1 /************************************************************************
2  * Copyright (C) 2002-2009, Xiph.org Foundation
3  * Copyright (C) 2010, Robin Watts for Pinknoise Productions Ltd
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  *     * Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  *     * Redistributions in binary form must reproduce the above
13  * copyright notice, this list of conditions and the following disclaimer
14  * in the documentation and/or other materials provided with the
15  * distribution.
16  *     * Neither the names of the Xiph.org Foundation nor Pinknoise
17  * Productions Ltd nor the names of its contributors may be used to
18  * endorse or promote products derived from this software without
19  * specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  ************************************************************************
33 
34  function: basic codebook pack/unpack/code/decode operations
35 
36  ************************************************************************/
37 
38 #include <stdlib.h>
39 #include <string.h>
40 #include <math.h>
41 #include <limits.h>
42 #include <log/log.h>
43 #include "ogg.h"
44 #include "ivorbiscodec.h"
45 #include "codebook.h"
46 #include "misc.h"
47 #include "os.h"
48 
49 #define MARKER_SIZE 33
50 
51 /**** pack/unpack helpers ******************************************/
_ilog(unsigned int v)52 int _ilog(unsigned int v){
53   int ret=0;
54   while(v){
55     ret++;
56     v>>=1;
57   }
58   return(ret);
59 }
60 
decpack(long entry,long used_entry,long quantvals,codebook * b,oggpack_buffer * opb,int maptype)61 static ogg_uint32_t decpack(long entry,long used_entry,long quantvals,
62                             codebook *b,oggpack_buffer *opb,int maptype){
63   ogg_uint32_t ret=0;
64   int j;
65 
66   switch(b->dec_type){
67 
68   case 0:
69     return (ogg_uint32_t)entry;
70 
71   case 1:
72     if(maptype==1){
73       /* vals are already read into temporary column vector here */
74       for(j=0;j<b->dim;j++){
75         ogg_uint32_t off=entry%quantvals;
76         entry/=quantvals;
77         ret|=((ogg_uint16_t *)(b->q_val))[off]<<(b->q_bits*j);
78       }
79     }else{
80       for(j=0;j<b->dim;j++)
81         ret|=oggpack_read(opb,b->q_bits)<<(b->q_bits*j);
82     }
83     return ret;
84 
85   case 2:
86     for(j=0;j<b->dim;j++){
87       ogg_uint32_t off=entry%quantvals;
88       entry/=quantvals;
89       ret|=off<<(b->q_pack*j);
90     }
91     return ret;
92 
93   case 3:
94     return (ogg_uint32_t)used_entry;
95 
96   }
97   return 0; /* silence compiler */
98 }
99 
100 /* 32 bit float (not IEEE; nonnormalized mantissa +
101    biased exponent) : neeeeeee eeemmmmm mmmmmmmm mmmmmmmm
102    Why not IEEE?  It's just not that important here. */
103 
_float32_unpack(long val,int * point)104 static ogg_int32_t _float32_unpack(long val,int *point){
105   long   mant=val&0x1fffff;
106   int    sign=val&0x80000000;
107 
108   *point=((val&0x7fe00000L)>>21)-788;
109 
110   if(mant){
111     while(!(mant&0x40000000)){
112       mant<<=1;
113       *point-=1;
114     }
115     if(sign)mant= -mant;
116   }else{
117     *point=-9999;
118   }
119   return mant;
120 }
121 
122 /* choose the smallest supported node size that fits our decode table.
