[FFmpeg-devel] [PATCH v2 05/18] avformat/movenc: support for multiple and client-provided track references
Michael Niedermayer
michael at niedermayer.cc
Thu Sep 1 23:30:40 EEST 2016
On Wed, Aug 31, 2016 at 02:35:48PM +0300, Erkki Seppälä wrote:
> Instead of one track reference, allow many, and instead of
> of track reference type (ie. 'cdsc'), allow many.
>
> In addition this patch allows client to explicitly add track references
> with side packet AV_PKT_DATA_TRACK_REFERENCES containing
> AVTrackReferences (which of there can many many).
>
> Internally MOVTrack's track references can be manipulated with helper
> functions ff_mov_tref* (and is used by a later patch for reading
> MOVTRefs).
>
> Multiple track references can be useful in particular with timed meta
> data tracks, indicating the track is related to multiple other tracks.
>
> This information ends up in ISO media file box 'tref' as specified by
> ISO/IEC 14496-12.
>
> Signed-off-by: Erkki Seppälä <erkki.seppala.ext at nokia.com>
> Signed-off-by: OZOPlayer <OZOPL at nokia.com>
> ---
> libavcodec/avcodec.h | 19 +++++++-
> libavformat/Makefile | 4 +-
> libavformat/movenc.c | 127 +++++++++++++++++++++++++++++++++++++++++---------
> libavformat/movenc.h | 5 +-
> libavformat/movtref.c | 115 +++++++++++++++++++++++++++++++++++++++++++++
> libavformat/movtref.h | 75 +++++++++++++++++++++++++++++
[...]
> @@ -2749,8 +2757,8 @@ static int mov_write_trak_tag(AVFormatContext *s, AVIOContext *pb, MOVMuxContext
> "Not writing any edit list even though one would have been required\n");
> }
>
> - if (track->tref_tag)
> - mov_write_tref_tag(pb, track);
> + if (track->trefs.nb_trefs)
> + mov_write_tref_tag(pb, mov, track);
>
> if ((ret = mov_write_mdia_tag(s, pb, mov, track)) < 0)
> return ret;
> @@ -3487,16 +3495,82 @@ static int mov_setup_track_ids(MOVMuxContext *mov, AVFormatContext *s)
> return 0;
> }
>
> +static int mov_tref_copy_from_side_data(MOVMuxContext *mov, MOVTrack *track, AVFormatContext *s)
> +{
> + int size;
> + int ret;
> + int i;
> + MOVTRef *tref;
> + int *ref_tracks = NULL;
> +
> + char *ptr = (void*) av_stream_get_side_data(track->st,
> + AV_PKT_DATA_TRACK_REFERENCES,
> + &size);
> +
> + if (!ptr)
> + return 0;
> +
> + ret = 0;
> + while (ret == 0 && size >= sizeof(AVTrackReferences)) {
> + AVTrackReferences refs;
> + int *track_ids;
> +
> + // avoid any potential alignment issues by copying the struct before accessing it
> + // to a well-aligned address
> + memcpy(&refs, ptr, sizeof(refs));
> + // as well as the ids
> + ref_tracks = av_malloc_array(refs.nb_tracks, sizeof(refs.tracks[0]));
> + memcpy(ref_tracks, &((AVTrackReferences*) ptr)->tracks, sizeof(refs.tracks[0]) * refs.nb_tracks);
missing alloc failure check
> +
> + ret = ff_mov_tref_find_or_add(&track->trefs,
> + MKTAG(refs.tag[0], refs.tag[1], refs.tag[2], refs.tag[3]),
> + &tref);
> + if (ret < 0)
> + goto error;
> +
> + ret = ff_mov_tref_alloc(tref, refs.nb_tracks, &track_ids);
> + if (ret < 0)
> + goto error;
> +
> + for (i = 0; i < refs.nb_tracks; i++) {
> + int tref_stream_id = ref_tracks[i];
> + int stream_idx;
> + for (stream_idx = 0; stream_idx < mov->nb_streams; ++stream_idx)
> + if (mov->tracks[stream_idx].st &&
> + mov->tracks[stream_idx].st->id == tref_stream_id) {
> + track_ids[i] = mov->tracks[stream_idx].track_id;
> + break;
> + }
> + }
> +
> + size -= refs.next_tref_ofs;
> + ptr += refs.next_tref_ofs;
missing checks
anything comming out of av_stream_get_side_data() could originate from
an attacker and have manually choosen evil values.
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
When you are offended at any man's fault, turn to yourself and study your
own failings. Then you will forget your anger. -- Epictetus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20160901/524b5646/attachment.sig>
More information about the ffmpeg-devel
mailing list