return 0;
}
-static int rprobe(AVFormatContext *s, uint8_t *enc_header, const uint8_t *r_val)
+#define OMA_RPROBE_M_VAL 48 + 1
+
+static int rprobe(AVFormatContext *s, uint8_t *enc_header, unsigned size,
+ const uint8_t *r_val)
{
OMAContext *oc = s->priv_data;
unsigned int pos;
struct AVDES av_des;
- if (!enc_header || !r_val)
+ if (!enc_header || !r_val ||
+ size < OMA_ENC_HEADER_SIZE + oc->k_size + oc->e_size + oc->i_size ||
+ size < OMA_RPROBE_M_VAL)
return -1;
/* m_val */
return memcmp(&enc_header[pos], oc->sm_val, 8) ? -1 : 0;
}
-static int nprobe(AVFormatContext *s, uint8_t *enc_header, int size,
+static int nprobe(AVFormatContext *s, uint8_t *enc_header, unsigned size,
const uint8_t *n_val)
{
OMAContext *oc = s->priv_data;
- uint32_t pos, taglen, datalen;
+ uint64_t pos;
+ uint32_t taglen, datalen;
struct AVDES av_des;
- if (!enc_header || !n_val)
+ if (!enc_header || !n_val ||
+ size < OMA_ENC_HEADER_SIZE + oc->k_size + 4)
return -1;
pos = OMA_ENC_HEADER_SIZE + oc->k_size;
if (!memcmp(&enc_header[pos], "EKB ", 4))
pos += 32;
+ if (size < pos + 44)
+ return -1;
+
if (AV_RB32(&enc_header[pos]) != oc->rid)
av_log(s, AV_LOG_DEBUG, "Mismatching RID\n");
taglen = AV_RB32(&enc_header[pos + 32]);
datalen = AV_RB32(&enc_header[pos + 36]) >> 4;
- if (taglen + (((uint64_t)datalen) << 4) + 44 > size)
+ pos += 44;
+ if (size - pos < taglen)
return -1;
- pos += 44 + taglen;
+ pos += taglen;
+
+ if (datalen << 4 > size - pos)
+ return -1;
av_des_init(&av_des, n_val, 192, 1);
while (datalen-- > 0) {
av_des_crypt(&av_des, oc->r_val, &enc_header[pos], 2, NULL, 1);
kset(s, oc->r_val, NULL, 16);
- if (!rprobe(s, enc_header, oc->r_val))
+ if (!rprobe(s, enc_header, size, oc->r_val))
return 0;
pos += 16;
}
}
if (!em) {
av_log(s, AV_LOG_ERROR, "No encryption header found\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
if (geob->datasize < 64) {
av_log(s, AV_LOG_ERROR,
"Invalid GEOB data size: %u\n", geob->datasize);
- return -1;
+ return AVERROR_INVALIDDATA;
}
gdata = geob->data;
if (memcmp(&gdata[OMA_ENC_HEADER_SIZE], "KEYRING ", 12)) {
av_log(s, AV_LOG_ERROR, "Invalid encryption header\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
oc->rid = AV_RB32(&gdata[OMA_ENC_HEADER_SIZE + 28]);
av_log(s, AV_LOG_DEBUG, "RID: %.8x\n", oc->rid);
kset(s, s->key, s->key, s->keylen);
}
if (!memcmp(oc->r_val, (const uint8_t[8]){0}, 8) ||
- rprobe(s, gdata, oc->r_val) < 0 &&
+ rprobe(s, gdata, geob->datasize, oc->r_val) < 0 &&
nprobe(s, gdata, geob->datasize, oc->n_val) < 0) {
int i;
for (i = 0; i < FF_ARRAY_ELEMS(leaf_table); i += 2) {
AV_WL64(buf, leaf_table[i]);
AV_WL64(&buf[8], leaf_table[i + 1]);
kset(s, buf, buf, 16);
- if (!rprobe(s, gdata, oc->r_val) ||
