Mercurial > libavcodec.hg

comparison cavs.c @ 3408:73c648ae1c74 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
check cbp for validity, avoids possible out of array reads / segfaults
author michael
date Tue, 04 Jul 2006 16:42:22 +0000
parents f5f2d05b54ac
children 584ff6431043
comparison
equal deleted inserted replaced
3407:f5f2d05b54ac 3408:73c648ae1c74
752 if(h->cbp & (1<<5)) 752 if(h->cbp & (1<<5))
753 decode_residual_block(h,&h->s.gb,chroma_2dvlc,0, chroma_qp[h->qp], 753 decode_residual_block(h,&h->s.gb,chroma_2dvlc,0, chroma_qp[h->qp],
754 h->cv,h->c_stride); 754 h->cv,h->c_stride);
755 } 755 }
756 756
757 static inline void decode_residual_inter(AVSContext *h) { 757 static inline int decode_residual_inter(AVSContext *h) {
758 int block; 758 int block;
759 759
760 /* get coded block pattern */ 760 /* get coded block pattern */
761 h->cbp = cbp_tab[get_ue_golomb(&h->s.gb)][1]; 761 int cbp= get_ue_golomb(&h->s.gb);
762 if(cbp > 63){
763 av_log(h->s.avctx, AV_LOG_ERROR, "illegal inter cbp\n");
764 return -1;
765 }
766 h->cbp = cbp_tab[cbp][1];
767
762 /* get quantizer */ 768 /* get quantizer */
763 if(h->cbp && !h->qp_fixed) 769 if(h->cbp && !h->qp_fixed)
764 h->qp += get_se_golomb(&h->s.gb); 770 h->qp += get_se_golomb(&h->s.gb);
765 for(block=0;block<4;block++) 771 for(block=0;block<4;block++)
766 if(h->cbp & (1<<block)) 772 if(h->cbp & (1<<block))
767 decode_residual_block(h,&h->s.gb,inter_2dvlc,0,h->qp, 773 decode_residual_block(h,&h->s.gb,inter_2dvlc,0,h->qp,
768 h->cy + h->luma_scan[block], h->l_stride); 774 h->cy + h->luma_scan[block], h->l_stride);
769 decode_residual_chroma(h); 775 decode_residual_chroma(h);
776
777 return 0;
770 } 778 }
771 779
772 /***************************************************************************** 780 /*****************************************************************************
773 * 781 *
774 * macroblock level 782 * macroblock level
859 } 867 }
860 } 868 }
861 return 1; 869 return 1;
862 } 870 }
863 871
864 static void decode_mb_i(AVSContext *h) { 872 static int decode_mb_i(AVSContext *h) {
865 GetBitContext *gb = &h->s.gb; 873 GetBitContext *gb = &h->s.gb;
866 int block, pred_mode_uv; 874 int block, pred_mode_uv;
867 uint8_t top[18]; 875 uint8_t top[18];
868 uint8_t left[18]; 876 uint8_t left[18];
869 uint8_t *d; 877 uint8_t *d;
912 modify_pred(top_modifier_l, &h->pred_mode_Y[5] ); 920 modify_pred(top_modifier_l, &h->pred_mode_Y[5] );
913 modify_pred(top_modifier_c, &pred_mode_uv ); 921 modify_pred(top_modifier_c, &pred_mode_uv );
914 } 922 }
915 923
916 /* get coded block pattern */ 924 /* get coded block pattern */
917 if(h->pic_type == FF_I_TYPE) 925 if(h->pic_type == FF_I_TYPE){
918 h->cbp = cbp_tab[get_ue_golomb(gb)][0]; 926 int cbp= get_ue_golomb(gb);
927 if(cbp > 63){
928 av_log(h->s.avctx, AV_LOG_ERROR, "illegal intra cbp\n");
929 return -1;
930 }
931 h->cbp = cbp_tab[cbp][0];
932 }
919 if(h->cbp && !h->qp_fixed) 933 if(h->cbp && !h->qp_fixed)
920 h->qp += get_se_golomb(gb); //qp_delta 934 h->qp += get_se_golomb(gb); //qp_delta
921 935
922 /* luma intra prediction interleaved with residual decode/transform/add */ 936 /* luma intra prediction interleaved with residual decode/transform/add */
923 for(block=0;block<4;block++) { 937 for(block=0;block<4;block++) {
957 set_mvs(&h->mv[MV_FWD_X0], BLK_16X16); 971 set_mvs(&h->mv[MV_FWD_X0], BLK_16X16);
958 h->mv[MV_BWD_X0] = intra_mv; 972 h->mv[MV_BWD_X0] = intra_mv;
959 set_mvs(&h->mv[MV_BWD_X0], BLK_16X16); 973 set_mvs(&h->mv[MV_BWD_X0], BLK_16X16);
960 if(h->pic_type != FF_B_TYPE) 974 if(h->pic_type != FF_B_TYPE)
961 *h->col_type = I_8X8; 975 *h->col_type = I_8X8;
976
977 return 0;
962 } 978 }
963 979
964 static void decode_mb_p(AVSContext *h, enum mb_t mb_type) { 980 static void decode_mb_p(AVSContext *h, enum mb_t mb_type) {
965 GetBitContext *gb = &h->s.gb; 981 GetBitContext *gb = &h->s.gb;
966 int ref[4]; 982 int ref[4];