123    Legal bytewidths are 1/1 1/2 2/2 2/4 4/4 */
_determine_node_bytes(long used,int leafwidth)124 static int _determine_node_bytes(long used, int leafwidth){
125 
126   /* special case small books to size 4 to avoid multiple special
127      cases in repack */
128   if(used<2)
129     return 4;
130 
131   if(leafwidth==3)leafwidth=4;
132   if(_ilog(3*used-6)+1 <= leafwidth*4)
133     return leafwidth/2?leafwidth/2:1;
134   return leafwidth;
135 }
136 
137 /* convenience/clarity; leaves are specified as multiple of node word
138    size (1 or 2) */
_determine_leaf_words(int nodeb,int leafwidth)139 static int _determine_leaf_words(int nodeb, int leafwidth){
140   if(leafwidth>nodeb)return 2;
141   return 1;
142 }
143 
144 /* given a list of word lengths, number of used entries, and byte
145    width of a leaf, generate the decode table */
_make_words(char * l,long n,ogg_uint32_t * r,long quantvals,codebook * b,oggpack_buffer * opb,int maptype)146 static int _make_words(char *l,long n,ogg_uint32_t *r,long quantvals,
147                        codebook *b, oggpack_buffer *opb,int maptype){
148   long i,j,count=0;
149   long top=0;
150   ogg_uint32_t marker[MARKER_SIZE];
151 
152   if (n<1)
153     return 1;
154 
155   if(n<2){
156     r[0]=0x80000000;
157   }else{
158     memset(marker,0,sizeof(marker));
159 
160     for(i=0;i<n;i++){
161       long length=l[i];
162       if(length){
163         if (length < 0 || length >= MARKER_SIZE) {
164           ALOGE("b/23881715");
165           return 1;
166         }
167         ogg_uint32_t entry=marker[length];
168         long chase=0;
169         if(count && !entry)return -1; /* overpopulated tree! */
170 
171         /* chase the tree as far as it's already populated, fill in past */
172         for(j=0;j<length-1;j++){
173           int bit=(entry>>(length-j-1))&1;
174           if(chase>=top){
175             if (chase < 0 || chase >= n) return 1;
176             top++;
177             r[chase*2]=top;
178             r[chase*2+1]=0;
179           }else
180             if (chase < 0 || chase >= n || chase*2+bit > n*2+1) return 1;
181             if(!r[chase*2+bit])
182               r[chase*2+bit]=top;
183           chase=r[chase*2+bit];
184           if (chase < 0 || chase >= n) return 1;
185         }
186         {
187           int bit=(entry>>(length-j-1))&1;
188           if(chase>=top){
189             top++;
190             r[chase*2+1]=0;
191           }
192           r[chase*2+bit]= decpack(i,count++,quantvals,b,opb,maptype) |
193             0x80000000;
194         }
195 
196         /* Look to see if the next shorter marker points to the node
197            above. if so, update it and repeat.  */
198         for(j=length;j>0;j--){
199           if(marker[j]&1){
200             marker[j]=marker[j-1]<<1;
201             break;
202           }
203           marker[j]++;
204         }
205 
206         /* prune the tree; the implicit invariant says all the longer
207            markers were dangling from our just-taken node.  Dangle them
208            from our *new* node. */
209         for(j=length+1;j<MARKER_SIZE;j++)
210           if((marker[j]>>1) == entry){
211             entry=marker[j];
212             marker[j]=marker[j-1]<<1;
213           }else
214             break;
215       }
216     }
217   }
218 
219   // following sanity check copied from libvorbis
220   /* sanity check the huffman tree; an underpopulated tree must be
221      rejected. The only exception is the one-node pseudo-nil tree,
222      which appears to be underpopulated because the tree doesn't
223      really exist; there's only one possible 'codeword' or zero bits,
224      but the above tree-gen code doesn't mark that. */
225   if(b->used_entries != 1){
226     for(i=1;i<MARKER_SIZE;i++)
227       if(marker[i] & (0xffffffffUL>>(32-i))){
228           return 1;
229       }
230   }
231 
232 
233   return 0;
234 }
235 
_make_decode_table(codebook * s,char * lengthlist,long quantvals,oggpack_buffer * opb,int maptype)236 static int _make_decode_table(codebook *s,char *lengthlist,long quantvals,
237                               oggpack_buffer *opb,int maptype){
238   int i;
239   ogg_uint32_t *work;
240 
241   if (!lengthlist) return 1;
242   if(s->dec_nodeb==4){
243     /* Over-allocate by using s->entries instead of used_entries.
244      * This means that we can use s->entries to enforce size in
245      * _make_words without messing up length list looping.
246      * This probably wastes a bit of space, but it shouldn't
247      * impact behavior or size too much.
