[FFmpeg-devel] [patch]MMS protocol over TCP
Michael Niedermayer
michaelni
Fri Apr 9 11:37:34 CEST 2010
On Fri, Apr 09, 2010 at 10:48:21AM +0800, zhentan feng wrote:
> Hi
>
> On Fri, Apr 9, 2010 at 2:36 AM, Michael Niedermayer <michaelni at gmx.at>wrote:
[...]
> > [...]
> > > +/** Read incoming MMST media, header or command packet. */
> > > +static MMSSCPacketType get_tcp_server_response(MMSContext *mms)
> > > +{
> > > + int read_result;
> > > + MMSSCPacketType packet_type= -1;
> > > + int done;
> > > +
> > > + do {
> > > + done= 1;
> > > + if((read_result= url_read_complete(mms->mms_hd,
> > mms->incoming_buffer, 8))==8) {
> > > + // handle command packet.
> > > + if(AV_RL32(mms->incoming_buffer + 4)==0xb00bface) {
> > > + mms->incoming_flags= mms->incoming_buffer[3];
> > > + read_result= url_read_complete(mms->mms_hd,
> > mms->incoming_buffer+8, 4);
> > > + if(read_result == 4) {
> >
> > > + int length_remaining=
> > AV_RL32(mms->incoming_buffer+8) + 4;
> > > +
> > > + dprintf(NULL, "Length remaining is %d\n",
> > length_remaining);
> > > + // read the rest of the packet.
> > > + if (length_remaining > sizeof(mms->incoming_buffer)
> > - 12) {
> > > + dprintf("Incoming message len %d exceeds buffer
> > len %d\n",
> > > + length_remaining,
> > sizeof(mms->incoming_buffer) - 12);
> > > + break;
> > > + }
> >
> > doesnt catch negative values
> >
> >
> sizeof(mms->incoming_buffer) - 12 is not negative value definitely.
> do you mean length _remaining value? if it is and what will happen?
yes length_remaining < 0
and id guess url_read_complete() will fail
>
> >
> > > + read_result = url_read_complete(mms->mms_hd,
> > mms->incoming_buffer + 12,
> > > + length_remaining) ;
> > > + if (read_result == length_remaining) {
> > > + mms->incoming_buffer_length=
> > length_remaining+12;
> > > + packet_type= AV_RL16(mms->incoming_buffer+36);
> > > +
> > > + } else {
> > > + dprintf(NULL, "3 read returned %d!\n",
> > read_result);
> > > + }
> > > + } else {
> > > + dprintf(NULL, "2 read returned %d!\n", read_result);
> > > + }
> > > + } else {
> > > + int length_remaining;
> > > + int packet_id_type;
> > > + int tmp;
> > > +
> > > + assert(mms->pkt_buf_len==0);
> > > +
> > > + //** VERIFY LENGTH REMAINING HAS SPACE
> > > + // note we cache the first 8 bytes,
> > > + // then fill up the buffer with the others
> > > + tmp = AV_RL16(mms->incoming_buffer
> > + 6);
> > > + length_remaining = (tmp - 8) & 0xffff;
> > > + mms->incoming_packet_seq =
> > AV_RL32(mms->incoming_buffer);
> > > + packet_id_type = mms->incoming_buffer[4];
> > > + mms->incoming_flags = mms->incoming_buffer[5];
> > > + mms->pkt_buf_len = length_remaining;
> > > + mms->pkt_read_ptr = mms->incoming_buffer;
> > > +
> > > + if (length_remaining > sizeof(mms->incoming_buffer)) {
> > > + dprintf("Incoming data len %d exceeds buffer len
> > %d\n",
> > > + length_remaining,
> > sizeof(mms->incoming_buffer));
> > > + break;
> > > + }
> >
> > the length_remaining variables is used before checking it
> >
> >
> > no, the length_reaming is a local variable in else{}, it is different with
> the former 'length_remaining'.
> maybe I should rename it in case of confusion.
mms->pkt_buf_len = length_remaining;
[...]
if (length_remaining > sizeof(mms->incoming_buffer)) {
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Concerning the gods, I have no means of knowing whether they exist or not
or of what sort they may be, because of the obscurity of the subject, and
the brevity of human life -- Protagoras
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100409/3f3aa12c/attachment.pgp>
More information about the ffmpeg-devel
mailing list