asfdec: replace magic constant with DATA_HEADER_SIZE

[ffmpeg] / libavformat / omadec.c

diff --git a/libavformat/omadec.c b/libavformat/omadec.c
index b932ec33d0e8037609a2012578f47482b5a54c12..274112e5af7b42315c36ba2242589717221ad1b0 100644 (file)
--- a/libavformat/omadec.c
+++ b/libavformat/omadec.c
@@ -115,13 +115,18 @@ static int kset(AVFormatContext *s, const uint8_t *r_val, const uint8_t *n_val,
     return 0;
 }
 
-static int rprobe(AVFormatContext *s, uint8_t *enc_header, const uint8_t *r_val)
+#define OMA_RPROBE_M_VAL 48 + 1
+
+static int rprobe(AVFormatContext *s, uint8_t *enc_header, unsigned size,
+                  const uint8_t *r_val)
 {
     OMAContext *oc = s->priv_data;
     unsigned int pos;
     struct AVDES av_des;
 
-    if (!enc_header || !r_val)
+    if (!enc_header || !r_val ||
+        size < OMA_ENC_HEADER_SIZE + oc->k_size + oc->e_size + oc->i_size ||
+        size < OMA_RPROBE_M_VAL)
         return -1;
 
     /* m_val */
@@ -142,36 +147,45 @@ static int rprobe(AVFormatContext *s, uint8_t *enc_header, const uint8_t *r_val)
     return memcmp(&enc_header[pos], oc->sm_val, 8) ? -1 : 0;
 }
 
-static int nprobe(AVFormatContext *s, uint8_t *enc_header, int size,
+static int nprobe(AVFormatContext *s, uint8_t *enc_header, unsigned size,
                   const uint8_t *n_val)
 {
     OMAContext *oc = s->priv_data;
-    uint32_t pos, taglen, datalen;
+    uint64_t pos;
+    uint32_t taglen, datalen;
     struct AVDES av_des;
 
-    if (!enc_header || !n_val)
+    if (!enc_header || !n_val ||
+        size < OMA_ENC_HEADER_SIZE + oc->k_size + 4)
         return -1;
 
     pos = OMA_ENC_HEADER_SIZE + oc->k_size;
     if (!memcmp(&enc_header[pos], "EKB ", 4))
         pos += 32;
 
+    if (size < pos + 44)
+        return -1;
+
     if (AV_RB32(&enc_header[pos]) != oc->rid)
         av_log(s, AV_LOG_DEBUG, "Mismatching RID\n");
 
     taglen  = AV_RB32(&enc_header[pos + 32]);
     datalen = AV_RB32(&enc_header[pos + 36]) >> 4;
 
-    if (taglen + (((uint64_t)datalen) << 4) + 44 > size)
+    pos += 44;
+    if (size - pos < taglen)
         return -1;
 
-    pos += 44 + taglen;
+    pos += taglen;
+
+    if (datalen << 4 > size - pos)
+        return -1;
 
     av_des_init(&av_des, n_val, 192, 1);
     while (datalen-- > 0) {
         av_des_crypt(&av_des, oc->r_val, &enc_header[pos], 2, NULL, 1);
         kset(s, oc->r_val, NULL, 16);
-        if (!rprobe(s, enc_header, oc->r_val))
+        if (!rprobe(s, enc_header, size, oc->r_val))
             return 0;
         pos += 16;
     }
@@ -200,13 +214,13 @@ static int decrypt_init(AVFormatContext *s, ID3v2ExtraMeta *em, uint8_t *header)
     }
     if (!em) {
         av_log(s, AV_LOG_ERROR, "No encryption header found\n");
-        return -1;
+        return AVERROR_INVALIDDATA;
     }
 
     if (geob->datasize < 64) {
         av_log(s, AV_LOG_ERROR,
                "Invalid GEOB data size: %u\n", geob->datasize);
-        return -1;
+        return AVERROR_INVALIDDATA;
     }
 
     gdata = geob->data;
@@ -221,7 +235,7 @@ static int decrypt_init(AVFormatContext *s, ID3v2ExtraMeta *em, uint8_t *header)
 
     if (memcmp(&gdata[OMA_ENC_HEADER_SIZE], "KEYRING     ", 12)) {
         av_log(s, AV_LOG_ERROR, "Invalid encryption header\n");
-        return -1;
+        return AVERROR_INVALIDDATA;
     }
     oc->rid = AV_RB32(&gdata[OMA_ENC_HEADER_SIZE + 28]);
     av_log(s, AV_LOG_DEBUG, "RID: %.8x\n", oc->rid);
@@ -237,7 +251,7 @@ static int decrypt_init(AVFormatContext *s, ID3v2ExtraMeta *em, uint8_t *header)
         kset(s, s->key, s->key, s->keylen);
     }
     if (!memcmp(oc->r_val, (const uint8_t[8]){0}, 8) ||
-        rprobe(s, gdata, oc->r_val) < 0 &&
+        rprobe(s, gdata, geob->datasize, oc->r_val) < 0 &&
         nprobe(s, gdata, geob->datasize, oc->n_val) < 0) {
         int i;
         for (i = 0; i < FF_ARRAY_ELEMS(leaf_table); i += 2) {
@@ -245,13 +259,13 @@ static int decrypt_init(AVFormatContext *s, ID3v2ExtraMeta *em, uint8_t *header)
             AV_WL64(buf,     leaf_table[i]);
             AV_WL64(&buf[8], leaf_table[i + 1]);
             kset(s, buf, buf, 16);
-            if (!rprobe(s, gdata, oc->r_val) ||
+            if (!rprobe(s, gdata, geob->datasize, oc->r_val) ||
                 !nprobe(s, gdata, geob->datasize, oc->n_val))
                 break;
         }
         if (i >= sizeof(leaf_table)) {
             av_log(s, AV_LOG_ERROR, "Invalid key\n");
-            return -1;
+            return AVERROR_INVALIDDATA;
         }
     }
 
