RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/exr: simplify piz decompression 

Note that >32 codes are no longer supported, give
proper error code if such scenario ever happens.
This commit is contained in:
Paul B Mahol 2021-02-20 02:35:06 +01:00
parent 8213f0a7f7
commit 767d3f7dcf
1 changed files with 91 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

255
libavcodec/exr.c
View File

@ -91,6 +91,12 @@ enum ExrTileLevelRound {
EXR_TILE_ROUND_UNKNOWN, EXR_TILE_ROUND_UNKNOWN,
}; };
typedef struct HuffEntry {
uint8_t len;
uint16_t sym;
uint32_t code;
} HuffEntry;
typedef struct EXRChannel { typedef struct EXRChannel {
int xsub, ysub; int xsub, ysub;
enum ExrPixelType pixel_type; enum ExrPixelType pixel_type;
@ -116,6 +122,11 @@ typedef struct EXRThreadData {
int ysize, xsize; int ysize, xsize;
int channel_line_size; int channel_line_size;
int run_sym;
HuffEntry *he;
uint64_t *freq;
VLC vlc;
} EXRThreadData; } EXRThreadData;
typedef struct EXRContext { typedef struct EXRContext {
@ -319,25 +330,15 @@ static void apply_lut(const uint16_t *lut, uint16_t *dst, int dsize)
} }
#define HUF_ENCBITS 16 // literal (value) bit length #define HUF_ENCBITS 16 // literal (value) bit length
#define HUF_DECBITS 14 // decoding bit size (>= 8)
#define HUF_ENCSIZE ((1 << HUF_ENCBITS) + 1) // encoding table size #define HUF_ENCSIZE ((1 << HUF_ENCBITS) + 1) // encoding table size
#define HUF_DECSIZE (1 << HUF_DECBITS) // decoding table size
#define HUF_DECMASK (HUF_DECSIZE - 1)
typedef struct HufDec { static void huf_canonical_code_table(uint64_t *freq)
int len;
int lit;
int *p;
} HufDec;
static void huf_canonical_code_table(uint64_t *hcode)
{ {
uint64_t c, n[59] = { 0 }; uint64_t c, n[59] = { 0 };
int i; int i;
for (i = 0; i < HUF_ENCSIZE; ++i) for (i = 0; i < HUF_ENCSIZE; i++)
n[hcode[i]] += 1; n[freq[i]] += 1;
c = 0; c = 0;
for (i = 58; i > 0; --i) { for (i = 58; i > 0; --i) {
@ -347,10 +348,10 @@ static void huf_canonical_code_table(uint64_t *hcode)
} }
for (i = 0; i < HUF_ENCSIZE; ++i) { for (i = 0; i < HUF_ENCSIZE; ++i) {
int l = hcode[i]; int l = freq[i];
if (l > 0) if (l > 0)
hcode[i] = l | (n[l]++ << 6); freq[i] = l | (n[l]++ << 6);
} }
} }
@ -360,7 +361,7 @@ static void huf_canonical_code_table(uint64_t *hcode)
#define LONGEST_LONG_RUN (255 + SHORTEST_LONG_RUN) #define LONGEST_LONG_RUN (255 + SHORTEST_LONG_RUN)
static int huf_unpack_enc_table(GetByteContext *gb, static int huf_unpack_enc_table(GetByteContext *gb,
int32_t im, int32_t iM, uint64_t *hcode) int32_t im, int32_t iM, uint64_t *freq)
{ {
GetBitContext gbit; GetBitContext gbit;
int ret = init_get_bits8(&gbit, gb->buffer, bytestream2_get_bytes_left(gb)); int ret = init_get_bits8(&gbit, gb->buffer, bytestream2_get_bytes_left(gb));
@ -368,7 +369,7 @@ static int huf_unpack_enc_table(GetByteContext *gb,
return ret; return ret;
for (; im <= iM; im++) { for (; im <= iM; im++) {
uint64_t l = hcode[im] = get_bits(&gbit, 6); uint64_t l = freq[im] = get_bits(&gbit, 6);
if (l == LONG_ZEROCODE_RUN) { if (l == LONG_ZEROCODE_RUN) {
int zerun = get_bits(&gbit, 8) + SHORTEST_LONG_RUN; int zerun = get_bits(&gbit, 8) + SHORTEST_LONG_RUN;
@ -377,7 +378,7 @@ static int huf_unpack_enc_table(GetByteContext *gb,
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
while (zerun--) while (zerun--)
hcode[im++] = 0; freq[im++] = 0;
im--; im--;
