FFmpeg coverage

Directory: ../../../ffmpeg/
File: src/libavformat/flac_picture.c
Date: 2024-04-26 14:42:52
Exec Total Coverage
Lines: 54 102 52.9%
Functions: 1 1 100.0%
Branches: 22 68 32.4%
Line Branch Exec Source
1 /*
2 * Raw FLAC picture parser
3 * Copyright (c) 2001 Fabrice Bellard
4 *
5 * This file is part of FFmpeg.
6 *
7 * FFmpeg is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * FFmpeg is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with FFmpeg; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 #include "libavutil/intreadwrite.h"
23 #include "libavcodec/bytestream.h"
24 #include "libavcodec/png.h"
25 #include "avformat.h"
26 #include "demux.h"
27 #include "flac_picture.h"
28 #include "id3v2.h"
29 #include "internal.h"
30
31 #define MAX_TRUNC_PICTURE_SIZE (500 * 1024 * 1024)
32
33 17 int ff_flac_parse_picture(AVFormatContext *s, uint8_t **bufp, int buf_size,
34 int truncate_workaround)
35 {
36 17 const CodecMime *mime = ff_id3v2_mime_tags;
37 17 enum AVCodecID id = AV_CODEC_ID_NONE;
38 17 AVBufferRef *data = NULL;
39 17 uint8_t mimetype[64], *buf = *bufp;
40 17 const uint8_t *desc = NULL;
41 GetByteContext g;
42 AVStream *st;
43 17 int width, height, ret = 0;
44 unsigned int type;
45 17 uint32_t len, left, trunclen = 0;
46
47
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 17 times.
 17 if (buf_size < 34) {
48 av_log(s, AV_LOG_ERROR, "Attached picture metadata block too short\n");
49 if (s->error_recognition & AV_EF_EXPLODE)
50 return AVERROR_INVALIDDATA;
51 return 0;
52 }
53
54 17 bytestream2_init(&g, buf, buf_size);
55
56 /* read the picture type */
57 17 type = bytestream2_get_be32u(&g);
58
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 17 times.
 17 if (type >= FF_ARRAY_ELEMS(ff_id3v2_picture_types)) {
59 av_log(s, AV_LOG_ERROR, "Invalid picture type: %d.\n", type);
60 if (s->error_recognition & AV_EF_EXPLODE) {
61 return AVERROR_INVALIDDATA;
62 }
63 type = 0;
64 }
65
66 /* picture mimetype */
67 17 len = bytestream2_get_be32u(&g);
68
2/4
✓ Branch 0 taken 17 times.
✗ Branch 1 not taken.
✗ Branch 2 not taken.
✓ Branch 3 taken 17 times.
 17 if (len <= 0 || len >= sizeof(mimetype)) {
69 av_log(s, AV_LOG_ERROR, "Could not read mimetype from an attached "
70 "picture.\n");
71 if (s->error_recognition & AV_EF_EXPLODE)
72 return AVERROR_INVALIDDATA;
73 return 0;
74 }
75
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 17 times.
 17 if (len + 24 > bytestream2_get_bytes_left(&g)) {
76 av_log(s, AV_LOG_ERROR, "Attached picture metadata block too short\n");
77 if (s->error_recognition & AV_EF_EXPLODE)
78 return AVERROR_INVALIDDATA;
79 return 0;
80 }
81 17 bytestream2_get_bufferu(&g, mimetype, len);
82 17 mimetype[len] = 0;
83
84
1/2
✓ Branch 0 taken 50 times.
✗ Branch 1 not taken.
 50 while (mime->id != AV_CODEC_ID_NONE) {
85
2/2
✓ Branch 0 taken 17 times.
✓ Branch 1 taken 33 times.
 50 if (!strncmp(mime->str, mimetype, sizeof(mimetype))) {
86 17 id = mime->id;
87 17 break;
88 }
89 33 mime++;
90 }
91
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 17 times.
 17 if (id == AV_CODEC_ID_NONE) {
92 av_log(s, AV_LOG_WARNING, "Unknown attached picture mimetype: %s.\n",
93 mimetype);
94 return 0;
95 }
96
97 /* picture description */
98 17 len = bytestream2_get_be32u(&g);
99
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 17 times.
 17 if (len > bytestream2_get_bytes_left(&g) - 20) {
100 av_log(s, AV_LOG_ERROR, "Attached picture metadata block too short\n");
101 if (s->error_recognition & AV_EF_EXPLODE)
102 return AVERROR_INVALIDDATA;
103 return 0;
104 }
105
2/2
✓ Branch 0 taken 14 times.
