1 /*
2 * MOV demuxer
3 * Copyright (c) 2001 Fabrice Bellard
4 * Copyright (c) 2009 Baptiste Coudurier <baptiste dot coudurier at gmail dot com>
5 *
6 * first version by Francois Revol <revol@free.fr>
7 * seek function by Gael Chardon <gael.dev@4now.net>
8 *
9 * This file is part of FFmpeg.
10 *
11 * FFmpeg is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU Lesser General Public
13 * License as published by the Free Software Foundation; either
14 * version 2.1 of the License, or (at your option) any later version.
15 *
16 * FFmpeg is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 * Lesser General Public License for more details.
20 *
21 * You should have received a copy of the GNU Lesser General Public
22 * License along with FFmpeg; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
24 */
25
26 #include <inttypes.h>
27 #include <limits.h>
28 #include <stdint.h>
29
30 #include "libavutil/attributes.h"
31 #include "libavutil/channel_layout.h"
32 #include "libavutil/internal.h"
33 #include "libavutil/intreadwrite.h"
34 #include "libavutil/intfloat.h"
35 #include "libavutil/mathematics.h"
36 #include "libavutil/time_internal.h"
37 #include "libavutil/avassert.h"
38 #include "libavutil/avstring.h"
39 #include "libavutil/dict.h"
40 #include "libavutil/display.h"
41 #include "libavutil/opt.h"
42 #include "libavutil/aes.h"
43 #include "libavutil/aes_ctr.h"
44 #include "libavutil/pixdesc.h"
45 #include "libavutil/sha.h"
46 #include "libavutil/spherical.h"
47 #include "libavutil/stereo3d.h"
48 #include "libavutil/timecode.h"
49 #include "libavutil/dovi_meta.h"
50 #include "libavcodec/ac3tab.h"
51 #include "libavcodec/flac.h"
52 #include "libavcodec/mpegaudiodecheader.h"
53 #include "libavcodec/mlp_parse.h"
54 #include "avformat.h"
55 #include "internal.h"
56 #include "avio_internal.h"
57 #include "riff.h"
58 #include "isom.h"
59 #include "libavcodec/get_bits.h"
60 #include "id3v1.h"
61 #include "mov_chan.h"
62 #include "replaygain.h"
63
64 #if CONFIG_ZLIB
65 #include <zlib.h>
66 #endif
67
68 #include "qtpalette.h"
69
70 /* those functions parse an atom */
71 /* links atom IDs to parse functions */
72 typedef struct MOVParseTableEntry {
73 uint32_t type;
74 int (*parse)(MOVContext *ctx, AVIOContext *pb, MOVAtom atom);
75 } MOVParseTableEntry;
76
77 static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom);
78 static int mov_read_mfra(MOVContext *c, AVIOContext *f);
79 static int64_t add_ctts_entry(MOVStts** ctts_data, unsigned int* ctts_count, unsigned int* allocated_size,
80 int count, int duration);
81
mov_metadata_track_or_disc_number(MOVContext * c,AVIOContext * pb,unsigned len,const char * key)82 static int mov_metadata_track_or_disc_number(MOVContext *c, AVIOContext *pb,
83 unsigned len, const char *key)
84 {
85 char buf[16];
86
87 short current, total = 0;
88 avio_rb16(pb); // unknown
89 current = avio_rb16(pb);
90 if (len >= 6)
91 total = avio_rb16(pb);
92 if (!total)
93 snprintf(buf, sizeof(buf), "%d", current);
94 else
95 snprintf(buf, sizeof(buf), "%d/%d", current, total);
96 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
97 av_dict_set(&c->fc->metadata, key, buf, 0);
98
99 return 0;
100 }
101
mov_metadata_int8_bypass_padding(MOVContext * c,AVIOContext * pb,unsigned len,const char * key)102 static int mov_metadata_int8_bypass_padding(MOVContext *c, AVIOContext *pb,
103 unsigned len, const char *key)
104 {
105 /* bypass padding bytes */
106 avio_r8(pb);
107 avio_r8(pb);
108 avio_r8(pb);
109
110 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
111 av_dict_set_int(&c->fc->metadata, key, avio_r8(pb), 0);
112
113 return 0;
114 }
115
mov_metadata_int8_no_padding(MOVContext * c,AVIOContext * pb,unsigned len,const char * key)116 static int mov_metadata_int8_no_padding(MOVContext *c, AVIOContext *pb,
117 unsigned len, const char *key)
118 {
119 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
120 av_dict_set_int(&c->fc->metadata, key, avio_r8(pb), 0);
121
122 return 0;
123 }
124
mov_metadata_gnre(MOVContext * c,AVIOContext * pb,unsigned len,const char * key)125 static int mov_metadata_gnre(MOVContext *c, AVIOContext *pb,
126 unsigned len, const char *key)
127 {
128 short genre;
129
130 avio_r8(pb); // unknown
131
132 genre = avio_r8(pb);
133 if (genre < 1 || genre > ID3v1_GENRE_MAX)
134 return 0;
135 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
136 av_dict_set(&c->fc->metadata, key, ff_id3v1_genre_str[genre-1], 0);
137
138 return 0;
139 }
140
141 static const uint32_t mac_to_unicode[128] = {
142 0x00C4,0x00C5,0x00C7,0x00C9,0x00D1,0x00D6,0x00DC,0x00E1,
143 0x00E0,0x00E2,0x00E4,0x00E3,0x00E5,0x00E7,0x00E9,0x00E8,
144 0x00EA,0x00EB,0x00ED,0x00EC,0x00EE,0x00EF,0x00F1,0x00F3,
145 0x00F2,0x00F4,0x00F6,0x00F5,0x00FA,0x00F9,0x00FB,0x00FC,
146 0x2020,0x00B0,0x00A2,0x00A3,0x00A7,0x2022,0x00B6,0x00DF,
147 0x00AE,0x00A9,0x2122,0x00B4,0x00A8,0x2260,0x00C6,0x00D8,
148 0x221E,0x00B1,0x2264,0x2265,0x00A5,0x00B5,0x2202,0x2211,
149 0x220F,0x03C0,0x222B,0x00AA,0x00BA,0x03A9,0x00E6,0x00F8,
150 0x00BF,0x00A1,0x00AC,0x221A,0x0192,0x2248,0x2206,0x00AB,
151 0x00BB,0x2026,0x00A0,0x00C0,0x00C3,0x00D5,0x0152,0x0153,
152 0x2013,0x2014,0x201C,0x201D,0x2018,0x2019,0x00F7,0x25CA,
153 0x00FF,0x0178,0x2044,0x20AC,0x2039,0x203A,0xFB01,0xFB02,
154 0x2021,0x00B7,0x201A,0x201E,0x2030,0x00C2,0x00CA,0x00C1,
155 0x00CB,0x00C8,0x00CD,0x00CE,0x00CF,0x00CC,0x00D3,0x00D4,
156 0xF8FF,0x00D2,0x00DA,0x00DB,0x00D9,0x0131,0x02C6,0x02DC,
157 0x00AF,0x02D8,0x02D9,0x02DA,0x00B8,0x02DD,0x02DB,0x02C7,
158 };
159
mov_read_mac_string(MOVContext * c,AVIOContext * pb,int len,char * dst,int dstlen)160 static int mov_read_mac_string(MOVContext *c, AVIOContext *pb, int len,
161 char *dst, int dstlen)
162 {
163 char *p = dst;
164 char *end = dst+dstlen-1;
165 int i;
166
167 for (i = 0; i < len; i++) {
168 uint8_t t, c = avio_r8(pb);
169
170 if (p >= end)
171 continue;
172
173 if (c < 0x80)
174 *p++ = c;
175 else if (p < end)
176 PUT_UTF8(mac_to_unicode[c-0x80], t, if (p < end) *p++ = t;);
177 }
178 *p = 0;
179 return p - dst;
180 }
181
mov_read_covr(MOVContext * c,AVIOContext * pb,int type,int len)182 static int mov_read_covr(MOVContext *c, AVIOContext *pb, int type, int len)
183 {
184 AVPacket pkt;
185 AVStream *st;
186 MOVStreamContext *sc;
187 enum AVCodecID id;
188 int ret;
189
190 switch (type) {
191 case 0xd: id = AV_CODEC_ID_MJPEG; break;
192 case 0xe: id = AV_CODEC_ID_PNG; break;
193 case 0x1b: id = AV_CODEC_ID_BMP; break;
194 default:
195 av_log(c->fc, AV_LOG_WARNING, "Unknown cover type: 0x%x.\n", type);
196 avio_skip(pb, len);
197 return 0;
198 }
199
200 st = avformat_new_stream(c->fc, NULL);
201 if (!st)
202 return AVERROR(ENOMEM);
203 sc = av_mallocz(sizeof(*sc));
204 if (!sc)
205 return AVERROR(ENOMEM);
206 st->priv_data = sc;
207
208 ret = av_get_packet(pb, &pkt, len);
209 if (ret < 0)
210 return ret;
211
212 if (pkt.size >= 8 && id != AV_CODEC_ID_BMP) {
213 if (AV_RB64(pkt.data) == 0x89504e470d0a1a0a) {
214 id = AV_CODEC_ID_PNG;
215 } else {
216 id = AV_CODEC_ID_MJPEG;
217 }
218 }
219
220 st->disposition |= AV_DISPOSITION_ATTACHED_PIC;
221
222 st->attached_pic = pkt;
223 st->attached_pic.stream_index = st->index;
224 st->attached_pic.flags |= AV_PKT_FLAG_KEY;
225
226 st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO;
227 st->codecpar->codec_id = id;
228
229 return 0;
230 }
231
232 // 3GPP TS 26.244
