VIDEO: Fix an integer overflow when dequantizing the DCT coeffs

See 2968bedf12
2019-04-01 20:41:56 +02:00 · 2019-04-01 20:41:56 +02:00 · 195b4cbd20
commit 195b4cbd20
parent 280a4f2d91
3 changed files with 21 additions and 21 deletions
--- a/video/bink_decoder.cpp
+++ b/video/bink_decoder.cpp
@ -679,8 +679,8 @@ void BinkDecoder::BinkVideoTrack::blockScaledRun(DecodeContext &ctx) {
 }
 void BinkDecoder::BinkVideoTrack::blockScaledIntra(DecodeContext &ctx) {
-	int16 block[64];
+	int32 block[64];
-	memset(block, 0, 64 * sizeof(int16));
+	memset(block, 0, 64 * sizeof(int32));
 	block[0] = getBundleValue(kSourceIntraDC);
@ -688,7 +688,7 @@ void BinkDecoder::BinkVideoTrack::blockScaledIntra(DecodeContext &ctx) {
 	IDCT(block);
-	int16 *src   = block;
+	int32 *src   = block;
 	byte  *dest1 = ctx.dest;
 	byte  *dest2 = ctx.dest + ctx.pitch;
 	for (int j = 0; j < 8; j++, dest1 += (ctx.pitch << 1) - 16, dest2 += (ctx.pitch << 1) - 16, src += 8) {
@ -824,8 +824,8 @@ void BinkDecoder::BinkVideoTrack::blockResidue(DecodeContext &ctx) {
 }
 void BinkDecoder::BinkVideoTrack::blockIntra(DecodeContext &ctx) {
-	int16 block[64];
+	int32 block[64];
-	memset(block, 0, 64 * sizeof(int16));
+	memset(block, 0, 64 * sizeof(int32));
 	block[0] = getBundleValue(kSourceIntraDC);
@ -845,8 +845,8 @@ void BinkDecoder::BinkVideoTrack::blockFill(DecodeContext &ctx) {
 void BinkDecoder::BinkVideoTrack::blockInter(DecodeContext &ctx) {
 	blockMotion(ctx);
-	int16 block[64];
+	int32 block[64];
-	memset(block, 0, 64 * sizeof(int16));
+	memset(block, 0, 64 * sizeof(int32));
 	block[0] = getBundleValue(kSourceInterDC);
@ -1081,7 +1081,7 @@ void BinkDecoder::BinkVideoTrack::readDCS(VideoFrame &video, Bundle &bundle, int
 }
 /** Reads 8x8 block of DCT coefficients. */
-void BinkDecoder::BinkVideoTrack::readDCTCoeffs(VideoFrame &video, int16 *block, bool isIntra) {
+void BinkDecoder::BinkVideoTrack::readDCTCoeffs(VideoFrame &video, int32 *block, bool isIntra) {
 	int coefCount = 0;
 	int coefIdx[64];
@ -1169,7 +1169,7 @@ void BinkDecoder::BinkVideoTrack::readDCTCoeffs(VideoFrame &video, int16 *block,
 	}
 	uint8 quantIdx = video.bits->getBits(4);
-	const uint32 *quant = isIntra ? binkIntraQuant[quantIdx] : binkInterQuant[quantIdx];
+	const int32 *quant = isIntra ? binkIntraQuant[quantIdx] : binkInterQuant[quantIdx];
 	block[0] = (block[0] * quant[0]) >> 11;
 	for (int i = 0; i < coefCount; i++) {
@ -1308,7 +1308,7 @@ void BinkDecoder::BinkVideoTrack::readResidue(VideoFrame &video, int16 *block, i
 #define MUNGE_ROW(x) (((x) + 0x7F)>>8)
 #define IDCT_ROW(dest,src) IDCT_TRANSFORM(dest,0,1,2,3,4,5,6,7,0,1,2,3,4,5,6,7,MUNGE_ROW,src)
-static inline void IDCTCol(int16 *dest, const int16 *src) {