✓ Branch 1 taken 3 times.
 17 if (len > 0) {
106 14 desc = g.buffer;
107 14 bytestream2_skipu(&g, len);
108 }
109
110 /* picture metadata */
111 17 width = bytestream2_get_be32u(&g);
112 17 ((uint8_t*)g.buffer)[-4] = '\0'; // NUL-terminate desc.
113 17 height = bytestream2_get_be32u(&g);
114 17 bytestream2_skipu(&g, 8);
115
116 /* picture data */
117 17 len = bytestream2_get_be32u(&g);
118
119 17 left = bytestream2_get_bytes_left(&g);
120
2/4
✓ Branch 0 taken 17 times.
✗ Branch 1 not taken.
✗ Branch 2 not taken.
✓ Branch 3 taken 17 times.
 17 if (len <= 0 || len > left) {
121 if (len > MAX_TRUNC_PICTURE_SIZE || len >= INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) {
122 av_log(s, AV_LOG_ERROR, "Attached picture metadata block too big %u\n", len);
123 if (s->error_recognition & AV_EF_EXPLODE)
124 return AVERROR_INVALIDDATA;
125 return 0;
126 }
127
128 // Workaround bug for flac muxers that writs truncated metadata picture block size if
129 // the picture size do not fit in 24 bits. lavf flacenc used to have the issue and based
130 // on existing broken files other unknown flac muxers seems to truncate also.
131 if (truncate_workaround &&
132 s->strict_std_compliance <= FF_COMPLIANCE_NORMAL &&
133 len > left && (len & 0xffffff) == left) {
134 av_log(s, AV_LOG_INFO, "Correcting truncated metadata picture size from %u to %u\n", left, len);
135 trunclen = len - left;
136 } else {
137 av_log(s, AV_LOG_ERROR, "Attached picture metadata block too short\n");
138 if (s->error_recognition & AV_EF_EXPLODE)
139 return AVERROR_INVALIDDATA;
140 return 0;
141 }
142 }
143
2/4
✓ Branch 0 taken 17 times.
✗ Branch 1 not taken.
✓ Branch 2 taken 17 times.
✗ Branch 3 not taken.
 17 if (trunclen == 0 && len >= buf_size - (buf_size >> 4)) {
144 17 data = av_buffer_create(buf, buf_size + AV_INPUT_BUFFER_PADDING_SIZE,
145 av_buffer_default_free, NULL, 0);
146
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 17 times.
 17 if (!data)
147 return AVERROR(ENOMEM);
148 17 *bufp = NULL;
149 17 data->data += bytestream2_tell(&g);
150 17 data->size = len + AV_INPUT_BUFFER_PADDING_SIZE;
151 } else {
152 if (!(data = av_buffer_alloc(len + AV_INPUT_BUFFER_PADDING_SIZE)))
153 return AVERROR(ENOMEM);
154
155 if (trunclen == 0) {
156 bytestream2_get_bufferu(&g, data->data, len);
157 } else {
158 // If truncation was detected copy all data from block and
159 // read missing bytes not included in the block size.
160 bytestream2_get_bufferu(&g, data->data, left);
161 if (avio_read(s->pb, data->data + len - trunclen, trunclen) < trunclen)
162 RETURN_ERROR(AVERROR_INVALIDDATA);
163 }
164 }
165 17 memset(data->data + len, 0, AV_INPUT_BUFFER_PADDING_SIZE);
166
167
2/2
✓ Branch 0 taken 4 times.
✓ Branch 1 taken 13 times.
 17 if (AV_RB64(data->data) == PNGSIG)
168 4 id = AV_CODEC_ID_PNG;
169
170 17 ret = ff_add_attached_pic(s, NULL, NULL, &data, 0);
171
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 17 times.
 17 if (ret < 0)
172 RETURN_ERROR(ret);
173
174 17 st = s->streams[s->nb_streams - 1];
175 17 st->codecpar->codec_id = id;
176 17 st->codecpar->width = width;
177 17 st->codecpar->height = height;
178 17 av_dict_set(&st->metadata, "comment", ff_id3v2_picture_types[type], 0);
179
2/2
✓ Branch 0 taken 14 times.
✓ Branch 1 taken 3 times.
 17 if (desc)
180 14 av_dict_set(&st->metadata, "title", desc, 0);
181
182 17 return 0;
183
184 fail:
185 av_buffer_unref(&data);
186
187 return ret;
188 }
189