videolan/ffmpeg
1
Fork 0
mirror of https://git.videolan.org/git/ffmpeg.git synced 2024-08-28 12:16:12 +02:00
Code Releases Activity
092bd1e54f
ffmpeg/libavformat/aacdec.c
James Almer d88193c219 avformat/aacdec: fix demuxing of small frames 
10 bytes (id3v2 header amount of bytes) were being read before any checks
were made on the bitstream. The result was that we were overreading into
the next frame if the current one was 8 or 9 bytes long.

Fixes tickets #7271 and #7869.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-05-05 21:40:31 -03:00

213 lines
6.1 KiB
C
Raw Blame History

/*
* raw ADTS AAC demuxer
* Copyright (c) 2008 Michael Niedermayer <michaelni@gmx.at>
* Copyright (c) 2009 Robert Swain ( rob opendot cl )
*
* This file is part of FFmpeg.
*
* FFmpeg is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* FFmpeg is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with FFmpeg; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include "libavutil/avassert.h"
#include "libavutil/intreadwrite.h"
#include "avformat.h"
#include "avio_internal.h"
#include "internal.h"
#include "id3v1.h"
#include "id3v2.h"
#include "apetag.h"
#define ADTS_HEADER_SIZE 7
static int adts_aac_probe(const AVProbeData *p)
{
int max_frames = 0, first_frames = 0;
int fsize, frames;
const uint8_t *buf0 = p->buf;
const uint8_t *buf2;
const uint8_t *buf;
const uint8_t *end = buf0 + p->buf_size - 7;
buf = buf0;
for (; buf < end; buf = buf2 + 1) {
buf2 = buf;
for (frames = 0; buf2 < end; frames++) {
uint32_t header = AV_RB16(buf2);
if ((header & 0xFFF6) != 0xFFF0) {
if (buf != buf0) {
// Found something that isn't an ADTS header, starting
// from a position other than the start of the buffer.
// Discard the count we've accumulated so far since it
// probably was a false positive.
frames = 0;
}
break;
}
fsize = (AV_RB32(buf2 + 3) >> 13) & 0x1FFF;
if (fsize < 7)
break;
fsize = FFMIN(fsize, end - buf2);
buf2 += fsize;
}
max_frames = FFMAX(max_frames, frames);
if (buf == buf0)
first_frames = frames;
}
if (first_frames >= 3)
return AVPROBE_SCORE_EXTENSION + 1;
else if (max_frames > 100)
return AVPROBE_SCORE_EXTENSION;
else if (max_frames >= 3)
return AVPROBE_SCORE_EXTENSION / 2;
else if (first_frames >= 1)
return 1;
else
return 0;
}
static int adts_aac_read_header(AVFormatContext *s)
{
AVStream *st;
uint16_t state;
st = avformat_new_stream(s, NULL);
if (!st)
return AVERROR(ENOMEM);
st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
st->codecpar->codec_id = s->iformat->raw_codec_id;
st->need_parsing = AVSTREAM_PARSE_FULL_RAW;
ff_id3v1_read(s);
if ((s->pb->seekable & AVIO_SEEKABLE_NORMAL) &&
!av_dict_get(s->metadata, "", NULL, AV_DICT_IGNORE_SUFFIX)) {
int64_t cur = avio_tell(s->pb);
ff_ape_parse_tag(s);
avio_seek(s->pb, cur, SEEK_SET);
}
// skip data until the first ADTS frame is found
state = avio_r8(s->pb);
while (!avio_feof(s->pb) && avio_tell(s->pb) < s->probesize) {
state = (state << 8) | avio_r8(s->pb);
if ((state >> 4) != 0xFFF)
continue;
avio_seek(s->pb, -2, SEEK_CUR);
break;
}
if ((state >> 4) != 0xFFF)
return AVERROR_INVALIDDATA;
// LCM of all possible ADTS sample rates
avpriv_set_pts_info(st, 64, 1, 28224000);
return 0;
}
static int handle_id3(AVFormatContext *s, AVPacket *pkt)
{
AVDictionary *metadata = NULL;
AVIOContext ioctx;
ID3v2ExtraMeta *id3v2_extra_meta = NULL;
int ret;
ret = av_append_packet(s->pb, pkt, ff_id3v2_tag_len(pkt->data) - pkt->size);
if (ret < 0) {
av_packet_unref(pkt);
return ret;
}
ffio_init_context(&ioctx, pkt->data, pkt->size, 0, NULL, NULL, NULL, NULL);
ff_id3v2_read_dict(&ioctx, &metadata, ID3v2_DEFAULT_MAGIC, &id3v2_extra_meta);
if ((ret = ff_id3v2_parse_priv_dict(&metadata, &id3v2_extra_meta)) < 0)
goto error;
if (metadata) {
if ((ret = av_dict_copy(&s->metadata, metadata, 0)) < 0)
goto error;
s->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
}
error:
av_packet_unref(pkt);
ff_id3v2_free_extra_meta(&id3v2_extra_meta);
av_dict_free(&metadata);
return ret;
}
static int adts_aac_read_packet(AVFormatContext *s, AVPacket *pkt)
{
int ret, fsize;
retry:
ret = av_get_packet(s->pb, pkt, ADTS_HEADER_SIZE);
if (ret < 0)
return ret;
if (ret < ADTS_HEADER_SIZE) {
av_packet_unref(pkt);
return AVERROR(EIO);
}
if ((AV_RB16(pkt->data) >> 4) != 0xfff) {
// Parse all the ID3 headers between frames
int append = ID3v2_HEADER_SIZE - ADTS_HEADER_SIZE;
av_assert2(append > 0);
ret = av_append_packet(s->pb, pkt, append);
if (ret != append) {
av_packet_unref(pkt);
return AVERROR(EIO);
}
if (!ff_id3v2_match(pkt->data, ID3v2_DEFAULT_MAGIC)) {
av_packet_unref(pkt);
return AVERROR_INVALIDDATA;
}
ret = handle_id3(s, pkt);
if (ret < 0)
return ret;
goto retry;
}
fsize = (AV_RB32(pkt->data + 3) >> 13) & 0x1FFF;
if (fsize < ADTS_HEADER_SIZE) {
av_packet_unref(pkt);
return AVERROR_INVALIDDATA;
}
ret = av_append_packet(s->pb, pkt, fsize - pkt->size);
if (ret < 0)
av_packet_unref(pkt);
return ret;
}
AVInputFormat ff_aac_demuxer = {
.name = "aac",
.long_name = NULL_IF_CONFIG_SMALL("raw ADTS AAC (Advanced Audio Coding)"),
.read_probe = adts_aac_probe,
.read_header = adts_aac_read_header,
.read_packet = adts_aac_read_packet,
.flags = AVFMT_GENERIC_INDEX,
.extensions = "aac",
.mime_type = "audio/aac,audio/aacp,audio/x-aac",
.raw_codec_id = AV_CODEC_ID_AAC,
};
View Git Blame Copy Permalink