EBML_NEST,
EBML_PASS,
EBML_STOP,
+ EBML_TYPE_COUNT
} EbmlType;
typedef const struct EbmlSyntax {
double time_scale;
uint64_t default_duration;
uint64_t flag_default;
+ uint64_t flag_forced;
MatroskaTrackVideo video;
MatroskaTrackAudio audio;
EbmlList encodings;
{ MATROSKA_ID_TRACKDEFAULTDURATION, EBML_UINT, 0, offsetof(MatroskaTrack,default_duration) },
{ MATROSKA_ID_TRACKTIMECODESCALE, EBML_FLOAT,0, offsetof(MatroskaTrack,time_scale), {.f=1.0} },
{ MATROSKA_ID_TRACKFLAGDEFAULT, EBML_UINT, 0, offsetof(MatroskaTrack,flag_default), {.u=1} },
+ { MATROSKA_ID_TRACKFLAGFORCED, EBML_UINT, 0, offsetof(MatroskaTrack,flag_forced), {.u=0} },
{ MATROSKA_ID_TRACKVIDEO, EBML_NEST, 0, offsetof(MatroskaTrack,video), {.n=matroska_track_video} },
{ MATROSKA_ID_TRACKAUDIO, EBML_NEST, 0, offsetof(MatroskaTrack,audio), {.n=matroska_track_audio} },
{ MATROSKA_ID_TRACKCONTENTENCODINGS,EBML_NEST, 0, 0, {.n=matroska_track_encodings} },
{ MATROSKA_ID_TRACKFLAGENABLED, EBML_NONE },
- { MATROSKA_ID_TRACKFLAGFORCED, EBML_NONE },
{ MATROSKA_ID_TRACKFLAGLACING, EBML_NONE },
{ MATROSKA_ID_CODECNAME, EBML_NONE },
{ MATROSKA_ID_CODECDECODEALL, EBML_NONE },
static int ebml_read_num(MatroskaDemuxContext *matroska, ByteIOContext *pb,
int max_size, uint64_t *number)
{
- int len_mask = 0x80, read = 1, n = 1;
- int64_t total = 0;
+ int read = 1, n = 1;
+ uint64_t total = 0;
/* The first byte tells us the length in bytes - get_byte() can normally
* return 0, but since that's not a valid first ebmlID byte, we can
}
/* get the length of the EBML number */
- while (read <= max_size && !(total & len_mask)) {
- read++;
- len_mask >>= 1;
- }
+ read = 8 - ff_log2_tab[total];
if (read > max_size) {
int64_t pos = url_ftell(pb) - 1;
av_log(matroska->ctx, AV_LOG_ERROR,
}
/* read out length */
- total &= ~len_mask;
+ total ^= 1 << ff_log2_tab[total];
while (n++ < read)
total = (total << 8) | get_byte(pb);
return read;
}
+/**
+ * Read a EBML length value.
+ * This needs special handling for the "unknown length" case which has multiple
+ * encodings.
+ */
+static int ebml_read_length(MatroskaDemuxContext *matroska, ByteIOContext *pb,
+ uint64_t *number)
+{
+ int res = ebml_read_num(matroska, pb, 8, number);
+ if (res > 0 && *number + 1 == 1ULL << (7 * res))
+ *number = 0xffffffffffffffULL;
+ return res;
+}
+
/*
* Read the next element as an unsigned int.
* 0 is success, < 0 is failure.
