[soc]: r5869 - mms/mmsh.c - FFmpeg-soc

27 Jul 2010

Author: spyfeng
Date: Tue Jul 27 17:06:25 2010
New Revision: 5869

Log:
use asf_header_parser() instead of the same function in mmsh.c.
because that one is more maturity.

Modified:
   mms/mmsh.c

Modified: mms/mmsh.c
==============================================================================

--- mms/mmsh.c	Tue Jul 27 16:54:41 2010	(r5868)
+++ mms/mmsh.c	Tue Jul 27 17:06:25 2010	(r5869)
@@ -102,54 +102,67 @@ static int mmsh_close(URLContext *h)
         url_close(mms->mms_hd);
     av_freep(&h->priv_data);
     av_freep(&mms->asf_header);
-    //TODO free other alloced mem.
     return 0;
 }
 
-static int asf_header_parser(MMSHContext * mms)
+static int asf_header_parser(MMSHContext *mms)
 {
     uint8_t *p = mms->asf_header;
     uint8_t *end;
-    int flags, stream_id, real_header_size;
+    int flags, stream_id;
     mms->stream_num = 0;
 
     if (mms->asf_header_size < sizeof(ff_asf_guid) * 2 + 22 ||
-        memcmp(p, ff_asf_header, sizeof(ff_asf_guid)))
-        return -1;
+        memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) {
+        av_log(NULL, AV_LOG_ERROR,
+               "Corrupt stream (invalid ASF header, size=%d)\n",
+               mms->asf_header_size);
+        return AVERROR_INVALIDDATA;
+    }
 
-    real_header_size = AV_RL64(p + sizeof(ff_asf_guid));
-    end = mms->asf_header + real_header_size;
+    end = mms->asf_header + mms->asf_header_size;
 
     p += sizeof(ff_asf_guid) + 14;
     while(end - p >= sizeof(ff_asf_guid) + 8) {
         uint64_t chunksize = AV_RL64(p + sizeof(ff_asf_guid));
         if (!chunksize || chunksize > end - p) {
-            dprintf(NULL, "chunksize is exceptional value:%"PRId64"!\n", chunksize);
-            return -1;
+            av_log(NULL, AV_LOG_ERROR,
+                   "Corrupt stream (header chunksize %"PRId64" is invalid)\n",
+                   chunksize);
+            return AVERROR_INVALIDDATA;
         }
         if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) {
             /* read packet size */
             if (end - p > sizeof(ff_asf_guid) * 2 + 68) {
                 mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64);
                 if (mms->asf_packet_len <= 0 || mms->asf_packet_len > sizeof(mms->in_buffer)) {
-                    dprintf(NULL,"Too large packet len:%d"
-                        " may overwrite in_buffer when padding", mms->asf_packet_len);
-                    return -1;
+                    av_log(NULL, AV_LOG_ERROR,
+                           "Corrupt stream (too large pkt_len %d)\n",
+                           mms->asf_packet_len);
+                    return AVERROR_INVALIDDATA;
                 }
             }
         } else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) {
             flags     = AV_RL16(p + sizeof(ff_asf_guid)*3 + 24);
             stream_id = flags & 0x7F;
-            if (mms->stream_num < MAX_STREAMS ) {
+            //The second condition is for checking CS_PKT_STREAM_ID_REQUEST packet size,
+            //we can calcuate the packet size by stream_num.
+            //Please see function send_stream_selection_request().
+            if (mms->stream_num < MAX_STREAMS &&
+                    46 + mms->stream_num * 6 < sizeof(mms->out_buffer)) {
                 mms->streams[mms->stream_num].id = stream_id;
                 mms->stream_num++;
             } else {
-                dprintf(NULL, "Too many streams.\n");
-                return -1;
+                av_log(NULL, AV_LOG_ERROR,
+                       "Corrupt stream (too many A/V streams)\n");
+                return AVERROR_INVALIDDATA;
             }
+        } else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) {
+            chunksize = 46; // see mmst.c references [2] section 3.4. This should be set 46.
         }
         p += chunksize;
     }
+
     return 0;
 }

    

[soc]: r5869 - mms/mmsh.c

spyfeng

tags

participants (1)