248      */
249     s->dec_table=_ogg_calloc((s->entries*2+1), sizeof(*work));
250     if (!s->dec_table) return 1;
251     /* +1 (rather than -2) is to accommodate 0 and 1 sized books,
252        which are specialcased to nodeb==4 */
253     if(_make_words(lengthlist,s->entries,
254                    s->dec_table,quantvals,s,opb,maptype))return 1;
255 
256     return 0;
257   }
258 
259   if (s->used_entries > INT_MAX/2 ||
260       s->used_entries*2 > INT_MAX/((long) sizeof(*work)) - 1) return 1;
261   /* Overallocate as above */
262   work=calloc((s->entries*2+1),sizeof(*work));
263   if (!work) return 1;
264   if(_make_words(lengthlist,s->entries,work,quantvals,s,opb,maptype)) goto error_out;
265   if (s->used_entries > INT_MAX/(s->dec_leafw+1)) goto error_out;
266   if (s->dec_nodeb && s->used_entries * (s->dec_leafw+1) > INT_MAX/s->dec_nodeb) goto error_out;
267   s->dec_table=_ogg_calloc((s->used_entries*(s->dec_leafw+1)-2),
268                            s->dec_nodeb);
269   if (!s->dec_table) goto error_out;
270 
271   if(s->dec_leafw==1){
272     switch(s->dec_nodeb){
273     case 1:
274       for(i=0;i<s->used_entries*2-2;i++)
275           ((unsigned char *)s->dec_table)[i]=(unsigned char)
276             (((work[i] & 0x80000000UL) >> 24) | work[i]);
277       break;
278     case 2:
279       for(i=0;i<s->used_entries*2-2;i++)
280           ((ogg_uint16_t *)s->dec_table)[i]=(ogg_uint16_t)
281             (((work[i] & 0x80000000UL) >> 16) | work[i]);
282       break;
283     }
284 
285   }else{
286     /* more complex; we have to do a two-pass repack that updates the
287        node indexing. */
288     long top=s->used_entries*3-2;
289     if(s->dec_nodeb==1){
290       unsigned char *out=(unsigned char *)s->dec_table;
291 
292       for(i=s->used_entries*2-4;i>=0;i-=2){
293         if(work[i]&0x80000000UL){
294           if(work[i+1]&0x80000000UL){
295             top-=4;
296             out[top]=(work[i]>>8 & 0x7f)|0x80;
297             out[top+1]=(work[i+1]>>8 & 0x7f)|0x80;
298             out[top+2]=work[i] & 0xff;
299             out[top+3]=work[i+1] & 0xff;
300           }else{
301             top-=3;
302             out[top]=(work[i]>>8 & 0x7f)|0x80;
303             out[top+1]=work[work[i+1]*2];
304             out[top+2]=work[i] & 0xff;
305           }
306         }else{
307           if(work[i+1]&0x80000000UL){
308             top-=3;
309             out[top]=work[work[i]*2];
310             out[top+1]=(work[i+1]>>8 & 0x7f)|0x80;
311             out[top+2]=work[i+1] & 0xff;
312           }else{
313             top-=2;
314             out[top]=work[work[i]*2];
315             out[top+1]=work[work[i+1]*2];
316           }
317         }
318         work[i]=top;
319       }
320     }else{
321       ogg_uint16_t *out=(ogg_uint16_t *)s->dec_table;
322       for(i=s->used_entries*2-4;i>=0;i-=2){
323         if(work[i]&0x80000000UL){
324           if(work[i+1]&0x80000000UL){
325             top-=4;
326             out[top]=(work[i]>>16 & 0x7fff)|0x8000;
327             out[top+1]=(work[i+1]>>16 & 0x7fff)|0x8000;
328             out[top+2]=work[i] & 0xffff;
329             out[top+3]=work[i+1] & 0xffff;
330           }else{
331             top-=3;
332             out[top]=(work[i]>>16 & 0x7fff)|0x8000;
333             out[top+1]=work[work[i+1]*2];
334             out[top+2]=work[i] & 0xffff;
335           }
336         }else{
337           if(work[i+1]&0x80000000UL){
338             top-=3;
339             out[top]=work[work[i]*2];
340             out[top+1]=(work[i+1]>>16 & 0x7fff)|0x8000;
341             out[top+2]=work[i+1] & 0xffff;
342           }else{
343             top-=2;
344             out[top]=work[work[i]*2];
345             out[top+1]=work[work[i+1]*2];
346           }
347         }
