/*
* MMS protocol common definitions.
* Copyright (c) 2006,2007 Ryan Martell
- * Copyright (c) 2007 Björn Axelsson
+ * Copyright (c) 2007 Björn Axelsson
* Copyright (c) 2010 Zhentan Feng <spyfeng at gmail dot com>
*
- * This file is part of FFmpeg.
+ * This file is part of Libav.
*
- * FFmpeg is free software; you can redistribute it and/or
+ * Libav is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
- * FFmpeg is distributed in the hope that it will be useful,
+ * Libav is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
- * License along with FFmpeg; if not, write to the Free Software
+ * License along with Libav; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include "mms.h"
#include "asf.h"
#include "libavutil/intreadwrite.h"
+#define MMS_MAX_STREAMS 256 /**< arbitrary sanity check value */
+
int ff_mms_read_header(MMSContext *mms, uint8_t *buf, const int size)
{
char *pos;
//The second condition is for checking CS_PKT_STREAM_ID_REQUEST packet size,
//we can calcuate the packet size by stream_num.
//Please see function send_stream_selection_request().
- if (mms->stream_num < MAX_STREAMS &&
+ if (mms->stream_num < MMS_MAX_STREAMS &&
46 + mms->stream_num * 6 < sizeof(mms->out_buffer)) {
mms->streams = av_fast_realloc(mms->streams,
&mms->nb_streams_allocated,
"Corrupt stream (too many A/V streams)\n");
return AVERROR_INVALIDDATA;
}
+ } else if (!memcmp(p, ff_asf_ext_stream_header, sizeof(ff_asf_guid))) {
+ if (end - p >= 88) {
+ int stream_count = AV_RL16(p + 84), ext_len_count = AV_RL16(p + 86);
+ uint64_t skip_bytes = 88;
+ while (stream_count--) {
+ if (end - p < skip_bytes + 4) {
+ av_log(NULL, AV_LOG_ERROR,
+ "Corrupt stream (next stream name length is not in the buffer)\n");
+ return AVERROR_INVALIDDATA;
+ }
+ skip_bytes += 4 + AV_RL16(p + skip_bytes + 2);
+ }
+ while (ext_len_count--) {
+ if (end - p < skip_bytes + 22) {
+ av_log(NULL, AV_LOG_ERROR,
+ "Corrupt stream (next extension system info length is not in the buffer)\n");
+ return AVERROR_INVALIDDATA;
+ }
+ skip_bytes += 22 + AV_RL32(p + skip_bytes + 18);
+ }
+ if (end - p < skip_bytes) {
+ av_log(NULL, AV_LOG_ERROR,
+ "Corrupt stream (the last extension system info length is invalid)\n");
+ return AVERROR_INVALIDDATA;
+ }
+ if (chunksize - skip_bytes > 24)
+ chunksize = skip_bytes;
+ }
} else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) {
chunksize = 46; // see references [2] section 3.4. This should be set 46.
}