1cabdff1aSopenharmony_ci/* 2cabdff1aSopenharmony_ci * MMS protocol common definitions. 3cabdff1aSopenharmony_ci * Copyright (c) 2006,2007 Ryan Martell 4cabdff1aSopenharmony_ci * Copyright (c) 2007 Björn Axelsson 5cabdff1aSopenharmony_ci * Copyright (c) 2010 Zhentan Feng <spyfeng at gmail dot com> 6cabdff1aSopenharmony_ci * 7cabdff1aSopenharmony_ci * This file is part of FFmpeg. 8cabdff1aSopenharmony_ci * 9cabdff1aSopenharmony_ci * FFmpeg is free software; you can redistribute it and/or 10cabdff1aSopenharmony_ci * modify it under the terms of the GNU Lesser General Public 11cabdff1aSopenharmony_ci * License as published by the Free Software Foundation; either 12cabdff1aSopenharmony_ci * version 2.1 of the License, or (at your option) any later version. 13cabdff1aSopenharmony_ci * 14cabdff1aSopenharmony_ci * FFmpeg is distributed in the hope that it will be useful, 15cabdff1aSopenharmony_ci * but WITHOUT ANY WARRANTY; without even the implied warranty of 16cabdff1aSopenharmony_ci * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17cabdff1aSopenharmony_ci * Lesser General Public License for more details. 18cabdff1aSopenharmony_ci * 19cabdff1aSopenharmony_ci * You should have received a copy of the GNU Lesser General Public 20cabdff1aSopenharmony_ci * License along with FFmpeg; if not, write to the Free Software 21cabdff1aSopenharmony_ci * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 22cabdff1aSopenharmony_ci */ 23cabdff1aSopenharmony_ci#include "mms.h" 24cabdff1aSopenharmony_ci#include "asf.h" 25cabdff1aSopenharmony_ci#include "libavutil/intreadwrite.h" 26cabdff1aSopenharmony_ci 27cabdff1aSopenharmony_ci#define MMS_MAX_STREAMS 256 /**< arbitrary sanity check value */ 28cabdff1aSopenharmony_ci 29cabdff1aSopenharmony_ciint ff_mms_read_header(MMSContext *mms, uint8_t *buf, const int size) 30cabdff1aSopenharmony_ci{ 31cabdff1aSopenharmony_ci char *pos; 32cabdff1aSopenharmony_ci int size_to_copy; 33cabdff1aSopenharmony_ci int remaining_size = mms->asf_header_size - mms->asf_header_read_size; 34cabdff1aSopenharmony_ci size_to_copy = FFMIN(size, remaining_size); 35cabdff1aSopenharmony_ci pos = mms->asf_header + mms->asf_header_read_size; 36cabdff1aSopenharmony_ci memcpy(buf, pos, size_to_copy); 37cabdff1aSopenharmony_ci if (mms->asf_header_read_size == mms->asf_header_size) { 38cabdff1aSopenharmony_ci av_freep(&mms->asf_header); // which contains asf header 39cabdff1aSopenharmony_ci } 40cabdff1aSopenharmony_ci mms->asf_header_read_size += size_to_copy; 41cabdff1aSopenharmony_ci return size_to_copy; 42cabdff1aSopenharmony_ci} 43cabdff1aSopenharmony_ci 44cabdff1aSopenharmony_ciint ff_mms_read_data(MMSContext *mms, uint8_t *buf, const int size) 45cabdff1aSopenharmony_ci{ 46cabdff1aSopenharmony_ci int read_size; 47cabdff1aSopenharmony_ci read_size = FFMIN(size, mms->remaining_in_len); 48cabdff1aSopenharmony_ci memcpy(buf, mms->read_in_ptr, read_size); 49cabdff1aSopenharmony_ci mms->remaining_in_len -= read_size; 50cabdff1aSopenharmony_ci mms->read_in_ptr += read_size; 51cabdff1aSopenharmony_ci return read_size; 52cabdff1aSopenharmony_ci} 