[deb_ffmpeg.git] / ffmpeg / libavformat / mms.c

/*
 * MMS protocol common definitions.
 * Copyright (c) 2006,2007 Ryan Martell
 * Copyright (c) 2007 Björn Axelsson
 * Copyright (c) 2010 Zhentan Feng <spyfeng at gmail dot com>
 *
 * This file is part of FFmpeg.
 *
 * FFmpeg is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * FFmpeg is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with FFmpeg; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 */
#include "mms.h"
#include "asf.h"
#include "libavutil/intreadwrite.h"

#define MMS_MAX_STREAMS 256    /**< arbitrary sanity check value */

int ff_mms_read_header(MMSContext *mms, uint8_t *buf, const int size)
{
    char *pos;
    int size_to_copy;
    int remaining_size = mms->asf_header_size - mms->asf_header_read_size;
    size_to_copy = FFMIN(size, remaining_size);
    pos = mms->asf_header + mms->asf_header_read_size;
    memcpy(buf, pos, size_to_copy);
    if (mms->asf_header_read_size == mms->asf_header_size) {
        av_freep(&mms->asf_header); // which contains asf header
    }
    mms->asf_header_read_size += size_to_copy;
    return size_to_copy;
}

int ff_mms_read_data(MMSContext *mms, uint8_t *buf, const int size)
{
    int read_size;
    read_size = FFMIN(size, mms->remaining_in_len);
    memcpy(buf, mms->read_in_ptr, read_size);
    mms->remaining_in_len -= read_size;
    mms->read_in_ptr      += read_size;
    return read_size;
}

int ff_mms_asf_header_parser(MMSContext *mms)
{
    uint8_t *p = mms->asf_header;
    uint8_t *end;
    int flags, stream_id;
    mms->stream_num = 0;

    if (mms->asf_header_size < sizeof(ff_asf_guid) * 2 + 22 ||
        memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) {
        av_log(NULL, AV_LOG_ERROR,
               "Corrupt stream (invalid ASF header, size=%d)\n",
               mms->asf_header_size);
        return AVERROR_INVALIDDATA;
    }

    end = mms->asf_header + mms->asf_header_size;

    p += sizeof(ff_asf_guid) + 14;
    while(end - p >= sizeof(ff_asf_guid) + 8) {
        uint64_t chunksize;
        if (!memcmp(p, ff_asf_data_header, sizeof(ff_asf_guid))) {
            chunksize = 50; // see Reference [2] section 5.1
        } else {
            chunksize = AV_RL64(p + sizeof(ff_asf_guid));
        }
        if (!chunksize || chunksize > end - p) {
            av_log(NULL, AV_LOG_ERROR,
                   "Corrupt stream (header chunksize %"PRId64" is invalid)\n",
                   chunksize);
            return AVERROR_INVALIDDATA;
        }
        if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) {
            /* read packet size */
            if (end - p > sizeof(ff_asf_guid) * 2 + 68) {
                mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64);
                if (mms->asf_packet_len <= 0 || mms->asf_packet_len > sizeof(mms->in_buffer)) {
                    av_log(NULL, AV_LOG_ERROR,
                           "Corrupt stream (too large pkt_len %d)\n",
                           mms->asf_packet_len);
                    return AVERROR_INVALIDDATA;
                }
            }
        } else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) {
            flags     = AV_RL16(p + sizeof(ff_asf_guid)*3 + 24);
            stream_id = flags & 0x7F;
            //The second condition is for checking CS_PKT_STREAM_ID_REQUEST packet size,
            //we can calcuate the packet size by stream_num.
            //Please see function send_stream_selection_request().
            if (mms->stream_num < MMS_MAX_STREAMS &&
                    46 + mms->stream_num * 6 < sizeof(mms->out_buffer)) {
                mms->streams = av_fast_realloc(mms->streams,
                                   &mms->nb_streams_allocated,
                                   (mms->stream_num + 1) * sizeof(MMSStream));
                mms->streams[mms->stream_num].id = stream_id;
                mms->stream_num++;
            } else {
                av_log(NULL, AV_LOG_ERROR,
                       "Corrupt stream (too many A/V streams)\n");
                return AVERROR_INVALIDDATA;
            }
        } else if (!memcmp(p, ff_asf_ext_stream_header, sizeof(ff_asf_guid))) {
            if (end - p >= 88) {
                int stream_count = AV_RL16(p + 84), ext_len_count = AV_RL16(p + 86);
                uint64_t skip_bytes = 88;
                while (stream_count--) {
                    if (end - p < skip_bytes + 4) {
                        av_log(NULL, AV_LOG_ERROR,
                               "Corrupt stream (next stream name length is not in the buffer)\n");
                        return AVERROR_INVALIDDATA;
                    }
                    skip_bytes += 4 + AV_RL16(p + skip_bytes + 2);
                }
                while (ext_len_count--) {
                    if (end - p < skip_bytes + 22) {
                        av_log(NULL, AV_LOG_ERROR,
                               "Corrupt stream (next extension system info length is not in the buffer)\n");
                        return AVERROR_INVALIDDATA;
                    }
                    skip_bytes += 22 + AV_RL32(p + skip_bytes + 18);
                }
                if (end - p < skip_bytes) {
                    av_log(NULL, AV_LOG_ERROR,
                           "Corrupt stream (the last extension system info length is invalid)\n");
                    return AVERROR_INVALIDDATA;
                }
                if (chunksize - skip_bytes > 24)
                    chunksize = skip_bytes;
            }
        } else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) {
            chunksize = 46; // see references [2] section 3.4. This should be set 46.
        }
        p += chunksize;
    }