@@ -286,7 +300,7 @@ static int oma_read_header(AVFormatContext *s)
     if (memcmp(buf, ((const uint8_t[]){'E', 'A', '3'}), 3) ||
         buf[4] != 0 || buf[5] != EA3_HEADER_SIZE) {
         av_log(s, AV_LOG_ERROR, "Couldn't find the EA3 header !\n");
-        return -1;
+        return AVERROR_INVALIDDATA;
     }
 
     oc->content_start = avio_tell(s->pb);
@@ -332,7 +346,7 @@ static int oma_read_header(AVFormatContext *s)
         st->codec->sample_rate = samplerate;
         st->codec->bit_rate    = st->codec->sample_rate * framesize * 8 / 1024;
 
-        /* fake the atrac3 extradata
+        /* fake the ATRAC3 extradata
          * (wav format, makes stream copy to wav work) */
         st->codec->extradata_size = 14;
         edata = av_mallocz(14 + FF_INPUT_BUFFER_PADDING_SIZE);
@@ -380,7 +394,7 @@ static int oma_read_header(AVFormatContext *s)
         break;
     default:
         av_log(s, AV_LOG_ERROR, "Unsupported codec %d!\n", buf[32]);
-        return -1;
+        return AVERROR(ENOSYS);
     }
 
     st->codec->block_align = framesize;
@@ -395,16 +409,24 @@ static int oma_read_packet(AVFormatContext *s, AVPacket *pkt)
     int packet_size = s->streams[0]->codec->block_align;
     int ret = av_get_packet(s->pb, pkt, packet_size);
 
-    if (ret <= 0)
-        return AVERROR(EIO);
+    if (ret < packet_size)
+        pkt->flags |= AV_PKT_FLAG_CORRUPT;
+
+    if (ret < 0)
+        return ret;
+    if (!ret)
+        return AVERROR_EOF;
 
     pkt->stream_index = 0;
 
     if (oc->encrypted) {
         /* previous unencrypted block saved in IV for
          * the next packet (CBC mode) */
-        av_des_crypt(&oc->av_des, pkt->data, pkt->data,
-                     (packet_size >> 3), oc->iv, 1);
+        if (ret == packet_size)
+            av_des_crypt(&oc->av_des, pkt->data, pkt->data,
+                         (packet_size >> 3), oc->iv, 1);
+        else
+            memset(oc->iv, 0, 8);
     }
 
     return ret;
@@ -428,7 +450,7 @@ static int oma_read_probe(AVProbeData *p)
     /* This check cannot overflow as tag_len has at most 28 bits */
     if (p->buf_size < tag_len + 5)
         /* EA3 header comes late, might be outside of the probe buffer */
-        return AVPROBE_SCORE_MAX / 2;
+        return AVPROBE_SCORE_EXTENSION;
 
     buf += tag_len;
 
@@ -442,24 +464,26 @@ static int oma_read_seek(struct AVFormatContext *s,
                          int stream_index, int64_t timestamp, int flags)
 {
     OMAContext *oc = s->priv_data;
-
-    ff_pcm_read_seek(s, stream_index, timestamp, flags);
-
-    if (oc->encrypted) {
-        /* readjust IV for CBC */
-        int64_t pos = avio_tell(s->pb);
-        if (pos < oc->content_start)
-            memset(oc->iv, 0, 8);
-        else {
-            if (avio_seek(s->pb, -8, SEEK_CUR) < 0 ||
-                avio_read(s->pb, oc->iv, 8) < 8) {
-                memset(oc->iv, 0, 8);
-                return -1;
-            }
-        }
+    int err = ff_pcm_read_seek(s, stream_index, timestamp, flags);
+
+    if (!oc->encrypted)
+        return err;
+
+    /* readjust IV for CBC */
+    if (err || avio_tell(s->pb) < oc->content_start)
+        goto wipe;
+    if ((err = avio_seek(s->pb, -8, SEEK_CUR)) < 0)
+        goto wipe;
+    if ((err = avio_read(s->pb, oc->iv, 8)) < 8) {
+        if (err >= 0)
+            err = AVERROR_EOF;
+        goto wipe;
     }
 
     return 0;
+wipe:
+    memset(oc->iv, 0, 8);
+    return err;
 }
 
 AVInputFormat ff_oma_demuxer = {