53cabdff1aSopenharmony_ci 54cabdff1aSopenharmony_ciint ff_mms_asf_header_parser(MMSContext *mms) 55cabdff1aSopenharmony_ci{ 56cabdff1aSopenharmony_ci uint8_t *p = mms->asf_header; 57cabdff1aSopenharmony_ci uint8_t *end; 58cabdff1aSopenharmony_ci int flags, stream_id; 59cabdff1aSopenharmony_ci mms->stream_num = 0; 60cabdff1aSopenharmony_ci 61cabdff1aSopenharmony_ci if (mms->asf_header_size < sizeof(ff_asf_guid) * 2 + 22 || 62cabdff1aSopenharmony_ci memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) { 63cabdff1aSopenharmony_ci av_log(mms->mms_hd, AV_LOG_ERROR, 64cabdff1aSopenharmony_ci "Corrupt stream (invalid ASF header, size=%d)\n", 65cabdff1aSopenharmony_ci mms->asf_header_size); 66cabdff1aSopenharmony_ci return AVERROR_INVALIDDATA; 67cabdff1aSopenharmony_ci } 68cabdff1aSopenharmony_ci 69cabdff1aSopenharmony_ci end = mms->asf_header + mms->asf_header_size; 70cabdff1aSopenharmony_ci 71cabdff1aSopenharmony_ci p += sizeof(ff_asf_guid) + 14; 72cabdff1aSopenharmony_ci while(end - p >= sizeof(ff_asf_guid) + 8) { 73cabdff1aSopenharmony_ci uint64_t chunksize; 74cabdff1aSopenharmony_ci if (!memcmp(p, ff_asf_data_header, sizeof(ff_asf_guid))) { 75cabdff1aSopenharmony_ci chunksize = 50; // see Reference [2] section 5.1 76cabdff1aSopenharmony_ci } else { 77cabdff1aSopenharmony_ci chunksize = AV_RL64(p + sizeof(ff_asf_guid)); 78cabdff1aSopenharmony_ci } 79cabdff1aSopenharmony_ci if (!chunksize || chunksize > end - p) { 80cabdff1aSopenharmony_ci av_log(mms->mms_hd, AV_LOG_ERROR, 81cabdff1aSopenharmony_ci "Corrupt stream (header chunksize %"PRId64" is invalid)\n", 82cabdff1aSopenharmony_ci chunksize); 83cabdff1aSopenharmony_ci return AVERROR_INVALIDDATA; 84cabdff1aSopenharmony_ci } 85cabdff1aSopenharmony_ci if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) { 86cabdff1aSopenharmony_ci /* read packet size */ 87cabdff1aSopenharmony_ci if (end - p > sizeof(ff_asf_guid) * 2 + 68) { 88cabdff1aSopenharmony_ci mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64); 89cabdff1aSopenharmony_ci if (mms->asf_packet_len <= 0 || mms->asf_packet_len > sizeof(mms->in_buffer)) { 90cabdff1aSopenharmony_ci av_log(mms->mms_hd, AV_LOG_ERROR, 91cabdff1aSopenharmony_ci "Corrupt stream (too large pkt_len %d)\n", 92cabdff1aSopenharmony_ci mms->asf_packet_len); 93cabdff1aSopenharmony_ci return AVERROR_INVALIDDATA; 94cabdff1aSopenharmony_ci } 95cabdff1aSopenharmony_ci } 96cabdff1aSopenharmony_ci } else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) { 97cabdff1aSopenharmony_ci if (end - p >= (sizeof(ff_asf_guid) * 3 + 26)) { 98cabdff1aSopenharmony_ci flags = AV_RL16(p + sizeof(ff_asf_guid)*3 + 24); 99cabdff1aSopenharmony_ci stream_id = flags & 0x7F; 100cabdff1aSopenharmony_ci //The second condition is for checking CS_PKT_STREAM_ID_REQUEST packet size, 101cabdff1aSopenharmony_ci //we can calculate the packet size by stream_num. 102cabdff1aSopenharmony_ci //Please see function send_stream_selection_request(). 