X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=modules%2Fdemux%2Fmp4%2Flibmp4.c;h=d66e173b4780e7dcfc1a7007f8ec601920b74d04;hb=97897eeeb22b1238e56632b16cda1a0375ae7708;hp=5c47fc9b198171f5e02fdce67295c26e3cf92558;hpb=11edc20cf6bbd6fba977f69a5c4d76576dc7e5d4;p=vlc diff --git a/modules/demux/mp4/libmp4.c b/modules/demux/mp4/libmp4.c index 5c47fc9b19..d66e173b47 100644 --- a/modules/demux/mp4/libmp4.c +++ b/modules/demux/mp4/libmp4.c @@ -20,10 +20,12 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA. *****************************************************************************/ +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + #include -#include -#include /* malloc(), free() */ #include @@ -65,9 +67,12 @@ if( (i_read > 0) && (p_peek[0]) ) \ { \ const int __i_copy__ = strnlen( (char*)p_peek, i_read-1 ); \ - p_str = calloc( sizeof(char), __i_copy__+1 ); \ - if( __i_copy__ > 0 ) memcpy( p_str, p_peek, __i_copy__ ); \ - p_str[__i_copy__] = 0; \ + p_str = malloc( __i_copy__+1 ); \ + if( p_str ) \ + { \ + memcpy( p_str, p_peek, __i_copy__ ); \ + p_str[__i_copy__] = 0; \ + } \ p_peek += __i_copy__ + 1; \ i_read -= __i_copy__ + 1; \ } \ @@ -99,12 +104,13 @@ } #define MP4_READBOX_EXIT( i_code ) \ - free( p_buff ); \ - if( i_read < 0 ) \ + do \ { \ - msg_Warn( p_stream, "Not enough data" ); \ - } \ - return( i_code ) + free( p_buff ); \ + if( i_read < 0 ) \ + msg_Warn( p_stream, "Not enough data" ); \ + return( i_code ); \ + } while (0) /* Some assumptions: @@ -112,6 +118,13 @@ */ +/* This macro is used when we want to printf the box type + * APPLE annotation box is : + * either 0xA9 + 24-bit ASCII text string (and 0xA9 isn't printable) + * either 32-bit ASCII text string + */ +#define MP4_BOX_TYPE_ASCII() ( ((char*)&p_box->i_type)[0] != (char)0xA9 ) + static uint32_t Get24bBE( const uint8_t *p ) { return( ( p[0] <<16 ) + ( p[1] <<8 ) + p[2] ); @@ -127,6 +140,8 @@ static void CreateUUID( UUID_t *p_uuid, uint32_t i_fourcc ) /* made by 0xXXXXXXXX-0011-0010-8000-00aa00389b71 where XXXXXXXX is the fourcc */ /* FIXME implement this */ + (void)p_uuid; + (void)i_fourcc; } /* some functions for mp4 encoding of variables */ @@ -208,8 +223,12 @@ int MP4_ReadBoxCommon( stream_t *p_stream, MP4_Box_t *p_box ) #ifdef MP4_VERBOSE if( p_box->i_size ) { - msg_Dbg( p_stream, "found Box: %4.4s size "I64Fd, - (char*)&p_box->i_type, p_box->i_size ); + if MP4_BOX_TYPE_ASCII() + msg_Dbg( p_stream, "found Box: %4.4s size %"PRId64, + (char*)&p_box->i_type, p_box->i_size ); + else + msg_Dbg( p_stream, "found Box: c%3.3s size %"PRId64, + (char*)&p_box->i_type+1, p_box->i_size ); } #endif @@ -306,6 +325,7 @@ static int MP4_ReadBoxContainer( stream_t *p_stream, MP4_Box_t *p_container ) static void MP4_FreeBox_Common( MP4_Box_t *p_box ) { /* Up to now do nothing */ + (void)p_box; } static int MP4_ReadBoxSkip( stream_t *p_stream, MP4_Box_t *p_box ) @@ -340,7 +360,10 @@ static int MP4_ReadBoxSkip( stream_t *p_stream, MP4_Box_t *p_box ) /* Nothing to do */ #ifdef MP4_VERBOSE - msg_Dbg( p_stream, "skip box: \"%4.4s\"", (char*)&p_box->i_type ); + if MP4_BOX_TYPE_ASCII() + msg_Dbg( p_stream, "skip box: \"%4.4s\"", (char*)&p_box->i_type ); + else + msg_Dbg( p_stream, "skip box: \"c%3.3s\"", (char*)&p_box->i_type+1 ); #endif return 1; } @@ -355,12 +378,16 @@ static int MP4_ReadBox_ftyp( stream_t *p_stream, MP4_Box_t *p_box ) if( ( p_box->data.p_ftyp->i_compatible_brands_count = i_read / 4 ) ) { unsigned int i; - p_box->data.p_ftyp->i_compatible_brands = - calloc( p_box->data.p_ftyp->i_compatible_brands_count, sizeof(uint32_t)); + uint32_t *tab = p_box->data.p_ftyp->i_compatible_brands = + calloc( p_box->data.p_ftyp->i_compatible_brands_count, + sizeof(uint32_t)); + + if( tab == NULL ) + MP4_READBOX_EXIT( 0 ); for( i =0; i < p_box->data.p_ftyp->i_compatible_brands_count; i++ ) { - MP4_GETFOURCC( p_box->data.p_ftyp->i_compatible_brands[i] ); + MP4_GETFOURCC( tab[i] ); } } else @@ -584,7 +611,9 @@ static int MP4_ReadBox_hdlr( stream_t *p_stream, MP4_Box_t *p_box ) if( i_read > 0 ) { - p_box->data.p_hdlr->psz_name = calloc( sizeof( char ), i_read + 1 ); + uint8_t *psz = p_box->data.p_hdlr->psz_name = malloc( i_read + 1 ); + if( psz == NULL ) + MP4_READBOX_EXIT( 0 ); /* Yes, I love .mp4 :( */ if( p_box->data.p_hdlr->i_predefined == VLC_FOURCC( 'm', 'h', 'l', 'r' ) ) @@ -595,20 +624,20 @@ static int MP4_ReadBox_hdlr( stream_t *p_stream, MP4_Box_t *p_box ) MP4_GET1BYTE( i_len ); i_copy = __MIN( i_read, i_len ); - memcpy( p_box->data.p_hdlr->psz_name, p_peek, i_copy ); + memcpy( psz, p_peek, i_copy ); p_box->data.p_hdlr->psz_name[i_copy] = '\0'; } else { - memcpy( p_box->data.p_hdlr->psz_name, p_peek, i_read ); + memcpy( psz, p_peek, i_read ); p_box->data.p_hdlr->psz_name[i_read] = '\0'; } } #ifdef MP4_VERBOSE - msg_Dbg( p_stream, "read box: \"hdlr\" handler type %4.4s name %s", - (char*)&p_box->data.p_hdlr->i_handler_type, - p_box->data.p_hdlr->psz_name ); + msg_Dbg( p_stream, "read box: \"hdlr\" handler type %4.4s name %s", + (char*)&p_box->data.p_hdlr->i_handler_type, + p_box->data.p_hdlr->psz_name ); #endif MP4_READBOX_EXIT( 1 ); @@ -705,7 +734,7 @@ static int MP4_ReadBox_url( stream_t *p_stream, MP4_Box_t *p_box ) static void MP4_FreeBox_url( MP4_Box_t *p_box ) { - FREENULL( p_box->data.p_url->psz_location ) + FREENULL( p_box->data.p_url->psz_location ); } static int MP4_ReadBox_urn( stream_t *p_stream, MP4_Box_t *p_box ) @@ -750,6 +779,11 @@ static int MP4_ReadBox_dref( stream_t *p_stream, MP4_Box_t *p_box ) MP4_READBOX_EXIT( 1 ); } +static void MP4_FreeBox_stts( MP4_Box_t *p_box ) +{ + FREENULL( p_box->data.p_stts->i_sample_count ); + FREENULL( p_box->data.p_stts->i_sample_delta ); +} static int MP4_ReadBox_stts( stream_t *p_stream, MP4_Box_t *p_box ) { @@ -760,9 +794,15 @@ static int MP4_ReadBox_stts( stream_t *p_stream, MP4_Box_t *p_box ) MP4_GET4BYTES( p_box->data.p_stts->i_entry_count ); p_box->data.p_stts->i_sample_count = - calloc( sizeof( uint32_t ), p_box->data.p_stts->i_entry_count ); + calloc( p_box->data.p_stts->i_entry_count, sizeof(uint32_t) ); p_box->data.p_stts->i_sample_delta = - calloc( sizeof( uint32_t ), p_box->data.p_stts->i_entry_count ); + calloc( p_box->data.p_stts->i_entry_count, sizeof(uint32_t) ); + if( p_box->data.p_stts->i_sample_count == NULL + || p_box->data.p_stts->i_sample_delta == NULL ) + { + MP4_FreeBox_stts( p_box ); + MP4_READBOX_EXIT( 0 ); + } for( i = 0; (i < p_box->data.p_stts->i_entry_count )&&( i_read >=8 ); i++ ) { @@ -778,10 +818,11 @@ static int MP4_ReadBox_stts( stream_t *p_stream, MP4_Box_t *p_box ) MP4_READBOX_EXIT( 1 ); } -static void MP4_FreeBox_stts( MP4_Box_t *p_box ) + +static void MP4_FreeBox_ctts( MP4_Box_t *p_box ) { - FREENULL( p_box->data.p_stts->i_sample_count ); - FREENULL( p_box->data.p_stts->i_sample_delta ); + FREENULL( p_box->data.p_ctts->i_sample_count ); + FREENULL( p_box->data.p_ctts->i_sample_offset ); } static int MP4_ReadBox_ctts( stream_t *p_stream, MP4_Box_t *p_box ) @@ -794,9 +835,15 @@ static int MP4_ReadBox_ctts( stream_t *p_stream, MP4_Box_t *p_box ) MP4_GET4BYTES( p_box->data.p_ctts->i_entry_count ); p_box->data.p_ctts->i_sample_count = - calloc( sizeof( uint32_t ), p_box->data.p_ctts->i_entry_count ); + calloc( p_box->data.p_ctts->i_entry_count, sizeof(uint32_t) ); p_box->data.p_ctts->i_sample_offset = - calloc( sizeof( uint32_t ), p_box->data.p_ctts->i_entry_count ); + calloc( p_box->data.p_ctts->i_entry_count, sizeof(uint32_t) ); + if( ( p_box->data.p_ctts->i_sample_count == NULL ) + || ( p_box->data.p_ctts->i_sample_offset == NULL ) ) + { + MP4_FreeBox_ctts( p_box ); + MP4_READBOX_EXIT( 0 ); + } for( i = 0; (i < p_box->data.p_ctts->i_entry_count )&&( i_read >=8 ); i++ ) { @@ -812,11 +859,6 @@ static int MP4_ReadBox_ctts( stream_t *p_stream, MP4_Box_t *p_box ) MP4_READBOX_EXIT( 1 ); } -static void MP4_FreeBox_ctts( MP4_Box_t *p_box ) -{ - FREENULL( p_box->data.p_ctts->i_sample_count ); - FREENULL( p_box->data.p_ctts->i_sample_offset ); -} static int MP4_ReadLengthDescriptor( uint8_t **pp_peek, int64_t *i_read ) { @@ -833,12 +875,24 @@ static int MP4_ReadLengthDescriptor( uint8_t **pp_peek, int64_t *i_read ) return( i_len ); } + +static void MP4_FreeBox_esds( MP4_Box_t *p_box ) +{ + FREENULL( p_box->data.p_esds->es_descriptor.psz_URL ); + if( p_box->data.p_esds->es_descriptor.p_decConfigDescr ) + { + FREENULL( p_box->data.p_esds->es_descriptor.p_decConfigDescr->p_decoder_specific_info ); + FREENULL( p_box->data.p_esds->es_descriptor.p_decConfigDescr ); + } +} + static int MP4_ReadBox_esds( stream_t *p_stream, MP4_Box_t *p_box ) { #define es_descriptor p_box->data.p_esds->es_descriptor unsigned int i_len; unsigned int i_flags; unsigned int i_type; + unsigned int code = 0; MP4_READBOX_ENTER( MP4_Box_data_esds_t ); @@ -871,9 +925,12 @@ static int MP4_ReadBox_esds( stream_t *p_stream, MP4_Box_t *p_box ) unsigned int i_len; MP4_GET1BYTE( i_len ); - es_descriptor.psz_URL = calloc( sizeof(char), i_len + 1 ); - memcpy( es_descriptor.psz_URL, p_peek, i_len ); - es_descriptor.psz_URL[i_len] = 0; + es_descriptor.psz_URL = malloc( i_len + 1 ); + if( es_descriptor.psz_URL ) + { + memcpy( es_descriptor.psz_URL, p_peek, i_len ); + es_descriptor.psz_URL[i_len] = 0; + } p_peek += i_len; i_read -= i_len; } @@ -903,6 +960,11 @@ static int MP4_ReadBox_esds( stream_t *p_stream, MP4_Box_t *p_box ) es_descriptor.p_decConfigDescr = malloc( sizeof( MP4_descriptor_decoder_config_t )); + if( es_descriptor.p_decConfigDescr == NULL ) + { + free( es_descriptor.psz_URL ); + goto error; + } MP4_GET1BYTE( es_descriptor.p_decConfigDescr->i_objectTypeIndication ); MP4_GET1BYTE( i_flags ); @@ -928,23 +990,21 @@ static int MP4_ReadBox_esds( stream_t *p_stream, MP4_Box_t *p_box ) es_descriptor.p_decConfigDescr->i_decoder_specific_info_len = i_len; es_descriptor.p_decConfigDescr->p_decoder_specific_info = malloc( i_len ); + if( es_descriptor.p_decConfigDescr->p_decoder_specific_info == NULL ) + { + MP4_FreeBox_esds( p_box ); + goto error; + } memcpy( es_descriptor.p_decConfigDescr->p_decoder_specific_info, p_peek, i_len ); + code = 1; - MP4_READBOX_EXIT( 1 ); +error: + MP4_READBOX_EXIT( code ); #undef es_descriptor } -static void MP4_FreeBox_esds( MP4_Box_t *p_box ) -{ - FREENULL( p_box->data.p_esds->es_descriptor.psz_URL ); - if( p_box->data.p_esds->es_descriptor.p_decConfigDescr ) - { - FREENULL( p_box->data.p_esds->es_descriptor.p_decConfigDescr->p_decoder_specific_info ); - } - FREENULL( p_box->data.p_esds->es_descriptor.p_decConfigDescr ); -} static int MP4_ReadBox_avcC( stream_t *p_stream, MP4_Box_t *p_box ) { @@ -957,8 +1017,9 @@ static int MP4_ReadBox_avcC( stream_t *p_stream, MP4_Box_t *p_box ) p_avcC->i_avcC = i_read; if( p_avcC->i_avcC > 0 ) { - p_avcC->p_avcC = malloc( p_avcC->i_avcC ); - memcpy( p_avcC->p_avcC, p_peek, i_read ); + uint8_t * p = p_avcC->p_avcC = malloc( p_avcC->i_avcC ); + if( p ) + memcpy( p, p_peek, i_read ); } MP4_GET1BYTE( p_avcC->i_version ); @@ -1074,8 +1135,10 @@ static int MP4_ReadBox_sample_soun( stream_t *p_stream, MP4_Box_t *p_box ) */ if( i_read > 0 ) { - p_box->data.p_sample_soun->i_qt_description = i_read; p_box->data.p_sample_soun->p_qt_description = malloc( i_read ); + if( p_box->data.p_sample_soun->p_qt_description == NULL ) + MP4_READBOX_EXIT( 0 ); + p_box->data.p_sample_soun->i_qt_description = i_read; memcpy( p_box->data.p_sample_soun->p_qt_description, p_peek, i_read ); } else @@ -1119,12 +1182,12 @@ static int MP4_ReadBox_sample_soun( stream_t *p_stream, MP4_Box_t *p_box ) { /* SoundDescriptionV2 */ double f_sample_rate; - int64_t dummy; + int64_t dummy; uint32_t i_channel; MP4_GET4BYTES( p_box->data.p_sample_soun->i_sample_per_packet ); MP4_GET8BYTES( dummy ); - memcpy( &f_sample_rate, &dummy, 8 ); + memcpy( &f_sample_rate, &dummy, 8 ); msg_Dbg( p_stream, "read box: %f Hz", f_sample_rate ); p_box->data.p_sample_soun->i_sampleratehi = (int)f_sample_rate % 65536; @@ -1146,7 +1209,7 @@ static int MP4_ReadBox_sample_soun( stream_t *p_stream, MP4_Box_t *p_box ) p_box->data.p_sample_soun->i_bytes_per_frame = 0; p_box->data.p_sample_soun->i_bytes_per_sample = 0; - msg_Dbg( p_stream, "read box: \"soun\" mp4 or qt1/2 (rest="I64Fd")", + msg_Dbg( p_stream, "read box: \"soun\" mp4 or qt1/2 (rest=%"PRId64")", i_read ); stream_Seek( p_stream, p_box->i_pos + MP4_BOX_HEADERSIZE( p_box ) + 28 ); @@ -1171,10 +1234,11 @@ static int MP4_ReadBox_sample_soun( stream_t *p_stream, MP4_Box_t *p_box ) if( p_box->i_type == FOURCC_alac ) { - if( p_box->data.p_sample_soun->p_qt_description ) - free( p_box->data.p_sample_soun->p_qt_description ); + free( p_box->data.p_sample_soun->p_qt_description ); p_box->data.p_sample_soun->p_qt_description = malloc( i_read ); + if( p_box->data.p_sample_soun->p_qt_description == NULL ) + MP4_READBOX_EXIT( 0 ); p_box->data.p_sample_soun->i_qt_description = i_read; memcpy( p_box->data.p_sample_soun->p_qt_description, p_peek, i_read ); } @@ -1228,8 +1292,10 @@ int MP4_ReadBox_sample_vide( stream_t *p_stream, MP4_Box_t *p_box ) */ if( i_read > 0 ) { - p_box->data.p_sample_vide->i_qt_image_description = i_read; p_box->data.p_sample_vide->p_qt_image_description = malloc( i_read ); + if( p_box->data.p_sample_vide->p_qt_image_description == NULL ) + MP4_READBOX_EXIT( 0 ); + p_box->data.p_sample_vide->i_qt_image_description = i_read; memcpy( p_box->data.p_sample_vide->p_qt_image_description, p_peek, i_read ); } @@ -1414,7 +1480,9 @@ static int MP4_ReadBox_stsz( stream_t *p_stream, MP4_Box_t *p_box ) MP4_GET4BYTES( p_box->data.p_stsz->i_sample_count ); p_box->data.p_stsz->i_entry_size = - calloc( sizeof( uint32_t ), p_box->data.p_stsz->i_sample_count ); + calloc( p_box->data.p_stsz->i_sample_count, sizeof(uint32_t) ); + if( p_box->data.p_stsz->i_entry_size == NULL ) + MP4_READBOX_EXIT( 0 ); if( !p_box->data.p_stsz->i_sample_size ) { @@ -1438,6 +1506,13 @@ static void MP4_FreeBox_stsz( MP4_Box_t *p_box ) FREENULL( p_box->data.p_stsz->i_entry_size ); } +static void MP4_FreeBox_stsc( MP4_Box_t *p_box ) +{ + FREENULL( p_box->data.p_stsc->i_first_chunk ); + FREENULL( p_box->data.p_stsc->i_samples_per_chunk ); + FREENULL( p_box->data.p_stsc->i_sample_description_index ); +} + static int MP4_ReadBox_stsc( stream_t *p_stream, MP4_Box_t *p_box ) { unsigned int i; @@ -1449,11 +1524,18 @@ static int MP4_ReadBox_stsc( stream_t *p_stream, MP4_Box_t *p_box ) MP4_GET4BYTES( p_box->data.p_stsc->i_entry_count ); p_box->data.p_stsc->i_first_chunk = - calloc( sizeof( uint32_t ), p_box->data.p_stsc->i_entry_count ); + calloc( p_box->data.p_stsc->i_entry_count, sizeof(uint32_t) ); p_box->data.p_stsc->i_samples_per_chunk = - calloc( sizeof( uint32_t ), p_box->data.p_stsc->i_entry_count ); + calloc( p_box->data.p_stsc->i_entry_count, sizeof(uint32_t) ); p_box->data.p_stsc->i_sample_description_index = - calloc( sizeof( uint32_t ), p_box->data.p_stsc->i_entry_count ); + calloc( p_box->data.p_stsc->i_entry_count, sizeof(uint32_t) ); + if( p_box->data.p_stsc->i_first_chunk == NULL + || p_box->data.p_stsc->i_samples_per_chunk == NULL + || p_box->data.p_stsc->i_sample_description_index == NULL ) + { + MP4_FreeBox_stsc( p_box ); + MP4_READBOX_EXIT( 0 ); + } for( i = 0; (i < p_box->data.p_stsc->i_entry_count )&&( i_read >= 12 );i++ ) { @@ -1470,13 +1552,6 @@ static int MP4_ReadBox_stsc( stream_t *p_stream, MP4_Box_t *p_box ) MP4_READBOX_EXIT( 1 ); } -static void MP4_FreeBox_stsc( MP4_Box_t *p_box ) -{ - FREENULL( p_box->data.p_stsc->i_first_chunk ); - FREENULL( p_box->data.p_stsc->i_samples_per_chunk ); - FREENULL( p_box->data.p_stsc->i_sample_description_index ); -} - static int MP4_ReadBox_stco_co64( stream_t *p_stream, MP4_Box_t *p_box ) { unsigned int i; @@ -1488,7 +1563,9 @@ static int MP4_ReadBox_stco_co64( stream_t *p_stream, MP4_Box_t *p_box ) MP4_GET4BYTES( p_box->data.p_co64->i_entry_count ); p_box->data.p_co64->i_chunk_offset = - calloc( sizeof( uint64_t ), p_box->data.p_co64->i_entry_count ); + calloc( p_box->data.p_co64->i_entry_count, sizeof(uint64_t) ); + if( p_box->data.p_co64->i_chunk_offset == NULL ) + MP4_READBOX_EXIT( 0 ); for( i = 0; i < p_box->data.p_co64->i_entry_count; i++ ) { @@ -1534,7 +1611,9 @@ static int MP4_ReadBox_stss( stream_t *p_stream, MP4_Box_t *p_box ) MP4_GET4BYTES( p_box->data.p_stss->i_entry_count ); p_box->data.p_stss->i_sample_number = - calloc( sizeof( uint32_t ), p_box->data.p_stss->i_entry_count ); + calloc( p_box->data.p_stss->i_entry_count, sizeof(uint32_t) ); + if( p_box->data.p_stss->i_sample_number == NULL ) + MP4_READBOX_EXIT( 0 ); for( i = 0; (i < p_box->data.p_stss->i_entry_count )&&( i_read >= 4 ); i++ ) { @@ -1554,7 +1633,13 @@ static int MP4_ReadBox_stss( stream_t *p_stream, MP4_Box_t *p_box ) static void MP4_FreeBox_stss( MP4_Box_t *p_box ) { - FREENULL( p_box->data.p_stss->i_sample_number ) + FREENULL( p_box->data.p_stss->i_sample_number ); +} + +static void MP4_FreeBox_stsh( MP4_Box_t *p_box ) +{ + FREENULL( p_box->data.p_stsh->i_shadowed_sample_number ); + FREENULL( p_box->data.p_stsh->i_sync_sample_number ); } static int MP4_ReadBox_stsh( stream_t *p_stream, MP4_Box_t *p_box ) @@ -1569,11 +1654,16 @@ static int MP4_ReadBox_stsh( stream_t *p_stream, MP4_Box_t *p_box ) MP4_GET4BYTES( p_box->data.p_stsh->i_entry_count ); p_box->data.p_stsh->i_shadowed_sample_number = - calloc( sizeof( uint32_t ), p_box->data.p_stsh->i_entry_count ); - + calloc( p_box->data.p_stsh->i_entry_count, sizeof(uint32_t) ); p_box->data.p_stsh->i_sync_sample_number = - calloc( sizeof( uint32_t ), p_box->data.p_stsh->i_entry_count ); + calloc( p_box->data.p_stsh->i_entry_count, sizeof(uint32_t) ); + if( p_box->data.p_stsh->i_shadowed_sample_number == NULL + || p_box->data.p_stsh->i_sync_sample_number == NULL ) + { + MP4_FreeBox_stsh( p_box ); + MP4_READBOX_EXIT( 0 ); + } for( i = 0; (i < p_box->data.p_stss->i_entry_count )&&( i_read >= 8 ); i++ ) { @@ -1589,12 +1679,6 @@ static int MP4_ReadBox_stsh( stream_t *p_stream, MP4_Box_t *p_box ) MP4_READBOX_EXIT( 1 ); } -static void MP4_FreeBox_stsh( MP4_Box_t *p_box ) -{ - FREENULL( p_box->data.p_stsh->i_shadowed_sample_number ) - FREENULL( p_box->data.p_stsh->i_sync_sample_number ) -} - static int MP4_ReadBox_stdp( stream_t *p_stream, MP4_Box_t *p_box ) { @@ -1605,7 +1689,7 @@ static int MP4_ReadBox_stdp( stream_t *p_stream, MP4_Box_t *p_box ) MP4_GETVERSIONFLAGS( p_box->data.p_stdp ); p_box->data.p_stdp->i_priority = - calloc( sizeof( uint16_t ), i_read / 2 ); + calloc( i_read / 2, sizeof(uint16_t) ); for( i = 0; i < i_read / 2 ; i++ ) { @@ -1614,7 +1698,7 @@ static int MP4_ReadBox_stdp( stream_t *p_stream, MP4_Box_t *p_box ) } #ifdef MP4_VERBOSE - msg_Dbg( p_stream, "read box: \"stdp\" entry-count "I64Fd, + msg_Dbg( p_stream, "read box: \"stdp\" entry-count %"PRId64, i_read / 2 ); #endif @@ -1623,32 +1707,49 @@ static int MP4_ReadBox_stdp( stream_t *p_stream, MP4_Box_t *p_box ) static void MP4_FreeBox_stdp( MP4_Box_t *p_box ) { - FREENULL( p_box->data.p_stdp->i_priority ) + FREENULL( p_box->data.p_stdp->i_priority ); +} + +static void MP4_FreeBox_padb( MP4_Box_t *p_box ) +{ + FREENULL( p_box->data.p_padb->i_reserved1 ); + FREENULL( p_box->data.p_padb->i_pad2 ); + FREENULL( p_box->data.p_padb->i_reserved2 ); + FREENULL( p_box->data.p_padb->i_pad1 ); } static int MP4_ReadBox_padb( stream_t *p_stream, MP4_Box_t *p_box ) { unsigned int i; + uint32_t count; MP4_READBOX_ENTER( MP4_Box_data_padb_t ); MP4_GETVERSIONFLAGS( p_box->data.p_padb ); - MP4_GET4BYTES( p_box->data.p_padb->i_sample_count ); + count = (p_box->data.p_padb->i_sample_count + 1) / 2; - p_box->data.p_padb->i_reserved1 = - calloc( sizeof( uint16_t ), ( p_box->data.p_padb->i_sample_count + 1 ) / 2 ); - p_box->data.p_padb->i_pad2 = - calloc( sizeof( uint16_t ), ( p_box->data.p_padb->i_sample_count + 1 ) / 2 ); - p_box->data.p_padb->i_reserved2 = - calloc( sizeof( uint16_t ), ( p_box->data.p_padb->i_sample_count + 1 ) / 2 ); - p_box->data.p_padb->i_pad1 = - calloc( sizeof( uint16_t ), ( p_box->data.p_padb->i_sample_count + 1 ) / 2 ); - + p_box->data.p_padb->i_reserved1 = calloc( count, sizeof(uint16_t) ); + p_box->data.p_padb->i_pad2 = calloc( count, sizeof(uint16_t) ); + p_box->data.p_padb->i_reserved2 = calloc( count, sizeof(uint16_t) ); + p_box->data.p_padb->i_pad1 = calloc( count, sizeof(uint16_t) ); + if( p_box->data.p_padb->i_reserved1 == NULL + || p_box->data.p_padb->i_pad2 == NULL + || p_box->data.p_padb->i_reserved2 == NULL + || p_box->data.p_padb->i_pad1 == NULL ) + { + MP4_FreeBox_padb( p_box ); + MP4_READBOX_EXIT( 0 ); + } for( i = 0; i < i_read / 2 ; i++ ) { + if( i >= count ) + { + MP4_FreeBox_padb( p_box ); + MP4_READBOX_EXIT( 0 ); + } p_box->data.p_padb->i_reserved1[i] = ( (*p_peek) >> 7 )&0x01; p_box->data.p_padb->i_pad2[i] = ( (*p_peek) >> 4 )&0x07; p_box->data.p_padb->i_reserved1[i] = ( (*p_peek) >> 3 )&0x01; @@ -1658,19 +1759,19 @@ static int MP4_ReadBox_padb( stream_t *p_stream, MP4_Box_t *p_box ) } #ifdef MP4_VERBOSE - msg_Dbg( p_stream, "read box: \"stdp\" entry-count "I64Fd, + msg_Dbg( p_stream, "read box: \"stdp\" entry-count %"PRId64, i_read / 2 ); #endif MP4_READBOX_EXIT( 1 ); } -static void MP4_FreeBox_padb( MP4_Box_t *p_box ) +static void MP4_FreeBox_elst( MP4_Box_t *p_box ) { - FREENULL( p_box->data.p_padb->i_reserved1 ); - FREENULL( p_box->data.p_padb->i_pad2 ); - FREENULL( p_box->data.p_padb->i_reserved2 ); - FREENULL( p_box->data.p_padb->i_pad1 ); + FREENULL( p_box->data.p_elst->i_segment_duration ); + FREENULL( p_box->data.p_elst->i_media_time ); + FREENULL( p_box->data.p_elst->i_media_rate_integer ); + FREENULL( p_box->data.p_elst->i_media_rate_fraction ); } static int MP4_ReadBox_elst( stream_t *p_stream, MP4_Box_t *p_box ) @@ -1685,13 +1786,21 @@ static int MP4_ReadBox_elst( stream_t *p_stream, MP4_Box_t *p_box ) MP4_GET4BYTES( p_box->data.p_elst->i_entry_count ); p_box->data.p_elst->i_segment_duration = - calloc( sizeof( uint64_t ), p_box->data.p_elst->i_entry_count ); + calloc( p_box->data.p_elst->i_entry_count, sizeof(uint64_t) ); p_box->data.p_elst->i_media_time = - calloc( sizeof( int64_t ), p_box->data.p_elst->i_entry_count ); + calloc( p_box->data.p_elst->i_entry_count, sizeof(uint64_t) ); p_box->data.p_elst->i_media_rate_integer = - calloc( sizeof( uint16_t ), p_box->data.p_elst->i_entry_count ); - p_box->data.p_elst->i_media_rate_fraction= - calloc( sizeof( uint16_t ), p_box->data.p_elst->i_entry_count ); + calloc( p_box->data.p_elst->i_entry_count, sizeof(uint16_t) ); + p_box->data.p_elst->i_media_rate_fraction = + calloc( p_box->data.p_elst->i_entry_count, sizeof(uint16_t) ); + if( p_box->data.p_elst->i_segment_duration == NULL + || p_box->data.p_elst->i_media_time == NULL + || p_box->data.p_elst->i_media_rate_integer == NULL + || p_box->data.p_elst->i_media_rate_fraction == NULL ) + { + MP4_FreeBox_elst( p_box ); + MP4_READBOX_EXIT( 0 ); + } for( i = 0; i < p_box->data.p_elst->i_entry_count; i++ ) @@ -1717,19 +1826,12 @@ static int MP4_ReadBox_elst( stream_t *p_stream, MP4_Box_t *p_box ) } #ifdef MP4_VERBOSE - msg_Dbg( p_stream, "read box: \"elst\" entry-count "I64Fd, p_box->data.p_elst->i_entry_count ); + msg_Dbg( p_stream, "read box: \"elst\" entry-count %lu", + (unsigned long)p_box->data.p_elst->i_entry_count ); #endif MP4_READBOX_EXIT( 1 ); } -static void MP4_FreeBox_elst( MP4_Box_t *p_box ) -{ - FREENULL( p_box->data.p_elst->i_segment_duration ); - FREENULL( p_box->data.p_elst->i_media_time ); - FREENULL( p_box->data.p_elst->i_media_rate_integer ); - FREENULL( p_box->data.p_elst->i_media_rate_fraction ); -} - static int MP4_ReadBox_cprt( stream_t *p_stream, MP4_Box_t *p_box ) { unsigned int i_language; @@ -1921,7 +2023,7 @@ static int MP4_ReadBox_cmov( stream_t *p_stream, MP4_Box_t *p_box ) /* now create a memory stream */ p_stream_memory = stream_MemoryNew( VLC_OBJECT(p_stream), p_cmvd->data.p_cmvd->p_data, - p_cmvd->data.p_cmvd->i_uncompressed_size, VLC_TRUE ); + p_cmvd->data.p_cmvd->i_uncompressed_size, true ); /* and read uncompressd moov */ p_box->data.p_cmov->p_moov = MP4_ReadBox( p_stream_memory, NULL ); @@ -1944,10 +2046,16 @@ static int MP4_ReadBox_rdrf( stream_t *p_stream, MP4_Box_t *p_box ) MP4_GETVERSIONFLAGS( p_box->data.p_rdrf ); MP4_GETFOURCC( p_box->data.p_rdrf->i_ref_type ); MP4_GET4BYTES( i_len ); + i_len++; + if( i_len > 0 ) { uint32_t i; - p_box->data.p_rdrf->psz_ref = malloc( i_len + 1); + p_box->data.p_rdrf->psz_ref = malloc( i_len ); + if( p_box->data.p_rdrf->psz_ref == NULL ) + MP4_READBOX_EXIT( 0 ); + i_len--; + for( i = 0; i < i_len; i++ ) { MP4_GET1BYTE( p_box->data.p_rdrf->psz_ref[i] ); @@ -1961,17 +2069,16 @@ static int MP4_ReadBox_rdrf( stream_t *p_stream, MP4_Box_t *p_box ) #ifdef MP4_VERBOSE msg_Dbg( p_stream, - "read box: \"rdrf\" type:%4.4s ref %s", - (char*)&p_box->data.p_rdrf->i_ref_type, - p_box->data.p_rdrf->psz_ref ); - + "read box: \"rdrf\" type:%4.4s ref %s", + (char*)&p_box->data.p_rdrf->i_ref_type, + p_box->data.p_rdrf->psz_ref ); #endif MP4_READBOX_EXIT( 1 ); } static void MP4_FreeBox_rdrf( MP4_Box_t *p_box ) { - FREENULL( p_box->data.p_rdrf->psz_ref ) + FREENULL( p_box->data.p_rdrf->psz_ref ); } @@ -2039,16 +2146,8 @@ static int MP4_ReadBox_drms( stream_t *p_stream, MP4_Box_t *p_box ) if( p_drms_box && p_drms_box->data.p_sample_soun->p_drms ) { - int i_ret; - if( config_GetInt( p_stream, "france" ) ) - { - i_ret = -7; - } - else - { - i_ret= drms_init( p_drms_box->data.p_sample_soun->p_drms, + int i_ret = drms_init( p_drms_box->data.p_sample_soun->p_drms, p_box->i_type, p_peek, i_read ); - } if( i_ret ) { const char *psz_error; @@ -2061,12 +2160,14 @@ static int MP4_ReadBox_drms( stream_t *p_stream, MP4_Box_t *p_box ) case -4: psz_error = "could not get SCI data"; break; case -5: psz_error = "no user key found in SCI data"; break; case -6: psz_error = "invalid user key"; break; - case -7: psz_error = "you live in France"; break; default: psz_error = "unknown error"; break; } - - msg_Err( p_stream, "drms_init(%4.4s) failed (%s)", - (char *)&p_box->i_type, psz_error ); + if MP4_BOX_TYPE_ASCII() + msg_Err( p_stream, "drms_init(%4.4s) failed (%s)", + (char *)&p_box->i_type, psz_error ); + else + msg_Err( p_stream, "drms_init(c%3.3s) failed (%s)", + (char *)&p_box->i_type+1, psz_error ); drms_free( p_drms_box->data.p_sample_soun->p_drms ); p_drms_box->data.p_sample_soun->p_drms = NULL; @@ -2078,21 +2179,26 @@ static int MP4_ReadBox_drms( stream_t *p_stream, MP4_Box_t *p_box ) static int MP4_ReadBox_0xa9xxx( stream_t *p_stream, MP4_Box_t *p_box ) { - uint16_t i_length, i_dummy; + uint16_t i16; + size_t i_length; MP4_READBOX_ENTER( MP4_Box_data_0xa9xxx_t ); p_box->data.p_0xa9xxx->psz_text = NULL; - MP4_GET2BYTES( i_length ); + MP4_GET2BYTES( i16 ); + i_length = i16; if( i_length > 0 ) { - MP4_GET2BYTES( i_dummy ); - if( i_length > i_read ) i_length = i_read; + MP4_GET2BYTES( i16 ); + if( i_length >= i_read ) i_length = i_read + 1; - p_box->data.p_0xa9xxx->psz_text = malloc( i_length + 1 ); + p_box->data.p_0xa9xxx->psz_text = malloc( i_length ); + if( p_box->data.p_0xa9xxx->psz_text == NULL ) + MP4_READBOX_EXIT( 0 ); + i_length--; memcpy( p_box->data.p_0xa9xxx->psz_text, p_peek, i_length ); p_box->data.p_0xa9xxx->psz_text[i_length] = '\0'; @@ -2123,11 +2229,13 @@ static int MP4_ReadBox_0xa9xxx( stream_t *p_stream, MP4_Box_t *p_box ) MP4_GET4BYTES( i_version ); MP4_GET4BYTES( i_reserved ); // version should be 0, flags should be 1 for text, 0 for data - if( i_version == 0x00000001 ) + if( ( i_version == 0x00000001 ) && (i_data_len >= 12 ) ) { // the rest is the text i_data_len -= 12; p_box->data.p_0xa9xxx->psz_text = malloc( i_data_len + 1 ); + if( p_box->data.p_0xa9xxx->psz_text == NULL ) + MP4_READBOX_EXIT( 0 ); memcpy( p_box->data.p_0xa9xxx->psz_text, p_peek, i_data_len ); @@ -2231,7 +2339,9 @@ static int MP4_ReadBox_tref_generic( stream_t *p_stream, MP4_Box_t *p_box ) p_box->data.p_tref_generic->i_track_ID = NULL; p_box->data.p_tref_generic->i_entry_count = i_read / sizeof(uint32_t); if( p_box->data.p_tref_generic->i_entry_count > 0 ) - p_box->data.p_tref_generic->i_track_ID = malloc( p_box->data.p_tref_generic->i_entry_count * sizeof(uint32_t) ); + p_box->data.p_tref_generic->i_track_ID = calloc( p_box->data.p_tref_generic->i_entry_count, sizeof(uint32_t) ); + if( p_box->data.p_tref_generic->i_track_ID == NULL ) + MP4_READBOX_EXIT( 0 ); for( i = 0; i < p_box->data.p_tref_generic->i_entry_count; i++ ) { @@ -2297,15 +2407,20 @@ static int MP4_ReadBox_default( stream_t *p_stream, MP4_Box_t *p_box ) return MP4_ReadBox_sample_tx3g( p_stream, p_box ); default: msg_Warn( p_stream, - "unknown handler type in stsd (uncompletetly loaded)" ); + "unknown handler type in stsd (incompletely loaded)" ); return 1; } } unknown: - msg_Warn( p_stream, - "unknown box type %4.4s (uncompletetly loaded)", - (char*)&p_box->i_type ); + if MP4_BOX_TYPE_ASCII() + msg_Warn( p_stream, + "unknown box type %4.4s (incompletely loaded)", + (char*)&p_box->i_type ); + else + msg_Warn( p_stream, + "unknown box type c%3.3s (incompletely loaded)", + (char*)&p_box->i_type+1 ); return 1; } @@ -2314,7 +2429,7 @@ unknown: /**** "Higher level" Functions ****/ /**** ------------------------------------------------------------------- ****/ -static struct +static const struct { uint32_t i_type; int (*MP4_ReadBox_function )( stream_t *p_stream, MP4_Box_t *p_box ); @@ -2431,6 +2546,8 @@ static struct { FOURCC_dvc, MP4_ReadBox_sample_vide, MP4_FreeBox_sample_vide }, { FOURCC_dvp, MP4_ReadBox_sample_vide, MP4_FreeBox_sample_vide }, + { FOURCC_dv5n, MP4_ReadBox_sample_vide, MP4_FreeBox_sample_vide }, + { FOURCC_dv5p, MP4_ReadBox_sample_vide, MP4_FreeBox_sample_vide }, { FOURCC_VP31, MP4_ReadBox_sample_vide, MP4_FreeBox_sample_vide }, { FOURCC_vp31, MP4_ReadBox_sample_vide, MP4_FreeBox_sample_vide }, { FOURCC_h264, MP4_ReadBox_sample_vide, MP4_FreeBox_sample_vide }, @@ -2517,6 +2634,9 @@ static MP4_Box_t *MP4_ReadBox( stream_t *p_stream, MP4_Box_t *p_father ) MP4_Box_t *p_box = malloc( sizeof( MP4_Box_t ) ); unsigned int i_index; + if( p_box == NULL ) + return NULL; + if( !MP4_ReadBoxCommon( p_stream, p_box ) ) { msg_Warn( p_stream, "cannot read one box" ); @@ -2543,7 +2663,7 @@ static MP4_Box_t *MP4_ReadBox( stream_t *p_stream, MP4_Box_t *p_father ) if( !(MP4_Box_Function[i_index].MP4_ReadBox_function)( p_stream, p_box ) ) { - free( p_box ); + MP4_BoxFree( p_stream, p_box ); return NULL; } @@ -2587,9 +2707,14 @@ void MP4_BoxFree( stream_t *s, MP4_Box_t *p_box ) if( MP4_Box_Function[i_index].MP4_FreeBox_function == NULL ) { /* Should not happen */ - msg_Warn( s, - "cannot free box %4.4s, type unknown", - (char*)&p_box->i_type ); + if MP4_BOX_TYPE_ASCII() + msg_Warn( s, + "cannot free box %4.4s, type unknown", + (char*)&p_box->i_type ); + else + msg_Warn( s, + "cannot free box c%3.3s, type unknown", + (char*)&p_box->i_type+1 ); } else { @@ -2615,6 +2740,9 @@ MP4_Box_t *MP4_BoxGetRoot( stream_t *s ) int i_result; p_root = malloc( sizeof( MP4_Box_t ) ); + if( p_root == NULL ) + return NULL; + p_root->i_pos = 0; p_root->i_type = VLC_FOURCC( 'r', 'o', 'o', 't' ); p_root->i_shortsize = 1; @@ -2671,8 +2799,12 @@ static void __MP4_BoxDumpStructure( stream_t *s, if( !i_level ) { - msg_Dbg( s, "dumping root Box \"%4.4s\"", - (char*)&p_box->i_type ); + if MP4_BOX_TYPE_ASCII() + msg_Dbg( s, "dumping root Box \"%4.4s\"", + (char*)&p_box->i_type ); + else + msg_Dbg( s, "dumping root Box \"c%3.3s\"", + (char*)&p_box->i_type+1 ); } else { @@ -2683,10 +2815,12 @@ static void __MP4_BoxDumpStructure( stream_t *s, { str[i*5] = '|'; } - sprintf( str + i_level * 5, "+ %4.4s size %d", - (char*)&p_box->i_type, - (uint32_t)p_box->i_size ); - + if MP4_BOX_TYPE_ASCII() + sprintf( str + i_level * 5, "+ %4.4s size %d", + (char*)&p_box->i_type, (uint32_t)p_box->i_size ); + else + sprintf( str + i_level * 5, "+ c%3.3s size %d", + (char*)&p_box->i_type+1, (uint32_t)p_box->i_size ); msg_Dbg( s, "%s", str ); } p_child = p_box->p_first; @@ -2773,7 +2907,8 @@ static void __MP4_BoxGet( MP4_Box_t **pp_result, return; } - vasprintf( &psz_path, psz_fmt, args ); + if( vasprintf( &psz_path, psz_fmt, args ) == -1 ) + psz_path = NULL; if( !psz_path || !psz_path[0] ) {