348         work[i]=top;
349       }
350     }
351   }
352 
353   free(work);
354   return 0;
355 error_out:
356   free(work);
357   return 1;
358 }
359 
360 /* most of the time, entries%dimensions == 0, but we need to be
361    well defined.  We define that the possible vales at each
362    scalar is values == entries/dim.  If entries%dim != 0, we'll
363    have 'too few' values (values*dim<entries), which means that
364    we'll have 'left over' entries; left over entries use zeroed
365    values (and are wasted).  So don't generate codebooks like
366    that */
367 /* there might be a straightforward one-line way to do the below
368    that's portable and totally safe against roundoff, but I haven't
369    thought of it.  Therefore, we opt on the side of caution */
_book_maptype1_quantvals(codebook * b)370 long _book_maptype1_quantvals(codebook *b){
371   /* get us a starting hint, we'll polish it below */
372   int bits=_ilog(b->entries);
373   int vals=b->entries>>((bits-1)*(b->dim-1)/b->dim);
374 
375   while(1){
376     long acc=1;
377     long acc1=1;
378     int i;
379     for (i = 0; i < b->dim; i++) {
380       if (acc > b->entries / vals) {
381           break;
382       }
383       acc *= vals;
384       if (acc1 > LONG_MAX / (vals + 1)) {
385         acc1 = LONG_MAX;
386       } else {
387         acc1 *= (vals + 1);
388       }
389     }
390     if (i >= b->dim && acc <= b->entries && acc1 > b->entries) {
391       return(vals);
392     }else{
393       if (i < b->dim || acc > b->entries) {
394         vals--;
395       }else{
396         vals++;
397       }
398     }
399   }
400 }
401 
vorbis_book_clear(codebook * b)402 void vorbis_book_clear(codebook *b){
403   /* static book is not cleared; we're likely called on the lookup and
404      the static codebook belongs to the info struct */
405   if(b->q_val)_ogg_free(b->q_val);
406   if(b->dec_table)_ogg_free(b->dec_table);
407   if(b->dec_buf)_ogg_free(b->dec_buf);
408 
409   memset(b,0,sizeof(*b));
410 }
411 
vorbis_book_unpack(oggpack_buffer * opb,codebook * s)412 int vorbis_book_unpack(oggpack_buffer *opb,codebook *s){
413   char         *lengthlist=NULL;
414   int           quantvals=0;
415   long          i,j;
416   int           maptype;
417 
418   memset(s,0,sizeof(*s));
419 
420   /* make sure alignment is correct */
421   if(oggpack_read(opb,24)!=0x564342)goto _eofout;
422 
423   /* first the basic parameters */
424   s->dim=oggpack_read(opb,16);
425   s->dec_buf=_ogg_calloc(s->dim, sizeof(ogg_int32_t));
426   if (s->dec_buf == NULL)
427       goto _errout;
428   s->entries=oggpack_read(opb,24);
429   if(s->entries<=0)goto _eofout;
430   if(s->dim<=0)goto _eofout;
431   if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
432   if (s->dim > INT_MAX/s->entries) goto _eofout;
433 
434   /* codeword ordering.... length ordered or unordered? */
435   switch((int)oggpack_read(opb,1)){
436   case 0:
437     /* unordered */
438     lengthlist=(char *)calloc(s->entries, sizeof(*lengthlist));
439     if(!lengthlist) goto _eofout;
440 
441     /* allocated but unused entries? */
442     if(oggpack_read(opb,1)){
443       /* yes, unused entries */
444 
445       for(i=0;i<s->entries;i++){
446         if(oggpack_read(opb,1)){
447           long num=oggpack_read(opb,5);
448           if(num==-1)goto _eofout;
449           lengthlist[i]=(char)(num+1);
450           s->used_entries++;
451           if(num+1>s->dec_maxlength)s->dec_maxlength=num+1;
452         }else
453           lengthlist[i]=0;
454       }
455     }else{
456       /* all entries used; no tagging */
457       s->used_entries=s->entries;
458       for(i=0;i<s->entries;i++){
459         long num=oggpack_read(opb,5);
460         if(num==-1)goto _eofout;
461         lengthlist[i]=(char)(num+1);