103cabdff1aSopenharmony_ci if (mms->stream_num < MMS_MAX_STREAMS && 104cabdff1aSopenharmony_ci 46 + mms->stream_num * 6 < sizeof(mms->out_buffer)) { 105cabdff1aSopenharmony_ci mms->streams = av_fast_realloc(mms->streams, 106cabdff1aSopenharmony_ci &mms->nb_streams_allocated, 107cabdff1aSopenharmony_ci (mms->stream_num + 1) * sizeof(MMSStream)); 108cabdff1aSopenharmony_ci if (!mms->streams) 109cabdff1aSopenharmony_ci return AVERROR(ENOMEM); 110cabdff1aSopenharmony_ci mms->streams[mms->stream_num].id = stream_id; 111cabdff1aSopenharmony_ci mms->stream_num++; 112cabdff1aSopenharmony_ci } else { 113cabdff1aSopenharmony_ci av_log(mms->mms_hd, AV_LOG_ERROR, 114cabdff1aSopenharmony_ci "Corrupt stream (too many A/V streams)\n"); 115cabdff1aSopenharmony_ci return AVERROR_INVALIDDATA; 116cabdff1aSopenharmony_ci } 117cabdff1aSopenharmony_ci } 118cabdff1aSopenharmony_ci } else if (!memcmp(p, ff_asf_ext_stream_header, sizeof(ff_asf_guid))) { 119cabdff1aSopenharmony_ci if (end - p >= 88) { 120cabdff1aSopenharmony_ci int stream_count = AV_RL16(p + 84), ext_len_count = AV_RL16(p + 86); 121cabdff1aSopenharmony_ci uint64_t skip_bytes = 88; 122cabdff1aSopenharmony_ci while (stream_count--) { 123cabdff1aSopenharmony_ci if (end - p < skip_bytes + 4) { 124cabdff1aSopenharmony_ci av_log(mms->mms_hd, AV_LOG_ERROR, 125cabdff1aSopenharmony_ci "Corrupt stream (next stream name length is not in the buffer)\n"); 126cabdff1aSopenharmony_ci return AVERROR_INVALIDDATA; 127cabdff1aSopenharmony_ci } 128cabdff1aSopenharmony_ci skip_bytes += 4 + AV_RL16(p + skip_bytes + 2); 129cabdff1aSopenharmony_ci } 130cabdff1aSopenharmony_ci while (ext_len_count--) { 131cabdff1aSopenharmony_ci if (end - p < skip_bytes + 22) { 132cabdff1aSopenharmony_ci av_log(mms->mms_hd, AV_LOG_ERROR, 133cabdff1aSopenharmony_ci "Corrupt stream (next extension system info length is not in the buffer)\n"); 134cabdff1aSopenharmony_ci return AVERROR_INVALIDDATA; 135cabdff1aSopenharmony_ci } 136cabdff1aSopenharmony_ci skip_bytes += 22 + AV_RL32(p + skip_bytes + 18); 137cabdff1aSopenharmony_ci } 138cabdff1aSopenharmony_ci if (end - p < skip_bytes) { 139cabdff1aSopenharmony_ci av_log(mms->mms_hd, AV_LOG_ERROR, 140cabdff1aSopenharmony_ci "Corrupt stream (the last extension system info length is invalid)\n"); 141cabdff1aSopenharmony_ci return AVERROR_INVALIDDATA; 142cabdff1aSopenharmony_ci } 143cabdff1aSopenharmony_ci if (chunksize - skip_bytes > 24) 144cabdff1aSopenharmony_ci chunksize = skip_bytes; 145cabdff1aSopenharmony_ci } 146cabdff1aSopenharmony_ci } else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) { 147cabdff1aSopenharmony_ci chunksize = 46; // see references [2] section 3.4. This should be set 46. 148cabdff1aSopenharmony_ci if (chunksize > end - p) { 149cabdff1aSopenharmony_ci av_log(mms->mms_hd, AV_LOG_ERROR, 150cabdff1aSopenharmony_ci "Corrupt stream (header chunksize %"PRId64" is invalid)\n", 151cabdff1aSopenharmony_ci chunksize); 152cabdff1aSopenharmony_ci return AVERROR_INVALIDDATA; 153cabdff1aSopenharmony_ci } 154cabdff1aSopenharmony_ci } 155cabdff1aSopenharmony_ci p += chunksize; 156cabdff1aSopenharmony_ci } 157cabdff1aSopenharmony_ci 158cabdff1aSopenharmony_ci return 0; 159cabdff1aSopenharmony_ci} 160