Mercurial > libavcodec.hg
annotate nellymoserdec.c @ 12526:55339937018e libavcodec
Fix several security issues in flicvideo.c
This fixes CVE-2010-3429
author | michael |
---|---|
date | Mon, 27 Sep 2010 15:16:16 +0000 |
parents | 554ee9fa2840 |
children |
rev | line source |
---|---|
5823 | 1 /* |
2 * NellyMoser audio decoder | |
3 * Copyright (c) 2007 a840bda5870ba11f19698ff6eb9581dfb0f95fa5, | |
4 * 539459aeb7d425140b62a3ec7dbf6dc8e408a306, and | |
5 * 520e17cd55896441042b14df2566a6eb610ed444 | |
6 * Copyright (c) 2007 Loic Minier <lool at dooz.org> | |
7 * Benjamin Larsson | |
8 * | |
9 * Permission is hereby granted, free of charge, to any person obtaining a | |
10 * copy of this software and associated documentation files (the "Software"), | |
11 * to deal in the Software without restriction, including without limitation | |
12 * the rights to use, copy, modify, merge, publish, distribute, sublicense, | |
13 * and/or sell copies of the Software, and to permit persons to whom the | |
14 * Software is furnished to do so, subject to the following conditions: | |
15 * | |
16 * The above copyright notice and this permission notice shall be included in | |
17 * all copies or substantial portions of the Software. | |
18 * | |
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
20 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
21 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL | |
22 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
23 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | |
24 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER | |
25 * DEALINGS IN THE SOFTWARE. | |
26 */ | |
27 | |
28 /** | |
11644
7dd2a45249a9
Remove explicit filename from Doxygen @file commands.
diego
parents:
11560
diff
changeset
|
29 * @file |
5823 | 30 * The 3 alphanumeric copyright notices are md5summed they are from the original |
31 * implementors. The original code is available from http://code.google.com/p/nelly2pcm/ | |
32 */ | |
6763 | 33 |
7030
40f18ff994f9
Separating from nellymoserdec.c parts required by encoder
bwolowiec
parents:
6763
diff
changeset
|
34 #include "nellymoser.h" |
9205 | 35 #include "libavutil/lfg.h" |
36 #include "libavutil/random_seed.h" | |
5823 | 37 #include "avcodec.h" |
38 #include "dsputil.h" | |
11370 | 39 #include "fft.h" |
5823 | 40 |
41 #define ALT_BITSTREAM_READER_LE | |
9428 | 42 #include "get_bits.h" |
5823 | 43 |
44 | |
45 typedef struct NellyMoserDecodeContext { | |
46 AVCodecContext* avctx; | |
11369 | 47 DECLARE_ALIGNED(16, float,float_buf)[NELLY_SAMPLES]; |
6611
79c5af90afde
Avoid reverse addressing, not sure if this is faster or slower but people
michael
parents:
6610
diff
changeset
|
48 float state[128]; |
9205 | 49 AVLFG random_state; |
5823 | 50 GetBitContext gb; |
51 int add_bias; | |
6613
54f88d1cee72
Move scale_bias to a more sane place. I am starting to wonder how this
michael
parents:
6612
diff
changeset
|
52 float scale_bias; |
5823 | 53 DSPContext dsp; |
10199 | 54 FFTContext imdct_ctx; |
11369 | 55 DECLARE_ALIGNED(16, float,imdct_out)[NELLY_BUF_LEN * 2]; |
5823 | 56 } NellyMoserDecodeContext; |
57 | |
6605 | 58 static void overlap_and_window(NellyMoserDecodeContext *s, float *state, float *audio, float *a_in) |
5823 | 59 { |
6616 | 60 int bot, top; |
5823 | 61 |
62 bot = 0; | |
63 top = NELLY_BUF_LEN-1; | |
64 | |
6612 | 65 while (bot < NELLY_BUF_LEN) { |
8614
ff10b38304d2
Use shared sine window instead of defining another one.
vitor
parents:
8153
diff
changeset
|
66 audio[bot] = a_in [bot]*ff_sine_128[bot] |
ff10b38304d2
Use shared sine window instead of defining another one.
vitor
parents:
8153
diff
changeset
|
67 +state[bot]*ff_sine_128[top] + s->add_bias; |
5823 | 68 |
69 bot++; | |
70 top--; | |
71 } | |
6611
79c5af90afde
Avoid reverse addressing, not sure if this is faster or slower but people
michael
parents:
6610
diff
changeset
|
72 memcpy(state, a_in + NELLY_BUF_LEN, sizeof(float)*NELLY_BUF_LEN); |
5823 | 73 } |
74 | |
6725
dc6bc48b0e17
Mark symbol as static, patch by Diego 'Flameeyes' Petten, flameeyes gmail com.