mov_metadata_loci(MOVContext * c,AVIOContext * pb,unsigned len)233 static int mov_metadata_loci(MOVContext *c, AVIOContext *pb, unsigned len)
234 {
235 char language[4] = { 0 };
236 char buf[200], place[100];
237 uint16_t langcode = 0;
238 double longitude, latitude, altitude;
239 const char *key = "location";
240
241 if (len < 4 + 2 + 1 + 1 + 4 + 4 + 4) {
242 av_log(c->fc, AV_LOG_ERROR, "loci too short\n");
243 return AVERROR_INVALIDDATA;
244 }
245
246 avio_skip(pb, 4); // version+flags
247 langcode = avio_rb16(pb);
248 ff_mov_lang_to_iso639(langcode, language);
249 len -= 6;
250
251 len -= avio_get_str(pb, len, place, sizeof(place));
252 if (len < 1) {
253 av_log(c->fc, AV_LOG_ERROR, "place name too long\n");
254 return AVERROR_INVALIDDATA;
255 }
256 avio_skip(pb, 1); // role
257 len -= 1;
258
259 if (len < 12) {
260 av_log(c->fc, AV_LOG_ERROR,
261 "loci too short (%u bytes left, need at least %d)\n", len, 12);
262 return AVERROR_INVALIDDATA;
263 }
264 longitude = ((int32_t) avio_rb32(pb)) / (float) (1 << 16);
265 latitude = ((int32_t) avio_rb32(pb)) / (float) (1 << 16);
266 altitude = ((int32_t) avio_rb32(pb)) / (float) (1 << 16);
267
268 // Try to output in the same format as the ?xyz field
269 snprintf(buf, sizeof(buf), "%+08.4f%+09.4f", latitude, longitude);
270 if (altitude)
271 av_strlcatf(buf, sizeof(buf), "%+f", altitude);
272 av_strlcatf(buf, sizeof(buf), "/%s", place);
273
274 if (*language && strcmp(language, "und")) {
275 char key2[16];
276 snprintf(key2, sizeof(key2), "%s-%s", key, language);
277 av_dict_set(&c->fc->metadata, key2, buf, 0);
278 }
279 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
280 return av_dict_set(&c->fc->metadata, key, buf, 0);
281 }
282
mov_metadata_hmmt(MOVContext * c,AVIOContext * pb,unsigned len)283 static int mov_metadata_hmmt(MOVContext *c, AVIOContext *pb, unsigned len)
284 {
285 int i, n_hmmt;
286
287 if (len < 2)
288 return 0;
289 if (c->ignore_chapters)
290 return 0;
291
292 n_hmmt = avio_rb32(pb);
293 for (i = 0; i < n_hmmt && !pb->eof_reached; i++) {
294 int moment_time = avio_rb32(pb);
295 avpriv_new_chapter(c->fc, i, av_make_q(1, 1000), moment_time, AV_NOPTS_VALUE, NULL);
296 }
297 return 0;
298 }
299
mov_read_udta_string(MOVContext * c,AVIOContext * pb,MOVAtom atom)300 static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
301 {
302 char tmp_key[5];
303 char key2[32], language[4] = {0};
304 char *str = NULL;
305 const char *key = NULL;
306 uint16_t langcode = 0;
307 uint32_t data_type = 0, str_size, str_size_alloc;
308 int (*parse)(MOVContext*, AVIOContext*, unsigned, const char*) = NULL;
309 int raw = 0;
310 int num = 0;
311
312 switch (atom.type) {
313 case MKTAG( '@','P','R','M'): key = "premiere_version"; raw = 1; break;
314 case MKTAG( '@','P','R','Q'): key = "quicktime_version"; raw = 1; break;
315 case MKTAG( 'X','M','P','_'):
316 if (c->export_xmp) { key = "xmp"; raw = 1; } break;
317 case MKTAG( 'a','A','R','T'): key = "album_artist"; break;
318 case MKTAG( 'a','k','I','D'): key = "account_type";
319 parse = mov_metadata_int8_no_padding; break;
320 case MKTAG( 'a','p','I','D'): key = "account_id"; break;
321 case MKTAG( 'c','a','t','g'): key = "category"; break;
322 case MKTAG( 'c','p','i','l'): key = "compilation";
323 parse = mov_metadata_int8_no_padding; break;
324 case MKTAG( 'c','p','r','t'): key = "copyright"; break;
325 case MKTAG( 'd','e','s','c'): key = "description"; break;
326 case MKTAG( 'd','i','s','k'): key = "disc";
327 parse = mov_metadata_track_or_disc_number; break;
328 case MKTAG( 'e','g','i','d'): key = "episode_uid";
329 parse = mov_metadata_int8_no_padding; break;
330 case MKTAG( 'F','I','R','M'): key = "firmware"; raw = 1; break;
331 case MKTAG( 'g','n','r','e'): key = "genre";
332 parse = mov_metadata_gnre; break;
333 case MKTAG( 'h','d','v','d'): key = "hd_video";
334 parse = mov_metadata_int8_no_padding; break;
335 case MKTAG( 'H','M','M','T'):
336 return mov_metadata_hmmt(c, pb, atom.size);
337 case MKTAG( 'k','e','y','w'): key = "keywords"; break;
338 case MKTAG( 'l','d','e','s'): key = "synopsis"; break;
339 case MKTAG( 'l','o','c','i'):
340 return mov_metadata_loci(c, pb, atom.size);
341 case MKTAG( 'm','a','n','u'): key = "make"; break;
342 case MKTAG( 'm','o','d','l'): key = "model"; break;
343 case MKTAG( 'p','c','s','t'): key = "podcast";
344 parse = mov_metadata_int8_no_padding; break;
345 case MKTAG( 'p','g','a','p'): key = "gapless_playback";
346 parse = mov_metadata_int8_no_padding; break;
347 case MKTAG( 'p','u','r','d'): key = "purchase_date"; break;
348 case MKTAG( 'r','t','n','g'): key = "rating";
349 parse = mov_metadata_int8_no_padding; break;
350 case MKTAG( 's','o','a','a'): key = "sort_album_artist"; break;
351 case MKTAG( 's','o','a','l'): key = "sort_album"; break;
352 case MKTAG( 's','o','a','r'): key = "sort_artist"; break;
353 case MKTAG( 's','o','c','o'): key = "sort_composer"; break;
354 case MKTAG( 's','o','n','m'): key = "sort_name"; break;
355 case MKTAG( 's','o','s','n'): key = "sort_show"; break;
356 case MKTAG( 's','t','i','k'): key = "media_type";
357 parse = mov_metadata_int8_no_padding; break;
358 case MKTAG( 't','r','k','n'): key = "track";
359 parse = mov_metadata_track_or_disc_number; break;
360 case MKTAG( 't','v','e','n'): key = "episode_id"; break;
361 case MKTAG( 't','v','e','s'): key = "episode_sort";
362 parse = mov_metadata_int8_bypass_padding; break;
363 case MKTAG( 't','v','n','n'): key = "network"; break;
364 case MKTAG( 't','v','s','h'): key = "show"; break;
365 case MKTAG( 't','v','s','n'): key = "season_number";
366 parse = mov_metadata_int8_bypass_padding; break;
367 case MKTAG(0xa9,'A','R','T'): key = "artist"; break;
368 case MKTAG(0xa9,'P','R','D'): key = "producer"; break;
369 case MKTAG(0xa9,'a','l','b'): key = "album"; break;
370 case MKTAG(0xa9,'a','u','t'): key = "artist"; break;
371 case MKTAG(0xa9,'c','h','p'): key = "chapter"; break;
372 case MKTAG(0xa9,'c','m','t'): key = "comment"; break;
373 case MKTAG(0xa9,'c','o','m'): key = "composer"; break;
374 case MKTAG(0xa9,'c','p','y'): key = "copyright"; break;
375 case MKTAG(0xa9,'d','a','y'): key = "date"; break;
376 case MKTAG(0xa9,'d','i','r'): key = "director"; break;
377 case MKTAG(0xa9,'d','i','s'): key = "disclaimer"; break;
378 case MKTAG(0xa9,'e','d','1'): key = "edit_date"; break;
379 case MKTAG(0xa9,'e','n','c'): key = "encoder"; break;
380 case MKTAG(0xa9,'f','m','t'): key = "original_format"; break;
381 case MKTAG(0xa9,'g','e','n'): key = "genre"; break;
382 case MKTAG(0xa9,'g','r','p'): key = "grouping"; break;
383 case MKTAG(0xa9,'h','s','t'): key = "host_computer"; break;
384 case MKTAG(0xa9,'i','n','f'): key = "comment"; break;
385 case MKTAG(0xa9,'l','y','r'): key = "lyrics"; break;
386 case MKTAG(0xa9,'m','a','k'): key = "make"; break;
387 case MKTAG(0xa9,'m','o','d'): key = "model"; break;
388 case MKTAG(0xa9,'n','a','m'): key = "title"; break;
389 case MKTAG(0xa9,'o','p','e'): key = "original_artist"; break;
390 case MKTAG(0xa9,'p','r','d'): key = "producer"; break;
391 case MKTAG(0xa9,'p','r','f'): key = "performers"; break;
392 case MKTAG(0xa9,'r','e','q'): key = "playback_requirements"; break;
393 case MKTAG(0xa9,'s','r','c'): key = "original_source"; break;
394 case MKTAG(0xa9,'s','t','3'): key = "subtitle"; break;
395 case MKTAG(0xa9,'s','w','r'): key = "encoder"; break;
396 case MKTAG(0xa9,'t','o','o'): key = "encoder"; break;