462         if(num+1>s->dec_maxlength)s->dec_maxlength=num+1;
463       }
464     }
465 
466     break;
467   case 1:
468     /* ordered */
469     {
470       long length=oggpack_read(opb,5)+1;
471 
472       s->used_entries=s->entries;
473       lengthlist=(char *)calloc(s->entries, sizeof(*lengthlist));
474       if (!lengthlist) goto _eofout;
475 
476       for(i=0;i<s->entries;){
477         long num=oggpack_read(opb,_ilog(s->entries-i));
478         if(num<0)goto _eofout;
479         if(length>32) goto _errout;
480         for(j=0;j<num && i<s->entries;j++,i++)
481           lengthlist[i]=(char)length;
482         s->dec_maxlength=length;
483         length++;
484       }
485     }
486     break;
487   default:
488     /* EOF */
489     goto _eofout;
490   }
491 
492 
493   /* Do we have a mapping to unpack? */
494 
495   if((maptype=oggpack_read(opb,4))>0){
496     s->q_min=_float32_unpack(oggpack_read(opb,32),&s->q_minp);
497     s->q_del=_float32_unpack(oggpack_read(opb,32),&s->q_delp);
498     s->q_bits=oggpack_read(opb,4)+1;
499     s->q_seq=oggpack_read(opb,1);
500 
501     s->q_del>>=s->q_bits;
502     s->q_delp+=s->q_bits;
503   }
504 
505   switch(maptype){
506   case 0:
507 
508     /* no mapping; decode type 0 */
509 
510     /* how many bytes for the indexing? */
511     /* this is the correct boundary here; we lose one bit to
512        node/leaf mark */
513     s->dec_nodeb=_determine_node_bytes(s->used_entries,_ilog(s->entries)/8+1);
514     s->dec_leafw=_determine_leaf_words(s->dec_nodeb,_ilog(s->entries)/8+1);
515     s->dec_type=0;
516 
517     if(_make_decode_table(s,lengthlist,quantvals,opb,maptype)) goto _errout;
518     break;
519 
520   case 1:
521 
522     /* mapping type 1; implicit values by lattice  position */
523     quantvals=_book_maptype1_quantvals(s);
524 
525     /* dec_type choices here are 1,2; 3 doesn't make sense */
526     {
527       /* packed values */
528       long total1=(s->q_bits*s->dim+8)/8; /* remember flag bit */
529       if (s->dim > (INT_MAX-8)/s->q_bits) goto _eofout;
530       /* vector of column offsets; remember flag bit */
531       long total2=(_ilog(quantvals-1)*s->dim+8)/8+(s->q_bits+7)/8;
532 
533 
534       if(total1<=4 && total1<=total2){
535         /* use dec_type 1: vector of packed values */
536 
537         /* need quantized values before  */
538         s->q_val=calloc(sizeof(ogg_uint16_t), quantvals);
539         if (!s->q_val) goto _eofout;
540         for(i=0;i<quantvals;i++)
541           ((ogg_uint16_t *)s->q_val)[i]=(ogg_uint16_t)oggpack_read(opb,s->q_bits);
542 
543         if(oggpack_eop(opb)){
544           goto _eofout;
545         }
546 
547         s->dec_type=1;
548         s->dec_nodeb=_determine_node_bytes(s->used_entries,
549                                            (s->q_bits*s->dim+8)/8);
550         s->dec_leafw=_determine_leaf_words(s->dec_nodeb,
551                                            (s->q_bits*s->dim+8)/8);
552         if(_make_decode_table(s,lengthlist,quantvals,opb,maptype)){
553           goto _errout;
554         }
555 
556         free(s->q_val);
557         s->q_val=0;
558 
559       }else{
560         /* use dec_type 2: packed vector of column offsets */
561 
562         /* need quantized values before */
563         if(s->q_bits<=8){
564           s->q_val=_ogg_malloc(quantvals);
565           if (!s->q_val) goto _eofout;
566           for(i=0;i<quantvals;i++)
567             ((unsigned char *)s->q_val)[i]=(unsigned char)oggpack_read(opb,s->q_bits);
568         }else{
569           s->q_val=_ogg_malloc(quantvals*2);
570           if (!s->q_val) goto _eofout;
571           for(i=0;i<quantvals;i++)
572             ((ogg_uint16_t *)s->q_val)[i]=(ogg_uint16_t)oggpack_read(opb,s->q_bits);
573         }
