On Sat, Nov 12, 2022 at 11:39:19AM +1100, Peter Ross wrote:
> Partially fixes ticket #798
> ---
> 
> sample: https://trac.ffmpeg.org/raw-attachment/ticket/798/DaDa_CMP.avi
[...]

> +static av_cold int lead_decode_init(AVCodecContext * avctx)
> +{
> +    static AVOnce init_static_once = AV_ONCE_INIT;
> +    LeadContext *s = avctx->priv_data;
> +
> +    if (avctx->extradata_size < 20)
> +        return AVERROR_INVALIDDATA;
> +
> +    ff_idctdsp_init(&s->idsp, avctx);
> +    ff_permute_scantable(s->permutated_scantable, ff_zigzag_direct, s->idsp.idct_permutation);
> +
> +    ff_thread_once(&init_static_once, lead_init_static_data);
> +
> +    return 0;
> +}
> +
> +static void calc_dequant(uint16_t * dequant, const uint8_t * quant_tbl, int q)
> +{
> +    for (int i = 0; i < 64; i++)
> +        dequant[i] = av_clip(q * quant_tbl[ff_zigzag_direct[i]] / 50, 2, 32767);
> +}
> +

> +static int decode_block(LeadContext * s, GetBitContext * gb,
> +                        const VLCElem * dc_table, int dc_bits, const VLCElem * ac_table, int ac_bits,
> +                        int16_t * dc_pred, const uint16_t * dequant,
> +                        uint8_t * dst, int stride)
> +{
> +    int16_t block[64];
> +    int size;
> +

> +    memset(block, 0, sizeof(block));

clear_block()


> +
> +    size = get_vlc2(gb, dc_table, dc_bits, 1);
> +    if (size < 0)
> +        return AVERROR_INVALIDDATA;
> +
> +    if (size)
> +        *dc_pred += get_xbits(gb, size);
> +
> +    block[0] = (1 << 10) + *dc_pred * dequant[0];
> +
> +    for (int i = 1; i < 64; i++) {

> +        int symbol = get_vlc2(gb, ac_table, ac_bits, 2);
> +        if (size < 0)

i think you want to check symbol here
also if you want you could probably map the unused vlcs to things causing  the i>=64 check to fail later
to avoid a 2nd check but its probably not worth the work for this codec


> +            return AVERROR_INVALIDDATA;
> +
> +        if (!symbol)
> +            break;
> +
> +        i += symbol >> 4;
> +        if (i >= 64)
> +            return AVERROR_INVALIDDATA;
> +
> +        size = symbol & 0xF;
> +        if (size)
> +            block[s->permutated_scantable[i]] = get_xbits(gb, size) * dequant[i];
> +    }
> +
> +    s->idsp.idct_put(dst, stride, block);

    void (*idct_put)(uint8_t *dest /* align 8 */,
                     ptrdiff_t line_size, int16_t *block /* align 16 */);
block needs to be aligned to 16 bytes

[...]

thx
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Never trust a computer, one day, it may think you are the virus. -- Compn