Mercurial > libavcodec.hg
annotate lzw.c @ 8991:ca768cb2bfb6 libavcodec
Use last decoded SPS as current SPS in order to parse picture timing SEI
correctly. This works around an apparent H.264 standard deficiency.
Patch by Ivan Schreter, schreter gmx net
author | cehoyos |
---|---|
date | Fri, 20 Feb 2009 16:20:01 +0000 |
parents | e9d9d946f213 |
children | 7dd2a45249a9 |
rev | line source |
---|---|
4080 | 1 /* |
2 * LZW decoder | |
8629
04423b2f6e0b
cosmetics: Remove pointless period after copyright statement non-sentences.
diego
parents:
7266
diff
changeset
|
3 * Copyright (c) 2003 Fabrice Bellard |
04423b2f6e0b
cosmetics: Remove pointless period after copyright statement non-sentences.
diego
parents:
7266
diff
changeset
|
4 * Copyright (c) 2006 Konstantin Shishkov |
4080 | 5 * |
6 * This file is part of FFmpeg. | |
7 * | |
8 * FFmpeg is free software; you can redistribute it and/or | |
9 * modify it under the terms of the GNU Lesser General Public | |
10 * License as published by the Free Software Foundation; either | |
11 * version 2.1 of the License, or (at your option) any later version. | |
12 * | |
13 * FFmpeg is distributed in the hope that it will be useful, | |
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 * Lesser General Public License for more details. | |
17 * | |
18 * You should have received a copy of the GNU Lesser General Public | |
19 * License along with FFmpeg; if not, write to the Free Software | |
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
21 */ | |
22 | |
23 /** | |
8718
e9d9d946f213
Use full internal pathname in doxygen @file directives.
diego
parents:
8629
diff
changeset
|
24 * @file libavcodec/lzw.c |
4080 | 25 * @brief LZW decoding routines |
26 * @author Fabrice Bellard | |
27 * Modified for use in TIFF by Konstantin Shishkov | |
28 */ | |
29 | |
30 #include "avcodec.h" | |
31 #include "lzw.h" | |
32 | |
33 #define LZW_MAXBITS 12 | |
34 #define LZW_SIZTABLE (1<<LZW_MAXBITS) | |
35 | |
36 static const uint16_t mask[17] = | |
37 { | |
38 0x0000, 0x0001, 0x0003, 0x0007, | |
39 0x000F, 0x001F, 0x003F, 0x007F, | |
40 0x00FF, 0x01FF, 0x03FF, 0x07FF, | |
41 0x0FFF, 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF | |
42 }; | |
43 | |
44 struct LZWState { | |
6218 | 45 const uint8_t *pbuf, *ebuf; |
4080 | 46 int bbits; |
47 unsigned int bbuf; | |
48 | |
49 int mode; ///< Decoder mode | |
50 int cursize; ///< The current code size | |
51 int curmask; | |
52 int codesize; | |
53 int clear_code; | |
54 int end_code; | |
55 int newcodes; ///< First available code | |
56 int top_slot; ///< Highest code for current size | |
4725 | 57 int extra_slot; |
4080 | 58 int slot; ///< Last read code |
59 int fc, oc; | |
60 uint8_t *sp; | |
61 uint8_t stack[LZW_SIZTABLE]; | |
62 uint8_t suffix[LZW_SIZTABLE]; | |
63 uint16_t prefix[LZW_SIZTABLE]; | |
64 int bs; ///< current buffer size for GIF | |
65 }; | |
66 | |
67 /* get one code from stream */ | |
68 static int lzw_get_code(struct LZWState * s) | |
69 { | |
4727 | 70 int c; |
4080 | 71 |
72 if(s->mode == FF_LZW_GIF) { | |
73 while (s->bbits < s->cursize) { | |
74 if (!s->bs) { | |
4727 | 75 s->bs = *s->pbuf++; |
4080 | 76 } |
77 s->bbuf |= (*s->pbuf++) << s->bbits; | |
78 s->bbits += 8; | |
79 s->bs--; | |
80 } | |
4736 | 81 c = s->bbuf; |
4716 | 82 s->bbuf >>= s->cursize; |
4080 | 83 } else { // TIFF |
84 while (s->bbits < s->cursize) { | |
85 s->bbuf = (s->bbuf << 8) | (*s->pbuf++); | |
86 s->bbits += 8; | |
87 } | |
4736 | 88 c = s->bbuf >> (s->bbits - s->cursize); |
4080 | 89 } |
90 s->bbits -= s->cursize; | |
4736 | 91 return c & s->curmask; |
4080 | 92 } |
93 | |
6218 | 94 const uint8_t* ff_lzw_cur_ptr(LZWState *p) |
4080 | 95 { |
96 return ((struct LZWState*)p)->pbuf; | |
97 } | |
98 | |
99 void ff_lzw_decode_tail(LZWState *p) | |
