static int expand_rle_row16(SgiState *s, uint16_t *out_buf,
int len, int pixelstride)
{
unsigned short pixel;
unsigned char count;
unsigned short *orig = out_buf;
uint16_t *out_end = out_buf + len;
while (out_buf < out_end) {
if (bytestream2_get_bytes_left(&s->g) < 2)
return AVERROR_INVALIDDATA;
pixel = bytestream2_get_be16u(&s->g);
if (!(count = (pixel & 0x7f)))
break;
/* Check for buffer overflow. */
if (pixelstride * (count - 1) >= len) {
av_log(s->avctx, AV_LOG_ERROR, "Invalid pixel count.\n");
return AVERROR_INVALIDDATA;
}
if (pixel & 0x80) {
while (count--) {
pixel = bytestream2_get_ne16(&s->g);
AV_WN16A(out_buf, pixel);
out_buf += pixelstride;
}
} else {
pixel = bytestream2_get_ne16(&s->g);
while (count--) {
AV_WN16A(out_buf, pixel);
out_buf += pixelstride;
}
}
}
return (out_buf - orig) / pixelstride;
}
static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
AVPacket *avpkt)
{
AVFrame *frame = data;
const uint8_t *buf = avpkt->data;
const uint8_t *buf_end = buf + avpkt->size;
KgvContext * const c = avctx->priv_data;
int offsets[8];
uint8_t *out, *prev;
int outcnt = 0, maxcnt;
int w, h, i, res;
if (avpkt->size < 2)
return AVERROR_INVALIDDATA;
w = (buf[0] + 1) * 8;
h = (buf[1] + 1) * 8;
buf += 2;
if ((res = av_image_check_size(w, h, 0, avctx)) < 0)
return res;
if (w != avctx->width || h != avctx->height) {
av_frame_unref(c->prev);
avcodec_set_dimensions(avctx, w, h);
}
maxcnt = w * h;
if ((res = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
return res;
out = frame->data[0];
if (c->prev->data[0]) {
prev = c->prev->data[0];
} else {
prev = NULL;
}
for (i = 0; i < 8; i++)
offsets[i] = -1;
while (outcnt < maxcnt && buf_end - 2 >= buf) {
int code = AV_RL16(buf);
buf += 2;
if (!(code & 0x8000)) {
AV_WN16A(&out[2 * outcnt], code); // rgb555 pixel coded directly
outcnt++;
} else {
int count;
if ((code & 0x6000) == 0x6000) {
// copy from previous frame
int oidx = (code >> 10) & 7;
int start;
count = (code & 0x3FF) + 3;
if (offsets[oidx] < 0) {
if (buf_end - 3 < buf)
break;
offsets[oidx] = AV_RL24(buf);
buf += 3;
}
start = (outcnt + offsets[oidx]) % maxcnt;
if (maxcnt - start < count || maxcnt - outcnt < count)
break;
if (!prev) {
av_log(avctx, AV_LOG_ERROR,
"Frame reference does not exist\n");
break;
}
memcpy(out + 2 * outcnt, prev + 2 * start, 2 * count);
} else {
// copy from earlier in this frame
int offset = (code & 0x1FFF) + 1;
if (!(code & 0x6000)) {
count = 2;
} else if ((code & 0x6000) == 0x2000) {
count = 3;
} else {
if (buf_end - 1 < buf)
break;
count = 4 + *buf++;
}
if (outcnt < offset || maxcnt - outcnt < count)
break;
av_memcpy_backptr(out + 2 * outcnt, 2 * offset, 2 * count);
}
outcnt += count;
}