Mercurial > libavformat.hg

annotate tta.c @ 1079:40e81416015d libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sanity checks some might have been exploitable
author michael
date Sat, 13 May 2006 11:37:56 +0000
parents 99a7f76a8954
children d89d7ef290da
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
948
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
1 /*
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
2 * TTA demuxer
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
3 * Copyright (c) 2006 Alex Beregszaszi
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
4 *
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
5 * This library is free software; you can redistribute it and/or
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
6 * modify it under the terms of the GNU Lesser General Public
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
7 * License as published by the Free Software Foundation; either
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
8 * version 2 of the License, or (at your option) any later version.
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
9 *
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
10 * This library is distributed in the hope that it will be useful,
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
13 * Lesser General Public License for more details.
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
14 *
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
15 * You should have received a copy of the GNU Lesser General Public
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
16 * License along with this library; if not, write to the Free Software
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
18 */
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
19 #include "avformat.h"
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
20 #define ALT_BITSREAM_READER_LE
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
21 #include "bitstream.h"
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
22
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
23 typedef struct {
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
24 int totalframes, currentframe;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
25 uint32_t *seektable;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
26 } TTAContext;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
27
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
28 static int tta_probe(AVProbeData *p)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
29 {
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
30 const uint8_t *d = p->buf;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
31 if (p->buf_size < 4)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
32 return 0;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
33 if (d[0] == 'T' && d[1] == 'T' && d[2] == 'A' && d[3] == '1')
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
34 return 80;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
35 return 0;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
36 }
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
37
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
38 static int tta_read_header(AVFormatContext *s, AVFormatParameters *ap)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
39 {
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
40 TTAContext *c = s->priv_data;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
41 AVStream *st;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
42 int i, channels, bps, samplerate, datalen, framelen, start;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
43
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
44 start = url_ftell(&s->pb);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
45
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
46 if (get_le32(&s->pb) != ff_get_fourcc("TTA1"))
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
47 return -1; // not tta file
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
48
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
49 url_fskip(&s->pb, 2); // FIXME: flags
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
50 channels = get_le16(&s->pb);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
51 bps = get_le16(&s->pb);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
52 samplerate = get_le32(&s->pb);
1079
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
53 if(samplerate <= 0 || samplerate > 1000000){
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
54 av_log(s, AV_LOG_ERROR, "nonsense samplerate\n");
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
55 return -1;
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
56 }
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
57
948
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
58 datalen = get_le32(&s->pb);
1079
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
59 if(datalen < 0){
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
60 av_log(s, AV_LOG_ERROR, "nonsense datalen\n");
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
61 return -1;
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
62 }
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
63
948
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
64 url_fskip(&s->pb, 4); // header crc
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
65
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
66 framelen = 1.04489795918367346939 * samplerate;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
67 c->totalframes = datalen / framelen + ((datalen % framelen) ? 1 : 0);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
68 c->currentframe = 0;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
69
1079
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
70 if(c->totalframes >= UINT_MAX/sizeof(uint32_t)){
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
71 av_log(s, AV_LOG_ERROR, "totalframes too large\n");
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
72 return -1;
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
73 }
948
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
74 c->seektable = av_mallocz(sizeof(uint32_t)*c->totalframes);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
75 if (!c->seektable)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
76 return AVERROR_NOMEM;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
77
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
78 for (i = 0; i < c->totalframes; i++)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
79 c->seektable[i] = get_le32(&s->pb);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
80 url_fskip(&s->pb, 4); // seektable crc
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
81
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
82 st = av_new_stream(s, 0);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
83 // av_set_pts_info(st, 32, 1, 1000);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
84 if (!st)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
85 return AVERROR_NOMEM;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
86 st->codec->codec_type = CODEC_TYPE_AUDIO;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
87 st->codec->codec_id = CODEC_ID_TTA;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
88 st->codec->channels = channels;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
89 st->codec->sample_rate = samplerate;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
90 st->codec->bits_per_sample = bps;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
91
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
92 st->codec->extradata_size = url_ftell(&s->pb) - start;
1079
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
93 if(st->codec->extradata_size+FF_INPUT_BUFFER_PADDING_SIZE <= (unsigned)st->codec->extradata_size){
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
94 //this check is redundant as get_buffer should fail
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
95 av_log(s, AV_LOG_ERROR, "extradata_size too large\n");
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
96 return -1;
40e81416015d sanity checks some might have been exploitable
michael
parents: 957
diff changeset
97 }
957
99a7f76a8954 10l, allocate bitbuffer with regard to the padding size
alex
parents: 948
diff changeset
98 st->codec->extradata = av_mallocz(st->codec->extradata_size+FF_INPUT_BUFFER_PADDING_SIZE);
948
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
99 url_fseek(&s->pb, start, SEEK_SET); // or SEEK_CUR and -size ? :)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
100 get_buffer(&s->pb, st->codec->extradata, st->codec->extradata_size);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
101
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
102 return 0;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
103 }
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
104
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
105 static int tta_read_packet(AVFormatContext *s, AVPacket *pkt)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
106 {
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
107 TTAContext *c = s->priv_data;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
108 int ret, size;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
109
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
110 // FIXME!
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
111 if (c->currentframe > c->totalframes)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
112 size = 0;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
113 else
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
114 size = c->seektable[c->currentframe];
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
115
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
116 c->currentframe++;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
117
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
118 if (av_new_packet(pkt, size) < 0)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
119 return AVERROR_IO;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
120
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
121 pkt->pos = url_ftell(&s->pb);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
122 pkt->stream_index = 0;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
123 ret = get_buffer(&s->pb, pkt->data, size);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
124 if (ret <= 0) {
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
125 av_free_packet(pkt);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
126 return AVERROR_IO;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
127 }
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
128 pkt->size = ret;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
129 // av_log(s, AV_LOG_INFO, "TTA packet #%d desired size: %d read size: %d at pos %d\n",
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
130 // c->currentframe, size, ret, pkt->pos);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
131 return 0; //ret;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
132 }
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
133
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
134 static int tta_read_close(AVFormatContext *s)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
135 {
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
136 TTAContext *c = s->priv_data;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
137 if (c->seektable)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
138 av_free(c->seektable);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
139 return 0;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
140 }
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
141
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
142 AVInputFormat tta_iformat = {
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
143 "tta",
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
144 "true-audio",
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
145 sizeof(TTAContext),
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
146 tta_probe,
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
147 tta_read_header,
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
148 tta_read_packet,
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
149 tta_read_close,
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
150 .extensions = "tta",
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
151 };
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
152
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
153 int tta_init(void)
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
154 {
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
155 av_register_input_format(&tta_iformat);
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
156 return 0;
1e766711e6c8 tta demuxer, also usable for moving tta audio data into an other container
alex
parents:
diff changeset
157 }