On 9/3/20, Andreas Rheinhardt <andreas.rheinha...@gmail.com> wrote:
> Paul B Mahol:
>> On 9/3/20, Andreas Rheinhardt <andreas.rheinha...@gmail.com> wrote:
>>> Paul B Mahol:
>>>> Signed-off-by: Paul B Mahol <one...@gmail.com>
>>>> ---
>>>> libavformat/Makefile | 1 +
>>>> libavformat/allformats.c | 1 +
>>>> libavformat/moflex.c | 360 +++++++++++++++++++++++++++++++++++++++
>>>> 3 files changed, 362 insertions(+)
>>>> create mode 100644 libavformat/moflex.c
>>>>
>>>> diff --git a/libavformat/Makefile b/libavformat/Makefile
>>>> index cbb33fe37c..1e0ac317e5 100644
>>>> --- a/libavformat/Makefile
>>>> +++ b/libavformat/Makefile
>>>> @@ -319,6 +319,7 @@ OBJS-$(CONFIG_MLV_DEMUXER) += mlvdec.o
>>>> riffdec.o
>>>> OBJS-$(CONFIG_MM_DEMUXER) += mm.o
>>>> OBJS-$(CONFIG_MMF_DEMUXER) += mmf.o
>>>> OBJS-$(CONFIG_MMF_MUXER) += mmf.o rawenc.o
>>>> +OBJS-$(CONFIG_MOFLEX_DEMUXER) += moflex.o
>>>> OBJS-$(CONFIG_MOV_DEMUXER) += mov.o mov_chan.o mov_esds.o
>>>> replaygain.o
>>>> OBJS-$(CONFIG_MOV_MUXER) += movenc.o av1.o avc.o hevc.o
>>>> vpcc.o \
>>>> movenchint.o mov_chan.o
>>>> rtp.o
>>>> \
>>>> diff --git a/libavformat/allformats.c b/libavformat/allformats.c
>>>> index 0aa9dd7198..28331facb9 100644
>>>> --- a/libavformat/allformats.c
>>>> +++ b/libavformat/allformats.c
>>>> @@ -249,6 +249,7 @@ extern AVInputFormat ff_mlv_demuxer;
>>>> extern AVInputFormat ff_mm_demuxer;
>>>> extern AVInputFormat ff_mmf_demuxer;
>>>> extern AVOutputFormat ff_mmf_muxer;
>>>> +extern AVInputFormat ff_moflex_demuxer;
>>>> extern AVInputFormat ff_mov_demuxer;
>>>> extern AVOutputFormat ff_mov_muxer;
>>>> extern AVOutputFormat ff_mp2_muxer;
>>>> diff --git a/libavformat/moflex.c b/libavformat/moflex.c
>>>> new file mode 100644
>>>> index 0000000000..989623396f
>>>> --- /dev/null
>>>> +++ b/libavformat/moflex.c
>>>> @@ -0,0 +1,360 @@
>>>> +/*
>>>> + * MOFLEX demuxer
>>>> + * Copyright (c) 2020 Paul B Mahol
>>>> + *
>>>> + * This file is part of FFmpeg.
>>>> + *
>>>> + * FFmpeg is free software; you can redistribute it and/or
>>>> + * modify it under the terms of the GNU Lesser General Public
>>>> + * License as published by the Free Software Foundation; either
>>>> + * version 2.1 of the License, or (at your option) any later version.
>>>> + *
>>>> + * FFmpeg is distributed in the hope that it will be useful,
>>>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>>>> + * Lesser General Public License for more details.
