[FFmpeg-devel] [PATCH] Escape 124 (RPL) decoder

Eli Friedman eli.friedman
Fri Mar 28 06:18:37 CET 2008


On Thu, Mar 27, 2008 at 8:49 PM, Michael Niedermayer <michaelni at gmx.at> wrote:
>  > This implementation is extremely prone to crash on invalid streams due
>  > to reading past the end of the buffer.  Any suggestions on how to make
>  > this safer?
>
>  Add a few checks using get_bits_count() and gb.size_in_bits
>  of course dont add more than needed!

Okay, I'll take a shot at it.

>  [...]
>  > +static uint32_t rice_decode(GetBitContext* gb) {
>  > +    uint32_t more_bits, value;
>  > +
>  > +    more_bits = get_bits1(gb);
>  > +    value = more_bits;
>  > +    if (!more_bits)
>  > +        return value;
>  > +
>  > +    more_bits = get_bits(gb, 3);
>  > +    value += more_bits;
>  > +    if (more_bits != (1 << 3) - 1)
>  > +        return value;
>  > +
>  > +    more_bits = get_bits(gb, 7);
>  > +    value += more_bits;
>  > +    if (more_bits != (1 << 7) - 1)
>  > +        return value;
>  > +
>  > +    more_bits = get_bits(gb, 12);
>  > +    value += more_bits;
>  > +    return value;
>  > +}
>
>  This can be simplified, also why is it called rice?

The person who wrote up the bitstream description for this codec
called it RICE_Decode; do you have a better suggestion?

>  Why this odd decode into these weird arrays and then copy into the frame
>  with the above function? IMHO decode one superblock and then copy that into
>  the frame.

Would you prefer the code to insert the macroblocks as it generates them?

That'll mean I have to figure out how to keep around the previous
frame... what's the preferred way to do that?  Decode into a private
buffer and memcpy the result into the returned frame?

-Eli




More information about the ffmpeg-devel mailing list