FFmpeg coverage


Directory: ../../../ffmpeg/
File: src/libavformat/flac_picture.c
Date: 2022-12-05 20:26:17
Exec Total Coverage
Lines: 54 104 51.9%
Functions: 1 1 100.0%
Branches: 22 70 31.4%

Line Branch Exec Source
1 /*
2 * Raw FLAC picture parser
3 * Copyright (c) 2001 Fabrice Bellard
4 *
5 * This file is part of FFmpeg.
6 *
7 * FFmpeg is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * FFmpeg is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with FFmpeg; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 #include "libavutil/intreadwrite.h"
23 #include "libavcodec/bytestream.h"
24 #include "libavcodec/png.h"
25 #include "avformat.h"
26 #include "demux.h"
27 #include "flac_picture.h"
28 #include "id3v2.h"
29 #include "internal.h"
30
31 #define MAX_TRUNC_PICTURE_SIZE (500 * 1024 * 1024)
32
33 17 int ff_flac_parse_picture(AVFormatContext *s, uint8_t **bufp, int buf_size,
34 int truncate_workaround)
35 {
36 17 const CodecMime *mime = ff_id3v2_mime_tags;
37 17 enum AVCodecID id = AV_CODEC_ID_NONE;
38 17 AVBufferRef *data = NULL;
39 17 uint8_t mimetype[64], *buf = *bufp;
40 17 const uint8_t *desc = NULL;
41 GetByteContext g;
42 AVStream *st;
43 17 int width, height, ret = 0;
44 unsigned int type;
45 17 uint32_t len, left, trunclen = 0;
46
47
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 17 times.
17 if (buf_size < 34) {
48 av_log(s, AV_LOG_ERROR, "Attached picture metadata block too short\n");
49 if (s->error_recognition & AV_EF_EXPLODE)
50 return AVERROR_INVALIDDATA;
51 return 0;
52 }
53
54 17 bytestream2_init(&g, buf, buf_size);
55
56 /* read the picture type */
57 17 type = bytestream2_get_be32u(&g);
58
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 17 times.
17 if (type >= FF_ARRAY_ELEMS(ff_id3v2_picture_types)) {
59 av_log(s, AV_LOG_ERROR, "Invalid picture type: %d.\n", type);
60 if (s->error_recognition & AV_EF_EXPLODE) {
61 return AVERROR_INVALIDDATA;
62 }
63 type = 0;
64 }
65
66 /* picture mimetype */
67 17 len = bytestream2_get_be32u(&g);
68
2/4
✓ Branch 0 taken 17 times.
✗ Branch 1 not taken.
✗ Branch 2 not taken.
✓ Branch 3 taken 17 times.
17 if (len <= 0 || len >= sizeof(mimetype)) {
69 av_log(s, AV_LOG_ERROR, "Could not read mimetype from an attached "
70 "picture.\n");
71 if (s->error_recognition & AV_EF_EXPLODE)
72 return AVERROR_INVALIDDATA;
73 return 0;
74 }
75
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 17 times.
17 if (len + 24 > bytestream2_get_bytes_left(&g)) {
76 av_log(s, AV_LOG_ERROR, "Attached picture metadata block too short\n");
77 if (s->error_recognition & AV_EF_EXPLODE)
78 return AVERROR_INVALIDDATA;
79 return 0;
80 }
81 17 bytestream2_get_bufferu(&g, mimetype, len);
82 17 mimetype[len] = 0;
83
84
1/2
✓ Branch 0 taken 50 times.
✗ Branch 1 not taken.
50 while (mime->id != AV_CODEC_ID_NONE) {
85
2/2
✓ Branch 0 taken 17 times.
✓ Branch 1 taken 33 times.
50 if (!strncmp(mime->str, mimetype, sizeof(mimetype))) {
86 17 id = mime->id;
87 17 break;
88 }
89 33 mime++;
90 }
91
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 17 times.
17 if (id == AV_CODEC_ID_NONE) {
92 av_log(s, AV_LOG_ERROR, "Unknown attached picture mimetype: %s.\n",
93 mimetype);
94 if (s->error_recognition & AV_EF_EXPLODE)
95 return AVERROR_INVALIDDATA;
96 return 0;
97 }
98
99 /* picture description */
100 17 len = bytestream2_get_be32u(&g);
101
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 17 times.
17 if (len > bytestream2_get_bytes_left(&g) - 20) {
102 av_log(s, AV_LOG_ERROR, "Attached picture metadata block too short\n");
103 if (s->error_recognition & AV_EF_EXPLODE)
104 return AVERROR_INVALIDDATA;
105 return 0;
106 }
107
2/2
✓ Branch 0 taken 14 times.
