[FFmpeg-soc] [soc]: r5869 - mms/mmsh.c
spyfeng
subversion at mplayerhq.hu
Tue Jul 27 17:06:25 CEST 2010
Author: spyfeng
Date: Tue Jul 27 17:06:25 2010
New Revision: 5869
Log:
use asf_header_parser() instead of the same function in mmsh.c.
because that one is more maturity.
Modified:
mms/mmsh.c
Modified: mms/mmsh.c
==============================================================================
--- mms/mmsh.c Tue Jul 27 16:54:41 2010 (r5868)
+++ mms/mmsh.c Tue Jul 27 17:06:25 2010 (r5869)
@@ -102,54 +102,67 @@ static int mmsh_close(URLContext *h)
url_close(mms->mms_hd);
av_freep(&h->priv_data);
av_freep(&mms->asf_header);
- //TODO free other alloced mem.
return 0;
}
-static int asf_header_parser(MMSHContext * mms)
+static int asf_header_parser(MMSHContext *mms)
{
uint8_t *p = mms->asf_header;
uint8_t *end;
- int flags, stream_id, real_header_size;
+ int flags, stream_id;
mms->stream_num = 0;
if (mms->asf_header_size < sizeof(ff_asf_guid) * 2 + 22 ||
- memcmp(p, ff_asf_header, sizeof(ff_asf_guid)))
- return -1;
+ memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) {
+ av_log(NULL, AV_LOG_ERROR,
+ "Corrupt stream (invalid ASF header, size=%d)\n",
+ mms->asf_header_size);
+ return AVERROR_INVALIDDATA;
+ }
- real_header_size = AV_RL64(p + sizeof(ff_asf_guid));
- end = mms->asf_header + real_header_size;
+ end = mms->asf_header + mms->asf_header_size;
p += sizeof(ff_asf_guid) + 14;
while(end - p >= sizeof(ff_asf_guid) + 8) {
uint64_t chunksize = AV_RL64(p + sizeof(ff_asf_guid));
if (!chunksize || chunksize > end - p) {
- dprintf(NULL, "chunksize is exceptional value:%"PRId64"!\n", chunksize);
- return -1;
+ av_log(NULL, AV_LOG_ERROR,
+ "Corrupt stream (header chunksize %"PRId64" is invalid)\n",
+ chunksize);
+ return AVERROR_INVALIDDATA;
}
if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) {
/* read packet size */
if (end - p > sizeof(ff_asf_guid) * 2 + 68) {
mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64);
if (mms->asf_packet_len <= 0 || mms->asf_packet_len > sizeof(mms->in_buffer)) {
- dprintf(NULL,"Too large packet len:%d"
- " may overwrite in_buffer when padding", mms->asf_packet_len);
- return -1;
+ av_log(NULL, AV_LOG_ERROR,
+ "Corrupt stream (too large pkt_len %d)\n",
+ mms->asf_packet_len);
+ return AVERROR_INVALIDDATA;
}
}
} else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) {
flags = AV_RL16(p + sizeof(ff_asf_guid)*3 + 24);
stream_id = flags & 0x7F;
- if (mms->stream_num < MAX_STREAMS ) {
+ //The second condition is for checking CS_PKT_STREAM_ID_REQUEST packet size,
+ //we can calcuate the packet size by stream_num.
+ //Please see function send_stream_selection_request().
+ if (mms->stream_num < MAX_STREAMS &&
+ 46 + mms->stream_num * 6 < sizeof(mms->out_buffer)) {
mms->streams[mms->stream_num].id = stream_id;
mms->stream_num++;
} else {
- dprintf(NULL, "Too many streams.\n");
- return -1;
+ av_log(NULL, AV_LOG_ERROR,
+ "Corrupt stream (too many A/V streams)\n");
+ return AVERROR_INVALIDDATA;
}
+ } else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) {
+ chunksize = 46; // see mmst.c references [2] section 3.4. This should be set 46.
}
p += chunksize;
}
+
return 0;
}
More information about the FFmpeg-soc
mailing list