397 case MKTAG(0xa9,'t','r','k'): key = "track"; break;
398 case MKTAG(0xa9,'u','r','l'): key = "URL"; break;
399 case MKTAG(0xa9,'w','r','n'): key = "warning"; break;
400 case MKTAG(0xa9,'w','r','t'): key = "composer"; break;
401 case MKTAG(0xa9,'x','y','z'): key = "location"; break;
402 }
403 retry:
404 if (c->itunes_metadata && atom.size > 8) {
405 int data_size = avio_rb32(pb);
406 int tag = avio_rl32(pb);
407 if (tag == MKTAG('d','a','t','a') && data_size <= atom.size) {
408 data_type = avio_rb32(pb); // type
409 avio_rb32(pb); // unknown
410 str_size = data_size - 16;
411 atom.size -= 16;
412
413 if (atom.type == MKTAG('c', 'o', 'v', 'r')) {
414 int ret = mov_read_covr(c, pb, data_type, str_size);
415 if (ret < 0) {
416 av_log(c->fc, AV_LOG_ERROR, "Error parsing cover art.\n");
417 return ret;
418 }
419 atom.size -= str_size;
420 if (atom.size > 8)
421 goto retry;
422 return ret;
423 } else if (!key && c->found_hdlr_mdta && c->meta_keys) {
424 uint32_t index = AV_RB32(&atom.type);
425 if (index < c->meta_keys_count && index > 0) {
426 key = c->meta_keys[index];
427 } else {
428 av_log(c->fc, AV_LOG_WARNING,
429 "The index of 'data' is out of range: %"PRId32" < 1 or >= %d.\n",
430 index, c->meta_keys_count);
431 }
432 }
433 } else return 0;
434 } else if (atom.size > 4 && key && !c->itunes_metadata && !raw) {
435 str_size = avio_rb16(pb); // string length
436 if (str_size > atom.size) {
437 raw = 1;
438 avio_seek(pb, -2, SEEK_CUR);
439 av_log(c->fc, AV_LOG_WARNING, "UDTA parsing failed retrying raw\n");
440 goto retry;
441 }
442 langcode = avio_rb16(pb);
443 ff_mov_lang_to_iso639(langcode, language);
444 atom.size -= 4;
445 } else
446 str_size = atom.size;
447
448 if (c->export_all && !key) {
449 snprintf(tmp_key, 5, "%.4s", (char*)&atom.type);
450 key = tmp_key;
451 }
452
453 if (!key)
454 return 0;
455 if (atom.size < 0 || str_size >= INT_MAX/2)
456 return AVERROR_INVALIDDATA;
457
458 // Allocates enough space if data_type is a int32 or float32 number, otherwise
459 // worst-case requirement for output string in case of utf8 coded input
460 num = (data_type >= 21 && data_type <= 23);
461 str_size_alloc = (num ? 512 : (raw ? str_size : str_size * 2)) + 1;
462 str = av_mallocz(str_size_alloc);
463 if (!str)
464 return AVERROR(ENOMEM);
465
466 if (parse)
467 parse(c, pb, str_size, key);
468 else {
469 if (!raw && (data_type == 3 || (data_type == 0 && (langcode < 0x400 || langcode == 0x7fff)))) { // MAC Encoded
470 mov_read_mac_string(c, pb, str_size, str, str_size_alloc);
471 } else if (data_type == 21) { // BE signed integer, variable size
472 int val = 0;
473 if (str_size == 1)
474 val = (int8_t)avio_r8(pb);
475 else if (str_size == 2)
476 val = (int16_t)avio_rb16(pb);
477 else if (str_size == 3)
478 val = ((int32_t)(avio_rb24(pb)<<8))>>8;
479 else if (str_size == 4)
480 val = (int32_t)avio_rb32(pb);
481 if (snprintf(str, str_size_alloc, "%d", val) >= str_size_alloc) {
482 av_log(c->fc, AV_LOG_ERROR,
483 "Failed to store the number (%d) in string.\n", val);
484 av_free(str);
485 return AVERROR_INVALIDDATA;
486 }
487 } else if (data_type == 22) { // BE unsigned integer, variable size
488 unsigned int val = 0;
489 if (str_size == 1)
490 val = avio_r8(pb);
491 else if (str_size == 2)
492 val = avio_rb16(pb);
493 else if (str_size == 3)
494 val = avio_rb24(pb);
495 else if (str_size == 4)
496 val = avio_rb32(pb);
497 if (snprintf(str, str_size_alloc, "%u", val) >= str_size_alloc) {
498 av_log(c->fc, AV_LOG_ERROR,
499 "Failed to store the number (%u) in string.\n", val);
500 av_free(str);
501 return AVERROR_INVALIDDATA;
502 }
503 } else if (data_type == 23 && str_size >= 4) { // BE float32
504 float val = av_int2float(avio_rb32(pb));
505 if (snprintf(str, str_size_alloc, "%f", val) >= str_size_alloc) {
506 av_log(c->fc, AV_LOG_ERROR,
507 "Failed to store the float32 number (%f) in string.\n", val);
508 av_free(str);
509 return AVERROR_INVALIDDATA;
510 }
511 } else {
512 int ret = ffio_read_size(pb, str, str_size);
513 if (ret < 0) {
514 av_free(str);
515 return ret;
516 }
517 str[str_size] = 0;
518 }
519 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
520 av_dict_set(&c->fc->metadata, key, str, 0);
521 if (*language && strcmp(language, "und")) {
522 snprintf(key2, sizeof(key2), "%s-%s", key, language);
523 av_dict_set(&c->fc->metadata, key2, str, 0);
524 }
525 if (!strcmp(key, "encoder")) {
526 int major, minor, micro;
527 if (sscanf(str, "HandBrake %d.%d.%d", &major, &minor, µ) == 3) {
528 c->handbrake_version = 1000000*major + 1000*minor + micro;
529 }
530 }
531 }
532
533 av_freep(&str);
534 return 0;
535 }
536
mov_read_chpl(MOVContext * c,AVIOContext * pb,MOVAtom atom)537 static int mov_read_chpl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
538 {
539 int64_t start;
540 int i, nb_chapters, str_len, version;
541 char str[256+1];
542 int ret;
543
544 if (c->ignore_chapters)
545 return 0;
546
547 if ((atom.size -= 5) < 0)
548 return 0;
549
550 version = avio_r8(pb);
551 avio_rb24(pb);
552 if (version)
553 avio_rb32(pb); // ???
554 nb_chapters = avio_r8(pb);
555
556 for (i = 0; i < nb_chapters; i++) {
557 if (atom.size < 9)
558 return 0;
559
560 start = avio_rb64(pb);
561 str_len = avio_r8(pb);
562
563 if ((atom.size -= 9+str_len) < 0)
564 return 0;
565
566 ret = ffio_read_size(pb, str, str_len);
567 if (ret < 0)
568 return ret;
569 str[str_len] = 0;
570 avpriv_new_chapter(c->fc, i, (AVRational){1,10000000}, start, AV_NOPTS_VALUE, str);
571 }
572 return 0;
573 }
574
575 #define MIN_DATA_ENTRY_BOX_SIZE 12
mov_read_dref(MOVContext * c,AVIOContext * pb,MOVAtom atom)576 static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
577 {
578 AVStream *st;
579 MOVStreamContext *sc;
580 int entries, i, j;
581
582 if (c->fc->nb_streams < 1)
583 return 0;
584 st = c->fc->streams[c->fc->nb_streams-1];
585 sc = st->priv_data;
586
587 avio_rb32(pb); // version + flags
588 entries = avio_rb32(pb);
589 if (!entries ||
590 entries > (atom.size - 1) / MIN_DATA_ENTRY_BOX_SIZE + 1 ||
591 entries >= UINT_MAX / sizeof(*sc->drefs))
592 return AVERROR_INVALIDDATA;
593 sc->drefs_count = 0;
594 av_free(sc->drefs);
595 sc->drefs_count = 0;
596 sc->drefs = av_mallocz(entries * sizeof(*sc->drefs));
597 if (!sc->drefs)
598 return AVERROR(ENOMEM);
599 sc->drefs_count = entries;
600
601 for (i = 0; i < entries; i++) {
602 MOVDref *dref = &sc->drefs[i];
603 uint32_t size = avio_rb32(pb);
604 int64_t next = avio_tell(pb) + size - 4;
605
606 if (size < 12)
607 return AVERROR_INVALIDDATA;
608
609 dref->type = avio_rl32(pb);
610 avio_rb32(pb); // version + flags
611
612 if (dref->type == MKTAG('a','l','i','s') && size > 150) {
613 /* macintosh alias record */
614 uint16_t volume_len, len;
615 int16_t type;
616 int ret;
617
618 avio_skip(pb, 10);
619
620 volume_len = avio_r8(pb);
621 volume_len = FFMIN(volume_len, 27);
622 ret = ffio_read_size(pb, dref->volume, 27);
623 if (ret < 0)
624 return ret;
625 dref->volume[volume_len] = 0;
626 av_log(c->fc, AV_LOG_DEBUG, "volume %s, len %d\n", dref->volume, volume_len);
627
628 avio_skip(pb, 12);
629
630 len = avio_r8(pb);
631 len = FFMIN(len, 63);
632 ret = ffio_read_size(pb, dref->filename, 63);
633 if (ret < 0)
634 return ret;
635 dref->filename[len] = 0;
636 av_log(c->fc, AV_LOG_DEBUG, "filename %s, len %d\n", dref->filename, len);
637
638 avio_skip(pb, 16);
639