>>>> + *
>>>> + * You should have received a copy of the GNU Lesser General Public
>>>> + * License along with FFmpeg; if not, write to the Free Software
>>>> + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
>>>> 02110-1301 USA
>>>> + */
>>>> +
>>>> +#include "libavcodec/bytestream.h"
>>>> +
>>>> +#include "avformat.h"
>>>> +#include "internal.h"
>>>> +
>>>> +typedef struct BitReader {
>>>> + unsigned last;
>>>> + unsigned pos;
>>>> +} BitReader;
>>>> +
>>>> +typedef struct MOFLEXDemuxContext {
>>>> + unsigned size;
>>>> + int64_t pos;
>>>> + int64_t ts;
>>>> + int flags;
>>>> + int in_block;
>>>> +
>>>> + BitReader br;
>>>> +} MOFLEXDemuxContext;
>>>> +
>>>> +static int pop(BitReader *br, AVIOContext *pb)
>>>> +{
>>>> + if (avio_feof(pb))
>>>> + return AVERROR_EOF;
>>>> +
>>>> + if ((br->pos & 7) == 0)
>>>> + br->last = (unsigned)avio_r8(pb) << 24U;
>>>> + else
>>>> + br->last <<= 1;
>>>> +
>>>> + br->pos++;
>>>> + return !!(br->last & 0x80000000);
>>>> +}
>>>> +
>>>> +static int pop_int(BitReader *br, AVIOContext *pb, int n)
>>>> +{
>>>> + int value = 0;
>>>> +
>>>> + for (int i = 0; i < n; i++) {
>>>> + int ret = pop(br, pb);
>>>> +
>>>> + if (ret < 0)
>>>> + return ret;
>>>> + value = 2 * value + ret;
>>>> + }
>>>> +
>>>> + return value;
>>>> +}
>>>> +
>>>> +static int pop_length(BitReader *br, AVIOContext *pb)
>>>> +{
>>>> + int ret, n = 1;
>>>> +
>>>> + while ((ret = pop(br, pb)) == 0)
>>>> + n++;
>>>> +
>>>> + if (ret < 0)
>>>> + return ret;
>>>> + return n;
>>>> +}
>>>> +
>>>> +static int read_var_byte(AVFormatContext *s, unsigned *out)
>>>> +{
>>>> + AVIOContext *pb = s->pb;
>>>> + unsigned value = 0, data;
>>>> +
>>>> + data = avio_r8(pb);
>>>> + if (!(data & 0x80)) {
>>>> + *out = data;
>>>> + return 0;
>>>> + }
>>>> +
>>>> + value = (data & 0x7F) << 7;
>>>> + data = avio_r8(pb);
>>>> + if (!(data & 0x80)) {
>>>> + value |= data;
>>>> + *out = value;
>>>> + return 0;
>>>> + }
>>>> +
>>>> + value = ((data & 0x7F) | value) << 7;
>>>> + data = avio_r8(pb);
>>>> + if (!(data & 0x80)) {
>>>> + value |= data;
>>>> + *out = value;
>>>> + return 0;
>>>> + }
>>>> +
>>>> + value = (((data & 0x7F) | value) << 7) | avio_r8(pb);
>>>> + *out = value;
>>>> +
>>>> + return 0;
>>>> +}
>>>> +
>>>> +static int moflex_probe(const AVProbeData *p)
>>>> +{
>>>> + GetByteContext gb;
>>>> + int score = 0;
>>>> +
>>>> + bytestream2_init(&gb, p->buf, p->buf_size);
>>>> +
>>>> + if (bytestream2_get_be16(&gb) != 0x4C32)
>>>> + return 0;
>>>> + score += 10;
>>>> +
>>>> + bytestream2_skip(&gb, 10);
>>>> + if (bytestream2_get_be16(&gb) == 0)
>>>> + return 0;
>>>> + score += 5;
>>>> +
>>>> + while (bytestream2_get_bytes_left(&gb) > 0) {
>>>> + int type = bytestream2_get_byte(&gb);
>>>> + int size = bytestream2_get_byte(&gb);
>>>> +
>>>> + if (type == 0) {
>>>> + score += 5 * (size == 0);
>>>> + break;
>>>> + }
>>>> + if ((type == 1 && size == 12) ||
>>>> + (type == 2 && size == 6) ||
>>>> + (type == 3 && size == 13) ||
>>>> + (type == 4 && size == 2))
>>>> + score += 20;
>>>> + bytestream2_skip(&gb, size);
>>>> + }
>>>> +
>>>> + return FFMIN(AVPROBE_SCORE_MAX, score);
>>>> +}
>>>> +