574 
575         if(oggpack_eop(opb))goto _eofout;
576 
577         s->q_pack=_ilog(quantvals-1);
578         s->dec_type=2;
579         s->dec_nodeb=_determine_node_bytes(s->used_entries,
580                                            (_ilog(quantvals-1)*s->dim+8)/8);
581         s->dec_leafw=_determine_leaf_words(s->dec_nodeb,
582                                            (_ilog(quantvals-1)*s->dim+8)/8);
583         if(_make_decode_table(s,lengthlist,quantvals,opb,maptype))goto _errout;
584 
585       }
586     }
587     break;
588   case 2:
589 
590     /* mapping type 2; explicit array of values */
591     quantvals=s->entries*s->dim;
592     /* dec_type choices here are 1,3; 2 is not possible */
593 
594     if( (s->q_bits*s->dim+8)/8 <=4){ /* remember flag bit */
595       /* use dec_type 1: vector of packed values */
596 
597       s->dec_type=1;
598       s->dec_nodeb=_determine_node_bytes(s->used_entries,(s->q_bits*s->dim+8)/8);
599       s->dec_leafw=_determine_leaf_words(s->dec_nodeb,(s->q_bits*s->dim+8)/8);
600       if(_make_decode_table(s,lengthlist,quantvals,opb,maptype))goto _errout;
601 
602     }else{
603       /* use dec_type 3: scalar offset into packed value array */
604 
605       s->dec_type=3;
606       s->dec_nodeb=_determine_node_bytes(s->used_entries,_ilog(s->used_entries-1)/8+1);
607       s->dec_leafw=_determine_leaf_words(s->dec_nodeb,_ilog(s->used_entries-1)/8+1);
608       if(_make_decode_table(s,lengthlist,quantvals,opb,maptype))goto _errout;
609 
610       /* get the vals & pack them */
611       s->q_pack=(s->q_bits+7)/8*s->dim;
612       s->q_val=_ogg_malloc(s->q_pack*s->used_entries);
613 
614       if(s->q_bits<=8){
615         for(i=0;i<s->used_entries*s->dim;i++)
616           ((unsigned char *)(s->q_val))[i]=(unsigned char)oggpack_read(opb,s->q_bits);
617       }else{
618         for(i=0;i<s->used_entries*s->dim;i++)
619           ((ogg_uint16_t *)(s->q_val))[i]=(ogg_uint16_t)oggpack_read(opb,s->q_bits);
620       }
621     }
622     break;
623   default:
624     goto _errout;
625   }
626 
627   if (s->dec_nodeb==1)
628     if (s->dec_leafw == 1)
629       s->dec_method = 0;
630     else
631       s->dec_method = 1;
632   else if (s->dec_nodeb==2)
633     if (s->dec_leafw == 1)
634       s->dec_method = 2;
635     else
636       s->dec_method = 3;
637   else
638     s->dec_method = 4;
639 
640   if(oggpack_eop(opb))goto _eofout;
641 
642   free(lengthlist);
643   return 0;
644  _errout:
645  _eofout:
646   vorbis_book_clear(s);
647   free(lengthlist);
648   free(s->q_val);
649   return -1;
650 }
651 
652 #ifndef ONLY_C
653 ogg_uint32_t decode_packed_entry_number(codebook *book,
654                                         oggpack_buffer *b);
655 #else
decode_packed_entry_number(codebook * book,oggpack_buffer * b)656 static inline ogg_uint32_t decode_packed_entry_number(codebook *book,
657                                                       oggpack_buffer *b){
658   ogg_uint32_t chase=0;
659   int  read=book->dec_maxlength;
660   long lok = oggpack_look(b,read),i;
661 
662   while(lok<0 && read>1)
663     lok = oggpack_look(b, --read);
664 
665   if(lok<0){
666     oggpack_adv(b,1); /* force eop */
667     return -1;
668   }
669 
670   /* chase the tree with the bits we got */
671   switch (book->dec_method)
672   {
673     case 0:
674     {
675       /* book->dec_nodeb==1, book->dec_leafw==1 */
676       /* 8/8 - Used */
677       unsigned char *t=(unsigned char *)book->dec_table;
678 
679       for(i=0;i<read;i++){
680         chase=t[chase*2+((lok>>i)&1)];
681         if(chase&0x80UL)break;
682       }
683       chase&=0x7fUL;
684       break;
685     }
686     case 1:
687     {
688       /* book->dec_nodeb==1, book->dec_leafw!=1 */
689       /* 8/16 - Used by infile2 */
