FFmpeg coverage

Line	Branch	Exec	Source
1			/*
2			* MMS protocol common definitions.
3			* Copyright (c) 2006,2007 Ryan Martell
4			* Copyright (c) 2007 Björn Axelsson
5			* Copyright (c) 2010 Zhentan Feng <spyfeng at gmail dot com>
6			*
7			* This file is part of FFmpeg.
8			*
9			* FFmpeg is free software; you can redistribute it and/or
10			* modify it under the terms of the GNU Lesser General Public
11			* License as published by the Free Software Foundation; either
12			* version 2.1 of the License, or (at your option) any later version.
13			*
14			* FFmpeg is distributed in the hope that it will be useful,
15			* but WITHOUT ANY WARRANTY; without even the implied warranty of
16			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17			* Lesser General Public License for more details.
18			*
19			* You should have received a copy of the GNU Lesser General Public
20			* License along with FFmpeg; if not, write to the Free Software
21			* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22			*/
23			#include "mms.h"
24			#include "asf.h"
25			#include "libavutil/intreadwrite.h"
26
27			#define MMS_MAX_STREAMS 256 /**< arbitrary sanity check value */
28
29		✗	int ff_mms_read_header(MMSContext *mms, uint8_t *buf, const int size)
30			{
31			char *pos;
32			int size_to_copy;
33		✗	int remaining_size = mms->asf_header_size - mms->asf_header_read_size;
34		✗	size_to_copy = FFMIN(size, remaining_size);
35		✗	pos = mms->asf_header + mms->asf_header_read_size;
36		✗	memcpy(buf, pos, size_to_copy);
37		✗	if (mms->asf_header_read_size == mms->asf_header_size) {
38		✗	av_freep(&mms->asf_header); // which contains asf header
39			}
40		✗	mms->asf_header_read_size += size_to_copy;
41		✗	return size_to_copy;
42			}
43
44		✗	int ff_mms_read_data(MMSContext *mms, uint8_t *buf, const int size)
45			{
46			int read_size;
47		✗	read_size = FFMIN(size, mms->remaining_in_len);
48		✗	memcpy(buf, mms->read_in_ptr, read_size);
49		✗	mms->remaining_in_len -= read_size;
50		✗	mms->read_in_ptr += read_size;
51		✗	return read_size;
52			}
53
54		✗	int ff_mms_asf_header_parser(MMSContext *mms)
55			{
56		✗	uint8_t *p = mms->asf_header;
57			uint8_t *end;
58			int flags, stream_id;
59		✗	mms->stream_num = 0;
60
61		✗	if (mms->asf_header_size < sizeof(ff_asf_guid) * 2 + 22 ||
62		✗	memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) {
63		✗	av_log(mms->mms_hd, AV_LOG_ERROR,
64			"Corrupt stream (invalid ASF header, size=%d)\n",
65			mms->asf_header_size);
66		✗	return AVERROR_INVALIDDATA;
67			}
68
69		✗	end = mms->asf_header + mms->asf_header_size;
70
71		✗	p += sizeof(ff_asf_guid) + 14;
72		✗	while(end - p >= sizeof(ff_asf_guid) + 8) {
73			uint64_t chunksize;
74		✗	if (!memcmp(p, ff_asf_data_header, sizeof(ff_asf_guid))) {
75		✗	chunksize = 50; // see Reference [2] section 5.1
76			} else {
77		✗	chunksize = AV_RL64(p + sizeof(ff_asf_guid));
78			}
79		✗	if (!chunksize || chunksize > end - p) {
80		✗	av_log(mms->mms_hd, AV_LOG_ERROR,
81			"Corrupt stream (header chunksize %"PRId64" is invalid)\n",
82			chunksize);
83		✗	return AVERROR_INVALIDDATA;
84			}
85		✗	if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) {
86			/* read packet size */
87		✗	if (end - p > sizeof(ff_asf_guid) * 2 + 68) {
88		✗	mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64);
89		✗	if (mms->asf_packet_len <= 0 || mms->asf_packet_len > sizeof(mms->in_buffer)) {
90		✗	av_log(mms->mms_hd, AV_LOG_ERROR,
91			"Corrupt stream (too large pkt_len %d)\n",
92			mms->asf_packet_len);
93		✗	return AVERROR_INVALIDDATA;
94			}
95			}
96		✗	} else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) {
97		✗	if (end - p >= (sizeof(ff_asf_guid) * 3 + 26)) {
98		✗	flags = AV_RL16(p + sizeof(ff_asf_guid)*3 + 24);
99		✗	stream_id = flags & 0x7F;
100			//The second condition is for checking CS_PKT_STREAM_ID_REQUEST packet size,
101			//we can calculate the packet size by stream_num.
102			//Please see function send_stream_selection_request().
103		✗	if (mms->stream_num < MMS_MAX_STREAMS &&
104		✗	46 + mms->stream_num * 6 < sizeof(mms->out_buffer)) {
105		✗	mms->streams = av_fast_realloc(mms->streams,
106			&mms->nb_streams_allocated,
107		✗	(mms->stream_num + 1) * sizeof(MMSStream));
108		✗	if (!mms->streams)
109		✗	return AVERROR(ENOMEM);
110		✗	mms->streams[mms->stream_num].id = stream_id;
111		✗	mms->stream_num++;
112			} else {
113		✗	av_log(mms->mms_hd, AV_LOG_ERROR,
114			"Corrupt stream (too many A/V streams)\n");
115		✗	return AVERROR_INVALIDDATA;
116			}
117			}
118		✗	} else if (!memcmp(p, ff_asf_ext_stream_header, sizeof(ff_asf_guid))) {
119		✗	if (end - p >= 88) {
120		✗	int stream_count = AV_RL16(p + 84), ext_len_count = AV_RL16(p + 86);
121		✗	uint64_t skip_bytes = 88;
122		✗	while (stream_count--) {
123		✗	if (end - p < skip_bytes + 4) {
124		✗	av_log(mms->mms_hd, AV_LOG_ERROR,
125			"Corrupt stream (next stream name length is not in the buffer)\n");
126		✗	return AVERROR_INVALIDDATA;
127			}
128		✗	skip_bytes += 4 + AV_RL16(p + skip_bytes + 2);
129			}
130		✗	while (ext_len_count--) {
131		✗	if (end - p < skip_bytes + 22) {
132		✗	av_log(mms->mms_hd, AV_LOG_ERROR,
133			"Corrupt stream (next extension system info length is not in the buffer)\n");
134		✗	return AVERROR_INVALIDDATA;
135			}
136		✗	skip_bytes += 22 + AV_RL32(p + skip_bytes + 18);
137			}
138		✗	if (end - p < skip_bytes) {
139		✗	av_log(mms->mms_hd, AV_LOG_ERROR,
140			"Corrupt stream (the last extension system info length is invalid)\n");
141		✗	return AVERROR_INVALIDDATA;
142			}
143		✗	if (chunksize - skip_bytes > 24)
144		✗	chunksize = skip_bytes;
145			}
146		✗	} else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) {
147		✗	chunksize = 46; // see references [2] section 3.4. This should be set 46.
148		✗	if (chunksize > end - p) {
149		✗	av_log(mms->mms_hd, AV_LOG_ERROR,
150			"Corrupt stream (header chunksize %"PRId64" is invalid)\n",
151			chunksize);
152		✗	return AVERROR_INVALIDDATA;
153			}
154			}
155		✗	p += chunksize;
156			}
157
158		✗	return 0;
159			}
160