**/
#include <stdlib.h>
+#include "libavutil/avstring.h"
+#include "libavutil/bswap.h"
+#include "libavcodec/bitstream.h"
+#include "libavcodec/bytestream.h"
#include "avformat.h"
-#include "bitstream.h"
-#include "bswap.h"
-#include "ogg2.h"
-#include "avstring.h"
+#include "oggdec.h"
extern int
vorbis_comment(AVFormatContext * as, uint8_t *buf, int size)
{
- char *p = buf;
- int s, n, j;
+ const uint8_t *p = buf;
+ const uint8_t *end = buf + size;
+ unsigned s, n, j;
- if (size < 4)
+ if (size < 8) /* must have vendor_length and user_comment_list_length */
return -1;
- s = AV_RL32(p);
- p += 4;
- size -= 4;
+ s = bytestream_get_le32(&p);
- if (size < s + 4)
+ if (end - p < s)
return -1;
p += s;
- size -= s;
- n = AV_RL32(p);
- p += 4;
- size -= 4;
+ n = bytestream_get_le32(&p);
- while (size >= 4) {
- char *t, *v;
+ while (p < end && n > 0) {
+ const char *t, *v;
int tl, vl;
- s = AV_RL32(p);
- p += 4;
- size -= 4;
+ s = bytestream_get_le32(&p);
- if (size < s)
+ if (end - p < s)
break;
t = p;
p += s;
- size -= s;
n--;
v = memchr(t, '=', s);
}
}
- if (size > 0)
- av_log(as, AV_LOG_INFO, "%i bytes of comment header remain\n", size);
+ if (p != end)
+ av_log(as, AV_LOG_INFO, "%ti bytes of comment header remain\n", p-end);
if (n > 0)
av_log(as, AV_LOG_INFO,
"truncated comment header, %i comments not found\n", n);
return 0;
}
+ if (os->psize < 1)
+ return -1;
+
priv = os->private;
priv->len[os->seq] = os->psize;
priv->packet[os->seq] = av_mallocz(os->psize);
memcpy(priv->packet[os->seq], os->buf + os->pstart, os->psize);
if (os->buf[os->pstart] == 1) {
- uint8_t *p = os->buf + os->pstart + 11; //skip up to the audio channels
- st->codec->channels = *p++;
- st->codec->sample_rate = AV_RL32(p);
- p += 8; //skip maximum and and nominal bitrate
- st->codec->bit_rate = AV_RL32(p); //Minimum bitrate
+ const uint8_t *p = os->buf + os->pstart + 7; /* skip "\001vorbis" tag */
+ unsigned blocksize, bs0, bs1;
+
+ if (os->psize != 30)
+ return -1;
+
+ if (bytestream_get_le32(&p) != 0) /* vorbis_version */
+ return -1;
+
+ st->codec->channels = bytestream_get_byte(&p);
+ st->codec->sample_rate = bytestream_get_le32(&p);
+ p += 4; // skip maximum bitrate
+ st->codec->bit_rate = bytestream_get_le32(&p); // nominal bitrate
+ p += 4; // skip minimum bitrate
+
+ blocksize = bytestream_get_byte(&p);
+ bs0 = blocksize & 15;
+ bs1 = blocksize >> 4;
+
+ if (bs0 > bs1)
+ return -1;
+ if (bs0 < 6 || bs1 > 13)
+ return -1;
+
+ if (bytestream_get_byte(&p) != 1) /* framing_flag */
+ return -1;
st->codec->codec_type = CODEC_TYPE_AUDIO;
st->codec->codec_id = CODEC_ID_VORBIS;
st->time_base.num = 1;
st->time_base.den = st->codec->sample_rate;
} else if (os->buf[os->pstart] == 3) {
- vorbis_comment (s, os->buf + os->pstart + 7, os->psize - 8);
+ if (os->psize > 8)
+ vorbis_comment (s, os->buf + os->pstart + 7, os->psize - 8);
} else {
st->codec->extradata_size =
fixup_vorbis_headers(s, priv, &st->codec->extradata);
projects / ffmpeg / blobdiff