1/* 2 * Discworld II BMV video decoder 3 * Copyright (c) 2011 Konstantin Shishkov 4 * 5 * This file is part of FFmpeg. 6 * 7 * FFmpeg is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2.1 of the License, or (at your option) any later version. 11 * 12 * FFmpeg is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with FFmpeg; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 */ 21 22#include "libavutil/avassert.h" 23#include "libavutil/common.h" 24 25#include "avcodec.h" 26#include "bytestream.h" 27#include "codec_internal.h" 28#include "internal.h" 29 30enum BMVFlags{ 31 BMV_NOP = 0, 32 BMV_END, 33 BMV_DELTA, 34 BMV_INTRA, 35 36 BMV_SCROLL = 0x04, 37 BMV_PALETTE = 0x08, 38 BMV_COMMAND = 0x10, 39 BMV_AUDIO = 0x20, 40 BMV_EXT = 0x40, 41 BMV_PRINT = 0x80 42}; 43 44#define SCREEN_WIDE 640 45#define SCREEN_HIGH 429 46 47typedef struct BMVDecContext { 48 AVCodecContext *avctx; 49 50 uint8_t *frame, frame_base[SCREEN_WIDE * (SCREEN_HIGH + 1)]; 51 uint32_t pal[256]; 52 const uint8_t *stream; 53} BMVDecContext; 54 55#define NEXT_BYTE(v) (v) = forward ? (v) + 1 : (v) - 1; 56 57static int decode_bmv_frame(const uint8_t *source, int src_len, uint8_t *frame, int frame_off) 58{ 59 unsigned val, saved_val = 0; 60 int tmplen = src_len; 61 const uint8_t *src, *source_end = source + src_len; 62 uint8_t *frame_end = frame + SCREEN_WIDE * SCREEN_HIGH; 63 uint8_t *dst, *dst_end; 64 int len, mask; 65 int forward = (frame_off <= -SCREEN_WIDE) || (frame_off >= 0); 66 int read_two_nibbles, flag; 67 int advance_mode; 68 int mode = 0; 69 int i; 70 71 if (src_len <= 0) 72 return AVERROR_INVALIDDATA; 73 74 if (forward) { 75 src = source; 76 dst = frame; 77 dst_end = frame_end; 78 } else { 79 src = source + src_len - 1; 80 dst = frame_end - 1; 81 dst_end = frame - 1; 82 } 83 for (;;) { 84 int shift = 0; 85 flag = 0; 86 87 /* The mode/len decoding is a bit strange: 88 * values are coded as variable-length codes with nibble units, 89 * code end is signalled by two top bits in the nibble being nonzero. 90 * And since data is bytepacked and we read two nibbles at a time, 91 * we may get a nibble belonging to the next code. 92 * Hence this convoluted loop. 93 */ 94 if (!mode || (tmplen == 4)) { 95 if (src < source || src >= source_end) 96 return AVERROR_INVALIDDATA; 97 val = *src; 98 read_two_nibbles = 1; 99 } else { 100 val = saved_val; 101 read_two_nibbles = 0; 102 } 103 if (!(val & 0xC)) { 104 for (;;) { 105 if(shift>22) 106 return -1; 107 if (!read_two_nibbles) { 108 if (src < source || src >= source_end) 109 return AVERROR_INVALIDDATA; 110 shift += 2; 111 val |= (unsigned)*src << shift; 112 if (*src & 0xC) 113 break; 114 } 115 // two upper bits of the nibble is zero, 116 // so shift top nibble value down into their place 117 read_two_nibbles = 0; 118 shift += 2; 119 mask = (1 << shift) - 1; 120 val = ((val >> 2) & ~mask) | (val & mask); 121 NEXT_BYTE(src); 122 if ((val & (0xC << shift))) { 123 flag = 1; 124 break; 125 } 126 } 127 } else if (mode) { 128 flag = tmplen != 4; 129 } 130 if (flag) { 131 tmplen = 4; 132 } else { 133 saved_val = val >> (4 + shift); 134 tmplen = 0; 135 val &= (1 << (shift + 4)) - 1; 136 NEXT_BYTE(src); 137 } 138 advance_mode = val & 1; 139 len = (val >> 1) - 1; 140 av_assert0(len>0); 141 mode += 1 + advance_mode; 142 if (mode >= 4) 143 mode -= 3; 144 if (len <= 0 || FFABS(dst_end - dst) < len) 145 return AVERROR_INVALIDDATA; 146 switch (mode) { 147 case 1: 148 if (forward) { 149 if (dst - frame + SCREEN_WIDE < frame_off || 150 dst - frame + SCREEN_WIDE + frame_off < 0 || 151 frame_end - dst < frame_off + len || 152 frame_end - dst < len) 153 return AVERROR_INVALIDDATA; 154 for (i = 0; i < len; i++) 155 dst[i] = dst[frame_off + i]; 156 dst += len; 157 } else { 158 dst -= len; 159 if (dst - frame + SCREEN_WIDE < frame_off || 160 dst - frame + SCREEN_WIDE + frame_off < 0 || 161 frame_end - dst < frame_off + len || 162 frame_end - dst < len) 163 return AVERROR_INVALIDDATA; 164 for (i = len - 1; i >= 0; i--) 165 dst[i] = dst[frame_off + i]; 166 } 167 break; 168 case 2: 169 if (forward) { 170 if (source + src_len - src < len) 171 return AVERROR_INVALIDDATA; 172 memcpy(dst, src, len); 173 dst += len; 174 src += len; 175 } else { 176 if (src - source < len) 177 return AVERROR_INVALIDDATA; 178 dst -= len; 179 src -= len; 180 memcpy(dst, src, len); 181 } 182 break; 183 case 3: 184 val = forward ? dst[-1] : dst[1]; 185 if (forward) { 186 memset(dst, val, len); 187 dst += len; 188 } else { 189 dst -= len; 190 memset(dst, val, len); 191 } 192 break; 193 } 194 if (dst == dst_end) 195 return 0; 196 } 197} 198 199static int decode_frame(AVCodecContext *avctx, AVFrame *frame, 200 int *got_frame, AVPacket *pkt) 201{ 202 BMVDecContext * const c = avctx->priv_data; 203 int type, scr_off; 204 int i, ret; 205 uint8_t *srcptr, *outptr; 206 207 c->stream = pkt->data; 208 type = bytestream_get_byte(&c->stream); 209 if (type & BMV_AUDIO) { 210 int blobs = bytestream_get_byte(&c->stream); 211 if (pkt->size < blobs * 65 + 2) { 212 av_log(avctx, AV_LOG_ERROR, "Audio data doesn't fit in frame\n"); 213 return AVERROR_INVALIDDATA; 214 } 215 c->stream += blobs * 65; 216 } 217 if (type & BMV_COMMAND) { 218 int command_size = (type & BMV_PRINT) ? 8 : 10; 219 if (c->stream - pkt->data + command_size > pkt->size) { 220 av_log(avctx, AV_LOG_ERROR, "Command data doesn't fit in frame\n"); 221 return AVERROR_INVALIDDATA; 222 } 223 c->stream += command_size; 224 } 225 if (type & BMV_PALETTE) { 226 if (c->stream - pkt->data > pkt->size - 768) { 227 av_log(avctx, AV_LOG_ERROR, "Palette data doesn't fit in frame\n"); 228 return AVERROR_INVALIDDATA; 229 } 230 for (i = 0; i < 256; i++) 231 c->pal[i] = 0xFFU << 24 | bytestream_get_be24(&c->stream); 232 } 233 if (type & BMV_SCROLL) { 234 if (c->stream - pkt->data > pkt->size - 2) { 235 av_log(avctx, AV_LOG_ERROR, "Screen offset data doesn't fit in frame\n"); 236 return AVERROR_INVALIDDATA; 237 } 238 scr_off = (int16_t)bytestream_get_le16(&c->stream); 239 } else if ((type & BMV_INTRA) == BMV_INTRA) { 240 scr_off = -640; 241 } else { 242 scr_off = 0; 243 } 244 245 if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) 246 return ret; 247 248 if (decode_bmv_frame(c->stream, pkt->size - (c->stream - pkt->data), c->frame, scr_off)) { 249 av_log(avctx, AV_LOG_ERROR, "Error decoding frame data\n"); 250 return AVERROR_INVALIDDATA; 251 } 252 253 memcpy(frame->data[1], c->pal, AVPALETTE_SIZE); 254 frame->palette_has_changed = type & BMV_PALETTE; 255 256 outptr = frame->data[0]; 257 srcptr = c->frame; 258 259 for (i = 0; i < avctx->height; i++) { 260 memcpy(outptr, srcptr, avctx->width); 261 srcptr += avctx->width; 262 outptr += frame->linesize[0]; 263 } 264 265 *got_frame = 1; 266 267 /* always report that the buffer was completely consumed */ 268 return pkt->size; 269} 270 271static av_cold int decode_init(AVCodecContext *avctx) 272{ 273 BMVDecContext * const c = avctx->priv_data; 274 275 c->avctx = avctx; 276 avctx->pix_fmt = AV_PIX_FMT_PAL8; 277 278 if (avctx->width != SCREEN_WIDE || avctx->height != SCREEN_HIGH) { 279 av_log(avctx, AV_LOG_ERROR, "Invalid dimension %dx%d\n", avctx->width, avctx->height); 280 return AVERROR_INVALIDDATA; 281 } 282 283 c->frame = c->frame_base + 640; 284 285 return 0; 286} 287 288const FFCodec ff_bmv_video_decoder = { 289 .p.name = "bmv_video", 290 .p.long_name = NULL_IF_CONFIG_SMALL("Discworld II BMV video"), 291 .p.type = AVMEDIA_TYPE_VIDEO, 292 .p.id = AV_CODEC_ID_BMV_VIDEO, 293 .priv_data_size = sizeof(BMVDecContext), 294 .init = decode_init, 295 FF_CODEC_DECODE_CB(decode_frame), 296 .p.capabilities = AV_CODEC_CAP_DR1, 297 .caps_internal = FF_CODEC_CAP_INIT_THREADSAFE, 298}; 299