} else if (l >= SHORT_ZEROCODE_RUN) { } else if (l >= SHORT_ZEROCODE_RUN) {
@ -387,161 +388,91 @@ static int huf_unpack_enc_table(GetByteContext *gb,
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
while (zerun--) while (zerun--)
hcode[im++] = 0; freq[im++] = 0;
im--; im--;
} }
} }
bytestream2_skip(gb, (get_bits_count(&gbit) + 7) / 8); bytestream2_skip(gb, (get_bits_count(&gbit) + 7) / 8);
huf_canonical_code_table(hcode); huf_canonical_code_table(freq);
return 0; return 0;
} }
static int huf_build_dec_table(const uint64_t *hcode, int im, static int huf_build_dec_table(EXRContext *s,
int iM, HufDec *hdecod) EXRThreadData *td, int im, int iM)
{ {
for (; im <= iM; im++) { int j = 0;
uint64_t c = hcode[im] >> 6;
int i, l = hcode[im] & 63;
if (c >> l) td->run_sym = -1;
return AVERROR_INVALIDDATA; for (int i = im; i < iM; i++) {
td->he[j].sym = i;
if (l > HUF_DECBITS) { td->he[j].len = td->freq[i] & 63;
HufDec *pl = hdecod + (c >> (l - HUF_DECBITS)); td->he[j].code = td->freq[i] >> 6;
if (pl->len) if (td->he[j].len > 32) {
return AVERROR_INVALIDDATA; avpriv_request_sample(s->avctx, "Too big code length");
return AVERROR_PATCHWELCOME;
pl->lit++;
pl->p = av_realloc(pl->p, pl->lit * sizeof(int));
if (!pl->p)
return AVERROR(ENOMEM);
pl->p[pl->lit - 1] = im;
} else if (l) {
HufDec *pl = hdecod + (c << (HUF_DECBITS - l));
for (i = 1 << (HUF_DECBITS - l); i > 0; i--, pl++) {
if (pl->len || pl->p)
return AVERROR_INVALIDDATA;
pl->len = l;
pl->lit = im;
}
} }
if (td->he[j].len > 0)
j++;
else
td->run_sym = i;
} }
return 0; if (td->run_sym == -1) {
} avpriv_request_sample(s->avctx, "No place for run symbol");
return AVERROR_PATCHWELCOME;
#define get_char(c, lc, gb) \
{ \
c = (c << 8) | bytestream2_get_byte(gb); \
lc += 8; \
}
#define get_code(po, rlc, c, lc, gb, out, oe, outb) \
{ \
if (po == rlc) { \
if (lc < 8) \
get_char(c, lc, gb); \
lc -= 8; \
\
cs = c >> lc; \
\
if (out + cs > oe || out == outb) \
return AVERROR_INVALIDDATA; \
\
s = out[-1]; \
\
while (cs-- > 0) \
*out++ = s; \
} else if (out < oe) { \
*out++ = po; \
} else { \
return AVERROR_INVALIDDATA; \
} \
}
static int huf_decode(const uint64_t *hcode, const HufDec *hdecod,
GetByteContext *gb, int nbits,
int rlc, int no, uint16_t *out)
{
uint64_t c = 0;
uint16_t *outb = out;
uint16_t *oe = out + no;
const uint8_t *ie = gb->buffer + (nbits + 7) / 8; // input byte size
uint8_t cs;
uint16_t s;
int i, lc = 0;
while (gb->buffer < ie) {
get_char(c, lc, gb);
while (lc >= HUF_DECBITS) {
const HufDec pl = hdecod[(c >> (lc - HUF_DECBITS)) & HUF_DECMASK];
if (pl.len) {
lc -= pl.len;
get_code(pl.lit, rlc, c, lc, gb, out, oe, outb);
} else {
int j;
if (!pl.p)
return AVERROR_INVALIDDATA;
for (j = 0; j < pl.lit; j++) {
int l = hcode[pl.p[j]] & 63;
while (lc < l && bytestream2_get_bytes_left(gb) > 0)
get_char(c, lc, gb);
if (lc >= l) {
if ((hcode[pl.p[j]] >> 6) ==
((c >> (lc - l)) & ((1LL << l) - 1))) {
lc -= l;
get_code(pl.p[j], rlc, c, lc, gb, out, oe, outb);
break;
}
}
}
if (j == pl.lit)
return AVERROR_INVALIDDATA;
}
}
} }
i = (8 - nbits) & 7; td->he[j].sym = td->run_sym;
c >>= i; td->he[j].len = td->freq[iM] & 63;
lc -= i; if (td->he[j].len > 32) {
avpriv_request_sample(s->avctx, "Too big code length");
return AVERROR_PATCHWELCOME;
}
td->he[j].code = td->freq[iM] >> 6;
j++;
while (lc > 0) { ff_free_vlc(&td->vlc);
const HufDec pl = hdecod[(c << (HUF_DECBITS - lc)) & HUF_DECMASK]; return ff_init_vlc_sparse(&td->vlc, 12, j,