✓ Branch 1 taken 3 times.
17 if (len > 0) {
108 14 desc = g.buffer;
109 14 bytestream2_skipu(&g, len);
110 }
111
112 /* picture metadata */
113 17 width = bytestream2_get_be32u(&g);
114 17 ((uint8_t*)g.buffer)[-4] = '\0'; // NUL-terminate desc.
115 17 height = bytestream2_get_be32u(&g);
116 17 bytestream2_skipu(&g, 8);
117
118 /* picture data */
119 17 len = bytestream2_get_be32u(&g);
120
121 17 left = bytestream2_get_bytes_left(&g);
122
2/4
✓ Branch 0 taken 17 times.
✗ Branch 1 not taken.
✗ Branch 2 not taken.
✓ Branch 3 taken 17 times.
17 if (len <= 0 || len > left) {
123 if (len > MAX_TRUNC_PICTURE_SIZE || len >= INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) {
124 av_log(s, AV_LOG_ERROR, "Attached picture metadata block too big %u\n", len);
125 if (s->error_recognition & AV_EF_EXPLODE)
126 return AVERROR_INVALIDDATA;
127 return 0;
128 }
129
130 // Workaround bug for flac muxers that writs truncated metadata picture block size if
131 // the picture size do not fit in 24 bits. lavf flacenc used to have the issue and based
132 // on existing broken files other unknown flac muxers seems to truncate also.
133 if (truncate_workaround &&
134 s->strict_std_compliance <= FF_COMPLIANCE_NORMAL &&
135 len > left && (len & 0xffffff) == left) {
136 av_log(s, AV_LOG_INFO, "Correcting truncated metadata picture size from %u to %u\n", left, len);
137 trunclen = len - left;
138 } else {
139 av_log(s, AV_LOG_ERROR, "Attached picture metadata block too short\n");
140 if (s->error_recognition & AV_EF_EXPLODE)
141 return AVERROR_INVALIDDATA;
142 return 0;
143 }
144 }
145
2/4
✓ Branch 0 taken 17 times.
✗ Branch 1 not taken.
✓ Branch 2 taken 17 times.
✗ Branch 3 not taken.
17 if (trunclen == 0 && len >= buf_size - (buf_size >> 4)) {
146 17 data = av_buffer_create(buf, buf_size + AV_INPUT_BUFFER_PADDING_SIZE,
147 av_buffer_default_free, NULL, 0);
148
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 17 times.
17 if (!data)
149 return AVERROR(ENOMEM);
150 17 *bufp = NULL;
151 17 data->data += bytestream2_tell(&g);
152 17 data->size = len + AV_INPUT_BUFFER_PADDING_SIZE;
153 } else {
154 if (!(data = av_buffer_alloc(len + AV_INPUT_BUFFER_PADDING_SIZE)))
155 return AVERROR(ENOMEM);
156
157 if (trunclen == 0) {
158 bytestream2_get_bufferu(&g, data->data, len);
159 } else {
160 // If truncation was detected copy all data from block and
161 // read missing bytes not included in the block size.
162 bytestream2_get_bufferu(&g, data->data, left);
163 if (avio_read(s->pb, data->data + len - trunclen, trunclen) < trunclen)
164 RETURN_ERROR(AVERROR_INVALIDDATA);
165 }
166 }
167 17 memset(data->data + len, 0, AV_INPUT_BUFFER_PADDING_SIZE);
168
169
2/2
✓ Branch 0 taken 4 times.
✓ Branch 1 taken 13 times.
17 if (AV_RB64(data->data) == PNGSIG)
170 4 id = AV_CODEC_ID_PNG;
171
172 17 ret = ff_add_attached_pic(s, NULL, NULL, &data, 0);
173
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 17 times.
17 if (ret < 0)
174 RETURN_ERROR(ret);
175
176 17 st = s->streams[s->nb_streams - 1];
177 17 st->codecpar->codec_id = id;
178 17 st->codecpar->width = width;
179 17 st->codecpar->height = height;
180 17 av_dict_set(&st->metadata, "comment", ff_id3v2_picture_types[type], 0);
181
2/2
✓ Branch 0 taken 14 times.
✓ Branch 1 taken 3 times.
17 if (desc)
182 14 av_dict_set(&st->metadata, "title", desc, 0);
183
184 17 return 0;
185
186 fail:
187 av_buffer_unref(&data);
188
189 return ret;
190 }
191