summaryrefslogtreecommitdiff
path: root/libs/ffvpx/libavcodec/vp8.c
diff options
context:
space:
mode:
Diffstat (limited to 'libs/ffvpx/libavcodec/vp8.c')
-rw-r--r--libs/ffvpx/libavcodec/vp8.c36
1 files changed, 24 insertions, 12 deletions
diff --git a/libs/ffvpx/libavcodec/vp8.c b/libs/ffvpx/libavcodec/vp8.c
index 62b9f8bc2..4b07ea806 100644
--- a/libs/ffvpx/libavcodec/vp8.c
+++ b/libs/ffvpx/libavcodec/vp8.c
@@ -492,9 +492,11 @@ static void fade(uint8_t *dst, ptrdiff_t dst_linesize,
{
int i, j;
for (j = 0; j < height; j++) {
+ const uint8_t *src2 = src + j * src_linesize;
+ uint8_t *dst2 = dst + j * dst_linesize;
for (i = 0; i < width; i++) {
- uint8_t y = src[j * src_linesize + i];
- dst[j * dst_linesize + i] = av_clip_uint8(y + ((y * beta) >> 8) + alpha);
+ uint8_t y = src2[i];
+ dst2[i] = av_clip_uint8(y + ((y * beta) >> 8) + alpha);
}
}
}
@@ -505,6 +507,9 @@ static int vp7_fade_frame(VP8Context *s, VP56RangeCoder *c)
int beta = (int8_t) vp8_rac_get_uint(c, 8);
int ret;
+ if (c->end <= c->buffer && c->bits >= 0)
+ return AVERROR_INVALIDDATA;
+
if (!s->keyframe && (alpha || beta)) {
int width = s->mb_width * 16;
int height = s->mb_height * 16;
@@ -656,7 +661,7 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si
s->fade_present = vp8_rac_get(c);
}
- if (c->end <= c->buffer && c->bits >= 0)
+ if (vpX_rac_is_end(c))
return AVERROR_INVALIDDATA;
/* E. Fading information for previous frame */
if (s->fade_present && vp8_rac_get(c)) {
@@ -2263,7 +2268,7 @@ void filter_mb_simple(VP8Context *s, uint8_t *dst, VP8FilterStrength *f,
#define MARGIN (16 << 2)
static av_always_inline
-void vp78_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *curframe,
+int vp78_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *curframe,
VP8Frame *prev_frame, int is_vp7)
{
VP8Context *s = avctx->priv_data;
@@ -2280,7 +2285,11 @@ void vp78_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *curframe,
s->mv_bounds.mv_min.x = -MARGIN;
s->mv_bounds.mv_max.x = ((s->mb_width - 1) << 6) + MARGIN;
+
for (mb_x = 0; mb_x < s->mb_width; mb_x++, mb_xy++, mb++) {
+ if (vpX_rac_is_end(&s->c)) {
+ return AVERROR_INVALIDDATA;
+ }
if (mb_y == 0)
AV_WN32A((mb - s->mb_width - 1)->intra4x4_pred_mode_top,
DC_PRED * 0x01010101);
@@ -2293,18 +2302,19 @@ void vp78_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *curframe,
s->mv_bounds.mv_min.y -= 64;
s->mv_bounds.mv_max.y -= 64;
}
+ return 0;
}
-static void vp7_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *cur_frame,
+static int vp7_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *cur_frame,
VP8Frame *prev_frame)
{
- vp78_decode_mv_mb_modes(avctx, cur_frame, prev_frame, IS_VP7);
+ return vp78_decode_mv_mb_modes(avctx, cur_frame, prev_frame, IS_VP7);
}
-static void vp8_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *cur_frame,
+static int vp8_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *cur_frame,
VP8Frame *prev_frame)
{
- vp78_decode_mv_mb_modes(avctx, cur_frame, prev_frame, IS_VP8);
+ return vp78_decode_mv_mb_modes(avctx, cur_frame, prev_frame, IS_VP8);
}
#if HAVE_THREADS
@@ -2362,7 +2372,7 @@ static av_always_inline int decode_mb_row_no_filter(AVCodecContext *avctx, void
curframe->tf.f->data[2] + 8 * mb_y * s->uvlinesize
};
- if (c->end <= c->buffer && c->bits >= 0)
+ if (vpX_rac_is_end(c))
return AVERROR_INVALIDDATA;
if (mb_y == 0)
@@ -2393,7 +2403,7 @@ static av_always_inline int decode_mb_row_no_filter(AVCodecContext *avctx, void
td->mv_bounds.mv_max.x = ((s->mb_width - 1) << 6) + MARGIN;
for (mb_x = 0; mb_x < s->mb_width; mb_x++, mb_xy++, mb++) {
- if (c->end <= c->buffer && c->bits >= 0)
+ if (vpX_rac_is_end(c))
return AVERROR_INVALIDDATA;
// Wait for previous thread to read mb_x+2, and reach mb_y-1.
if (prev_td != td) {
@@ -2739,9 +2749,11 @@ int vp78_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
!s->segmentation.update_map)
ff_thread_await_progress(&prev_frame->tf, 1, 0);
if (is_vp7)
- vp7_decode_mv_mb_modes(avctx, curframe, prev_frame);
+ ret = vp7_decode_mv_mb_modes(avctx, curframe, prev_frame);
else
- vp8_decode_mv_mb_modes(avctx, curframe, prev_frame);
+ ret = vp8_decode_mv_mb_modes(avctx, curframe, prev_frame);
+ if (ret < 0)
+ goto err;
}
if (avctx->active_thread_type == FF_THREAD_FRAME)
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-09 16:57:56 +0000