+static inline void IDCTCol(int32 *dest, const int32 *src) {
 	if ((src[8] | src[16] | src[24] | src[32] | src[40] | src[48] | src[56]) == 0) {
 		dest[ 0] =
 		dest[ 8] =
@ -1323,9 +1323,9 @@ static inline void IDCTCol(int16 *dest, const int16 *src) {
 	}
 }
-void BinkDecoder::BinkVideoTrack::IDCT(int16 *block) {
+void BinkDecoder::BinkVideoTrack::IDCT(int32 *block) {
 	int i;
-	int16 temp[64];
+	int32 temp[64];
 	for (i = 0; i < 8; i++)
 		IDCTCol(&temp[i], &block[i]);
@ -1334,7 +1334,7 @@ void BinkDecoder::BinkVideoTrack::IDCT(int16 *block) {
 	}
 }
-void BinkDecoder::BinkVideoTrack::IDCTAdd(DecodeContext &ctx, int16 *block) {
+void BinkDecoder::BinkVideoTrack::IDCTAdd(DecodeContext &ctx, int32 *block) {
 	int i, j;
 	IDCT(block);
@ -1344,9 +1344,9 @@ void BinkDecoder::BinkVideoTrack::IDCTAdd(DecodeContext &ctx, int16 *block) {
 			 dest[j] += block[j];
 }
-void BinkDecoder::BinkVideoTrack::IDCTPut(DecodeContext &ctx, int16 *block) {
+void BinkDecoder::BinkVideoTrack::IDCTPut(DecodeContext &ctx, int32 *block) {
 	int i;
-	int16 temp[64];
+	int32 temp[64];
 	for (i = 0; i < 8; i++)
 		IDCTCol(&temp[i], &block[i]);
 	for (i = 0; i < 8; i++) {
--- a/video/bink_decoder.h
+++ b/video/bink_decoder.h
@ -314,13 +314,13 @@ private:
 		void readPatterns    (VideoFrame &video, Bundle &bundle);
 		void readColors      (VideoFrame &video, Bundle &bundle);
 		void readDCS         (VideoFrame &video, Bundle &bundle, int startBits, bool hasSign);
-		void readDCTCoeffs   (VideoFrame &video, int16 *block, bool isIntra);
+		void readDCTCoeffs   (VideoFrame &video, int32 *block, bool isIntra);
 		void readResidue     (VideoFrame &video, int16 *block, int masksCount);
 		// Bink video IDCT
-		void IDCT(int16 *block);
+		void IDCT(int32 *block);
-		void IDCTPut(DecodeContext &ctx, int16 *block);
+		void IDCTPut(DecodeContext &ctx, int32 *block);
-		void IDCTAdd(DecodeContext &ctx, int16 *block);
+		void IDCTAdd(DecodeContext &ctx, int32 *block);
 	};
 	class BinkAudioTrack : public AudioTrack {
--- a/video/binkdata.h
+++ b/video/binkdata.h
@ -247,7 +247,7 @@ static const uint8 binkPatterns[16][64] = {
 }
 };
-static const uint32 binkIntraQuant[16][64] = {
+static const int32 binkIntraQuant[16][64] = {
 {
 	0x010000, 0x016315, 0x01E83D, 0x02A535, 0x014E7B, 0x016577, 0x02F1E6, 0x02724C,
 	0x010000, 0x00EEDA, 0x024102, 0x017F9B, 0x00BE80, 0x00611E, 0x01083C, 0x00A552,
@ -410,7 +410,7 @@ static const uint32 binkIntraQuant[16][64] = {
 },
 };
-static const uint32 binkInterQuant[16][64] = {
+static const int32 binkInterQuant[16][64] = {
 {
 	0x010000, 0x017946, 0x01A5A9, 0x0248DC, 0x016363, 0x0152A7, 0x0243EC, 0x0209EA,
 	0x012000, 0x00E248, 0x01BBDA, 0x015CBC, 0x00A486, 0x0053E0, 0x00F036, 0x008095,