diego
parents:
6710
diff
changeset
|
75 static void nelly_decode_block(NellyMoserDecodeContext *s, |
dc6bc48b0e17
Mark symbol as static, patch by Diego 'Flameeyes' Petten, flameeyes gmail com.
diego
parents:
6710
diff
changeset
|
76 const unsigned char block[NELLY_BLOCK_LEN], |
dc6bc48b0e17
Mark symbol as static, patch by Diego 'Flameeyes' Petten, flameeyes gmail com.
diego
parents:
6710
diff
changeset
|
77 float audio[NELLY_SAMPLES]) |
5823 | 78 { |
79 int i,j; | |
5869
a03b4172939c
Use the ffmpeg mdct function, patch by Fabrice Bellard. Thread: [FFmpeg-devel] NellyMoser transform bug, 10/25/2007 12:24 PM
banan
parents:
5838
diff
changeset
|
80 float buf[NELLY_FILL_LEN], pows[NELLY_FILL_LEN]; |
5823 | 81 float *aptr, *bptr, *pptr, val, pval; |
82 int bits[NELLY_BUF_LEN]; | |
83 unsigned char v; | |
84 | |
85 init_get_bits(&s->gb, block, NELLY_BLOCK_LEN * 8); | |
86 | |
87 bptr = buf; | |
88 pptr = pows; | |
7030
40f18ff994f9
Separating from nellymoserdec.c parts required by encoder
bwolowiec
parents:
6763
diff
changeset
|
89 val = ff_nelly_init_table[get_bits(&s->gb, 6)]; |
5823 | 90 for (i=0 ; i<NELLY_BANDS ; i++) { |
91 if (i > 0) | |
7030
40f18ff994f9
Separating from nellymoserdec.c parts required by encoder
bwolowiec
parents:
6763
diff
changeset
|
92 val += ff_nelly_delta_table[get_bits(&s->gb, 5)]; |
6614 | 93 pval = -pow(2, val/2048) * s->scale_bias; |
7030
40f18ff994f9
Separating from nellymoserdec.c parts required by encoder
bwolowiec
parents:
6763
diff
changeset
|
94 for (j = 0; j < ff_nelly_band_sizes_table[i]; j++) { |
5823 | 95 *bptr++ = val; |
96 *pptr++ = pval; | |
97 } | |
98 | |
99 } | |
100 | |
7030
40f18ff994f9
Separating from nellymoserdec.c parts required by encoder
bwolowiec
parents:
6763
diff
changeset
|
101 ff_nelly_get_sample_bits(buf, bits); |
5823 | 102 |
103 for (i = 0; i < 2; i++) { | |
5869
a03b4172939c
Use the ffmpeg mdct function, patch by Fabrice Bellard. Thread: [FFmpeg-devel] NellyMoser transform bug, 10/25/2007 12:24 PM
banan
parents:
5838
diff
changeset
|
104 aptr = audio + i * NELLY_BUF_LEN; |
a03b4172939c
Use the ffmpeg mdct function, patch by Fabrice Bellard. Thread: [FFmpeg-devel] NellyMoser transform bug, 10/25/2007 12:24 PM
banan
parents:
5838
diff
changeset
|
105 |
5823 | 106 init_get_bits(&s->gb, block, NELLY_BLOCK_LEN * 8); |
9637 | 107 skip_bits_long(&s->gb, NELLY_HEADER_BITS + i*NELLY_DETAIL_BITS); |
5823 | 108 |
109 for (j = 0; j < NELLY_FILL_LEN; j++) { | |
110 if (bits[j] <= 0) { | |
5869
a03b4172939c
Use the ffmpeg mdct function, patch by Fabrice Bellard. Thread: [FFmpeg-devel] NellyMoser transform bug, 10/25/2007 12:24 PM
banan
parents:
5838
diff
changeset
|
111 aptr[j] = M_SQRT1_2*pows[j]; |
9205 | 112 if (av_lfg_get(&s->random_state) & 1) |
5869
a03b4172939c
Use the ffmpeg mdct function, patch by Fabrice Bellard. Thread: [FFmpeg-devel] NellyMoser transform bug, 10/25/2007 12:24 PM
banan
parents:
5838
diff
changeset
|
113 aptr[j] *= -1.0; |
5823 | 114 } else { |
