The earlier code would traverse over the code lengths
mutliple times (namely max_length + 1 times - once to get
the maximum length and once for each max_length to assign
codes) before calling ff_vlc_init_sparse() (which may traverse
them twice and sort them). The new code only traverses them once
(+ the one time in ff_vlc_init_from_lengths()).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Don't rely on invalid codes leading to get_vlc2() returning
-1, which then gets converted to an uint8_t, i.e. to 255
and runs afoul of a length check later. After all, get_vlc2()
could be changed to return something else which may
be valid when cast to uint8_t.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
It is better when BUF_BITS == 64 (i.e. on x64), because
the underlying put_bits can then handle 0..63 bits naturally.
It does not worsen the code when BUF_BITS != 64, because
the compiler can optimize this to the same code as now
(due to the assert).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Given that these trees have only nine elements and are complete,
their depth is <= eight.
Also remove the now unused FF_HUFFMAN_BITS constant.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The VLC trees used here have very few different codes
and are therefore guaranteed to not be very deep: The AC/DC
VLCs have 12 elements and therefore a depth <= 11 whereas
the run VLCs have only nine elements and therefore a depth <= 8.
This allows to reduce the worst-case number of reloads for
reading a VLC code.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
There are only 2*3*4 VLC trees for decoding Huffman encoded
AC coefficients; see section 13.3.2 of the spec.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Return AVERROR_DECODER_NOT_FOUND.
(This can be triggered because this decoder tries to be
generic and work with multiple underlying AAC decoders,
so that there is no configure dependency for any decoder.)
Reviewed-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This is simpler and allows to fuzz them -- up until now,
the linker did not see the dependency and fuzzing them
returned AVERROR_BUG during init.
It took just a few seconds here to run into an assert
due to a return value of AVERROR(EAGAIN) in the decode
callback...
Reviewed-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
ff_mjpeg_decoder is now referenced directly by the relevant
decoders, so that the linker sees the dependency and
just does the desired thing. So remove the hack.
(Btw: The preprocessor does not do string comparisons, instead
undefined tokens in #if checks evaluate to 0, making the check
true regardless of the actual codec fuzzed (and leading to
linker errors if the mjpeg decoder is disabled).)
Reviewed-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This is simpler than calling avcodec_find_decoder().
Notice that av_codec_init_static() has already been called
by the time we reach these decoders' init functions,
so it is not necessary to call avcodec_find_decoder()
for it (which doesn't do anything for the mjpeg decoder
anyway).
Reviewed-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
According to RFC 6416 the audio stream sender can pass the data rate
for the audio bitstream as "bitrate=" media format parameter.
Signed-off-by: Marvin Scholz <epirat07@gmail.com>
Right now it is possible for the pointer for the current frame to
be set in the context even when it could not be properly set up;
this does not influence the ordinary ref frames, but only
VP8Context.prev_frame. And since this code has been ported to the
ProgressFrame API in d48d7bc434,
this leads to segfaults, because the ProgressFrame API is less
forgiving than the ThreadFrame API (waiting on an uninitialized
ProgressFrame segfaults, waiting on an uninitialized ThreadFrame
is a no-op (the code behaves as if frame-threading is not in use)).
Fix this by maintaining the consistency of the frame pointers
in the context (by setting them later).
Fixes: NULL pointer dereference
Fixes: 68192/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP8_fuzzer-6180311026171904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Avoids a potential overflow when multiplying nb_colors by 6.
Also make the nb_colors check a bit more strict.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
It is written as region_id which is a single byte.
Also fixes a potential (defined) overflow in the num_rects * 6
multiplication later; this has been found by 김승호 <kimsho98@naver.com>.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
We have already calculated the size of the packet
and therefore don't need to rely on these implicit checks.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This can be easily done because we have a count of the number of
values and the length of the associated codes. This allows
to switch to ff_get_encode_buffer() and thereby avoids an implicit
intermediate buffer.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Given that we can calculate the size of each slice in advance,
we can determine the position in the output packet where it
needs to be put and can therefore avoid the intermediate buffer.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The earlier code only used the counts from the last slice.
The two FATE tests using slices show compression improvements
due to this.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
