blob: 17fa76a8d44d67f32acfae3b81def50ae6e1536b
1 | /* |
2 | * MMS protocol common definitions. |
3 | * Copyright (c) 2006,2007 Ryan Martell |
4 | * Copyright (c) 2007 Björn Axelsson |
5 | * Copyright (c) 2010 Zhentan Feng <spyfeng at gmail dot com> |
6 | * |
7 | * This file is part of FFmpeg. |
8 | * |
9 | * FFmpeg is free software; you can redistribute it and/or |
10 | * modify it under the terms of the GNU Lesser General Public |
11 | * License as published by the Free Software Foundation; either |
12 | * version 2.1 of the License, or (at your option) any later version. |
13 | * |
14 | * FFmpeg is distributed in the hope that it will be useful, |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | * Lesser General Public License for more details. |
18 | * |
19 | * You should have received a copy of the GNU Lesser General Public |
20 | * License along with FFmpeg; if not, write to the Free Software |
21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
22 | */ |
23 | #include "mms.h" |
24 | #include "asf.h" |
25 | #include "libavutil/intreadwrite.h" |
26 | |
27 | #define MMS_MAX_STREAMS 256 /**< arbitrary sanity check value */ |
28 | |
29 | int ff_mms_read_header(MMSContext *mms, uint8_t *buf, const int size) |
30 | { |
31 | char *pos; |
32 | int size_to_copy; |
33 | int remaining_size = mms->asf_header_size - mms->asf_header_read_size; |
34 | size_to_copy = FFMIN(size, remaining_size); |
35 | pos = mms->asf_header + mms->asf_header_read_size; |
36 | memcpy(buf, pos, size_to_copy); |
37 | if (mms->asf_header_read_size == mms->asf_header_size) { |
38 | av_freep(&mms->asf_header); // which contains asf header |
39 | } |
40 | mms->asf_header_read_size += size_to_copy; |
41 | return size_to_copy; |
42 | } |
43 | |
44 | int ff_mms_read_data(MMSContext *mms, uint8_t *buf, const int size) |
45 | { |
46 | int read_size; |
47 | read_size = FFMIN(size, mms->remaining_in_len); |
48 | memcpy(buf, mms->read_in_ptr, read_size); |
49 | mms->remaining_in_len -= read_size; |
50 | mms->read_in_ptr += read_size; |
51 | return read_size; |
52 | } |
53 | |
54 | int ff_mms_asf_header_parser(MMSContext *mms) |
55 | { |
56 | uint8_t *p = mms->asf_header; |
57 | uint8_t *end; |
58 | int flags, stream_id; |
59 | mms->stream_num = 0; |
60 | |
61 | if (mms->asf_header_size < sizeof(ff_asf_guid) * 2 + 22 || |
62 | memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) { |
63 | av_log(NULL, AV_LOG_ERROR, |
64 | "Corrupt stream (invalid ASF header, size=%d)\n", |
65 | mms->asf_header_size); |
66 | return AVERROR_INVALIDDATA; |
67 | } |
68 | |
69 | end = mms->asf_header + mms->asf_header_size; |
70 | |
71 | p += sizeof(ff_asf_guid) + 14; |
72 | while(end - p >= sizeof(ff_asf_guid) + 8) { |
73 | uint64_t chunksize; |
74 | if (!memcmp(p, ff_asf_data_header, sizeof(ff_asf_guid))) { |
75 | chunksize = 50; // see Reference [2] section 5.1 |
76 | } else { |
77 | chunksize = AV_RL64(p + sizeof(ff_asf_guid)); |
78 | } |
79 | if (!chunksize || chunksize > end - p) { |
80 | av_log(NULL, AV_LOG_ERROR, |
81 | "Corrupt stream (header chunksize %"PRId64" is invalid)\n", |
82 | chunksize); |
83 | return AVERROR_INVALIDDATA; |
84 | } |
85 | if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) { |
86 | /* read packet size */ |
87 | if (end - p > sizeof(ff_asf_guid) * 2 + 68) { |
88 | mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64); |
89 | if (mms->asf_packet_len <= 0 || mms->asf_packet_len > sizeof(mms->in_buffer)) { |
90 | av_log(NULL, AV_LOG_ERROR, |
91 | "Corrupt stream (too large pkt_len %d)\n", |
92 | mms->asf_packet_len); |
93 | return AVERROR_INVALIDDATA; |
94 | } |
95 | } |
96 | } else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) { |
97 | flags = AV_RL16(p + sizeof(ff_asf_guid)*3 + 24); |
98 | stream_id = flags & 0x7F; |
99 | //The second condition is for checking CS_PKT_STREAM_ID_REQUEST packet size, |
100 | //we can calculate the packet size by stream_num. |
101 | //Please see function send_stream_selection_request(). |
102 | if (mms->stream_num < MMS_MAX_STREAMS && |
103 | 46 + mms->stream_num * 6 < sizeof(mms->out_buffer)) { |
104 | mms->streams = av_fast_realloc(mms->streams, |
105 | &mms->nb_streams_allocated, |
106 | (mms->stream_num + 1) * sizeof(MMSStream)); |
107 | if (!mms->streams) |
108 | return AVERROR(ENOMEM); |
109 | mms->streams[mms->stream_num].id = stream_id; |
110 | mms->stream_num++; |
111 | } else { |
112 | av_log(NULL, AV_LOG_ERROR, |
113 | "Corrupt stream (too many A/V streams)\n"); |
114 | return AVERROR_INVALIDDATA; |
115 | } |
116 | } else if (!memcmp(p, ff_asf_ext_stream_header, sizeof(ff_asf_guid))) { |
117 | if (end - p >= 88) { |
118 | int stream_count = AV_RL16(p + 84), ext_len_count = AV_RL16(p + 86); |
119 | uint64_t skip_bytes = 88; |
120 | while (stream_count--) { |
121 | if (end - p < skip_bytes + 4) { |
122 | av_log(NULL, AV_LOG_ERROR, |
123 | "Corrupt stream (next stream name length is not in the buffer)\n"); |
124 | return AVERROR_INVALIDDATA; |
125 | } |
126 | skip_bytes += 4 + AV_RL16(p + skip_bytes + 2); |
127 | } |
128 | while (ext_len_count--) { |
129 | if (end - p < skip_bytes + 22) { |
130 | av_log(NULL, AV_LOG_ERROR, |
131 | "Corrupt stream (next extension system info length is not in the buffer)\n"); |
132 | return AVERROR_INVALIDDATA; |
133 | } |
134 | skip_bytes += 22 + AV_RL32(p + skip_bytes + 18); |
135 | } |
136 | if (end - p < skip_bytes) { |
137 | av_log(NULL, AV_LOG_ERROR, |
138 | "Corrupt stream (the last extension system info length is invalid)\n"); |
139 | return AVERROR_INVALIDDATA; |
140 | } |
141 | if (chunksize - skip_bytes > 24) |
142 | chunksize = skip_bytes; |
143 | } |
144 | } else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) { |
145 | chunksize = 46; // see references [2] section 3.4. This should be set 46. |
146 | } |
147 | p += chunksize; |
148 | } |
149 | |
150 | return 0; |
151 | } |
152 |