&td->he[0].len, sizeof(td->he[0]), sizeof(td->he[0].len),
&td->he[0].code, sizeof(td->he[0]), sizeof(td->he[0].code),
&td->he[0].sym, sizeof(td->he[0]), sizeof(td->he[0].sym), 0);
}
if (pl.len && lc >= pl.len) { static int huf_decode(VLC *vlc, GetByteContext *gb, int nbits, int run_sym,
lc -= pl.len; int no, uint16_t *out)
get_code(pl.lit, rlc, c, lc, gb, out, oe, outb); {
GetBitContext gbit;
int oe = 0;
init_get_bits(&gbit, gb->buffer, nbits);
while (get_bits_left(&gbit) > 0 && oe < no) {
uint16_t x = get_vlc2(&gbit, vlc->table, 12, 2);
if (x == run_sym) {
int run = get_bits(&gbit, 8);
uint16_t fill = out[oe - 1];
while (run-- > 0)
out[oe++] = fill;
} else { } else {
return AVERROR_INVALIDDATA; out[oe++] = x;
} }
} }
if (out - outb != no)
return AVERROR_INVALIDDATA;
return 0; return 0;
} }
static int huf_uncompress(GetByteContext *gb, static int huf_uncompress(EXRContext *s,
EXRThreadData *td,
GetByteContext *gb,
uint16_t *dst, int dst_size) uint16_t *dst, int dst_size)
{ {
int32_t src_size, im, iM; int32_t src_size, im, iM;
uint32_t nBits; uint32_t nBits;
uint64_t *freq; int ret;
HufDec *hdec;
int ret, i;
src_size = bytestream2_get_le32(gb); src_size = bytestream2_get_le32(gb);
im = bytestream2_get_le32(gb); im = bytestream2_get_le32(gb);
@ -555,34 +486,27 @@ static int huf_uncompress(GetByteContext *gb,
bytestream2_skip(gb, 4); bytestream2_skip(gb, 4);
freq = av_mallocz_array(HUF_ENCSIZE, sizeof(*freq)); if (!td->freq)
hdec = av_mallocz_array(HUF_DECSIZE, sizeof(*hdec)); td->freq = av_malloc_array(HUF_ENCSIZE, sizeof(*td->freq));
if (!freq || !hdec) { if (!td->he)
td->he = av_calloc(HUF_ENCSIZE, sizeof(*td->he));
if (!td->freq || !td->he) {
ret = AVERROR(ENOMEM); ret = AVERROR(ENOMEM);
goto fail; return ret;
} }
if ((ret = huf_unpack_enc_table(gb, im, iM, freq)) < 0) memset(td->freq, 0, sizeof(*td->freq) * HUF_ENCSIZE);
goto fail; if ((ret = huf_unpack_enc_table(gb, im, iM, td->freq)) < 0)
return ret;
if (nBits > 8 * bytestream2_get_bytes_left(gb)) { if (nBits > 8 * bytestream2_get_bytes_left(gb)) {
ret = AVERROR_INVALIDDATA; ret = AVERROR_INVALIDDATA;
goto fail; return ret;
} }
if ((ret = huf_build_dec_table(freq, im, iM, hdec)) < 0) if ((ret = huf_build_dec_table(s, td, im, iM)) < 0)
goto fail; return ret;
ret = huf_decode(freq, hdec, gb, nBits, iM, dst_size, dst); return huf_decode(&td->vlc, gb, nBits, td->run_sym, dst_size, dst);
fail:
for (i = 0; i < HUF_DECSIZE; i++)
if (hdec)
av_freep(&hdec[i].p);
av_free(freq);
av_free(hdec);
return ret;
} }
static inline void wdec14(uint16_t l, uint16_t h, uint16_t *a, uint16_t *b) static inline void wdec14(uint16_t l, uint16_t h, uint16_t *a, uint16_t *b)
@ -730,7 +654,7 @@ static int piz_uncompress(EXRContext *s, const uint8_t *src, int ssize,
maxval = reverse_lut(td->bitmap, td->lut); maxval = reverse_lut(td->bitmap, td->lut);
ret = huf_uncompress(&gb, tmp, dsize / sizeof(uint16_t)); ret = huf_uncompress(s, td, &gb, tmp, dsize / sizeof(uint16_t));
if (ret) if (ret)
return ret; return ret;
@ -2045,6 +1969,9 @@ static av_cold int decode_end(AVCodecContext *avctx)
av_freep(&td->tmp); av_freep(&td->tmp);
av_freep(&td->bitmap); av_freep(&td->bitmap);
av_freep(&td->lut); av_freep(&td->lut);
av_freep(&td->he);
av_freep(&td->freq);
ff_free_vlc(&td->vlc);
} }
av_freep(&s->thread_data); av_freep(&s->thread_data);