[xiph-cvs] cvs commit: speex/src speexdec.c
Jean-Marc Valin
jm at xiph.org
Mon Jan 6 20:11:04 PST 2003
jm 03/01/06 23:11:04
Modified: libspeex bits.c ltp.c sb_celp.c speex_bits.h
src speexdec.c
Log:
Added some bounds checking when reading bits, including a bug when forcing
higher bit-rates (force-wb on a narrowband stream). Some cleaning up too.
Revision Changes Path
1.23 +33 -0 speex/libspeex/bits.c
Index: bits.c
===================================================================
RCS file: /usr/local/cvsroot/speex/libspeex/bits.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- bits.c 6 Jan 2003 04:18:11 -0000 1.22
+++ bits.c 7 Jan 2003 04:11:04 -0000 1.23
@@ -46,6 +46,7 @@
bits->bytePtr=0;
bits->bitPtr=0;
bits->owner=1;
+ bits->overflow=0;
}
void speex_bits_init_buffer(SpeexBits *bits, void *buff)
@@ -59,6 +60,7 @@
bits->bytePtr=0;
bits->bitPtr=0;
bits->owner=0;
+ bits->overflow=0;
}
void speex_bits_destroy(SpeexBits *bits)
@@ -76,12 +78,14 @@
bits->nbBits=0;
bits->bytePtr=0;
bits->bitPtr=0;
+ bits->overflow=0;
}
void speex_bits_rewind(SpeexBits *bits)
{
bits->bytePtr=0;
bits->bitPtr=0;
+ bits->overflow=0;
}
void speex_bits_read_from(SpeexBits *bits, char *bytes, int len)
@@ -96,6 +100,7 @@
bits->nbBits=len<<3;
bits->bytePtr=0;
bits->bitPtr=0;
+ bits->overflow=0;
}
void speex_bits_flush(SpeexBits *bits)
@@ -184,6 +189,10 @@
unsigned int speex_bits_unpack_unsigned(SpeexBits *bits, int nbBits)
{
unsigned int d=0;
+ if ((bits->bytePtr<<3)+bits->bitPtr+nbBits>bits->nbBits)
+ bits->overflow=1;
+ if (bits->overflow)
+ return 0;
while(nbBits)
{
d<<=1;
@@ -204,6 +213,12 @@
unsigned int d=0;
int bitPtr, bytePtr;
char *bytes;
+
+ if ((bits->bytePtr<<3)+bits->bitPtr+nbBits>bits->nbBits)
+ bits->overflow=1;
+ if (bits->overflow)
+ return 0;
+
bitPtr=bits->bitPtr;
bytePtr=bits->bytePtr;
bytes = bits->bytes;
@@ -224,12 +239,22 @@
int speex_bits_peek(SpeexBits *bits)
{
+ if ((bits->bytePtr<<3)+bits->bitPtr+1>bits->nbBits)
+ bits->overflow=1;
+ if (bits->overflow)
+ return 0;
return (bits->bytes[bits->bytePtr]>>(7-bits->bitPtr))&1;
}
void speex_bits_advance(SpeexBits *bits, int n)
{
int nbytes, nbits;
+
+ if ((bits->bytePtr<<3)+bits->bitPtr+n>bits->nbBits)
+ bits->overflow=1;
+ if (bits->overflow)
+ return;
+
nbytes = n >> 3;
nbits = n & 7;
@@ -241,6 +266,14 @@
bits->bitPtr-=8;
bits->bytePtr++;
}
+}
+
+int speex_bits_remaining(SpeexBits *bits)
+{
+ if (bits->overflow)
+ return -1;
+ else
+ return bits->nbBits-((bits->bytePtr<<3)+bits->bitPtr);
}
int speex_bits_nbytes(SpeexBits *bits)
<p><p>1.69 +0 -13 speex/libspeex/ltp.c
Index: ltp.c
===================================================================
RCS file: /usr/local/cvsroot/speex/libspeex/ltp.c,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- ltp.c 6 Jan 2003 05:56:56 -0000 1.68
+++ ltp.c 7 Jan 2003 04:11:04 -0000 1.69
@@ -312,9 +312,6 @@
for (i=0;i<nsf;i++)
exc[i]=gain[0]*e[2][i]+gain[1]*e[1][i]+gain[2]*e[0][i];
-#ifdef DEBUG
- printf ("3-tap pitch = %d, gains = [%f %f %f]\n",pitch, gain[0], gain[1], gain[2]);
-#endif
err1=0;
err2=0;
@@ -323,9 +320,6 @@
for (i=0;i<nsf;i++)
err2+=(target[i]-gain[2]*x[0][i]-gain[1]*x[1][i]-gain[0]*x[2][i])
* (target[i]-gain[2]*x[0][i]-gain[1]*x[1][i]-gain[0]*x[2][i]);
-#ifdef DEBUG
- printf ("prediction gain = %f\n",err1/(err2+1));
-#endif
return err2;
}
@@ -465,9 +459,6 @@
for (i=0;i<3;i++)
gain[i]*=fact;
-#ifdef DEBUG
