LCOV - code coverage report
Current view: top level - libavformat - mms.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 0 73 0.0 %
Date: 2017-12-13 10:57:33 Functions: 0 3 0.0 %

          Line data    Source code
       1             : /*
       2             :  * MMS protocol common definitions.
       3             :  * Copyright (c) 2006,2007 Ryan Martell
       4             :  * Copyright (c) 2007 Björn Axelsson
       5             :  * Copyright (c) 2010 Zhentan Feng <spyfeng at gmail dot com>
       6             :  *
       7             :  * This file is part of FFmpeg.
       8             :  *
       9             :  * FFmpeg is free software; you can redistribute it and/or
      10             :  * modify it under the terms of the GNU Lesser General Public
      11             :  * License as published by the Free Software Foundation; either
      12             :  * version 2.1 of the License, or (at your option) any later version.
      13             :  *
      14             :  * FFmpeg is distributed in the hope that it will be useful,
      15             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      17             :  * Lesser General Public License for more details.
      18             :  *
      19             :  * You should have received a copy of the GNU Lesser General Public
      20             :  * License along with FFmpeg; if not, write to the Free Software
      21             :  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
      22             :  */
      23             : #include "mms.h"
      24             : #include "asf.h"
      25             : #include "libavutil/intreadwrite.h"
      26             : 
      27             : #define MMS_MAX_STREAMS 256    /**< arbitrary sanity check value */
      28             : 
      29           0 : int ff_mms_read_header(MMSContext *mms, uint8_t *buf, const int size)
      30             : {
      31             :     char *pos;
      32             :     int size_to_copy;
      33           0 :     int remaining_size = mms->asf_header_size - mms->asf_header_read_size;
      34           0 :     size_to_copy = FFMIN(size, remaining_size);
      35           0 :     pos = mms->asf_header + mms->asf_header_read_size;
      36           0 :     memcpy(buf, pos, size_to_copy);
      37           0 :     if (mms->asf_header_read_size == mms->asf_header_size) {
      38           0 :         av_freep(&mms->asf_header); // which contains asf header
      39             :     }
      40           0 :     mms->asf_header_read_size += size_to_copy;
      41           0 :     return size_to_copy;
      42             : }
      43             : 
      44           0 : int ff_mms_read_data(MMSContext *mms, uint8_t *buf, const int size)
      45             : {
      46             :     int read_size;
      47           0 :     read_size = FFMIN(size, mms->remaining_in_len);
      48           0 :     memcpy(buf, mms->read_in_ptr, read_size);
      49           0 :     mms->remaining_in_len -= read_size;
      50           0 :     mms->read_in_ptr      += read_size;
      51           0 :     return read_size;
      52             : }
      53             : 
      54           0 : int ff_mms_asf_header_parser(MMSContext *mms)
      55             : {
      56           0 :     uint8_t *p = mms->asf_header;
      57             :     uint8_t *end;
      58             :     int flags, stream_id;
      59           0 :     mms->stream_num = 0;
      60             : 
      61           0 :     if (mms->asf_header_size < sizeof(ff_asf_guid) * 2 + 22 ||
      62           0 :         memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) {
      63           0 :         av_log(NULL, AV_LOG_ERROR,
      64             :                "Corrupt stream (invalid ASF header, size=%d)\n",
      65             :                mms->asf_header_size);
      66           0 :         return AVERROR_INVALIDDATA;
      67             :     }
      68             : 
      69           0 :     end = mms->asf_header + mms->asf_header_size;
      70             : 
      71           0 :     p += sizeof(ff_asf_guid) + 14;
      72           0 :     while(end - p >= sizeof(ff_asf_guid) + 8) {
      73             :         uint64_t chunksize;
      74           0 :         if (!memcmp(p, ff_asf_data_header, sizeof(ff_asf_guid))) {
      75           0 :             chunksize = 50; // see Reference [2] section 5.1
      76             :         } else {
      77           0 :             chunksize = AV_RL64(p + sizeof(ff_asf_guid));
      78             :         }
      79           0 :         if (!chunksize || chunksize > end - p) {
      80           0 :             av_log(NULL, AV_LOG_ERROR,
      81             :                    "Corrupt stream (header chunksize %"PRId64" is invalid)\n",
      82             :                    chunksize);
      83           0 :             return AVERROR_INVALIDDATA;
      84             :         }
      85           0 :         if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) {
      86             :             /* read packet size */
      87           0 :             if (end - p > sizeof(ff_asf_guid) * 2 + 68) {
      88           0 :                 mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64);
      89           0 :                 if (mms->asf_packet_len <= 0 || mms->asf_packet_len > sizeof(mms->in_buffer)) {
      90           0 :                     av_log(NULL, AV_LOG_ERROR,
      91             :                            "Corrupt stream (too large pkt_len %d)\n",
      92             :                            mms->asf_packet_len);
      93           0 :                     return AVERROR_INVALIDDATA;
      94             :                 }
      95             :             }
      96           0 :         } else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) {
      97           0 :             flags     = AV_RL16(p + sizeof(ff_asf_guid)*3 + 24);
      98           0 :             stream_id = flags & 0x7F;
      99             :             //The second condition is for checking CS_PKT_STREAM_ID_REQUEST packet size,
     100             :             //we can calculate the packet size by stream_num.