690       unsigned char *t=(unsigned char *)book->dec_table;
691       for(i=0;i<read;i++){
692         int bit=(lok>>i)&1;
693         int next=t[chase+bit];
694         if(next&0x80){
695           chase= (next<<8) | t[chase+bit+1+(!bit || t[chase]&0x80)];
696           break;
697         }
698         chase=next;
699       }
700       //chase&=0x7fffUL;
701       chase&=~0x8000UL;
702       break;
703     }
704     case 2:
705     {
706       /* book->dec_nodeb==2, book->dec_leafw==1 */
707       /* 16/16 - Used */
708       for(i=0;i<read;i++){
709         chase=((ogg_uint16_t *)(book->dec_table))[chase*2+((lok>>i)&1)];
710         if(chase&0x8000UL)break;
711       }
712       //chase&=0x7fffUL;
713       chase&=~0x8000UL;
714       break;
715     }
716     case 3:
717     {
718       /* book->dec_nodeb==2, book->dec_leafw!=1 */
719       /* 16/32 - Used by infile2 */
720       ogg_uint16_t *t=(ogg_uint16_t *)book->dec_table;
721       for(i=0;i<read;i++){
722         int bit=(lok>>i)&1;
723         int next=t[chase+bit];
724         if(next&0x8000){
725           chase= (next<<16) | t[chase+bit+1+(!bit || t[chase]&0x8000)];
726           break;
727         }
728         chase=next;
729       }
730       //chase&=0x7fffffffUL;
731       chase&=~0x80000000UL;
732       break;
733     }
734     case 4:
735     {
736       //Output("32/32");
737       for(i=0;i<read;i++){
738         chase=((ogg_uint32_t *)(book->dec_table))[chase*2+((lok>>i)&1)];
739         if(chase&0x80000000UL)break;
740       }
741       //chase&=0x7fffffffUL;
742       chase&=~0x80000000UL;
743       break;
744     }
745   }
746 
747   if(i<read){
748     oggpack_adv(b,i+1);
749     return chase;
750   }
751   oggpack_adv(b,read+1);
752   return(-1);
753 }
754 #endif
755 
756 /* returns the [original, not compacted] entry number or -1 on eof *********/
vorbis_book_decode(codebook * book,oggpack_buffer * b)757 long vorbis_book_decode(codebook *book, oggpack_buffer *b){
758   if(book->dec_type)return -1;
759  return decode_packed_entry_number(book,b);
760 }
761 
762 #ifndef ONLY_C
763 int decode_map(codebook *s, oggpack_buffer *b, ogg_int32_t *v, int point);
764 #else
decode_map(codebook * s,oggpack_buffer * b,ogg_int32_t * v,int point)765 static int decode_map(codebook *s, oggpack_buffer *b, ogg_int32_t *v, int point){
766   ogg_uint32_t entry = decode_packed_entry_number(s,b);
767   int i;
768   if(oggpack_eop(b))return(-1);
769 
770   /* 1 used by test file 0 */
771 
772   /* according to decode type */
773   switch(s->dec_type){
774   case 1:{
775     /* packed vector of values */
776     int mask=(1<<s->q_bits)-1;
777     for(i=0;i<s->dim;i++){
778       v[i]=entry&mask;
779       entry>>=s->q_bits;
780     }
781     break;
782   }
783   case 2:{
784     /* packed vector of column offsets */
785     int mask=(1<<s->q_pack)-1;
786     for(i=0;i<s->dim;i++){
787       if(s->q_bits<=8)
788         v[i]=((unsigned char *)(s->q_val))[entry&mask];
789       else
790         v[i]=((ogg_uint16_t *)(s->q_val))[entry&mask];
791       entry>>=s->q_pack;
792     }
793     break;
794   }
795   case 3:{
796     /* offset into array */
797     void *ptr=((char *)s->q_val)+entry*s->q_pack;
798 
799     if(s->q_bits<=8){
800       for(i=0;i<s->dim;i++)
801         v[i]=((unsigned char *)ptr)[i];
802     }else{
803       for(i=0;i<s->dim;i++)
804         v[i]=((ogg_uint16_t *)ptr)[i];
805     }
806     break;
807   }
808   default:
809     return -1;
810   }
811 
812   /* we have the unpacked multiplicands; compute final vals */
813   {
814     int         shiftM = point-s->q_delp;
815     ogg_int32_t add    = point-s->q_minp;
816     int         mul    = s->q_del;
817 
818     if(add>0)
819       add= s->q_min >> add;
820     else