100 { | |
101 struct LZWState *s = (struct LZWState *)p; | |
4728
5db8e9e8f71d
move eob_reached logic into ff_lzw_decode_tail() which simplifies the code, avoids some checks in the innermost loop and also gets rid of the controversal break while hopefully retaining the last byte in a valid bytestream, invalid bytestreams still can have very significant overread
michael
parents:
4727
diff
changeset
|
102 |
5db8e9e8f71d
move eob_reached logic into ff_lzw_decode_tail() which simplifies the code, avoids some checks in the innermost loop and also gets rid of the controversal break while hopefully retaining the last byte in a valid bytestream, invalid bytestreams still can have very significant overread
michael
parents:
4727
diff
changeset
|
103 if(s->mode == FF_LZW_GIF) { |
5db8e9e8f71d
move eob_reached logic into ff_lzw_decode_tail() which simplifies the code, avoids some checks in the innermost loop and also gets rid of the controversal break while hopefully retaining the last byte in a valid bytestream, invalid bytestreams still can have very significant overread
michael
parents:
4727
diff
changeset
|
104 while(s->pbuf < s->ebuf && s->bs>0){ |
5db8e9e8f71d
move eob_reached logic into ff_lzw_decode_tail() which simplifies the code, avoids some checks in the innermost loop and also gets rid of the controversal break while hopefully retaining the last byte in a valid bytestream, invalid bytestreams still can have very significant overread
michael
parents:
4727
diff
changeset
|
105 s->pbuf += s->bs; |
5db8e9e8f71d
move eob_reached logic into ff_lzw_decode_tail() which simplifies the code, avoids some checks in the innermost loop and also gets rid of the controversal break while hopefully retaining the last byte in a valid bytestream, invalid bytestreams still can have very significant overread
michael
parents:
4727
diff
changeset
|
106 s->bs = *s->pbuf++; |
5db8e9e8f71d
move eob_reached logic into ff_lzw_decode_tail() which simplifies the code, avoids some checks in the innermost loop and also gets rid of the controversal break while hopefully retaining the last byte in a valid bytestream, invalid bytestreams still can have very significant overread
michael
parents:
4727
diff
changeset
|
107 } |
5db8e9e8f71d
move eob_reached logic into ff_lzw_decode_tail() which simplifies the code, avoids some checks in the innermost loop and also gets rid of the controversal break while hopefully retaining the last byte in a valid bytestream, invalid bytestreams still can have very significant overread
michael
parents:
4727
diff
changeset
|
108 }else |
5db8e9e8f71d
move eob_reached logic into ff_lzw_decode_tail() which simplifies the code, avoids some checks in the innermost loop and also gets rid of the controversal break while hopefully retaining the last byte in a valid bytestream, invalid bytestreams still can have very significant overread
michael
parents:
4727
diff
changeset
|
109 s->pbuf= s->ebuf; |
4080 | 110 } |
111 | |
6517
48759bfbd073
Apply 'cold' attribute to init/uninit functions in libavcodec
zuxy
parents:
6218
diff
changeset
|
112 av_cold void ff_lzw_decode_open(LZWState **p) |
4080 | 113 { |
114 *p = av_mallocz(sizeof(struct LZWState)); | |
115 } | |
116 | |
6517
48759bfbd073
Apply 'cold' attribute to init/uninit functions in libavcodec
zuxy
parents:
6218
diff
changeset
|
117 av_cold void ff_lzw_decode_close(LZWState **p) |
4080 | 118 { |
119 av_freep(p); | |
120 } | |
121 | |
122 /** | |
123 * Initialize LZW decoder | |
124 * @param s LZW context | |
125 * @param csize initial code size in bits | |
126 * @param buf input data | |
127 * @param buf_size input data size | |
128 * @param mode decoder working mode - either GIF or TIFF | |
129 */ | |