     101             :             //Please see function send_stream_selection_request().
     102           0 :             if (mms->stream_num < MMS_MAX_STREAMS &&
     103           0 :                     46 + mms->stream_num * 6 < sizeof(mms->out_buffer)) {
     104           0 :                 mms->streams = av_fast_realloc(mms->streams,
     105             :                                    &mms->nb_streams_allocated,
     106           0 :                                    (mms->stream_num + 1) * sizeof(MMSStream));
     107           0 :                 if (!mms->streams)
     108           0 :                     return AVERROR(ENOMEM);
     109           0 :                 mms->streams[mms->stream_num].id = stream_id;
     110           0 :                 mms->stream_num++;
     111             :             } else {
     112           0 :                 av_log(NULL, AV_LOG_ERROR,
     113             :                        "Corrupt stream (too many A/V streams)\n");
     114           0 :                 return AVERROR_INVALIDDATA;
     115             :             }
     116           0 :         } else if (!memcmp(p, ff_asf_ext_stream_header, sizeof(ff_asf_guid))) {
     117           0 :             if (end - p >= 88) {
     118           0 :                 int stream_count = AV_RL16(p + 84), ext_len_count = AV_RL16(p + 86);
     119           0 :                 uint64_t skip_bytes = 88;
     120           0 :                 while (stream_count--) {
     121           0 :                     if (end - p < skip_bytes + 4) {
     122           0 :                         av_log(NULL, AV_LOG_ERROR,
     123             :                                "Corrupt stream (next stream name length is not in the buffer)\n");
     124           0 :                         return AVERROR_INVALIDDATA;
     125             :                     }
     126           0 :                     skip_bytes += 4 + AV_RL16(p + skip_bytes + 2);
     127             :                 }
     128           0 :                 while (ext_len_count--) {
     129           0 :                     if (end - p < skip_bytes + 22) {
     130           0 :                         av_log(NULL, AV_LOG_ERROR,
     131             :                                "Corrupt stream (next extension system info length is not in the buffer)\n");
     132           0 :                         return AVERROR_INVALIDDATA;
     133             :                     }
     134           0 :                     skip_bytes += 22 + AV_RL32(p + skip_bytes + 18);
     135             :                 }
     136           0 :                 if (end - p < skip_bytes) {
     137           0 :                     av_log(NULL, AV_LOG_ERROR,
     138             :                            "Corrupt stream (the last extension system info length is invalid)\n");
     139           0 :                     return AVERROR_INVALIDDATA;
     140             :                 }
     141           0 :                 if (chunksize - skip_bytes > 24)
     142           0 :                     chunksize = skip_bytes;
     143             :             }
     144           0 :         } else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) {
     145           0 :             chunksize = 46; // see references [2] section 3.4. This should be set 46.
     146             :         }
     147           0 :         p += chunksize;
     148             :     }
     149             : 
     150           0 :     return 0;
     151             : }

Generated by: LCOV version 1.13