- printf ("recovered unquantized pitch: %d, gain: [%f %f %f] (fact=%f)\n", pitch, gain[0], gain[1], gain[2], fact);
-#endif
}
}
@@ -487,10 +478,6 @@
gain_val[0]=gain[0];
gain_val[1]=gain[1];
gain_val[2]=gain[2];
-
-#ifdef DEBUG
- printf ("unquantized pitch: %d %f %f %f\n", pitch, gain[0], gain[1], gain[2]);
-#endif
{
float *e[3];
<p><p>1.113 +5 -2 speex/libspeex/sb_celp.c
Index: sb_celp.c
===================================================================
RCS file: /usr/local/cvsroot/speex/libspeex/sb_celp.c,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -r1.112 -r1.113
--- sb_celp.c 6 Jan 2003 22:06:45 -0000 1.112
+++ sb_celp.c 7 Jan 2003 04:11:04 -0000 1.113
@@ -801,7 +801,7 @@
float *low_pi_gain, *low_exc, *low_innov;
float *awk1, *awk2, *awk3;
float dtx;
-
+
st = (SBDecState*)state;
stack=st->stack;
@@ -829,7 +829,10 @@
}
/*Check "wideband bit"*/
- wideband = speex_bits_peek(bits);
+ if (speex_bits_remaining(bits)>0)
+ wideband = speex_bits_peek(bits);
+ else
+ wideband = 0;
if (wideband)
{
/*Regular wideband frame, read the submode*/
<p><p>1.17 +13 -6 speex/libspeex/speex_bits.h
Index: speex_bits.h
===================================================================
RCS file: /usr/local/cvsroot/speex/libspeex/speex_bits.h,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- speex_bits.h 15 Nov 2002 06:26:50 -0000 1.16
+++ speex_bits.h 7 Jan 2003 04:11:04 -0000 1.17
@@ -45,11 +45,12 @@
/** Bit-packing data structure representing (part of) a bit-stream. */
typedef struct SpeexBits {
- char *bytes; /**< "raw" data */
- int nbBits; /**< Total number of bits stored in the stream*/
- int bytePtr; /**< Position of the byte "cursor" */
- int bitPtr; /**< Position of the bit "cursor" within the current byte */
- int owner; /**< Does the struct "own" the "raw" buffer (member "bytes") */
+ char *bytes; /**< "raw" data */
+ int nbBits; /**< Total number of bits stored in the stream*/
+ int bytePtr; /**< Position of the byte "cursor" */
+ int bitPtr; /**< Position of the bit "cursor" within the current byte */
+ int owner; /**< Does the struct "own" the "raw" buffer (member "bytes") */
+ int overflow;/**< Set to one if we try to read past the valid data */
} SpeexBits;
/** Initializes and allocates resources for a SpeexBits struct */
@@ -127,8 +128,14 @@
*
* @param bits Bit-stream to operate on
* @param n Number of bits to advance
- * */
+ */
void speex_bits_advance(SpeexBits *bits, int n);
+
+/** Returns the number of bits remaining to be read in a stream
+ *
+ * @param bits Bit-stream to operate on
+ */
+int speex_bits_remaining(SpeexBits *bits);
#ifdef __cplusplus
}
<p><p>1.69 +5 -0 speex/src/speexdec.c
Index: speexdec.c
===================================================================
RCS file: /usr/local/cvsroot/speex/src/speexdec.c,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- speexdec.c 6 Jan 2003 22:06:45 -0000 1.68
+++ speexdec.c 7 Jan 2003 04:11:04 -0000 1.69
@@ -569,6 +569,11 @@
fprintf (stderr, "Decoding error: corrupted stream?\n");
break;
}
+ if (speex_bits_remaining(&bits)<0)
+ {
+ fprintf (stderr, "Decoding overflow: corrupted stream?\n");
+ break;
+ }
if (channels==2)
speex_decode_stereo(output, frame_size, &stereo);
<p><p>--- >8 ----
List archives: http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'cvs-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the commits
mailing list