640 /* read next level up_from_alias/down_to_target */
641 dref->nlvl_from = avio_rb16(pb);
642 dref->nlvl_to = avio_rb16(pb);
643 av_log(c->fc, AV_LOG_DEBUG, "nlvl from %d, nlvl to %d\n",
644 dref->nlvl_from, dref->nlvl_to);
645
646 avio_skip(pb, 16);
647
648 for (type = 0; type != -1 && avio_tell(pb) < next; ) {
649 if(avio_feof(pb))
650 return AVERROR_EOF;
651 type = avio_rb16(pb);
652 len = avio_rb16(pb);
653 av_log(c->fc, AV_LOG_DEBUG, "type %d, len %d\n", type, len);
654 if (len&1)
655 len += 1;
656 if (type == 2) { // absolute path
657 av_free(dref->path);
658 dref->path = av_mallocz(len+1);
659 if (!dref->path)
660 return AVERROR(ENOMEM);
661
662 ret = ffio_read_size(pb, dref->path, len);
663 if (ret < 0) {
664 av_freep(&dref->path);
665 return ret;
666 }
667 if (len > volume_len && !strncmp(dref->path, dref->volume, volume_len)) {
668 len -= volume_len;
669 memmove(dref->path, dref->path+volume_len, len);
670 dref->path[len] = 0;
671 }
672 // trim string of any ending zeros
673 for (j = len - 1; j >= 0; j--) {
674 if (dref->path[j] == 0)
675 len--;
676 else
677 break;
678 }
679 for (j = 0; j < len; j++)
680 if (dref->path[j] == ':' || dref->path[j] == 0)
681 dref->path[j] = '/';
682 av_log(c->fc, AV_LOG_DEBUG, "path %s\n", dref->path);
683 } else if (type == 0) { // directory name
684 av_free(dref->dir);
685 dref->dir = av_malloc(len+1);
686 if (!dref->dir)
687 return AVERROR(ENOMEM);
688
689 ret = ffio_read_size(pb, dref->dir, len);
690 if (ret < 0) {
691 av_freep(&dref->dir);
692 return ret;
693 }
694 dref->dir[len] = 0;
695 for (j = 0; j < len; j++)
696 if (dref->dir[j] == ':')
697 dref->dir[j] = '/';
698 av_log(c->fc, AV_LOG_DEBUG, "dir %s\n", dref->dir);
699 } else
700 avio_skip(pb, len);
701 }
702 } else {
703 av_log(c->fc, AV_LOG_DEBUG, "Unknown dref type 0x%08"PRIx32" size %"PRIu32"\n",
704 dref->type, size);
705 entries--;
706 i--;
707 }
708 avio_seek(pb, next, SEEK_SET);
709 }
710 return 0;
711 }
712
mov_read_hdlr(MOVContext * c,AVIOContext * pb,MOVAtom atom)713 static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
714 {
715 AVStream *st;
716 uint32_t type;
717 uint32_t ctype;
718 int64_t title_size;
719 char *title_str;
720 int ret;
721
722 avio_r8(pb); /* version */
723 avio_rb24(pb); /* flags */
724
725 /* component type */
726 ctype = avio_rl32(pb);
727 type = avio_rl32(pb); /* component subtype */
728
729 av_log(c->fc, AV_LOG_TRACE, "ctype=%s\n", av_fourcc2str(ctype));
730 av_log(c->fc, AV_LOG_TRACE, "stype=%s\n", av_fourcc2str(type));
731
732 if (c->trak_index < 0) { // meta not inside a trak
733 if (type == MKTAG('m','d','t','a')) {
734 c->found_hdlr_mdta = 1;
735 }
736 return 0;
737 }
738
739 st = c->fc->streams[c->fc->nb_streams-1];
740
741 if (type == MKTAG('v','i','d','e'))
742 st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO;
743 else if (type == MKTAG('s','o','u','n'))
744 st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
745 else if (type == MKTAG('m','1','a',' '))
746 st->codecpar->codec_id = AV_CODEC_ID_MP2;
747 else if ((type == MKTAG('s','u','b','p')) || (type == MKTAG('c','l','c','p')))
748 st->codecpar->codec_type = AVMEDIA_TYPE_SUBTITLE;
749
750 avio_rb32(pb); /* component manufacture */
751 avio_rb32(pb); /* component flags */
752 avio_rb32(pb); /* component flags mask */
753
754 title_size = atom.size - 24;
755 if (title_size > 0) {
756 if (title_size > FFMIN(INT_MAX, SIZE_MAX-1))
757 return AVERROR_INVALIDDATA;
758 title_str = av_malloc(title_size + 1); /* Add null terminator */
759 if (!title_str)
760 return AVERROR(ENOMEM);
761
762 ret = ffio_read_size(pb, title_str, title_size);
763 if (ret < 0) {
764 av_freep(&title_str);
765 return ret;
766 }
767 title_str[title_size] = 0;
768 if (title_str[0]) {
769 int off = (!c->isom && title_str[0] == title_size - 1);
770 // flag added so as to not set stream handler name if already set from mdia->hdlr
771 av_dict_set(&st->metadata, "handler_name", title_str + off, AV_DICT_DONT_OVERWRITE);
772 }
773 av_freep(&title_str);
774 }
775
776 return 0;
777 }
778
mov_read_esds(MOVContext * c,AVIOContext * pb,MOVAtom atom)779 static int mov_read_esds(MOVContext *c, AVIOContext *pb, MOVAtom atom)
780 {
781 return ff_mov_read_esds(c->fc, pb);
782 }
783
mov_read_dac3(MOVContext * c,AVIOContext * pb,MOVAtom atom)784 static int mov_read_dac3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
785 {
786 AVStream *st;
787 enum AVAudioServiceType *ast;
788 int ac3info, acmod, lfeon, bsmod;
789
790 if (c->fc->nb_streams < 1)
791 return 0;
792 st = c->fc->streams[c->fc->nb_streams-1];
793
794 ast = (enum AVAudioServiceType*)av_stream_new_side_data(st, AV_PKT_DATA_AUDIO_SERVICE_TYPE,
795 sizeof(*ast));
796 if (!ast)
797 return AVERROR(ENOMEM);
798
799 ac3info = avio_rb24(pb);
800 bsmod = (ac3info >> 14) & 0x7;
801 acmod = (ac3info >> 11) & 0x7;
802 lfeon = (ac3info >> 10) & 0x1;
803 st->codecpar->channels = ((int[]){2,1,2,3,3,4,4,5})[acmod] + lfeon;
804 st->codecpar->channel_layout = avpriv_ac3_channel_layout_tab[acmod];
805 if (lfeon)
806 st->codecpar->channel_layout |= AV_CH_LOW_FREQUENCY;
807 *ast = bsmod;
808 if (st->codecpar->channels > 1 && bsmod == 0x7)
809 *ast = AV_AUDIO_SERVICE_TYPE_KARAOKE;
810
811 #if FF_API_LAVF_AVCTX
812 FF_DISABLE_DEPRECATION_WARNINGS
813 st->codec->audio_service_type = *ast;
814 FF_ENABLE_DEPRECATION_WARNINGS
815 #endif
816
817 return 0;
818 }
819
mov_read_dec3(MOVContext * c,AVIOContext * pb,MOVAtom atom)820 static int mov_read_dec3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
821 {
822 AVStream *st;
823 enum AVAudioServiceType *ast;
824 int eac3info, acmod, lfeon, bsmod;
825
826 if (c->fc->nb_streams < 1)
827 return 0;
828 st = c->fc->streams[c->fc->nb_streams-1];
829
830 ast = (enum AVAudioServiceType*)av_stream_new_side_data(st, AV_PKT_DATA_AUDIO_SERVICE_TYPE,
831 sizeof(*ast));
832 if (!ast)
833 return AVERROR(ENOMEM);
834
835 /* No need to parse fields for additional independent substreams and its
836 * associated dependent substreams since libavcodec's E-AC-3 decoder
837 * does not support them yet. */
838 avio_rb16(pb); /* data_rate and num_ind_sub */
839 eac3info = avio_rb24(pb);
840 bsmod = (eac3info >> 12) & 0x1f;
841 acmod = (eac3info >> 9) & 0x7;
842 lfeon = (eac3info >> 8) & 0x1;
843 st->codecpar->channel_layout = avpriv_ac3_channel_layout_tab[acmod];
844 if (lfeon)
845 st->codecpar->channel_layout |= AV_CH_LOW_FREQUENCY;
846 st->codecpar->channels = av_get_channel_layout_nb_channels(st->codecpar->channel_layout);
847 *ast = bsmod;
848 if (st->codecpar->channels > 1 && bsmod == 0x7)
849 *ast = AV_AUDIO_SERVICE_TYPE_KARAOKE;
850
851 #if FF_API_LAVF_AVCTX
852 FF_DISABLE_DEPRECATION_WARNINGS
853 st->codec->audio_service_type = *ast;
854 FF_ENABLE_DEPRECATION_WARNINGS
855 #endif
856
857 return 0;
858 }
859
mov_read_ddts(MOVContext * c,AVIOContext * pb,MOVAtom atom)860 static int mov_read_ddts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
861 {
862 const uint32_t ddts_size = 20;
863 AVStream *st = NULL;
864 uint8_t *buf = NULL;
865 uint32_t frame_duration_code = 0;
866 uint32_t channel_layout_code = 0;
867 GetBitContext gb;
868
869 buf = av_malloc(ddts_size + AV_INPUT_BUFFER_PADDING_SIZE);
870 if (!buf) {
871 return AVERROR(ENOMEM);
872 }
873 if (avio_read(pb, buf, ddts_size) < ddts_size) {
874 av_free(buf);
875 return AVERROR_INVALIDDATA;
876 }
877
878 init_get_bits(&gb, buf, 8*ddts_size);