115 v = get_bits(&s->gb, bits[j]); | |
7030
40f18ff994f9
Separating from nellymoserdec.c parts required by encoder
bwolowiec
parents:
6763
diff
changeset
|
116 aptr[j] = ff_nelly_dequantization_table[(1<<bits[j])-1+v]*pows[j]; |
5823 | 117 } |
118 } | |
5869
a03b4172939c
Use the ffmpeg mdct function, patch by Fabrice Bellard. Thread: [FFmpeg-devel] NellyMoser transform bug, 10/25/2007 12:24 PM
banan
parents:
5838
diff
changeset
|
119 memset(&aptr[NELLY_FILL_LEN], 0, |
a03b4172939c
Use the ffmpeg mdct function, patch by Fabrice Bellard. Thread: [FFmpeg-devel] NellyMoser transform bug, 10/25/2007 12:24 PM
banan
parents:
5838
diff
changeset
|
120 (NELLY_BUF_LEN - NELLY_FILL_LEN) * sizeof(float)); |
5823 | 121 |
7547 | 122 ff_imdct_calc(&s->imdct_ctx, s->imdct_out, aptr); |
5869
a03b4172939c
Use the ffmpeg mdct function, patch by Fabrice Bellard. Thread: [FFmpeg-devel] NellyMoser transform bug, 10/25/2007 12:24 PM
banan
parents:
5838
diff
changeset
|
123 /* XXX: overlapping and windowing should be part of a more |
a03b4172939c
Use the ffmpeg mdct function, patch by Fabrice Bellard. Thread: [FFmpeg-devel] NellyMoser transform bug, 10/25/2007 12:24 PM
banan
parents:
5838
diff
changeset
|
124 generic imdct function */ |
6605 | 125 overlap_and_window(s, s->state, aptr, s->imdct_out); |
5823 | 126 } |
127 } | |
128 | |
6517
48759bfbd073
Apply 'cold' attribute to init/uninit functions in libavcodec
zuxy
parents:
6218
diff
changeset
|
129 static av_cold int decode_init(AVCodecContext * avctx) { |
5823 | 130 NellyMoserDecodeContext *s = avctx->priv_data; |
131 | |
132 s->avctx = avctx; | |
10598 | 133 av_lfg_init(&s->random_state, 0); |
9658
67a20f0eb42c
Support for getting (i)MDCT output multiplied by a constant scaling factor.
serge
parents:
9637
diff
changeset
|
134 ff_mdct_init(&s->imdct_ctx, 8, 1, 1.0); |
5869
a03b4172939c
Use the ffmpeg mdct function, patch by Fabrice Bellard. Thread: [FFmpeg-devel] NellyMoser transform bug, 10/25/2007 12:24 PM
banan
parents:
5838
diff
changeset
|
135 |
5823 | 136 dsputil_init(&s->dsp, avctx); |
137 | |
138 if(s->dsp.float_to_int16 == ff_float_to_int16_c) { | |
139 s->add_bias = 385; | |
6613
54f88d1cee72
Move scale_bias to a more sane place. I am starting to wonder how this
michael
parents:
6612
diff
changeset
|
140 s->scale_bias = 1.0/(8*32768); |
5823 | 141 } else { |
142 s->add_bias = 0; | |
6613
54f88d1cee72
Move scale_bias to a more sane place. I am starting to wonder how this
michael
parents:
6612
diff
changeset
|
143 s->scale_bias = 1.0/(1*8); |
5823 | 144 } |
145 | |
146 /* Generate overlap window */ | |
8614
ff10b38304d2
Use shared sine window instead of defining another one.
vitor
parents:
8153
diff
changeset
|
147 if (!ff_sine_128[127]) |
10827
3d011a01a6a0
Add support for hard-coded MDCT-related ff_sine_windows tables.
reimar
parents:
10598
diff
changeset
|
148 ff_init_ff_sine_windows(7); |
5823 | 149 |
7451
85ab7655ad4d
Modify all codecs to report their supported input and output sample format(s).
