diff options
| -rw-r--r-- | gst/qtdemux/qtatomparser.h | 9 | ||||
| -rw-r--r-- | gst/qtdemux/qtdemux.c | 20 | ||||
| -rw-r--r-- | gst/qtdemux/qtdemux_dump.c | 26 |
3 files changed, 33 insertions, 22 deletions
diff --git a/gst/qtdemux/qtatomparser.h b/gst/qtdemux/qtatomparser.h index 7669ec0f..4bf5409f 100644 --- a/gst/qtdemux/qtatomparser.h +++ b/gst/qtdemux/qtatomparser.h @@ -46,6 +46,15 @@ qt_atom_parser_has_remaining (QtAtomParser * parser, guint64 min_remaining) } static inline gboolean +qt_atom_parser_has_chunks (QtAtomParser * parser, guint32 n_chunks, + guint32 chunk_size) +{ + /* assumption: n_chunks and chunk_size are 32-bit, we cast to 64-bit here + * to avoid overflows, to handle e.g. (guint32)-1 * size correctly */ + return qt_atom_parser_has_remaining (parser, (guint64) n_chunks * chunk_size); +} + +static inline gboolean qt_atom_parser_skip (QtAtomParser * parser, guint nbytes) { if (G_UNLIKELY (qt_atom_parser_get_remaining (parser) < nbytes)) diff --git a/gst/qtdemux/qtdemux.c b/gst/qtdemux/qtdemux.c index 32c32f9b..09ec94a3 100644 --- a/gst/qtdemux/qtdemux.c +++ b/gst/qtdemux/qtdemux.c @@ -3256,7 +3256,8 @@ broken_atom_size: GST_ELEMENT_ERROR (qtdemux, STREAM, DEMUX, (_("This file is corrupt and cannot be played.")), ("Atom '%" GST_FOURCC_FORMAT "' has size of %u bytes, but we have only " - "%u bytes available.", GST_FOURCC_ARGS (fourcc), node_length, length)); + "%u bytes available.", GST_FOURCC_ARGS (fourcc), node_length, + length)); return FALSE; } } @@ -3589,7 +3590,7 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream, /* set the sample sizes */ if (sample_size == 0) { /* different sizes for each sample */ - if (!qt_atom_parser_has_remaining (&stsz, 4 * n_samples)) + if (!qt_atom_parser_has_chunks (&stsz, n_samples, 4)) goto corrupt_file; for (i = 0; i < n_samples; i++) { @@ -3608,7 +3609,7 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream, !qt_atom_parser_get_uint32 (&stsc, &n_samples_per_chunk)) goto corrupt_file; - if (!qt_atom_parser_has_remaining (&stsc, 12 * n_samples_per_chunk)) + if (!qt_atom_parser_has_chunks (&stsc, n_samples_per_chunk, 12)) goto corrupt_file; index = 0; @@ -3681,7 +3682,7 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream, GST_LOG_OBJECT (qtdemux, "%u timestamp blocks", n_sample_times); /* make sure there's enough data */ - if (!qt_atom_parser_has_remaining (&stts, n_sample_times * (2 * 4))) + if (!qt_atom_parser_has_chunks (&stts, n_sample_times, 2 * 4)) goto corrupt_file; timestamp = 0; @@ -3723,8 +3724,9 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream, * We however look at the last timestamp to estimate the track length so we * need something in here. */ for (; index < n_samples; index++) { - GST_DEBUG_OBJECT (qtdemux, "fill sample %d: timestamp %" GST_TIME_FORMAT, - index, GST_TIME_ARGS (timestamp)); + GST_DEBUG_OBJECT (qtdemux, + "fill sample %d: timestamp %" GST_TIME_FORMAT, index, + GST_TIME_ARGS (timestamp)); samples[index].timestamp = timestamp; samples[index].duration = -1; } @@ -3748,7 +3750,7 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream, stream->all_keyframe = TRUE; } else { /* make sure there's enough data */ - if (!qt_atom_parser_has_remaining (&stss, n_sample_syncs * 4)) + if (!qt_atom_parser_has_chunks (&stss, n_sample_syncs, 4)) goto corrupt_file; for (i = 0; i < n_sample_syncs; i++) { /* note that the first sample is index 1, not 0 */ @@ -3771,7 +3773,7 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream, * samples */ } else { /* make sure there's enough data */ - if (!qt_atom_parser_has_remaining (&stps, n_sample_syncs * 4)) + if (!qt_atom_parser_has_chunks (&stps, n_sample_syncs, 4)) goto corrupt_file; for (i = 0; i < n_sample_syncs; i++) { /* note that the first sample is index 1, not 0 */ @@ -3822,7 +3824,7 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream, sample_index = 0; timestamp = 0; - if (!qt_atom_parser_has_remaining (&stsc, 12 * n_samples_per_chunk)) + if (!qt_atom_parser_has_chunks (&stsc, n_samples_per_chunk, 12)) goto corrupt_file; for (i = 0; i < n_samples_per_chunk; i++) { diff --git a/gst/qtdemux/qtdemux_dump.c b/gst/qtdemux/qtdemux_dump.c index 52ad1c4e..01eb37bb 100644 --- a/gst/qtdemux/qtdemux_dump.c +++ b/gst/qtdemux/qtdemux_dump.c @@ -112,7 +112,7 @@ qtdemux_dump_elst (GstQTDemux * qtdemux, QtAtomParser * data, int depth) GST_LOG ("%*s version/flags: %08x", depth, "", ver_flags); GST_LOG ("%*s n entries: %d", depth, "", num_entries); - if (!qt_atom_parser_has_remaining (data, num_entries * (4 + 4 + 4))) + if (!qt_atom_parser_has_chunks (data, num_entries, 4 + 4 + 4)) return FALSE; for (i = 0; i < num_entries; i++) { @@ -301,12 +301,12 @@ qtdemux_dump_stts (GstQTDemux * qtdemux, QtAtomParser * data, int depth) GST_LOG ("%*s version/flags: %08x", depth, "", ver_flags); GST_LOG ("%*s n entries: %d", depth, "", num_entries); - if (!qt_atom_parser_has_remaining (data, num_entries * (4 + 4))) + if (!qt_atom_parser_has_chunks (data, num_entries, 4 + 4)) return FALSE; for (i = 0; i < num_entries; i++) { GST_LOG ("%*s count: %u", depth, "", GET_UINT32 (data)); - GST_LOG ("%*s duration: %u", depth, "",GET_UINT32 (data)); + GST_LOG ("%*s duration: %u", depth, "", GET_UINT32 (data)); } return TRUE; } @@ -323,7 +323,7 @@ qtdemux_dump_stps (GstQTDemux * qtdemux, QtAtomParser * data, int depth) GST_LOG ("%*s version/flags: %08x", depth, "", ver_flags); GST_LOG ("%*s n entries: %d", depth, "", num_entries); - if (!qt_atom_parser_has_remaining (data, num_entries * 4)) + if (!qt_atom_parser_has_chunks (data, num_entries, 4)) return FALSE; for (i = 0; i < num_entries; i++) { @@ -344,7 +344,7 @@ qtdemux_dump_stss (GstQTDemux * qtdemux, QtAtomParser * data, int depth) GST_LOG ("%*s version/flags: %08x", depth, "", ver_flags); GST_LOG ("%*s n entries: %d", depth, "", num_entries); - if (!qt_atom_parser_has_remaining (data, num_entries * 4)) + if (!qt_atom_parser_has_chunks (data, num_entries, 4)) return FALSE; for (i = 0; i < num_entries; i++) { @@ -365,7 +365,7 @@ qtdemux_dump_stsc (GstQTDemux * qtdemux, QtAtomParser * data, int depth) GST_LOG ("%*s version/flags: %08x", depth, "", ver_flags); GST_LOG ("%*s n entries: %d", depth, "", num_entries); - if (!qt_atom_parser_has_remaining (data, num_entries * (4 + 4 + 4))) + if (!qt_atom_parser_has_chunks (data, num_entries, 4 + 4 + 4)) return FALSE; for (i = 0; i < num_entries; i++) { @@ -394,7 +394,7 @@ qtdemux_dump_stsz (GstQTDemux * qtdemux, QtAtomParser * data, int depth) GST_LOG ("%*s n entries: %d", depth, "", num_entries); #if 0 - if (!qt_atom_parser_has_remaining (data, num_entries * 4))) + if (!qt_atom_parser_has_chunks (data, num_entries, 4)) return FALSE; for (i = 0; i < num_entries; i++) { GST_LOG ("%*s sample size: %u", depth, "", GET_UINT32 (data)); @@ -416,7 +416,7 @@ qtdemux_dump_stco (GstQTDemux * qtdemux, QtAtomParser * data, int depth) GST_LOG ("%*s version/flags: %08x", depth, "", ver_flags); GST_LOG ("%*s n entries: %d", depth, "", num_entries); - if (!qt_atom_parser_has_remaining (data, num_entries * 4)) + if (!qt_atom_parser_has_chunks (data, num_entries, 4)) return FALSE; for (i = 0; i < num_entries; i++) { @@ -437,7 +437,7 @@ qtdemux_dump_ctts (GstQTDemux * qtdemux, QtAtomParser * data, int depth) GST_LOG ("%*s version/flags: %08x", depth, "", ver_flags); GST_LOG ("%*s n entries: %d", depth, "", num_entries); - if (!qt_atom_parser_has_remaining (data, num_entries * (4 + 4))) + if (!qt_atom_parser_has_chunks (data, num_entries, 4 + 4)) return FALSE; for (i = 0; i < num_entries; i++) { @@ -460,7 +460,7 @@ qtdemux_dump_co64 (GstQTDemux * qtdemux, QtAtomParser * data, int depth) GST_LOG ("%*s version/flags: %08x", depth, "", ver_flags); GST_LOG ("%*s n entries: %d", depth, "", num_entries); - if (!qt_atom_parser_has_remaining (data, num_entries * 8)) + if (!qt_atom_parser_has_chunks (data, num_entries, 8)) return FALSE; for (i = 0; i < num_entries; i++) { @@ -508,7 +508,7 @@ static gboolean qtdemux_node_dump_foreach (GNode * node, gpointer qtdemux) { QtAtomParser parser; - guint8 *buffer = (guint8 *) node->data; // FIXME: move to byte reader + guint8 *buffer = (guint8 *) node->data; /* FIXME: move to byte reader */ guint32 node_length; guint32 fourcc; const QtNodeType *type; @@ -533,8 +533,8 @@ qtdemux_node_dump_foreach (GNode * node, gpointer qtdemux) ret = type->dump (GST_QTDEMUX_CAST (qtdemux), &parser, depth); if (!ret) { - GST_WARNING ("%*s not enough data parsing atom %" GST_FOURCC_FORMAT, - depth, "", GST_FOURCC_ARGS (fourcc)); + GST_WARNING ("%*s not enough data parsing atom %" GST_FOURCC_FORMAT, + depth, "", GST_FOURCC_ARGS (fourcc)); } } |