879
880 if (c->fc->nb_streams < 1) {
881 av_free(buf);
882 return 0;
883 }
884 st = c->fc->streams[c->fc->nb_streams-1];
885
886 st->codecpar->sample_rate = get_bits_long(&gb, 32);
887 if (st->codecpar->sample_rate <= 0) {
888 av_log(c->fc, AV_LOG_ERROR, "Invalid sample rate %d\n", st->codecpar->sample_rate);
889 av_free(buf);
890 return AVERROR_INVALIDDATA;
891 }
892 skip_bits_long(&gb, 32); /* max bitrate */
893 st->codecpar->bit_rate = get_bits_long(&gb, 32);
894 st->codecpar->bits_per_coded_sample = get_bits(&gb, 8);
895 frame_duration_code = get_bits(&gb, 2);
896 skip_bits(&gb, 30); /* various fields */
897 channel_layout_code = get_bits(&gb, 16);
898
899 st->codecpar->frame_size =
900 (frame_duration_code == 0) ? 512 :
901 (frame_duration_code == 1) ? 1024 :
902 (frame_duration_code == 2) ? 2048 :
903 (frame_duration_code == 3) ? 4096 : 0;
904
905 if (channel_layout_code > 0xff) {
906 av_log(c->fc, AV_LOG_WARNING, "Unsupported DTS audio channel layout");
907 }
908 st->codecpar->channel_layout =
909 ((channel_layout_code & 0x1) ? AV_CH_FRONT_CENTER : 0) |
910 ((channel_layout_code & 0x2) ? AV_CH_FRONT_LEFT : 0) |
911 ((channel_layout_code & 0x2) ? AV_CH_FRONT_RIGHT : 0) |
912 ((channel_layout_code & 0x4) ? AV_CH_SIDE_LEFT : 0) |
913 ((channel_layout_code & 0x4) ? AV_CH_SIDE_RIGHT : 0) |
914 ((channel_layout_code & 0x8) ? AV_CH_LOW_FREQUENCY : 0);
915
916 st->codecpar->channels = av_get_channel_layout_nb_channels(st->codecpar->channel_layout);
917 av_free(buf);
918
919 return 0;
920 }
921
mov_read_chan(MOVContext * c,AVIOContext * pb,MOVAtom atom)922 static int mov_read_chan(MOVContext *c, AVIOContext *pb, MOVAtom atom)
923 {
924 AVStream *st;
925
926 if (c->fc->nb_streams < 1)
927 return 0;
928 st = c->fc->streams[c->fc->nb_streams-1];
929
930 if (atom.size < 16)
931 return 0;
932
933 /* skip version and flags */
934 avio_skip(pb, 4);
935
936 ff_mov_read_chan(c->fc, pb, st, atom.size - 4);
937
938 return 0;
939 }
940
mov_read_wfex(MOVContext * c,AVIOContext * pb,MOVAtom atom)941 static int mov_read_wfex(MOVContext *c, AVIOContext *pb, MOVAtom atom)
942 {
943 AVStream *st;
944 int ret;
945
946 if (c->fc->nb_streams < 1)
947 return 0;
948 st = c->fc->streams[c->fc->nb_streams-1];
949
950 if ((ret = ff_get_wav_header(c->fc, pb, st->codecpar, atom.size, 0)) < 0)
951 av_log(c->fc, AV_LOG_WARNING, "get_wav_header failed\n");
952
953 return ret;
954 }
955
mov_read_pasp(MOVContext * c,AVIOContext * pb,MOVAtom atom)956 static int mov_read_pasp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
957 {
958 const int num = avio_rb32(pb);
959 const int den = avio_rb32(pb);
960 AVStream *st;
961
962 if (c->fc->nb_streams < 1)
963 return 0;
964 st = c->fc->streams[c->fc->nb_streams-1];
965
966 if ((st->sample_aspect_ratio.den != 1 || st->sample_aspect_ratio.num) && // default
967 (den != st->sample_aspect_ratio.den || num != st->sample_aspect_ratio.num)) {
968 av_log(c->fc, AV_LOG_WARNING,
969 "sample aspect ratio already set to %d:%d, ignoring 'pasp' atom (%d:%d)\n",
970 st->sample_aspect_ratio.num, st->sample_aspect_ratio.den,
971 num, den);
972 } else if (den != 0) {
973 av_reduce(&st->sample_aspect_ratio.num, &st->sample_aspect_ratio.den,
974 num, den, 32767);
975 }
976 return 0;
977 }
978
979 /* this atom contains actual media data */
mov_read_mdat(MOVContext * c,AVIOContext * pb,MOVAtom atom)980 static int mov_read_mdat(MOVContext *c, AVIOContext *pb, MOVAtom atom)
981 {
982 if (atom.size == 0) /* wrong one (MP4) */
983 return 0;
984 c->found_mdat=1;
985 return 0; /* now go for moov */
986 }
987
988 #define DRM_BLOB_SIZE 56
989
mov_read_adrm(MOVContext * c,AVIOContext * pb,MOVAtom atom)990 static int mov_read_adrm(MOVContext *c, AVIOContext *pb, MOVAtom atom)
991 {
992 uint8_t intermediate_key[20];
993 uint8_t intermediate_iv[20];
994 uint8_t input[64];
995 uint8_t output[64];
996 uint8_t file_checksum[20];
997 uint8_t calculated_checksum[20];
998 struct AVSHA *sha;
999 int i;
1000 int ret = 0;
1001 uint8_t *activation_bytes = c->activation_bytes;
1002 uint8_t *fixed_key = c->audible_fixed_key;
1003
1004 c->aax_mode = 1;
1005
1006 sha = av_sha_alloc();
1007 if (!sha)
1008 return AVERROR(ENOMEM);
1009 av_free(c->aes_decrypt);
1010 c->aes_decrypt = av_aes_alloc();
1011 if (!c->aes_decrypt) {
1012 ret = AVERROR(ENOMEM);
1013 goto fail;
1014 }
1015
1016 /* drm blob processing */
1017 avio_read(pb, output, 8); // go to offset 8, absolute position 0x251
1018 avio_read(pb, input, DRM_BLOB_SIZE);
1019 avio_read(pb, output, 4); // go to offset 4, absolute position 0x28d
1020 avio_read(pb, file_checksum, 20);
1021
1022 av_log(c->fc, AV_LOG_INFO, "[aax] file checksum == "); // required by external tools
1023 for (i = 0; i < 20; i++)
1024 av_log(c->fc, AV_LOG_INFO, "%02x", file_checksum[i]);
1025 av_log(c->fc, AV_LOG_INFO, "\n");
1026
1027 /* verify activation data */
1028 if (!activation_bytes) {
1029 av_log(c->fc, AV_LOG_WARNING, "[aax] activation_bytes option is missing!\n");
1030 ret = 0; /* allow ffprobe to continue working on .aax files */
1031 goto fail;
1032 }
1033 if (c->activation_bytes_size != 4) {
1034 av_log(c->fc, AV_LOG_FATAL, "[aax] activation_bytes value needs to be 4 bytes!\n");
1035 ret = AVERROR(EINVAL);
1036 goto fail;
1037 }
1038
1039 /* verify fixed key */
1040 if (c->audible_fixed_key_size != 16) {
1041 av_log(c->fc, AV_LOG_FATAL, "[aax] audible_fixed_key value needs to be 16 bytes!\n");
1042 ret = AVERROR(EINVAL);
1043 goto fail;
1044 }
1045
1046 /* AAX (and AAX+) key derivation */
1047 av_sha_init(sha, 160);
1048 av_sha_update(sha, fixed_key, 16);
1049 av_sha_update(sha, activation_bytes, 4);
1050 av_sha_final(sha, intermediate_key);
1051 av_sha_init(sha, 160);
1052 av_sha_update(sha, fixed_key, 16);
1053 av_sha_update(sha, intermediate_key, 20);
1054 av_sha_update(sha, activation_bytes, 4);
1055 av_sha_final(sha, intermediate_iv);
1056 av_sha_init(sha, 160);
1057 av_sha_update(sha, intermediate_key, 16);
1058 av_sha_update(sha, intermediate_iv, 16);
1059 av_sha_final(sha, calculated_checksum);
1060 if (memcmp(calculated_checksum, file_checksum, 20)) { // critical error
1061 av_log(c->fc, AV_LOG_ERROR, "[aax] mismatch in checksums!\n");
1062 ret = AVERROR_INVALIDDATA;
1063 goto fail;
1064 }
1065 av_aes_init(c->aes_decrypt, intermediate_key, 128, 1);
1066 av_aes_crypt(c->aes_decrypt, output, input, DRM_BLOB_SIZE >> 4, intermediate_iv, 1);
1067 for (i = 0; i < 4; i++) {
1068 // file data (in output) is stored in big-endian mode
1069 if (activation_bytes[i] != output[3 - i]) { // critical error
1070 av_log(c->fc, AV_LOG_ERROR, "[aax] error in drm blob decryption!\n");
1071 ret = AVERROR_INVALIDDATA;
1072 goto fail;
1073 }
1074 }
1075 memcpy(c->file_key, output + 8, 16);
1076 memcpy(input, output + 26, 16);
1077 av_sha_init(sha, 160);
1078 av_sha_update(sha, input, 16);
1079 av_sha_update(sha, c->file_key, 16);
1080 av_sha_update(sha, fixed_key, 16);
1081 av_sha_final(sha, c->file_iv);
1082
1083 fail:
1084 av_free(sha);
1085
1086 return ret;
1087 }
1088
1089 // Audible AAX (and AAX+) bytestream decryption
aax_filter(uint8_t * input,int size,MOVContext * c)1090 static int aax_filter(uint8_t *input, int size, MOVContext *c)
1091 {
1092 int blocks = 0;
1093 unsigned char iv[16];
1094
1095 memcpy(iv, c->file_iv, 16); // iv is overwritten
1096 blocks = size >> 4; // trailing bytes are not encrypted!