>>>> +static int moflex_read_sync(AVFormatContext *s)
>>>> +{
>>>> + MOFLEXDemuxContext *m = s->priv_data;
>>>> + AVIOContext *pb = s->pb;
>>>> +
>>>> + if (avio_rb16(pb) != 0x4C32) {
>>>> + if (avio_feof(pb))
>>>> + return AVERROR_EOF;
>>>> + avio_seek(pb, -2, SEEK_CUR);
>>>> + return 1;
>>>> + }
>>>> +
>>>> + avio_skip(pb, 2);
>>>> + m->ts = avio_rb64(pb);
>>>> + m->size = avio_rb16(pb) + 1;
>>>> +
>>>> + while (!avio_feof(pb)) {
>>>> + unsigned type, ssize, codec_id = 0;
>>>> + unsigned codec_type, width = 0, height = 0, sample_rate = 0,
>>>> channels = 0;
>>>> + int stream_index = -1;
>>>> + int format;
>>>> + AVRational fps;
>>>> +
>>>> + read_var_byte(s, &type);
>>>> + read_var_byte(s, &ssize);
>>>> +
>>>> + switch (type) {
>>>> + case 0:
>>>> + if (ssize > 0)
>>>> + avio_skip(pb, ssize);
>>>> + return 0;
>>>> + case 2:
>>>> + codec_type = AVMEDIA_TYPE_AUDIO;
>>>> + stream_index = avio_r8(pb);
>>>> + codec_id = avio_r8(pb);
>>>> + switch (codec_id) {
>>>> + case 0: codec_id = AV_CODEC_ID_FASTAUDIO; break;
>>>> + case 1: codec_id = AV_CODEC_ID_ADPCM_IMA_MOFLEX; break;
>>>> + case 2: codec_id = AV_CODEC_ID_PCM_S16LE; break;
>>>> + default:
>>>> + av_log(s, AV_LOG_ERROR, "Unsupported audio codec:
>>>> %d\n",
>>>> codec_id);
>>>> + return AVERROR_PATCHWELCOME;
>>>> + }
>>>> + sample_rate = avio_rb24(pb) + 1;
>>>> + channels = avio_r8(pb) + 1;
>>>> + break;
>>>> + case 1:
>>>> + case 3:
>>>> + codec_type = AVMEDIA_TYPE_VIDEO;
>>>> + stream_index = avio_r8(pb);
>>>> + codec_id = avio_r8(pb);
>>>> + switch (codec_id) {
>>>> + case 0: codec_id = AV_CODEC_ID_MOBICLIP; break;
>>>> + default:
>>>> + av_log(s, AV_LOG_ERROR, "Unsupported video codec:
>>>> %d\n",
>>>> codec_id);
>>>> + return AVERROR_PATCHWELCOME;
>>>> + }
>>>> + fps.num = avio_rb16(pb);
>>>> + fps.den = avio_rb16(pb);
>>>> + width = avio_rb16(pb);
>>>> + height = avio_rb16(pb);
>>>> + format = AV_PIX_FMT_YUV420P;
>>>> + avio_skip(pb, type == 3 ? 3 : 2);
>>>> + break;
>>>> + case 4:
>>>> + codec_type = AVMEDIA_TYPE_DATA;
>>>> + stream_index = avio_r8(pb);
>>>> + avio_skip(pb, 1);
>>>> + break;
>>>> + }
>>>> +
>>>> + if (stream_index == s->nb_streams) {
>>>> + AVStream *st = avformat_new_stream(s, NULL);
>>>> +
>>>> + if (!st)
>>>> + return AVERROR(ENOMEM);
>>>> +
>>>> + st->codecpar->codec_type = codec_type;
>>>> + st->codecpar->codec_id = codec_id;
>>>> + st->codecpar->width = width;
>>>> + st->codecpar->height = height;
>>>> + st->codecpar->sample_rate= sample_rate;
>>>> + st->codecpar->channels = channels;
>>>> + st->codecpar->format = format;
>>>> + st->priv_data = av_packet_alloc();
>>>> + if (!st->priv_data)
>>>> + return AVERROR(ENOMEM);
>>>
>>> If this allocation fails when reading a packet, you end up with a stream
>>> without priv_data. If the caller decides to call av_read_frame() again,
>>> you can get a segfault, because the code for reading a packet presumes
>>> every stream to have an AVPacket as priv_data.
>>
>> No this is huge libavformat bug. NULL pointer dereference when appending
>> packet.
>>
>
> No it is a bug to call it with pkt == NULL.
Nope my code is correct.
av_append_packet is buggy.