{
int n = 0;
- if (size < 1 || size > 8)
+ if (size > 8)
return AVERROR_INVALIDDATA;
/* big-endian ordering; build up number */
*/
static int ebml_read_float(ByteIOContext *pb, int size, double *num)
{
- if (size == 4) {
+ if (size == 0) {
+ *num = 0;
+ } else if (size == 4) {
*num= av_int2flt(get_be32(pb));
} else if(size==8){
*num= av_int2dbl(get_be64(pb));
static int ebml_parse_elem(MatroskaDemuxContext *matroska,
EbmlSyntax *syntax, void *data)
{
+ static const uint64_t max_lengths[EBML_TYPE_COUNT] = {
+ [EBML_UINT] = 8,
+ [EBML_FLOAT] = 8,
+ // max. 16 MB for strings
+ [EBML_STR] = 0x1000000,
+ [EBML_UTF8] = 0x1000000,
+ // max. 256 MB for binary data
+ [EBML_BIN] = 0x10000000,
+ // no limits for anything else
+ };
ByteIOContext *pb = matroska->ctx->pb;
uint32_t id = syntax->id;
uint64_t length;
if (syntax->type != EBML_PASS && syntax->type != EBML_STOP) {
matroska->current_id = 0;
- if ((res = ebml_read_num(matroska, pb, 8, &length)) < 0)
+ if ((res = ebml_read_length(matroska, pb, &length)) < 0)
return res;
+ if (max_lengths[syntax->type] && length > max_lengths[syntax->type]) {
+ av_log(matroska->ctx, AV_LOG_ERROR,
+ "Invalid length 0x%"PRIx64" > 0x%"PRIx64" for syntax element %i\n",
+ length, max_lengths[syntax->type], syntax->type);
+ return AVERROR_INVALIDDATA;
+ }
}
switch (syntax->type) {
int result = 0;
int olen;
+ if (pkt_size >= 10000000)
+ return -1;
+
switch (encodings[0].compression.algo) {
case MATROSKA_TRACK_ENCODING_COMP_HEADERSTRIP:
return encodings[0].compression.settings.size;
for (i=0; i < list->nb_elem; i++) {
const char *lang = strcmp(tags[i].lang, "und") ? tags[i].lang : NULL;
+
+ if (!tags[i].name) {
+ av_log(s, AV_LOG_WARNING, "Skipping invalid tag with no TagName.\n");
+ continue;
+ }
if (prefix) snprintf(key, sizeof(key), "%s/%s", prefix, tags[i].name);
else av_strlcpy(key, tags[i].name, sizeof(key));
if (tags[i].def || !lang) {
matroska_convert_tag(s, &tags[i].sub, metadata, key);
}
}
+ ff_metadata_conv(metadata, NULL, ff_mkv_metadata_conv);
}
static void matroska_convert_tags(AVFormatContext *s)
uint64_t max_start = 0;
Ebml ebml = { 0 };
AVStream *st;
- int i, j;
+ int i, j, res;
matroska->ctx = s;
ebml_free(ebml_syntax, &ebml);
/* The next thing is a segment. */
- if (ebml_parse(matroska, matroska_segments, matroska) < 0)
- return -1;
+ if ((res = ebml_parse(matroska, matroska_segments, matroska)) < 0)
+ return res;
matroska_execute_seekhead(matroska);
if (!matroska->time_scale)
if (track->flag_default)
st->disposition |= AV_DISPOSITION_DEFAULT;
+ if (track->flag_forced)
+ st->disposition |= AV_DISPOSITION_FORCED;
if (track->default_duration)
av_reduce(&st->codec->time_base.num, &st->codec->time_base.den,
int offset = 0, pkt_size = lace_size[n];
uint8_t *pkt_data = data;
- if (lace_size[n] > size) {
+ if (pkt_size > size) {
av_log(matroska->ctx, AV_LOG_ERROR, "Invalid packet size\n");
break;
}
if (matroska->prev_pkt &&
timecode != AV_NOPTS_VALUE &&
matroska->prev_pkt->pts == timecode &&
- matroska->prev_pkt->stream_index == st->index)
+ matroska->prev_pkt->stream_index == st->index &&
+ st->codec->codec_id == CODEC_ID_SSA)
matroska_merge_packets(matroska->prev_pkt, pkt);
else {
dynarray_add(&matroska->packets,&matroska->num_packets,pkt);
return 0;
}
-AVInputFormat matroska_demuxer = {
- "matroska",
- NULL_IF_CONFIG_SMALL("Matroska file format"),
+AVInputFormat ff_matroska_demuxer = {
+ "matroska,webm",
+ NULL_IF_CONFIG_SMALL("Matroska/WebM file format"),
sizeof(MatroskaDemuxContext),
matroska_probe,
matroska_read_header,
matroska_read_packet,
matroska_read_close,
matroska_read_seek,
- .metadata_conv = ff_mkv_metadata_conv,
};
projects / ffmpeg / blobdiff