1097 av_aes_init(c->aes_decrypt, c->file_key, 128, 1);
1098 av_aes_crypt(c->aes_decrypt, input, input, blocks, iv, 1);
1099
1100 return 0;
1101 }
1102
1103 /* read major brand, minor version and compatible brands and store them as metadata */
mov_read_ftyp(MOVContext * c,AVIOContext * pb,MOVAtom atom)1104 static int mov_read_ftyp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1105 {
1106 uint32_t minor_ver;
1107 int comp_brand_size;
1108 char* comp_brands_str;
1109 uint8_t type[5] = {0};
1110 int ret = ffio_read_size(pb, type, 4);
1111 if (ret < 0)
1112 return ret;
1113
1114 if (strcmp(type, "qt "))
1115 c->isom = 1;
1116 av_log(c->fc, AV_LOG_DEBUG, "ISO: File Type Major Brand: %.4s\n",(char *)&type);
1117 av_dict_set(&c->fc->metadata, "major_brand", type, 0);
1118 minor_ver = avio_rb32(pb); /* minor version */
1119 av_dict_set_int(&c->fc->metadata, "minor_version", minor_ver, 0);
1120
1121 comp_brand_size = atom.size - 8;
1122 if (comp_brand_size < 0)
1123 return AVERROR_INVALIDDATA;
1124 comp_brands_str = av_malloc(comp_brand_size + 1); /* Add null terminator */
1125 if (!comp_brands_str)
1126 return AVERROR(ENOMEM);
1127
1128 ret = ffio_read_size(pb, comp_brands_str, comp_brand_size);
1129 if (ret < 0) {
1130 av_freep(&comp_brands_str);
1131 return ret;
1132 }
1133 comp_brands_str[comp_brand_size] = 0;
1134 av_dict_set(&c->fc->metadata, "compatible_brands",
1135 comp_brands_str, AV_DICT_DONT_STRDUP_VAL);
1136
1137 return 0;
1138 }
1139
1140 /* this atom should contain all header atoms */
mov_read_moov(MOVContext * c,AVIOContext * pb,MOVAtom atom)1141 static int mov_read_moov(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1142 {
1143 int ret;
1144
1145 if (c->found_moov) {
1146 av_log(c->fc, AV_LOG_WARNING, "Found duplicated MOOV Atom. Skipped it\n");
1147 avio_skip(pb, atom.size);
1148 return 0;
1149 }
1150
1151 if ((ret = mov_read_default(c, pb, atom)) < 0)
1152 return ret;
1153 /* we parsed the 'moov' atom, we can terminate the parsing as soon as we find the 'mdat' */
1154 /* so we don't parse the whole file if over a network */
1155 c->found_moov=1;
1156 return 0; /* now go for mdat */
1157 }
1158
get_frag_stream_info(MOVFragmentIndex * frag_index,int index,int id)1159 static MOVFragmentStreamInfo * get_frag_stream_info(
1160 MOVFragmentIndex *frag_index,
1161 int index,
1162 int id)
1163 {
1164 int i;
1165 MOVFragmentIndexItem * item;
1166
1167 if (index < 0 || index >= frag_index->nb_items)
1168 return NULL;
1169 item = &frag_index->item[index];
1170 for (i = 0; i < item->nb_stream_info; i++)
1171 if (item->stream_info[i].id == id)
1172 return &item->stream_info[i];
1173
1174 // This shouldn't happen
1175 return NULL;
1176 }
1177
set_frag_stream(MOVFragmentIndex * frag_index,int id)1178 static void set_frag_stream(MOVFragmentIndex *frag_index, int id)
1179 {
1180 int i;
1181 MOVFragmentIndexItem * item;
1182
1183 if (frag_index->current < 0 ||
1184 frag_index->current >= frag_index->nb_items)
1185 return;
1186
1187 item = &frag_index->item[frag_index->current];
1188 for (i = 0; i < item->nb_stream_info; i++)
1189 if (item->stream_info[i].id == id) {
1190 item->current = i;
1191 return;
1192 }
1193
1194 // id not found. This shouldn't happen.
1195 item->current = -1;
1196 }
1197
get_current_frag_stream_info(MOVFragmentIndex * frag_index)1198 static MOVFragmentStreamInfo * get_current_frag_stream_info(
1199 MOVFragmentIndex *frag_index)
1200 {
1201 MOVFragmentIndexItem *item;
1202 if (frag_index->current < 0 ||
1203 frag_index->current >= frag_index->nb_items)
1204 return NULL;
1205
1206 item = &frag_index->item[frag_index->current];
1207 if (item->current >= 0 && item->current < item->nb_stream_info)
1208 return &item->stream_info[item->current];
1209
1210 // This shouldn't happen
1211 return NULL;
1212 }
1213
search_frag_moof_offset(MOVFragmentIndex * frag_index,int64_t offset)1214 static int search_frag_moof_offset(MOVFragmentIndex *frag_index, int64_t offset)
1215 {
1216 int a, b, m;
1217 int64_t moof_offset;
1218
1219 // Optimize for appending new entries
1220 if (!frag_index->nb_items ||
1221 frag_index->item[frag_index->nb_items - 1].moof_offset < offset)
1222 return frag_index->nb_items;
1223
1224 a = -1;
1225 b = frag_index->nb_items;
1226
1227 while (b - a > 1) {
1228 m = (a + b) >> 1;
1229 moof_offset = frag_index->item[m].moof_offset;
1230 if (moof_offset >= offset)
1231 b = m;
1232 if (moof_offset <= offset)
1233 a = m;
1234 }
1235 return b;
1236 }
1237
get_stream_info_time(MOVFragmentStreamInfo * frag_stream_info)1238 static int64_t get_stream_info_time(MOVFragmentStreamInfo * frag_stream_info)
1239 {
1240 av_assert0(frag_stream_info);
1241 if (frag_stream_info->sidx_pts != AV_NOPTS_VALUE)
1242 return frag_stream_info->sidx_pts;
1243 if (frag_stream_info->first_tfra_pts != AV_NOPTS_VALUE)
1244 return frag_stream_info->first_tfra_pts;
1245 return frag_stream_info->tfdt_dts;
1246 }
1247
get_frag_time(MOVFragmentIndex * frag_index,int index,int track_id)1248 static int64_t get_frag_time(MOVFragmentIndex *frag_index,
1249 int index, int track_id)
1250 {
1251 MOVFragmentStreamInfo * frag_stream_info;
1252 int64_t timestamp;
1253 int i;
1254
1255 if (track_id >= 0) {
1256 frag_stream_info = get_frag_stream_info(frag_index, index, track_id);
1257 return frag_stream_info->sidx_pts;
1258 }
1259
1260 for (i = 0; i < frag_index->item[index].nb_stream_info; i++) {
1261 frag_stream_info = &frag_index->item[index].stream_info[i];
1262 timestamp = get_stream_info_time(frag_stream_info);
1263 if (timestamp != AV_NOPTS_VALUE)
1264 return timestamp;
1265 }
1266 return AV_NOPTS_VALUE;
1267 }
1268
search_frag_timestamp(MOVFragmentIndex * frag_index,AVStream * st,int64_t timestamp)1269 static int search_frag_timestamp(MOVFragmentIndex *frag_index,
1270 AVStream *st, int64_t timestamp)
1271 {
1272 int a, b, m, m0;
1273 int64_t frag_time;
1274 int id = -1;
1275
1276 if (st) {
1277 // If the stream is referenced by any sidx, limit the search
1278 // to fragments that referenced this stream in the sidx
1279 MOVStreamContext *sc = st->priv_data;
1280 if (sc->has_sidx)
1281 id = st->id;
1282 }
1283
1284 a = -1;
1285 b = frag_index->nb_items;
1286
1287 while (b - a > 1) {
1288 m0 = m = (a + b) >> 1;
1289
1290 while (m < b &&
1291 (frag_time = get_frag_time(frag_index, m, id)) == AV_NOPTS_VALUE)
1292 m++;
1293
1294 if (m < b && frag_time <= timestamp)
1295 a = m;
1296 else
1297 b = m0;
1298 }
1299
1300 return a;
1301 }
1302
update_frag_index(MOVContext * c,int64_t offset)1303 static int update_frag_index(MOVContext *c, int64_t offset)
1304 {
1305 int index, i;
1306 MOVFragmentIndexItem * item;
1307 MOVFragmentStreamInfo * frag_stream_info;
1308
1309 // If moof_offset already exists in frag_index, return index to it
1310 index = search_frag_moof_offset(&c->frag_index, offset);
1311 if (index < c->frag_index.nb_items &&
1312 c->frag_index.item[index].moof_offset == offset)
1313 return index;
1314
1315 // offset is not yet in frag index.
1316 // Insert new item at index (sorted by moof offset)
1317 item = av_fast_realloc(c->frag_index.item,
1318 &c->frag_index.allocated_size,
1319 (c->frag_index.nb_items + 1) *
1320 sizeof(*c->frag_index.item));
1321 if(!item)
1322 return -1;
1323 c->frag_index.item = item;
1324
1325 frag_stream_info = av_realloc_array(NULL, c->fc->nb_streams,
1326 sizeof(*item->stream_info));
1327 if (!frag_stream_info)
1328 return -1;
1329
1330 for (i = 0; i < c->fc->nb_streams; i++) {
1331 // Avoid building frag index if streams lack track id.
1332 if (c->fc->streams[i]->id < 0) {
1333 av_free(frag_stream_info);
1334 return AVERROR_INVALIDDATA;
1335 }
1336
1337 frag_stream_info[i].id = c->fc->streams[i]->id;
1338 frag_stream_info[i].sidx_pts = AV_NOPTS_VALUE;
1339 frag_stream_info[i].tfdt_dts = AV_NOPTS_VALUE;
1340 frag_stream_info[i].next_trun_dts = AV_NOPTS_VALUE;
1341 frag_stream_info[i].first_tfra_pts = AV_NOPTS_VALUE;
1342 frag_stream_info[i].index_entry = -1;
1343 frag_stream_info[i].encryption_index = NULL;
1344 }
1345
1346 if (index < c->frag_index.nb_items)
1347 memmove(c->frag_index.item + index + 1, c->frag_index.item + index,
1348 (c->frag_index.nb_items - index) * sizeof(*c->frag_index.item));
1349
1350 item = &c->frag_index.item[index];
1351 item->headers_read = 0;
1352 item->current = 0;
1353 item->nb_stream_info = c->fc->nb_streams;
1354 item->moof_offset = offset;
1355 item->stream_info = frag_stream_info;
1356 c->frag_index.nb_items++;
1357
1358 return index;
1359 }
1360
fix_frag_index_entries(MOVFragmentIndex * frag_index,int index,int id,int entries)1361 static void fix_frag_index_entries(MOVFragmentIndex *frag_index, int index,
1362 int id, int entries)
1363 {
1364 int i;
1365 MOVFragmentStreamInfo * frag_stream_info;
1366
1367 if (index < 0)
1368 return;
1369 for (i = index; i < frag_index->nb_items; i++) {
1370 frag_stream_info = get_frag_stream_info(frag_index, i, id);
1371 if (frag_stream_info && frag_stream_info->index_entry >= 0)
1372 frag_stream_info->index_entry += entries;
1373 }
1374 }
1375
mov_read_moof(MOVContext * c,AVIOContext * pb,MOVAtom atom)1376 static int mov_read_moof(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1377 {
1378 // Set by mov_read_tfhd(). mov_read_trun() will reject files missing tfhd.