821       add= s->q_min << -add;
822     if (shiftM<0)
823     {
824       mul <<= -shiftM;
825       shiftM = 0;
826     }
827     add <<= shiftM;
828 
829     ogg_int32_t tmp;
830     for(i=0;i<s->dim;i++) {
831       if (__builtin_mul_overflow(v[i], mul, &tmp) ||
832               __builtin_add_overflow(tmp, add, &tmp)) {
833           return -1;
834       }
835       v[i] = tmp >> shiftM;
836     }
837 
838     if(s->q_seq)
839       for(i=1;i<s->dim;i++) {
840         if (__builtin_add_overflow(v[i], v[i-1], &v[i])) {
841           return -1;
842         }
843       }
844   }
845 
846   return 0;
847 }
848 #endif
849 
850 /* returns 0 on OK or -1 on eof *************************************/
vorbis_book_decodevs_add(codebook * book,ogg_int32_t * a,oggpack_buffer * b,int n,int point)851 long vorbis_book_decodevs_add(codebook *book,ogg_int32_t *a,
852                               oggpack_buffer *b,int n,int point){
853   if(book->used_entries>0){
854     int step=n/book->dim;
855     ogg_int32_t *v = book->dec_buf;//(ogg_int32_t *)alloca(sizeof(*v)*book->dim);
856     int i,j,o;
857     if (!v) return -1;
858 
859     for (j=0;j<step;j++){
860       if(decode_map(book,b,v,point))return -1;
861       for(i=0,o=j;i<book->dim;i++,o+=step)
862         a[o]+=v[i];
863     }
864   }
865   return 0;
866 }
867 
vorbis_book_decodev_add(codebook * book,ogg_int32_t * a,oggpack_buffer * b,int n,int point)868 long vorbis_book_decodev_add(codebook *book,ogg_int32_t *a,
869                              oggpack_buffer *b,int n,int point){
870   if(book->used_entries>0){
871     ogg_int32_t *v = book->dec_buf;//(ogg_int32_t *)alloca(sizeof(*v)*book->dim);
872     int i,j;
873 
874     if (!v) return -1;
875     for(i=0;i<n;){
876       if(decode_map(book,b,v,point))return -1;
877       for (j=0;j<book->dim && i < n;j++,i++){
878         if (__builtin_add_overflow(a[i], v[j], &a[i])) {
879            a[i] = v[j] > 0 ? INT32_MAX : INT32_MIN;
880         }
881       }
882     }
883   }
884   return 0;
885 }
886 
vorbis_book_decodev_set(codebook * book,ogg_int32_t * a,oggpack_buffer * b,int n,int point)887 long vorbis_book_decodev_set(codebook *book,ogg_int32_t *a,
888                              oggpack_buffer *b,int n,int point){
889   if(book->used_entries>0){
890     ogg_int32_t *v = book->dec_buf;//(ogg_int32_t *)alloca(sizeof(*v)*book->dim);
891     int i,j;
892 
893     if (!v) return -1;
894     for(i=0;i<n;){
895       if(decode_map(book,b,v,point))return -1;
896       for (j=0;j<book->dim && i < n;j++)
897         a[i++]=v[j];
898     }
899   }else{
900     int i,j;
901 
902     for(i=0;i<n;){
903       for (j=0;j<book->dim && i < n;j++)
904         a[i++]=0;
905     }
906   }
907 
908   return 0;
909 }
910 
911 #ifndef ONLY_C
912 long vorbis_book_decodevv_add(codebook *book,ogg_int32_t **a,
913                               long offset,int ch,
914                               oggpack_buffer *b,int n,int point);
915 #else
vorbis_book_decodevv_add(codebook * book,ogg_int32_t ** a,long offset,int ch,oggpack_buffer * b,int n,int point)916 long vorbis_book_decodevv_add(codebook *book,ogg_int32_t **a,
917                               long offset,int ch,
918                               oggpack_buffer *b,int n,int point){
919   if(book->used_entries>0){
920 
921     ogg_int32_t *v = book->dec_buf;//(ogg_int32_t *)alloca(sizeof(*v)*book->dim);
922     long i,j;
923     int chptr=0;
924 
925     if (!v) return -1;
926     for(i=offset;i<offset+n;){
927       if(decode_map(book,b,v,point))return -1;
928       for (j=0;j<book->dim && i < offset + n;j++){
929         a[chptr++][i]+=v[j];
930         if(chptr==ch){
931           chptr=0;
932           i++;
933         }
934       }
935     }
936   }
937 
938   return 0;
939 }
940 #endif
941