    return 0;
}
Commit	Line	Data
2ba45a60 DM	1	/*
	2	* MMS protocol common definitions.
	3	* Copyright (c) 2006,2007 Ryan Martell
	4	* Copyright (c) 2007 Björn Axelsson
	5	* Copyright (c) 2010 Zhentan Feng <spyfeng at gmail dot com>
	6	*
	7	* This file is part of FFmpeg.
	8	*
	9	* FFmpeg is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU Lesser General Public
	11	* License as published by the Free Software Foundation; either
	12	* version 2.1 of the License, or (at your option) any later version.
	13	*
	14	* FFmpeg is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	* Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public
	20	* License along with FFmpeg; if not, write to the Free Software
	21	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
	22	*/
	23	#include "mms.h"
	24	#include "asf.h"
	25	#include "libavutil/intreadwrite.h"
	26
	27	#define MMS_MAX_STREAMS 256 /*< arbitrary sanity check value /
	28
	29	int ff_mms_read_header(MMSContext mms, uint8_t buf, const int size)
	30	{
	31	char *pos;
	32	int size_to_copy;
	33	int remaining_size = mms->asf_header_size - mms->asf_header_read_size;
	34	size_to_copy = FFMIN(size, remaining_size);
	35	pos = mms->asf_header + mms->asf_header_read_size;
	36	memcpy(buf, pos, size_to_copy);
	37	if (mms->asf_header_read_size == mms->asf_header_size) {
	38	av_freep(&mms->asf_header); // which contains asf header
	39	}
	40	mms->asf_header_read_size += size_to_copy;
	41	return size_to_copy;
	42	}
	43
	44	int ff_mms_read_data(MMSContext mms, uint8_t buf, const int size)
	45	{
	46	int read_size;
	47	read_size = FFMIN(size, mms->remaining_in_len);
	48	memcpy(buf, mms->read_in_ptr, read_size);
	49	mms->remaining_in_len -= read_size;
	50	mms->read_in_ptr += read_size;
	51	return read_size;
	52	}
	53
	54	int ff_mms_asf_header_parser(MMSContext *mms)
	55	{
	56	uint8_t *p = mms->asf_header;
	57	uint8_t *end;
	58	int flags, stream_id;
	59	mms->stream_num = 0;
	60
	61	if (mms->asf_header_size < sizeof(ff_asf_guid) * 2 + 22 \|\|
	62	memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) {
	63	av_log(NULL, AV_LOG_ERROR,
	64	"Corrupt stream (invalid ASF header, size=%d)\n",
65	mms->asf_header_size);
66	return AVERROR_INVALIDDATA;
67	}
68
69	end = mms->asf_header + mms->asf_header_size;
70
71	p += sizeof(ff_asf_guid) + 14;
72	while(end - p >= sizeof(ff_asf_guid) + 8) {
73	uint64_t chunksize;
74	if (!memcmp(p, ff_asf_data_header, sizeof(ff_asf_guid))) {
75	chunksize = 50; // see Reference [2] section 5.1
76	} else {
77	chunksize = AV_RL64(p + sizeof(ff_asf_guid));
78	}