1379 c->fragment.found_tfhd = 0;
1380
1381 if (!c->has_looked_for_mfra && c->use_mfra_for > 0) {
1382 c->has_looked_for_mfra = 1;
1383 if (pb->seekable & AVIO_SEEKABLE_NORMAL) {
1384 int ret;
1385 av_log(c->fc, AV_LOG_VERBOSE, "stream has moof boxes, will look "
1386 "for a mfra\n");
1387 if ((ret = mov_read_mfra(c, pb)) < 0) {
1388 av_log(c->fc, AV_LOG_VERBOSE, "found a moof box but failed to "
1389 "read the mfra (may be a live ismv)\n");
1390 }
1391 } else {
1392 av_log(c->fc, AV_LOG_VERBOSE, "found a moof box but stream is not "
1393 "seekable, can not look for mfra\n");
1394 }
1395 }
1396 c->fragment.moof_offset = c->fragment.implicit_offset = avio_tell(pb) - 8;
1397 av_log(c->fc, AV_LOG_TRACE, "moof offset %"PRIx64"\n", c->fragment.moof_offset);
1398 c->frag_index.current = update_frag_index(c, c->fragment.moof_offset);
1399 return mov_read_default(c, pb, atom);
1400 }
1401
mov_metadata_creation_time(AVDictionary ** metadata,int64_t time,void * logctx)1402 static void mov_metadata_creation_time(AVDictionary **metadata, int64_t time, void *logctx)
1403 {
1404 if (time) {
1405 if(time >= 2082844800)
1406 time -= 2082844800; /* seconds between 1904-01-01 and Epoch */
1407
1408 if ((int64_t)(time * 1000000ULL) / 1000000 != time) {
1409 av_log(logctx, AV_LOG_DEBUG, "creation_time is not representable\n");
1410 return;
1411 }
1412
1413 avpriv_dict_set_timestamp(metadata, "creation_time", time * 1000000);
1414 }
1415 }
1416
mov_read_mdhd(MOVContext * c,AVIOContext * pb,MOVAtom atom)1417 static int mov_read_mdhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1418 {
1419 AVStream *st;
1420 MOVStreamContext *sc;
1421 int version;
1422 char language[4] = {0};
1423 unsigned lang;
1424 int64_t creation_time;
1425
1426 if (c->fc->nb_streams < 1)
1427 return 0;
1428 st = c->fc->streams[c->fc->nb_streams-1];
1429 sc = st->priv_data;
1430
1431 if (sc->time_scale) {
1432 av_log(c->fc, AV_LOG_ERROR, "Multiple mdhd?\n");
1433 return AVERROR_INVALIDDATA;
1434 }
1435
1436 version = avio_r8(pb);
1437 if (version > 1) {
1438 avpriv_request_sample(c->fc, "Version %d", version);
1439 return AVERROR_PATCHWELCOME;
1440 }
1441 avio_rb24(pb); /* flags */
1442 if (version == 1) {
1443 creation_time = avio_rb64(pb);
1444 avio_rb64(pb);
1445 } else {
1446 creation_time = avio_rb32(pb);
1447 avio_rb32(pb); /* modification time */
1448 }
1449 mov_metadata_creation_time(&st->metadata, creation_time, c->fc);
1450
1451 sc->time_scale = avio_rb32(pb);
1452 if (sc->time_scale <= 0) {
1453 av_log(c->fc, AV_LOG_ERROR, "Invalid mdhd time scale %d, defaulting to 1\n", sc->time_scale);
1454 sc->time_scale = 1;
1455 }
1456 st->duration = (version == 1) ? avio_rb64(pb) : avio_rb32(pb); /* duration */
1457
1458 lang = avio_rb16(pb); /* language */
1459 if (ff_mov_lang_to_iso639(lang, language))
1460 av_dict_set(&st->metadata, "language", language, 0);
1461 avio_rb16(pb); /* quality */
1462
1463 return 0;
1464 }
1465
mov_read_mvhd(MOVContext * c,AVIOContext * pb,MOVAtom atom)1466 static int mov_read_mvhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1467 {
1468 int i;
1469 int64_t creation_time;
1470 int version = avio_r8(pb); /* version */
1471 avio_rb24(pb); /* flags */
1472
1473 if (version == 1) {
1474 creation_time = avio_rb64(pb);
1475 avio_rb64(pb);
1476 } else {
1477 creation_time = avio_rb32(pb);
1478 avio_rb32(pb); /* modification time */
1479 }
1480 mov_metadata_creation_time(&c->fc->metadata, creation_time, c->fc);
1481 c->time_scale = avio_rb32(pb); /* time scale */
1482 if (c->time_scale <= 0) {
1483 av_log(c->fc, AV_LOG_ERROR, "Invalid mvhd time scale %d, defaulting to 1\n", c->time_scale);
1484 c->time_scale = 1;
1485 }
1486 av_log(c->fc, AV_LOG_TRACE, "time scale = %i\n", c->time_scale);
1487
1488 c->duration = (version == 1) ? avio_rb64(pb) : avio_rb32(pb); /* duration */
1489 // set the AVCodecContext duration because the duration of individual tracks
1490 // may be inaccurate
1491 if (c->time_scale > 0 && !c->trex_data)
1492 c->fc->duration = av_rescale(c->duration, AV_TIME_BASE, c->time_scale);
1493 avio_rb32(pb); /* preferred scale */
1494
1495 avio_rb16(pb); /* preferred volume */
1496
1497 avio_skip(pb, 10); /* reserved */
1498
1499 /* movie display matrix, store it in main context and use it later on */
1500 for (i = 0; i < 3; i++) {
1501 c->movie_display_matrix[i][0] = avio_rb32(pb); // 16.16 fixed point
1502 c->movie_display_matrix[i][1] = avio_rb32(pb); // 16.16 fixed point
1503 c->movie_display_matrix[i][2] = avio_rb32(pb); // 2.30 fixed point
1504 }
1505
1506 avio_rb32(pb); /* preview time */
1507 avio_rb32(pb); /* preview duration */
1508 avio_rb32(pb); /* poster time */
1509 avio_rb32(pb); /* selection time */
1510 avio_rb32(pb); /* selection duration */
1511 avio_rb32(pb); /* current time */
1512 avio_rb32(pb); /* next track ID */
1513
1514 return 0;
1515 }
1516
mov_read_enda(MOVContext * c,AVIOContext * pb,MOVAtom atom)1517 static int mov_read_enda(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1518 {
1519 AVStream *st;
1520 int little_endian;
1521
1522 if (c->fc->nb_streams < 1)
1523 return 0;
1524 st = c->fc->streams[c->fc->nb_streams-1];
1525
1526 little_endian = avio_rb16(pb) & 0xFF;
1527 av_log(c->fc, AV_LOG_TRACE, "enda %d\n", little_endian);
1528 if (little_endian == 1) {
1529 switch (st->codecpar->codec_id) {
1530 case AV_CODEC_ID_PCM_S24BE:
1531 st->codecpar->codec_id = AV_CODEC_ID_PCM_S24LE;
1532 break;
1533 case AV_CODEC_ID_PCM_S32BE:
1534 st->codecpar->codec_id = AV_CODEC_ID_PCM_S32LE;
1535 break;
1536 case AV_CODEC_ID_PCM_F32BE:
1537 st->codecpar->codec_id = AV_CODEC_ID_PCM_F32LE;
1538 break;
1539 case AV_CODEC_ID_PCM_F64BE:
1540 st->codecpar->codec_id = AV_CODEC_ID_PCM_F64LE;
1541 break;
1542 default:
1543 break;
1544 }
1545 }
1546 return 0;
1547 }
1548
mov_read_colr(MOVContext * c,AVIOContext * pb,MOVAtom atom)1549 static int mov_read_colr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1550 {
1551 AVStream *st;
1552 uint8_t *icc_profile;
1553 char color_parameter_type[5] = { 0 };
1554 uint16_t color_primaries, color_trc, color_matrix;
1555 int ret;
1556
1557 if (c->fc->nb_streams < 1)
1558 return 0;
1559 st = c->fc->streams[c->fc->nb_streams - 1];
1560
1561 ret = ffio_read_size(pb, color_parameter_type, 4);
1562 if (ret < 0)
1563 return ret;
1564 if (strncmp(color_parameter_type, "nclx", 4) &&
1565 strncmp(color_parameter_type, "nclc", 4) &&
1566 strncmp(color_parameter_type, "prof", 4)) {
1567 av_log(c->fc, AV_LOG_WARNING, "unsupported color_parameter_type %s\n",
1568 color_parameter_type);
1569 return 0;
1570 }
1571
1572 if (!strncmp(color_parameter_type, "prof", 4)) {
1573 icc_profile = av_stream_new_side_data(st, AV_PKT_DATA_ICC_PROFILE, atom.size - 4);
1574 if (!icc_profile)
1575 return AVERROR(ENOMEM);
1576 ret = ffio_read_size(pb, icc_profile, atom.size - 4);
1577 if (ret < 0)
1578 return ret;
1579 }
1580 else {
1581 color_primaries = avio_rb16(pb);
1582 color_trc = avio_rb16(pb);
1583 color_matrix = avio_rb16(pb);
1584
1585 av_log(c->fc, AV_LOG_TRACE,
1586 "%s: pri %d trc %d matrix %d",
1587 color_parameter_type, color_primaries, color_trc, color_matrix);
1588
1589 if (!strncmp(color_parameter_type, "nclx", 4)) {
1590 uint8_t color_range = avio_r8(pb) >> 7;
1591 av_log(c->fc, AV_LOG_TRACE, " full %"PRIu8"", color_range);
1592 if (color_range)
1593 st->codecpar->color_range = AVCOL_RANGE_JPEG;
1594 else
1595 st->codecpar->color_range = AVCOL_RANGE_MPEG;
1596 }
1597
1598 if (!av_color_primaries_name(color_primaries))
1599 color_primaries = AVCOL_PRI_UNSPECIFIED;
1600 if (!av_color_transfer_name(color_trc))
1601 color_trc = AVCOL_TRC_UNSPECIFIED;
1602 if (!av_color_space_name(color_matrix))
1603 color_matrix = AVCOL_SPC_UNSPECIFIED;
1604
1605 st->codecpar->color_primaries = color_primaries;
1606 st->codecpar->color_trc = color_trc;
1607 st->codecpar->color_space = color_matrix;
1608 av_log(c->fc, AV_LOG_TRACE, "\n");
1609 }
1610 return 0;
1611 }
1612
