1/* 2 * MMS protocol common definitions. 3 * Copyright (c) 2006,2007 Ryan Martell 4 * Copyright (c) 2007 Bj�rn Axelsson 5 * Copyright (c) 2010 Zhentan Feng <spyfeng at gmail dot com> 6 * 7 * This file is part of Libav. 8 * 9 * Libav is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU Lesser General Public 11 * License as published by the Free Software Foundation; either 12 * version 2.1 of the License, or (at your option) any later version. 13 * 14 * Libav is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * Lesser General Public License for more details. 18 * 19 * You should have received a copy of the GNU Lesser General Public 20 * License along with Libav; if not, write to the Free Software 21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 22 */ 23#include "mms.h" 24#include "asf.h" 25#include "libavutil/intreadwrite.h" 26 27#define MMS_MAX_STREAMS 256 /**< arbitrary sanity check value */ 28 29int ff_mms_read_header(MMSContext *mms, uint8_t *buf, const int size) 30{ 31 char *pos; 32 int size_to_copy; 33 int remaining_size = mms->asf_header_size - mms->asf_header_read_size; 34 size_to_copy = FFMIN(size, remaining_size); 35 pos = mms->asf_header + mms->asf_header_read_size; 36 memcpy(buf, pos, size_to_copy); 37 if (mms->asf_header_read_size == mms->asf_header_size) { 38 av_freep(&mms->asf_header); // which contains asf header 39 } 40 mms->asf_header_read_size += size_to_copy; 41 return size_to_copy; 42} 43 44int ff_mms_read_data(MMSContext *mms, uint8_t *buf, const int size) 45{ 46 int read_size; 47 read_size = FFMIN(size, mms->remaining_in_len); 48 memcpy(buf, mms->read_in_ptr, read_size); 49 mms->remaining_in_len -= read_size; 50 mms->read_in_ptr += read_size; 51 return read_size; 52} 53 54int ff_mms_asf_header_parser(MMSContext *mms) 55{ 56 uint8_t *p = mms->asf_header; 57 uint8_t *end; 58 int flags, stream_id; 59 mms->stream_num = 0; 60 61 if (mms->asf_header_size < sizeof(ff_asf_guid) * 2 + 22 || 62 memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) { 63 av_log(NULL, AV_LOG_ERROR, 64 "Corrupt stream (invalid ASF header, size=%d)\n", 65 mms->asf_header_size); 66 return AVERROR_INVALIDDATA; 67 } 68 69 end = mms->asf_header + mms->asf_header_size; 70 71 p += sizeof(ff_asf_guid) + 14; 72 while(end - p >= sizeof(ff_asf_guid) + 8) { 73 uint64_t chunksize; 74 if (!memcmp(p, ff_asf_data_header, sizeof(ff_asf_guid))) { 75 chunksize = 50; // see Reference [2] section 5.1 76 } else { 77 chunksize = AV_RL64(p + sizeof(ff_asf_guid)); 78 } 79 if (!chunksize || chunksize > end - p) { 80 av_log(NULL, AV_LOG_ERROR, 81 "Corrupt stream (header chunksize %"PRId64" is invalid)\n", 82 chunksize); 83 return AVERROR_INVALIDDATA; 84 } 85 if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) { 86 /* read packet size */ 87 if (end - p > sizeof(ff_asf_guid) * 2 + 68) { 88 mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64); 89 if (mms->asf_packet_len <= 0 || mms->asf_packet_len > sizeof(mms->in_buffer)) { 90 av_log(NULL, AV_LOG_ERROR, 91 "Corrupt stream (too large pkt_len %d)\n", 92 mms->asf_packet_len); 93 return AVERROR_INVALIDDATA; 94 } 95 } 96 } else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) { 97 flags = AV_RL16(p + sizeof(ff_asf_guid)*3 + 24); 98 stream_id = flags & 0x7F; 99 //The second condition is for checking CS_PKT_STREAM_ID_REQUEST packet size, 100 //we can calcuate the packet size by stream_num. 101 //Please see function send_stream_selection_request(). 102 if (mms->stream_num < MMS_MAX_STREAMS && 103 46 + mms->stream_num * 6 < sizeof(mms->out_buffer)) { 104 mms->streams = av_fast_realloc(mms->streams, 105 &mms->nb_streams_allocated, 106 (mms->stream_num + 1) * sizeof(MMSStream)); 107 mms->streams[mms->stream_num].id = stream_id; 108 mms->stream_num++; 109 } else { 110 av_log(NULL, AV_LOG_ERROR, 111 "Corrupt stream (too many A/V streams)\n"); 112 return AVERROR_INVALIDDATA; 113 } 114 } else if (!memcmp(p, ff_asf_ext_stream_header, sizeof(ff_asf_guid))) { 115 if (end - p >= 88) { 116 int stream_count = AV_RL16(p + 84), ext_len_count = AV_RL16(p + 86); 117 uint64_t skip_bytes = 88; 118 while (stream_count--) { 119 if (end - p < skip_bytes + 4) { 120 av_log(NULL, AV_LOG_ERROR, 121 "Corrupt stream (next stream name length is not in the buffer)\n"); 122 return AVERROR_INVALIDDATA; 123 } 124 skip_bytes += 4 + AV_RL16(p + skip_bytes + 2); 125 } 126 while (ext_len_count--) { 127 if (end - p < skip_bytes + 22) { 128 av_log(NULL, AV_LOG_ERROR, 129 "Corrupt stream (next extension system info length is not in the buffer)\n"); 130 return AVERROR_INVALIDDATA; 131 } 132 skip_bytes += 22 + AV_RL32(p + skip_bytes + 18); 133 } 134 if (end - p < skip_bytes) { 135 av_log(NULL, AV_LOG_ERROR, 136 "Corrupt stream (the last extension system info length is invalid)\n"); 137 return AVERROR_INVALIDDATA; 138 } 139 if (chunksize - skip_bytes > 24) 140 chunksize = skip_bytes; 141 } 142 } else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) { 143 chunksize = 46; // see references [2] section 3.4. This should be set 46. 144 } 145 p += chunksize; 146 } 147 148 return 0; 149} 150