79	if (!chunksize \|\| chunksize > end - p) {
80	av_log(NULL, AV_LOG_ERROR,
81	"Corrupt stream (header chunksize %"PRId64" is invalid)\n",
82	chunksize);
83	return AVERROR_INVALIDDATA;
84	}
85	if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) {
86	/* read packet size */
87	if (end - p > sizeof(ff_asf_guid) * 2 + 68) {
88	mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64);
89	if (mms->asf_packet_len <= 0 \|\| mms->asf_packet_len > sizeof(mms->in_buffer)) {
90	av_log(NULL, AV_LOG_ERROR,
91	"Corrupt stream (too large pkt_len %d)\n",
92	mms->asf_packet_len);
93	return AVERROR_INVALIDDATA;
94	}
95	}
96	} else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) {
97	flags = AV_RL16(p + sizeof(ff_asf_guid)*3 + 24);
98	stream_id = flags & 0x7F;
99	//The second condition is for checking CS_PKT_STREAM_ID_REQUEST packet size,
100	//we can calcuate the packet size by stream_num.
101	//Please see function send_stream_selection_request().
102	if (mms->stream_num < MMS_MAX_STREAMS &&
103	46 + mms->stream_num * 6 < sizeof(mms->out_buffer)) {
104	mms->streams = av_fast_realloc(mms->streams,
105	&mms->nb_streams_allocated,
106	(mms->stream_num + 1) * sizeof(MMSStream));
107	mms->streams[mms->stream_num].id = stream_id;
108	mms->stream_num++;
109	} else {
110	av_log(NULL, AV_LOG_ERROR,
111	"Corrupt stream (too many A/V streams)\n");
112	return AVERROR_INVALIDDATA;
113	}
114	} else if (!memcmp(p, ff_asf_ext_stream_header, sizeof(ff_asf_guid))) {
115	if (end - p >= 88) {
116	int stream_count = AV_RL16(p + 84), ext_len_count = AV_RL16(p + 86);
117	uint64_t skip_bytes = 88;
118	while (stream_count--) {
119	if (end - p < skip_bytes + 4) {
120	av_log(NULL, AV_LOG_ERROR,
121	"Corrupt stream (next stream name length is not in the buffer)\n");
122	return AVERROR_INVALIDDATA;
123	}
124	skip_bytes += 4 + AV_RL16(p + skip_bytes + 2);
125	}
126	while (ext_len_count--) {
127	if (end - p < skip_bytes + 22) {
128	av_log(NULL, AV_LOG_ERROR,
129	"Corrupt stream (next extension system info length is not in the buffer)\n");
130	return AVERROR_INVALIDDATA;
131	}
132	skip_bytes += 22 + AV_RL32(p + skip_bytes + 18);
133	}
134	if (end - p < skip_bytes) {
135	av_log(NULL, AV_LOG_ERROR,
136	"Corrupt stream (the last extension system info length is invalid)\n");
137	return AVERROR_INVALIDDATA;
138	}
139	if (chunksize - skip_bytes > 24)
140	chunksize = skip_bytes;
141	}
142	} else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) {
143	chunksize = 46; // see references [2] section 3.4. This should be set 46.
144	}
145	p += chunksize;
146	}
147
148	return 0;
149	}