[MPlayer-dev-eng] bug in libmpdemux/demux_real.c

Pomarede Nicolas npomarede at corp.free.fr
Wed Jun 30 23:56:43 CEST 2004 

Hello,

while trying to listen to CD excerpts on amazon, I noticed that mplayer 
was unable to play the audio files.

After downloading the file and using "mplayer amazon.rm", I get :

----

Playing amazon.rm.
REAL file format detected.
======= WAVE Format =======
Format Tag: 28515 (0x6F63)
Channels: 2
Samplerate: 11025
avg byte/sec: 20000
Block align: 580
bits/sample: 16
cbSize: 28533
Unknown extra header dump: [3a] [0] [a] [0] [9] [0] [44] [2] [6b] [6f] [1] [2] [0] [0]
  [0] [0] [0] [8] [1] [0] [0] [2] [2] [0] [0] [b] [44] [41] [54] [41] [0] [1] [2c] [b2]
  [0] [0] [0] [0] [0] [82] [0] [0] [0] [0] [0] [0] [2] [50] [0] [0] [0] [0] [0] [0] [0]

<lots of dump>

90] [d1] [f1] [72] [12] [aa] [5e] [a9] [9f] [47] [73] [af] [15] [53] [0] 
[1] [37] [7a] [32] [f8]
===========================
demux_real: invalid chunksize! (-256)
RM: No audio stream found -> no sound.
No stream found.

----

I first thought I should force the decoder to use Real .so library with 
'-ac racook', but it didn't change anything, and using strace didn't show 
the library was loaded. The problem was before.

So, I had a look at libmpdemux/demux_real.c, using mplayer -v -v -v for 
more debug.
I then got :

==> Found audio stream: 0
Found audio stream!
version: 5
header size: 70
frame_size: 580
sub_packet_size: 58
samplerate: 11025, channels: 2
skipping -8 extra header bytes
======= WAVE Format =======

So the problem is in the negative amount skipped after the fourcc 'cook' 
in the MDPR chunk. After this negative offset, the rest of the data are 
misinterpreted, and the decoder doesn't find the DATA chunk just after the 
MDPR.

The problem seems to be related to 'hdr_size' (around line 1143). It seems 
it was assumed it was 4E bytes, but the files from amazon are using 46. 
The decoder correctly reads the value 46 in hdr_size, but then at line 
1196, we have :


if ((version != 3) && (hdr_size != 0x4e)) {
   mp_msg(MSGT_DEMUX,MSGL_V,"skipping %d extra header bytes\n", hdr_size-0x4e);
   stream_skip(demuxer->stream, hdr_size-0x4e);
}


And since 46-4e=-8, we skip 8 bytes backward into the stream, which totaly 
breaks the rest of the decoding.

I don't really know the structure of the Real file in that case, but 
removing this stream_skip fixed the problem, and the file is now correctly 
played (but perhaps this skip is still needed for other formats ?)

Hopefully someone with better knowledge than me of this format will know 
what to do now that the problem is detected.

Here's the dump of the beginning of the file, I can send the complete file 
(70 kB) to anyone wishing to analyze it (but I think any audio excerpt on 
amazon would be good) :

00000000   2E 52 4D 46  00 00 00 12  00 01 00 00  00 00 00 00  .RMF............
00000010   00 05 50 52  4F 50 00 00  00 32 00 00  00 00 4E 20  ..PROP...2....N
00000020   00 00 4E 20  00 00 02 44  00 00 02 44  00 00 00 82  ..N ...D...D....
00000030   00 00 75 E7  00 00 09 10  00 01 2D E3  00 00 01 31  ..u.......-....1
00000040   00 01 00 02  43 4F 4E 54  00 00 00 49  00 00 00 05  ....CONT...I....
00000050   53 6E 61 6B  65 00 1B 41  55 44 49 4F  20 42 55 4C  Snake..AUDIO BUL
00000060   4C 59 53 20  28 41 55 44  49 4F 20 42  55 4C 4C 59  LYS (AUDIO BULLY
00000070   53 29 00 0A  45 4D 49 20  28 32 30 30  33 29 00 0D  S)..EMI (2003)..
00000080   41 70 61 63  68 27 4E 65  74 57 6F 72  6B 4D 44 50  Apach'NetWorkMDP
00000090   52 00 00 00  A4 00 00 00  00 00 00 4E  20 00 00 4E  R..........N ..N
000000A0   20 00 00 02  44 00 00 02  44 00 00 00  00 00 00 09   ...D...D.......
000000B0   10 00 00 75  E7 0C 41 75  64 69 6F 20  53 74 72 65  ...u..Audio Stre
000000C0   61 6D 14 61  75 64 69 6F  2F 78 2D 70  6E 2D 72 65  am.audio/x-pn-re
000000D0   61 6C 61 75  64 69 6F 00  00 00 56 2E  72 61 FD 00  alaudio...V.ra..
000000E0   05 00 00 2E  72 61 35 00  00 00 00 00  05 00 00 00  ....ra5.........
000000F0   46 00 09 00  00 02 44 00  01 26 88 00  02 49 70 00  F.....D..&...Ip.
00000100   02 49 70 00  0A 02 44 00  3A 00 00 00  00 2B 11 00  .Ip...D.:....+..
00000110   00 2B 11 00  00 00 10 00  02 67 65 6E  72 63 6F 6F  .+.......genrcoo
00000120   6B 01 02 00  00 00 00 00  08 01 00 00  02 02 00 00  k...............
00000130   0B 44 41 54  41 00 01 2C  B2 00 00 00  00 00 82 00  .DATA..,........
00000140   00 00 00 00  00 02 50 00  00 00 00 00  00 00 02 37  ......P........7
00000150   1A E1 9B B3  45 11 F2 37  C5 11 F2 37  C5 11 F2 37  ....E..7...7...7

'hdr_size' is at offset F0 -> 46.

After using mplayer since its very early versions (many years ago !), I 
thought it was time to contribute sthg to it, so I hope it's not too late 
to fix this for the soon to come next release ;-)

Bye and congrats to all the developpers !

----------------
Nicolas Pomarede                   e-mail:   npomarede at corp.free.fr

"In a world without walls and fences, who needs windows and gates ?"

More information about the MPlayer-dev-eng mailing list