->gb, 4); //ELNUM
+ if (ufep == 1) {
+ skip_bits(&s->gb, 4); // RLNUM
+ }
+ }
}
s->qscale = get_bits(&s->gb, 5);
@@ -1103,25 +1231,25 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
}
/* PEI */
- while (get_bits1(&s->gb) != 0) {
- skip_bits(&s->gb, 8);
- }
+ if (skip_1stop_8data_bits(&s->gb) < 0)
+ return AVERROR_INVALIDDATA;
if(s->h263_slice_structured){
- if (get_bits1(&s->gb) != 1) {
- av_log(s->avctx, AV_LOG_ERROR, "SEPB1 marker missing\n");
+ if (check_marker(s->avctx, &s->gb, "SEPB1") != 1) {
return -1;
}
ff_h263_decode_mba(s);
- if (get_bits1(&s->gb) != 1) {
- av_log(s->avctx, AV_LOG_ERROR, "SEPB2 marker missing\n");
+ if (check_marker(s->avctx, &s->gb, "SEPB2") != 1) {
return -1;
}
}
s->f_code = 1;
+ if (s->pict_type == AV_PICTURE_TYPE_B)
+ s->low_delay = 0;
+
if(s->h263_aic){
s->y_dc_scale_table=
s->c_dc_scale_table= ff_aic_dc_scale_table;
@@ -1131,7 +1259,7 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
}
ff_h263_show_pict_info(s);
- if (s->pict_type == AV_PICTURE_TYPE_I && s->codec_tag == AV_RL32("ZYGO")){
+ if (s->pict_type == AV_PICTURE_TYPE_I && s->codec_tag == AV_RL32("ZYGO") && get_bits_left(&s->gb) >= 85 + 13*3*16 + 50){
int i,j;
for(i=0; i<85; i++) av_log(s->avctx, AV_LOG_DEBUG, "%d", get_bits1(&s->gb));
av_log(s->avctx, AV_LOG_DEBUG, "\n");
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 18:45:01 +0000