6218 | 130 int ff_lzw_decode_init(LZWState *p, int csize, const uint8_t *buf, int buf_size, int mode) |
4080 | 131 { |
132 struct LZWState *s = (struct LZWState *)p; | |
133 | |
7266
451bc2b25bcb
check that csize in ff_lzw_decode_init is < LZW_MAXBITS, <= is not enough and
reimar
parents:
6517
diff
changeset
|
134 if(csize < 1 || csize >= LZW_MAXBITS) |
4080 | 135 return -1; |
136 /* read buffer */ | |
137 s->pbuf = buf; | |
138 s->ebuf = s->pbuf + buf_size; | |
139 s->bbuf = 0; | |
140 s->bbits = 0; | |
141 s->bs = 0; | |
142 | |
143 /* decoder */ | |
144 s->codesize = csize; | |
145 s->cursize = s->codesize + 1; | |
146 s->curmask = mask[s->cursize]; | |
147 s->top_slot = 1 << s->cursize; | |
148 s->clear_code = 1 << s->codesize; | |
149 s->end_code = s->clear_code + 1; | |
150 s->slot = s->newcodes = s->clear_code + 2; | |
4732 | 151 s->oc = s->fc = -1; |
4080 | 152 s->sp = s->stack; |
153 | |
154 s->mode = mode; | |
4735 | 155 s->extra_slot = s->mode == FF_LZW_TIFF; |
4080 | 156 return 0; |
157 } | |
158 | |
159 /** | |
160 * Decode given number of bytes | |
161 * NOTE: the algorithm here is inspired from the LZW GIF decoder | |
162 * written by Steven A. Bennett in 1987. | |
163 * | |
164 * @param s LZW context | |
165 * @param buf output buffer | |
166 * @param len number of bytes to decode | |
167 * @return number of bytes decoded | |
168 */ | |
169 int ff_lzw_decode(LZWState *p, uint8_t *buf, int len){ | |
170 int l, c, code, oc, fc; | |
171 uint8_t *sp; | |
172 struct LZWState *s = (struct LZWState *)p; | |
173 | |
174 if (s->end_code < 0) | |
175 return 0; | |
176 | |
177 l = len; | |
178 sp = s->sp; | |
179 oc = s->oc; | |
180 fc = s->fc; | |
181 | |
182 for (;;) { | |
4726 | 183 while (sp > s->stack) { |
184 *buf++ = *(--sp); | |
185 if ((--l) == 0) | |
186 goto the_end; | |
187 } | |
4080 | 188 c = lzw_get_code(s); |
189 if (c == s->end_code) { | |
190 break; | |
191 } else if (c == s->clear_code) { | |
192 s->cursize = s->codesize + 1; | |
193 s->curmask = mask[s->cursize]; | |
194 s->slot = s->newcodes; | |
195 s->top_slot = 1 << s->cursize; | |
4732 | 196 fc= oc= -1; |
4080 | 197 } else { |
198 code = c; | |
4733
507d08212e36
check input validity, this prevents a few variables from reachin odd values which might have lead to out of array writes and thus might have been exploitable
michael
parents:
4732
diff
changeset
|
199 if (code == s->slot && fc>=0) { |
4080 | 200 *sp++ = fc; |
201 code = oc; | |
4733
507d08212e36
check input validity, this prevents a few variables from reachin odd values which might have lead to out of array writes and thus might have been exploitable
michael
parents:
4732
diff
changeset
|
202 }else if(code >= s->slot) |
507d08212e36
check input validity, this prevents a few variables from reachin odd values which might have lead to out of array writes and thus might have been exploitable
michael
parents:
4732
diff
changeset
|
203 break; |
4080 | 204 while (code >= s->newcodes) { |
205 *sp++ = s->suffix[code]; | |
206 code = s->prefix[code]; | |
207 } | |
208 *sp++ = code; | |
4732 | 209 if (s->slot < s->top_slot && oc>=0) { |
210 s->suffix[s->slot] = code; | |
4080 | 211 s->prefix[s->slot++] = oc; |
212 } | |
4732 | 213 fc = code; |
214 oc = c; | |
4725 | 215 if (s->slot >= s->top_slot - s->extra_slot) { |
4080 | 216 if (s->cursize < LZW_MAXBITS) { |
217 s->top_slot <<= 1; | |
218 s->curmask = mask[++s->cursize]; | |
219 } | |
220 } | |
221 } | |
222 } | |
4733
507d08212e36
check input validity, this prevents a few variables from reachin odd values which might have lead to out of array writes and thus might have been exploitable
michael
parents:
4732
diff
changeset
|
223 s->end_code = -1; |
4080 | 224 the_end: |
225 s->sp = sp; | |
226 s->oc = oc; | |
227 s->fc = fc; | |
228 return len - l; | |
229 } |