Mercurial > libavcodec.hg

comparison vp56.h @ 9919:c7c1c6b35a73 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
vp56dec: ensure range coder won't read past the end of input buffer
author aurel
date Sun, 05 Jul 2009 15:23:42 +0000
parents 0dce4fe6e6f3
children 34a65026fa06
comparison
equal deleted inserted replaced
9918:de14016e0b2d 9919:c7c1c6b35a73
48 48
49 typedef struct { 49 typedef struct {
50 int high; 50 int high;
51 int bits; 51 int bits;
52 const uint8_t *buffer; 52 const uint8_t *buffer;
53 const uint8_t *end;
53 unsigned long code_word; 54 unsigned long code_word;
54 } VP56RangeCoder; 55 } VP56RangeCoder;
55 56
56 typedef struct { 57 typedef struct {
57 uint8_t not_null_dc; 58 uint8_t not_null_dc;
183 const uint8_t *buf, int buf_size) 184 const uint8_t *buf, int buf_size)
184 { 185 {
185 c->high = 255; 186 c->high = 255;
186 c->bits = 8; 187 c->bits = 8;
187 c->buffer = buf; 188 c->buffer = buf;
189 c->end = buf + buf_size;
188 c->code_word = bytestream_get_be16(&c->buffer); 190 c->code_word = bytestream_get_be16(&c->buffer);
189 } 191 }
190 192
191 static inline int vp56_rac_get_prob(VP56RangeCoder *c, uint8_t prob) 193 static inline int vp56_rac_get_prob(VP56RangeCoder *c, uint8_t prob)
192 { 194 {
203 205
204 /* normalize */ 206 /* normalize */
205 while (c->high < 128) { 207 while (c->high < 128) {
206 c->high <<= 1; 208 c->high <<= 1;
207 c->code_word <<= 1; 209 c->code_word <<= 1;
208 if (--c->bits == 0) { 210 if (--c->bits == 0 && c->buffer < c->end) {
209 c->bits = 8; 211 c->bits = 8;
210 c->code_word |= *c->buffer++; 212 c->code_word |= *c->buffer++;
211 } 213 }
212 } 214 }
213 return bit; 215 return bit;
226 c->high = low << 1; 228 c->high = low << 1;
227 } 229 }
228 230
229 /* normalize */ 231 /* normalize */
230 c->code_word <<= 1; 232 c->code_word <<= 1;
231 if (--c->bits == 0) { 233 if (--c->bits == 0 && c->buffer < c->end) {
232 c->bits = 8; 234 c->bits = 8;
233 c->code_word |= *c->buffer++; 235 c->code_word |= *c->buffer++;
234 } 236 }
235 return bit; 237 return bit;
236 } 238 }