>
>>>
>>>> +
>>>> + if (sample_rate)
>>>> + avpriv_set_pts_info(st, 63, 1, sample_rate);
>>>> + else
>>>> + avpriv_set_pts_info(st, 63, fps.den, fps.num);
>>>> + }
>>>> + }
>>>> +
>>>> + return 0;
>>>> +}
>>>> +
>>>> +static int moflex_read_header(AVFormatContext *s)
>>>> +{
>>>> + int ret;
>>>> +
>>>> + ret = moflex_read_sync(s);
>>>> + if (ret < 0)
>>>> + return ret;
>>>> +
>>>> + s->ctx_flags |= AVFMTCTX_NOHEADER;
>>>> + avio_seek(s->pb, 0, SEEK_SET);
>>>> +
>>>> + return 0;
>>>> +}
>>>> +
>>>> +static int moflex_read_packet(AVFormatContext *s, AVPacket *pkt)
>>>> +{
>>>> + MOFLEXDemuxContext *m = s->priv_data;
>>>> + AVIOContext *pb = s->pb;
>>>> + BitReader *br = &m->br;
>>>> + int ret;
>>>> +
>>>> + while (!avio_feof(pb)) {
>>>> + if (!m->in_block) {
>>>> + m->pos = avio_tell(pb);
>>>> +
>>>> + ret = moflex_read_sync(s);
>>>> + if (ret < 0)
>>>> + return ret;
>>>> +
>>>> + m->flags = avio_r8(pb);
>>>> + if (m->flags & 2)
>>>> + avio_skip(pb, 2);
>>>> + }
>>>> +
>>>> + while ((avio_tell(pb) < m->pos + m->size) && !avio_feof(pb) &&
>>>> avio_r8(pb)) {
>>>> + int stream_index, bits, pkt_size, endframe;
>>>> + AVPacket *packet;
>>>> +
>>>> + m->in_block = 1;
>>>> +
>>>> + avio_seek(pb, -1, SEEK_CUR);
>>>> + br->pos = br->last = 0;
>>>> +
>>>> + bits = pop_length(br, pb);
>>>> + if (bits < 0)
>>>> + return bits;
>>>> + stream_index = pop_int(br, pb, bits);
>>>> + if (stream_index < 0)
>>>> + return stream_index;
>>>> + if (stream_index >= s->nb_streams)
>>>> + return AVERROR_INVALIDDATA;
>>>> +
>>>> + endframe = pop(br, pb);
>>>> + if (endframe < 0)
>>>> + return endframe;
>>>> + if (endframe) {
>>>> + bits = pop_length(br, pb);
>>>> + if (bits < 0)
>>>> + return bits;
>>>> + pop_int(br, pb, bits);
>>>> + pop(br, pb);
>>>> + bits = pop_length(br, pb);
>>>> + if (bits < 0)
>>>> + return bits;
>>>> + pop_int(br, pb, bits * 2 + 26);
>>>> + }
>>>> +
>>>> + pkt_size = pop_int(br, pb, 13) + 1;
>>>> + packet = s->streams[stream_index]->priv_data;
>>>> +
>>>> + ret = av_append_packet(pb, packet, pkt_size);
>>>> + if (endframe) {
>>>> + av_packet_move_ref(pkt, packet);
>>>> + pkt->pos = m->pos;
>>>> + pkt->stream_index = stream_index;
>>>> + pkt->flags |= AV_PKT_FLAG_KEY;
>>>> + return ret;
>>>> + }
>>>> + }
>>>> +
>>>> + m->in_block = 0;
>>>> +
>>>> + if (m->flags % 2 == 0)
>>>> + avio_seek(pb, m->pos + m->size, SEEK_SET);
>>>> + }
>>>> +
>>>> + return AVERROR_EOF;
>>>> +}
>>>> +
>>>> +static int moflex_read_close(AVFormatContext *s)
>>>> +{
>>>> + for (int i = 0; i < s->nb_streams; i++) {
>>>> + AVPacket *packet = s->streams[i]->priv_data;
>>>> +
>>>> + av_packet_free(&packet);
>>>> + s->streams[i]->priv_data = 0;
>>>> + }
>>>> +
>>>> + return 0;
>>>> +}
>>>> +
>>>> +AVInputFormat ff_moflex_demuxer = {
>>>> + .name = "moflex",
>>>> + .long_name = NULL_IF_CONFIG_SMALL("MobiClip MOFLEX"),
>>>> + .priv_data_size = sizeof(MOFLEXDemuxContext),
>>>> + .read_probe = moflex_probe,
>>>> + .read_header = moflex_read_header,
>>>> + .read_packet = moflex_read_packet,
>>>> + .read_close = moflex_read_close,
>>>> + .extensions = "moflex",
>>>> + .flags = AVFMT_GENERIC_INDEX,
>>>> +};
>>>>
>>>
>>> _______________________________________________
>>> ffmpeg-devel mailing list
>>> ffmpeg-devel@ffmpeg.org
>>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>>
>>> To unsubscribe, visit link above, or email
>>> ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel@ffmpeg.org
>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>
>> To unsubscribe, visit link above, or email
>> ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
>>
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
