From ac552a4f82f170fb314d42e5919395f2af2fc555 Mon Sep 17 00:00:00 2001 From: Gwenole Beauchesne Date: Tue, 4 Oct 2011 14:04:42 +0200 Subject: [PATCH] codecparsers: vc1: fix BFRACTION parser (values range + overflow). --- gst-libs/gst/codecparsers/gstvc1parser.c | 15 ++++++++------- gst-libs/gst/codecparsers/gstvc1parser.h | 9 ++++++--- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/gst-libs/gst/codecparsers/gstvc1parser.c b/gst-libs/gst/codecparsers/gstvc1parser.c index a323150..0c4455e 100644 --- a/gst-libs/gst/codecparsers/gstvc1parser.c +++ b/gst-libs/gst/codecparsers/gstvc1parser.c @@ -147,9 +147,6 @@ const guint8 mvmode2_table[2][4] = { GST_VC1_MVMODE_1MV_HPEL_BILINEAR} }; -#define GST_VC1_BFRACTION_RESERVED (GST_VC1_BFRACTION_BASIS + 1) -#define GST_VC1_BFRACTION_PTYPE_BI (GST_VC1_BFRACTION_BASIS + 2) - /* Table 40: BFRACTION VLC Table */ static const VLCTable vc1_bfraction_vlc_table[] = { {GST_VC1_BFRACTION_BASIS / 2, 0x00, 3}, @@ -815,10 +812,12 @@ parse_frame_header_advanced (GstBitReader * br, GstVC1FrameHdr * framehdr, } if (framehdr->ptype == GST_VC1_PICTURE_TYPE_B) { - if (!decode_vlc (br, (guint *) & pic->bfraction, vc1_bfraction_vlc_table, + guint bfraction; + if (!decode_vlc (br, &bfraction, vc1_bfraction_vlc_table, G_N_ELEMENTS (vc1_bfraction_vlc_table))) goto failed; + pic->bfraction = bfraction; GST_DEBUG ("bfraction %u", pic->bfraction); if (pic->bfraction == GST_VC1_BFRACTION_PTYPE_BI) { @@ -1041,15 +1040,17 @@ parse_frame_header (GstBitReader * br, GstVC1FrameHdr * framehdr, if (framehdr->ptype == GST_VC1_PICTURE_TYPE_B) { - - if (!decode_vlc (br, (guint *) & pic->bfraction, vc1_bfraction_vlc_table, + guint bfraction; + if (!decode_vlc (br, &bfraction, vc1_bfraction_vlc_table, G_N_ELEMENTS (vc1_bfraction_vlc_table))) goto failed; + pic->bfraction = bfraction; + GST_DEBUG ("bfraction %d", pic->bfraction); + if (pic->bfraction == GST_VC1_BFRACTION_PTYPE_BI) { framehdr->ptype = GST_VC1_PICTURE_TYPE_BI; } - GST_DEBUG ("bfraction= %d", pic->bfraction); } if (framehdr->ptype == GST_VC1_PICTURE_TYPE_I || diff --git a/gst-libs/gst/codecparsers/gstvc1parser.h b/gst-libs/gst/codecparsers/gstvc1parser.h index d058f0f..08293e5 100644 --- a/gst-libs/gst/codecparsers/gstvc1parser.h +++ b/gst-libs/gst/codecparsers/gstvc1parser.h @@ -37,7 +37,10 @@ G_BEGIN_DECLS * @GST_VC1_BFRACTION_BASIS: The @bfraction variable should be divided * by this constant to have the actual value. */ -#define GST_VC1_BFRACTION_BASIS 256 +#define GST_VC1_BFRACTION_BASIS 840 + +#define GST_VC1_BFRACTION_RESERVED (GST_VC1_BFRACTION_BASIS + 1) +#define GST_VC1_BFRACTION_PTYPE_BI (GST_VC1_BFRACTION_BASIS + 2) typedef enum { GST_VC1_END_OF_SEQ = 0x0A, @@ -350,7 +353,7 @@ struct _GstVC1PicSimpleMain /* B and BI picture only * Should be divided by #GST_VC1_BFRACTION_BASIS * to get the real value. */ - guint8 bfraction; + guint16 bfraction; /* Biplane value, those fields only mention the fact * that the bitplane is in raw mode or not */ @@ -392,7 +395,7 @@ struct _GstVC1PicAdvanced /* B and BI picture only * Should be divided by #GST_VC1_BFRACTION_BASIS * to get the real value. */ - guint8 bfraction; + guint16 bfraction; /* ppic */ guint8 mvmode2; -- 2.7.4