+ if (!rprobe(s, gdata, geob->datasize, oc->r_val) ||
!nprobe(s, gdata, geob->datasize, oc->n_val))
break;
}
if (i >= sizeof(leaf_table)) {
av_log(s, AV_LOG_ERROR, "Invalid key\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
}
if (memcmp(buf, ((const uint8_t[]){'E', 'A', '3'}), 3) ||
buf[4] != 0 || buf[5] != EA3_HEADER_SIZE) {
av_log(s, AV_LOG_ERROR, "Couldn't find the EA3 header !\n");
- return -1;
+ return AVERROR_INVALIDDATA;
}
oc->content_start = avio_tell(s->pb);
st->codec->sample_rate = samplerate;
st->codec->bit_rate = st->codec->sample_rate * framesize * 8 / 1024;
- /* fake the atrac3 extradata
+ /* fake the ATRAC3 extradata
* (wav format, makes stream copy to wav work) */
st->codec->extradata_size = 14;
edata = av_mallocz(14 + FF_INPUT_BUFFER_PADDING_SIZE);
break;
default:
av_log(s, AV_LOG_ERROR, "Unsupported codec %d!\n", buf[32]);
- return -1;
+ return AVERROR(ENOSYS);
}
st->codec->block_align = framesize;
int packet_size = s->streams[0]->codec->block_align;
int ret = av_get_packet(s->pb, pkt, packet_size);
- if (ret <= 0)
- return AVERROR(EIO);
+ if (ret < packet_size)
+ pkt->flags |= AV_PKT_FLAG_CORRUPT;
+
+ if (ret < 0)
+ return ret;
+ if (!ret)
+ return AVERROR_EOF;
pkt->stream_index = 0;
if (oc->encrypted) {
/* previous unencrypted block saved in IV for
* the next packet (CBC mode) */
- av_des_crypt(&oc->av_des, pkt->data, pkt->data,
- (packet_size >> 3), oc->iv, 1);
+ if (ret == packet_size)
+ av_des_crypt(&oc->av_des, pkt->data, pkt->data,
+ (packet_size >> 3), oc->iv, 1);
+ else
+ memset(oc->iv, 0, 8);
}
return ret;
/* This check cannot overflow as tag_len has at most 28 bits */
if (p->buf_size < tag_len + 5)
/* EA3 header comes late, might be outside of the probe buffer */
- return AVPROBE_SCORE_MAX / 2;
+ return AVPROBE_SCORE_EXTENSION;
buf += tag_len;
int stream_index, int64_t timestamp, int flags)
{
OMAContext *oc = s->priv_data;
-
- ff_pcm_read_seek(s, stream_index, timestamp, flags);
-
- if (oc->encrypted) {
- /* readjust IV for CBC */
- int64_t pos = avio_tell(s->pb);
- if (pos < oc->content_start)
- memset(oc->iv, 0, 8);
- else {
- if (avio_seek(s->pb, -8, SEEK_CUR) < 0 ||
- avio_read(s->pb, oc->iv, 8) < 8) {
- memset(oc->iv, 0, 8);
- return -1;
- }
- }
+ int err = ff_pcm_read_seek(s, stream_index, timestamp, flags);
+
+ if (!oc->encrypted)
+ return err;
+
+ /* readjust IV for CBC */
+ if (err || avio_tell(s->pb) < oc->content_start)
+ goto wipe;
+ if ((err = avio_seek(s->pb, -8, SEEK_CUR)) < 0)
+ goto wipe;
+ if ((err = avio_read(s->pb, oc->iv, 8)) < 8) {
+ if (err >= 0)
+ err = AVERROR_EOF;
+ goto wipe;
}
return 0;
+wipe:
+ memset(oc->iv, 0, 8);
+ return err;
}
AVInputFormat ff_oma_demuxer = {