Subversion Repositories Kolibri OS

Rev

Go to most recent revision | Blame | Last modification | View Log | RSS feed

  1. /*
  2.  * MMS protocol common definitions.
  3.  * Copyright (c) 2006,2007 Ryan Martell
  4.  * Copyright (c) 2007 Björn Axelsson
  5.  * Copyright (c) 2010 Zhentan Feng <spyfeng at gmail dot com>
  6.  *
  7.  * This file is part of FFmpeg.
  8.  *
  9.  * FFmpeg is free software; you can redistribute it and/or
  10.  * modify it under the terms of the GNU Lesser General Public
  11.  * License as published by the Free Software Foundation; either
  12.  * version 2.1 of the License, or (at your option) any later version.
  13.  *
  14.  * FFmpeg is distributed in the hope that it will be useful,
  15.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17.  * Lesser General Public License for more details.
  18.  *
  19.  * You should have received a copy of the GNU Lesser General Public
  20.  * License along with FFmpeg; if not, write to the Free Software
  21.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  22.  */
  23. #include "mms.h"
  24. #include "asf.h"
  25. #include "libavutil/intreadwrite.h"
  26.  
  27. #define MMS_MAX_STREAMS 256    /**< arbitrary sanity check value */
  28.  
  29. int ff_mms_read_header(MMSContext *mms, uint8_t *buf, const int size)
  30. {
  31.     char *pos;
  32.     int size_to_copy;
  33.     int remaining_size = mms->asf_header_size - mms->asf_header_read_size;
  34.     size_to_copy = FFMIN(size, remaining_size);
  35.     pos = mms->asf_header + mms->asf_header_read_size;
  36.     memcpy(buf, pos, size_to_copy);
  37.     if (mms->asf_header_read_size == mms->asf_header_size) {
  38.         av_freep(&mms->asf_header); // which contains asf header
  39.     }
  40.     mms->asf_header_read_size += size_to_copy;
  41.     return size_to_copy;
  42. }
  43.  
  44. int ff_mms_read_data(MMSContext *mms, uint8_t *buf, const int size)
  45. {
  46.     int read_size;
  47.     read_size = FFMIN(size, mms->remaining_in_len);
  48.     memcpy(buf, mms->read_in_ptr, read_size);
  49.     mms->remaining_in_len -= read_size;
  50.     mms->read_in_ptr      += read_size;
  51.     return read_size;
  52. }
  53.  
  54. int ff_mms_asf_header_parser(MMSContext *mms)
  55. {
  56.     uint8_t *p = mms->asf_header;
  57.     uint8_t *end;
  58.     int flags, stream_id;
  59.     mms->stream_num = 0;
  60.  
  61.     if (mms->asf_header_size < sizeof(ff_asf_guid) * 2 + 22 ||
  62.         memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) {
  63.         av_log(NULL, AV_LOG_ERROR,
  64.                "Corrupt stream (invalid ASF header, size=%d)\n",
  65.                mms->asf_header_size);
  66.         return AVERROR_INVALIDDATA;
  67.     }
  68.  
  69.     end = mms->asf_header + mms->asf_header_size;
  70.  
  71.     p += sizeof(ff_asf_guid) + 14;
  72.     while(end - p >= sizeof(ff_asf_guid) + 8) {
  73.         uint64_t chunksize;
  74.         if (!memcmp(p, ff_asf_data_header, sizeof(ff_asf_guid))) {
  75.             chunksize = 50; // see Reference [2] section 5.1
  76.         } else {
  77.             chunksize = AV_RL64(p + sizeof(ff_asf_guid));
  78.         }
  79.         if (!chunksize || chunksize > end - p) {
  80.             av_log(NULL, AV_LOG_ERROR,
  81.                    "Corrupt stream (header chunksize %"PRId64" is invalid)\n",
  82.                    chunksize);
  83.             return AVERROR_INVALIDDATA;
  84.         }
  85.         if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) {
  86.             /* read packet size */
  87.             if (end - p > sizeof(ff_asf_guid) * 2 + 68) {
  88.                 mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64);
  89.                 if (mms->asf_packet_len <= 0 || mms->asf_packet_len > sizeof(mms->in_buffer)) {
  90.                     av_log(NULL, AV_LOG_ERROR,
  91.                            "Corrupt stream (too large pkt_len %d)\n",
  92.                            mms->asf_packet_len);
  93.                     return AVERROR_INVALIDDATA;
  94.                 }
  95.             }
  96.         } else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) {
  97.             flags     = AV_RL16(p + sizeof(ff_asf_guid)*3 + 24);
  98.             stream_id = flags & 0x7F;
  99.             //The second condition is for checking CS_PKT_STREAM_ID_REQUEST packet size,
  100.             //we can calcuate the packet size by stream_num.
  101.             //Please see function send_stream_selection_request().
  102.             if (mms->stream_num < MMS_MAX_STREAMS &&
  103.                     46 + mms->stream_num * 6 < sizeof(mms->out_buffer)) {
  104.                 mms->streams = av_fast_realloc(mms->streams,
  105.                                    &mms->nb_streams_allocated,
  106.                                    (mms->stream_num + 1) * sizeof(MMSStream));
  107.                 mms->streams[mms->stream_num].id = stream_id;
  108.                 mms->stream_num++;
  109.             } else {
  110.                 av_log(NULL, AV_LOG_ERROR,
  111.                        "Corrupt stream (too many A/V streams)\n");
  112.                 return AVERROR_INVALIDDATA;
  113.             }
  114.         } else if (!memcmp(p, ff_asf_ext_stream_header, sizeof(ff_asf_guid))) {
  115.             if (end - p >= 88) {
  116.                 int stream_count = AV_RL16(p + 84), ext_len_count = AV_RL16(p + 86);
  117.                 uint64_t skip_bytes = 88;
  118.                 while (stream_count--) {
  119.                     if (end - p < skip_bytes + 4) {
  120.                         av_log(NULL, AV_LOG_ERROR,
  121.                                "Corrupt stream (next stream name length is not in the buffer)\n");
  122.                         return AVERROR_INVALIDDATA;
  123.                     }
  124.                     skip_bytes += 4 + AV_RL16(p + skip_bytes + 2);
  125.                 }
  126.                 while (ext_len_count--) {
  127.                     if (end - p < skip_bytes + 22) {
  128.                         av_log(NULL, AV_LOG_ERROR,
  129.                                "Corrupt stream (next extension system info length is not in the buffer)\n");
  130.                         return AVERROR_INVALIDDATA;
  131.                     }
  132.                     skip_bytes += 22 + AV_RL32(p + skip_bytes + 18);
  133.                 }
  134.                 if (end - p < skip_bytes) {
  135.                     av_log(NULL, AV_LOG_ERROR,
  136.                            "Corrupt stream (the last extension system info length is invalid)\n");
  137.                     return AVERROR_INVALIDDATA;
  138.                 }
  139.                 if (chunksize - skip_bytes > 24)
  140.                     chunksize = skip_bytes;
  141.             }
  142.         } else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) {
  143.             chunksize = 46; // see references [2] section 3.4. This should be set 46.
  144.         }
  145.         p += chunksize;
  146.     }
  147.  
  148.     return 0;
  149. }
  150.