pross
parents:
7357
diff
changeset
|
150 avctx->sample_fmt = SAMPLE_FMT_S16; |
8153 | 151 avctx->channel_layout = CH_LAYOUT_MONO; |
5823 | 152 return 0; |
153 } | |
154 | |
155 static int decode_tag(AVCodecContext * avctx, | |
156 void *data, int *data_size, | |
9355
54bc8a2727b0
Implement avcodec_decode_video2(), _audio3() and _subtitle2() which takes an
rbultje
parents:
9205
diff
changeset
|
157 AVPacket *avpkt) { |
54bc8a2727b0
Implement avcodec_decode_video2(), _audio3() and _subtitle2() which takes an
rbultje
parents:
9205
diff
changeset
|
158 const uint8_t *buf = avpkt->data; |
54bc8a2727b0
Implement avcodec_decode_video2(), _audio3() and _subtitle2() which takes an
rbultje
parents:
9205
diff
changeset
|
159 int buf_size = avpkt->size; |
5823 | 160 NellyMoserDecodeContext *s = avctx->priv_data; |
161 int blocks, i; | |
162 int16_t* samples; | |
163 *data_size = 0; | |
164 samples = (int16_t*)data; | |
165 | |
166 if (buf_size < avctx->block_align) | |
167 return buf_size; | |
168 | |
11878 | 169 if (buf_size % 64) { |
11879
554ee9fa2840
nellymoserdec: Increase the log level of messages when failing to decode data
mstorsjo
parents:
11878
diff
changeset
|
170 av_log(avctx, AV_LOG_ERROR, "Tag size %d.\n", buf_size); |
11878 | 171 return buf_size; |
172 } | |
173 blocks = buf_size / 64; | |
11877
17092b43bd64
nellymoserdec: Simplify calculation of numbers of blocks
mstorsjo
parents:
11876
diff
changeset
|
174 /* Normal numbers of blocks for sample rates: |
17092b43bd64
nellymoserdec: Simplify calculation of numbers of blocks
mstorsjo
parents:
11876
diff
changeset
|
175 * 8000 Hz - 1 |
17092b43bd64
nellymoserdec: Simplify calculation of numbers of blocks
mstorsjo
parents:
11876
diff
changeset
|
176 * 11025 Hz - 2 |
17092b43bd64
nellymoserdec: Simplify calculation of numbers of blocks
mstorsjo
parents:
11876
diff
changeset
|
177 * 16000 Hz - 3 |
17092b43bd64
nellymoserdec: Simplify calculation of numbers of blocks
mstorsjo
parents:
11876
diff
changeset
|
178 * 22050 Hz - 4 |
17092b43bd64
nellymoserdec: Simplify calculation of numbers of blocks
mstorsjo
parents:
11876
diff
changeset
|
179 * 44100 Hz - 8 |
17092b43bd64
nellymoserdec: Simplify calculation of numbers of blocks
mstorsjo
parents:
11876
diff
changeset
|
180 */ |
5823 | 181 |
182 for (i=0 ; i<blocks ; i++) { | |
183 nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf); | |
184 s->dsp.float_to_int16(&samples[i*NELLY_SAMPLES], s->float_buf, NELLY_SAMPLES); | |
185 *data_size += NELLY_SAMPLES*sizeof(int16_t); | |
186 } | |
187 | |
5915
4528d63fbc8e
Fix nellymoser decode_tag return value, patch by Stefano Sabatini
banan
parents:
5874
diff
changeset
|
188 return buf_size; |
5823 | 189 } |
190 | |
6517
48759bfbd073
Apply 'cold' attribute to init/uninit functions in libavcodec
zuxy
parents:
6218
diff
changeset
|
191 static av_cold int decode_end(AVCodecContext * avctx) { |
5823 | 192 NellyMoserDecodeContext *s = avctx->priv_data; |
193 | |
5869
a03b4172939c
Use the ffmpeg mdct function, patch by Fabrice Bellard. Thread: [FFmpeg-devel] NellyMoser transform bug, 10/25/2007 12:24 PM
banan
parents:
5838
diff
changeset
|
194 ff_mdct_end(&s->imdct_ctx); |
5823 | 195 return 0; |
196 } | |
197 | |
198 AVCodec nellymoser_decoder = { | |
199 "nellymoser", | |
11560
8a4984c5cacc
Define AVMediaType enum, and use it instead of enum CodecType, which
stefano
parents:
11370
diff
changeset
|
200 AVMEDIA_TYPE_AUDIO, |
5823 | 201 CODEC_ID_NELLYMOSER, |
202 sizeof(NellyMoserDecodeContext), | |
203 decode_init, | |
204 NULL, | |
205 decode_end, | |
206 decode_tag, | |
7040
e943e1409077
Make AVCodec long_names definition conditional depending on CONFIG_SMALL.
stefano
parents:
7030
diff
changeset
|
207 .long_name = NULL_IF_CONFIG_SMALL("Nellymoser Asao"), |
5823 | 208 }; |
209 |