X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavformat%2Fid3v2.c;h=df11b5450cbd4f96468cdfc7acdb89c7ae70536a;hb=18b3deee2256a8861fd292653c8dd3ef191ef893;hp=f7de26a1d8e543eadc1d2e7ff22d2d4d1471b3dc;hpb=203bbaccfaaeac9548862e83792d38509a8c8167;p=ffmpeg diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c index f7de26a1d8e..df11b5450cb 100644 --- a/libavformat/id3v2.c +++ b/libavformat/id3v2.c @@ -36,6 +36,7 @@ #include "libavutil/bprint.h" #include "libavutil/dict.h" #include "libavutil/intreadwrite.h" +#include "libavcodec/png.h" #include "avio_internal.h" #include "internal.h" #include "id3v1.h" @@ -224,7 +225,6 @@ static void free_geobtag(void *obj) av_freep(&geob->file_name); av_freep(&geob->description); av_freep(&geob->data); - av_free(geob); } /** @@ -360,8 +360,8 @@ static void read_uslt(AVFormatContext *s, AVIOContext *pb, int taglen, { uint8_t lang[4]; uint8_t *descriptor = NULL; // 'Content descriptor' - uint8_t *text = NULL; - char *key = NULL; + uint8_t *text; + char *key; int encoding; int ok = 0; @@ -386,18 +386,19 @@ static void read_uslt(AVFormatContext *s, AVIOContext *pb, int taglen, key = av_asprintf("lyrics-%s%s%s", descriptor[0] ? (char *)descriptor : "", descriptor[0] ? "-" : "", lang); - if (!key) + if (!key) { + av_free(text); goto error; + } - av_dict_set(metadata, key, text, 0); + av_dict_set(metadata, key, text, + AV_DICT_DONT_STRDUP_KEY | AV_DICT_DONT_STRDUP_VAL); ok = 1; error: if (!ok) av_log(s, AV_LOG_ERROR, "Error reading lyrics, skipped\n"); av_free(descriptor); - av_free(text); - av_free(key); } /** @@ -457,20 +458,15 @@ static void read_geobtag(AVFormatContext *s, AVIOContext *pb, int taglen, if (taglen < 1) return; - geob_data = av_mallocz(sizeof(ID3v2ExtraMetaGEOB)); - if (!geob_data) { - av_log(s, AV_LOG_ERROR, "Failed to alloc %"SIZE_SPECIFIER" bytes\n", - sizeof(ID3v2ExtraMetaGEOB)); - return; - } - new_extra = av_mallocz(sizeof(ID3v2ExtraMeta)); if (!new_extra) { av_log(s, AV_LOG_ERROR, "Failed to alloc %"SIZE_SPECIFIER" bytes\n", sizeof(ID3v2ExtraMeta)); - goto fail; + return; } + geob_data = &new_extra->data.geob; + /* read encoding type byte */ encoding = avio_r8(pb); taglen--; @@ -509,7 +505,6 @@ static void read_geobtag(AVFormatContext *s, AVIOContext *pb, int taglen, /* add data to the list */ new_extra->tag = "GEOB"; - new_extra->data = geob_data; new_extra->next = *extra_meta; *extra_meta = new_extra; @@ -575,7 +570,6 @@ static void free_apic(void *obj) ID3v2ExtraMetaAPIC *apic = obj; av_buffer_unref(&apic->buf); av_freep(&apic->description); - av_freep(&apic); } static void rstrip_spaces(char *buf) @@ -590,7 +584,7 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb, int taglen, int isv34) { int enc, pic_type; - char mimetype[64]; + char mimetype[64] = {0}; const CodecMime *mime = ff_id3v2_mime_tags; enum AVCodecID id = AV_CODEC_ID_NONE; ID3v2ExtraMetaAPIC *apic = NULL; @@ -601,18 +595,24 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb, int taglen, goto fail; new_extra = av_mallocz(sizeof(*new_extra)); - apic = av_mallocz(sizeof(*apic)); - if (!new_extra || !apic) + if (!new_extra) goto fail; + apic = &new_extra->data.apic; + enc = avio_r8(pb); taglen--; /* mimetype */ if (isv34) { - taglen -= avio_get_str(pb, taglen, mimetype, sizeof(mimetype)); + int ret = avio_get_str(pb, taglen, mimetype, sizeof(mimetype)); + if (ret < 0 || ret >= taglen) + goto fail; + taglen -= ret; } else { - avio_read(pb, mimetype, 3); + if (avio_read(pb, mimetype, 3) < 0) + goto fail; + mimetype[3] = 0; taglen -= 3; } @@ -654,7 +654,6 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb, int taglen, memset(apic->buf->data + taglen, 0, AV_INPUT_BUFFER_PADDING_SIZE); new_extra->tag = "APIC"; - new_extra->data = apic; new_extra->next = *extra_meta; *extra_meta = new_extra; @@ -676,7 +675,6 @@ static void free_chapter(void *obj) ID3v2ExtraMetaCHAP *chap = obj; av_freep(&chap->element_id); av_dict_free(&chap->meta); - av_freep(&chap); } static void read_chapter(AVFormatContext *s, AVIOContext *pb, int len, const char *ttag, ID3v2ExtraMeta **extra_meta, int isv34) @@ -687,10 +685,10 @@ static void read_chapter(AVFormatContext *s, AVIOContext *pb, int len, const cha ID3v2ExtraMetaCHAP *chap = NULL; new_extra = av_mallocz(sizeof(*new_extra)); - chap = av_mallocz(sizeof(*chap)); + if (!new_extra) + return; - if (!new_extra || !chap) - goto fail; + chap = &new_extra->data.chap; if (decode_str(s, pb, 0, &chap->element_id, &len) < 0) goto fail; @@ -723,15 +721,13 @@ static void read_chapter(AVFormatContext *s, AVIOContext *pb, int len, const cha ff_metadata_conv(&chap->meta, NULL, ff_id3v2_4_metadata_conv); new_extra->tag = "CHAP"; - new_extra->data = chap; new_extra->next = *extra_meta; *extra_meta = new_extra; return; fail: - if (chap) - free_chapter(chap); + free_chapter(chap); av_freep(&new_extra); } @@ -740,7 +736,6 @@ static void free_priv(void *obj) ID3v2ExtraMetaPRIV *priv = obj; av_freep(&priv->owner); av_freep(&priv->data); - av_freep(&priv); } static void read_priv(AVFormatContext *s, AVIOContext *pb, int taglen, @@ -750,10 +745,10 @@ static void read_priv(AVFormatContext *s, AVIOContext *pb, int taglen, ID3v2ExtraMetaPRIV *priv; meta = av_mallocz(sizeof(*meta)); - priv = av_mallocz(sizeof(*priv)); + if (!meta) + return; - if (!meta || !priv) - goto fail; + priv = &meta->data.priv; if (decode_str(s, pb, ID3v2_ENCODING_ISO8859, &priv->owner, &taglen) < 0) goto fail; @@ -768,15 +763,13 @@ static void read_priv(AVFormatContext *s, AVIOContext *pb, int taglen, goto fail; meta->tag = "PRIV"; - meta->data = priv; meta->next = *extra_meta; *extra_meta = meta; return; fail: - if (priv) - free_priv(priv); + free_priv(priv); av_freep(&meta); } @@ -1003,6 +996,11 @@ static void id3v2_parse(AVIOContext *pb, AVDictionary **metadata, av_log(s, AV_LOG_DEBUG, "Compresssed frame %s tlen=%d dlen=%ld\n", tag, tlen, dlen); + if (tlen <= 0) + goto seek; + if (dlen / 32768 > tlen) + goto seek; + av_fast_malloc(&uncompressed_buffer, &uncompressed_buffer_size, dlen); if (!uncompressed_buffer) { av_log(s, AV_LOG_ERROR, "Failed to alloc %ld bytes\n", dlen); @@ -1128,7 +1126,7 @@ void ff_id3v2_free_extra_meta(ID3v2ExtraMeta **extra_meta) while (current) { if ((extra_func = get_extra_meta_func(current->tag, 1))) - extra_func->free(current->data); + extra_func->free(¤t->data); next = current->next; av_freep(¤t); current = next; @@ -1137,17 +1135,17 @@ void ff_id3v2_free_extra_meta(ID3v2ExtraMeta **extra_meta) *extra_meta = NULL; } -int ff_id3v2_parse_apic(AVFormatContext *s, ID3v2ExtraMeta **extra_meta) +int ff_id3v2_parse_apic(AVFormatContext *s, ID3v2ExtraMeta *extra_meta) { ID3v2ExtraMeta *cur; - for (cur = *extra_meta; cur; cur = cur->next) { + for (cur = extra_meta; cur; cur = cur->next) { ID3v2ExtraMetaAPIC *apic; AVStream *st; if (strcmp(cur->tag, "APIC")) continue; - apic = cur->data; + apic = &cur->data.apic; if (!(st = avformat_new_stream(s, NULL))) return AVERROR(ENOMEM); @@ -1156,7 +1154,7 @@ int ff_id3v2_parse_apic(AVFormatContext *s, ID3v2ExtraMeta **extra_meta) st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO; st->codecpar->codec_id = apic->id; - if (AV_RB64(apic->buf->data) == 0x89504e470d0a1a0a) + if (AV_RB64(apic->buf->data) == PNGSIG) st->codecpar->codec_id = AV_CODEC_ID_PNG; if (apic->description[0]) @@ -1177,7 +1175,7 @@ int ff_id3v2_parse_apic(AVFormatContext *s, ID3v2ExtraMeta **extra_meta) return 0; } -int ff_id3v2_parse_chapters(AVFormatContext *s, ID3v2ExtraMeta **extra_meta) +int ff_id3v2_parse_chapters(AVFormatContext *s, ID3v2ExtraMeta *extra_meta) { int ret = 0; ID3v2ExtraMeta *cur; @@ -1188,12 +1186,12 @@ int ff_id3v2_parse_chapters(AVFormatContext *s, ID3v2ExtraMeta **extra_meta) // since extra_meta is a linked list where elements are prepended, // we need to reverse the order of chapters - for (cur = *extra_meta; cur; cur = cur->next) { + for (cur = extra_meta; cur; cur = cur->next) { ID3v2ExtraMetaCHAP *chap; if (strcmp(cur->tag, "CHAP")) continue; - chap = cur->data; + chap = &cur->data.chap; if ((ret = av_dynarray_add_nofree(&chapters, &num_chapters, chap)) < 0) goto end; @@ -1228,14 +1226,14 @@ end: return ret; } -int ff_id3v2_parse_priv_dict(AVDictionary **metadata, ID3v2ExtraMeta **extra_meta) +int ff_id3v2_parse_priv_dict(AVDictionary **metadata, ID3v2ExtraMeta *extra_meta) { ID3v2ExtraMeta *cur; int dict_flags = AV_DICT_DONT_OVERWRITE | AV_DICT_DONT_STRDUP_KEY | AV_DICT_DONT_STRDUP_VAL; - for (cur = *extra_meta; cur; cur = cur->next) { + for (cur = extra_meta; cur; cur = cur->next) { if (!strcmp(cur->tag, "PRIV")) { - ID3v2ExtraMetaPRIV *priv = cur->data; + ID3v2ExtraMetaPRIV *priv = &cur->data.priv; AVBPrint bprint; char *escaped, *key; int i, ret; @@ -1260,8 +1258,6 @@ int ff_id3v2_parse_priv_dict(AVDictionary **metadata, ID3v2ExtraMeta **extra_met } if ((ret = av_dict_set(metadata, key, escaped, dict_flags)) < 0) { - av_free(key); - av_free(escaped); return ret; } } @@ -1270,7 +1266,7 @@ int ff_id3v2_parse_priv_dict(AVDictionary **metadata, ID3v2ExtraMeta **extra_met return 0; } -int ff_id3v2_parse_priv(AVFormatContext *s, ID3v2ExtraMeta **extra_meta) +int ff_id3v2_parse_priv(AVFormatContext *s, ID3v2ExtraMeta *extra_meta) { return ff_id3v2_parse_priv_dict(&s->metadata, extra_meta); }