mov_read_fiel(MOVContext * c,AVIOContext * pb,MOVAtom atom)1613 static int mov_read_fiel(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1614 {
1615 AVStream *st;
1616 unsigned mov_field_order;
1617 enum AVFieldOrder decoded_field_order = AV_FIELD_UNKNOWN;
1618
1619 if (c->fc->nb_streams < 1) // will happen with jp2 files
1620 return 0;
1621 st = c->fc->streams[c->fc->nb_streams-1];
1622 if (atom.size < 2)
1623 return AVERROR_INVALIDDATA;
1624 mov_field_order = avio_rb16(pb);
1625 if ((mov_field_order & 0xFF00) == 0x0100)
1626 decoded_field_order = AV_FIELD_PROGRESSIVE;
1627 else if ((mov_field_order & 0xFF00) == 0x0200) {
1628 switch (mov_field_order & 0xFF) {
1629 case 0x01: decoded_field_order = AV_FIELD_TT;
1630 break;
1631 case 0x06: decoded_field_order = AV_FIELD_BB;
1632 break;
1633 case 0x09: decoded_field_order = AV_FIELD_TB;
1634 break;
1635 case 0x0E: decoded_field_order = AV_FIELD_BT;
1636 break;
1637 }
1638 }
1639 if (decoded_field_order == AV_FIELD_UNKNOWN && mov_field_order) {
1640 av_log(c->fc, AV_LOG_ERROR, "Unknown MOV field order 0x%04x\n", mov_field_order);
1641 }
1642 st->codecpar->field_order = decoded_field_order;
1643
1644 return 0;
1645 }
1646
mov_realloc_extradata(AVCodecParameters * par,MOVAtom atom)1647 static int mov_realloc_extradata(AVCodecParameters *par, MOVAtom atom)
1648 {
1649 int err = 0;
1650 uint64_t size = (uint64_t)par->extradata_size + atom.size + 8 + AV_INPUT_BUFFER_PADDING_SIZE;
1651 if (size > INT_MAX || (uint64_t)atom.size > INT_MAX)
1652 return AVERROR_INVALIDDATA;
1653 if ((err = av_reallocp(&par->extradata, size)) < 0) {
1654 par->extradata_size = 0;
1655 return err;
1656 }
1657 par->extradata_size = size - AV_INPUT_BUFFER_PADDING_SIZE;
1658 return 0;
1659 }
1660
1661 /* Read a whole atom into the extradata return the size of the atom read, possibly truncated if != atom.size */
mov_read_atom_into_extradata(MOVContext * c,AVIOContext * pb,MOVAtom atom,AVCodecParameters * par,uint8_t * buf)1662 static int64_t mov_read_atom_into_extradata(MOVContext *c, AVIOContext *pb, MOVAtom atom,
1663 AVCodecParameters *par, uint8_t *buf)
1664 {
1665 int64_t result = atom.size;
1666 int err;
1667
1668 AV_WB32(buf , atom.size + 8);
1669 AV_WL32(buf + 4, atom.type);
1670 err = ffio_read_size(pb, buf + 8, atom.size);
1671 if (err < 0) {
1672 par->extradata_size -= atom.size;
1673 return err;
1674 } else if (err < atom.size) {
1675 av_log(c->fc, AV_LOG_WARNING, "truncated extradata\n");
1676 par->extradata_size -= atom.size - err;
1677 result = err;
1678 }
1679 memset(buf + 8 + err, 0, AV_INPUT_BUFFER_PADDING_SIZE);
1680 return result;
1681 }
1682
1683 /* FIXME modify QDM2/SVQ3/H.264 decoders to take full atom as extradata */
mov_read_extradata(MOVContext * c,AVIOContext * pb,MOVAtom atom,enum AVCodecID codec_id)1684 static int mov_read_extradata(MOVContext *c, AVIOContext *pb, MOVAtom atom,
1685 enum AVCodecID codec_id)
1686 {
1687 AVStream *st;
1688 uint64_t original_size;
1689 int err;
1690
1691 if (c->fc->nb_streams < 1) // will happen with jp2 files
1692 return 0;
1693 st = c->fc->streams[c->fc->nb_streams-1];
1694
1695 if (st->codecpar->codec_id != codec_id)
1696 return 0; /* unexpected codec_id - don't mess with extradata */
1697
1698 original_size = st->codecpar->extradata_size;
1699 err = mov_realloc_extradata(st->codecpar, atom);
1700 if (err)
1701 return err;
1702
1703 err = mov_read_atom_into_extradata(c, pb, atom, st->codecpar, st->codecpar->extradata + original_size);
1704 if (err < 0)
1705 return err;
1706 return 0; // Note: this is the original behavior to ignore truncation.
1707 }
1708
1709 /* wrapper functions for reading ALAC/AVS/MJPEG/MJPEG2000 extradata atoms only for those codecs */
mov_read_alac(MOVContext * c,AVIOContext * pb,MOVAtom atom)1710 static int mov_read_alac(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1711 {
1712 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_ALAC);
1713 }
1714
mov_read_avss(MOVContext * c,AVIOContext * pb,MOVAtom atom)1715 static int mov_read_avss(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1716 {
1717 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_AVS);
1718 }
1719
mov_read_jp2h(MOVContext * c,AVIOContext * pb,MOVAtom atom)1720 static int mov_read_jp2h(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1721 {
1722 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_JPEG2000);
1723 }
1724
mov_read_dpxe(MOVContext * c,AVIOContext * pb,MOVAtom atom)1725 static int mov_read_dpxe(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1726 {
1727 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_R10K);
1728 }
1729
mov_read_avid(MOVContext * c,AVIOContext * pb,MOVAtom atom)1730 static int mov_read_avid(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1731 {
1732 int ret = mov_read_extradata(c, pb, atom, AV_CODEC_ID_AVUI);
1733 if(ret == 0)
1734 ret = mov_read_extradata(c, pb, atom, AV_CODEC_ID_DNXHD);
1735 return ret;
1736 }
1737
mov_read_targa_y216(MOVContext * c,AVIOContext * pb,MOVAtom atom)1738 static int mov_read_targa_y216(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1739 {
1740 int ret = mov_read_extradata(c, pb, atom, AV_CODEC_ID_TARGA_Y216);
1741
1742 if (!ret && c->fc->nb_streams >= 1) {
1743 AVCodecParameters *par = c->fc->streams[c->fc->nb_streams-1]->codecpar;
1744 if (par->extradata_size >= 40) {
1745 par->height = AV_RB16(&par->extradata[36]);
1746 par->width = AV_RB16(&par->extradata[38]);
1747 }
1748 }
1749 return ret;
1750 }
1751
mov_read_ares(MOVContext * c,AVIOContext * pb,MOVAtom atom)1752 static int mov_read_ares(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1753 {
1754 if (c->fc->nb_streams >= 1) {
1755 AVCodecParameters *par = c->fc->streams[c->fc->nb_streams-1]->codecpar;
1756 if (par->codec_tag == MKTAG('A', 'V', 'i', 'n') &&
1757 par->codec_id == AV_CODEC_ID_H264 &&
1758 atom.size > 11) {
1759 int cid;
1760 avio_skip(pb, 10);
1761 cid = avio_rb16(pb);
1762 /* For AVID AVCI50, force width of 1440 to be able to select the correct SPS and PPS */
1763 if (cid == 0xd4d || cid == 0xd4e)
1764 par->width = 1440;
1765 return 0;
1766 } else if ((par->codec_tag == MKTAG('A', 'V', 'd', '1') ||
1767 par->codec_tag == MKTAG('A', 'V', 'j', '2') ||
1768 par->codec_tag == MKTAG('A', 'V', 'd', 'n')) &&
1769 atom.size >= 24) {
1770 int num, den;
1771 avio_skip(pb, 12);
1772 num = avio_rb32(pb);
1773 den = avio_rb32(pb);
1774 if (num <= 0 || den <= 0)
1775 return 0;
1776 switch (avio_rb32(pb)) {
1777 case 2:
1778 if (den >= INT_MAX / 2)
1779 return 0;
1780 den *= 2;
1781 case 1:
1782 c->fc->streams[c->fc->nb_streams-1]->display_aspect_ratio.num = num;
1783 c->fc->streams[c->fc->nb_streams-1]->display_aspect_ratio.den = den;
1784 default:
1785 return 0;
1786 }
1787 }
1788 }
1789
1790 return mov_read_avid(c, pb, atom);
1791 }
1792
mov_read_aclr(MOVContext * c,AVIOContext * pb,MOVAtom atom)1793 static int mov_read_aclr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1794 {
1795 int ret = 0;
1796 int length = 0;
1797 uint64_t original_size;
1798 if (c->fc->nb_streams >= 1) {
1799 AVCodecParameters *par = c->fc->streams[c->fc->nb_streams-1]->codecpar;
1800 if (par->codec_id == AV_CODEC_ID_H264)
1801 return 0;
1802 if (atom.size == 16) {
1803 original_size = par->extradata_size;
1804 ret = mov_realloc_extradata(par, atom);
1805 if (!ret) {
1806 length = mov_read_atom_into_extradata(c, pb, atom, par, par->extradata + original_size);
1807 if (length == atom.size) {
1808 const uint8_t range_value = par->extradata[original_size + 19];
1809 switch (range_value) {
1810 case 1:
1811 par->color_range = AVCOL_RANGE_MPEG;
1812 break;
1813 case 2:
1814 par->color_range = AVCOL_RANGE_JPEG;
1815 break;
1816 default:
1817 av_log(c->fc, AV_LOG_WARNING, "ignored unknown aclr value (%d)\n", range_value);
1818 break;
1819 }
1820 ff_dlog(c->fc, "color_range: %d\n", par->color_range);
1821 } else {
1822 /* For some reason the whole atom was not added to the extradata */
1823 av_log(c->fc, AV_LOG_ERROR, "aclr not decoded - incomplete atom\n");
1824 }
1825 } else {
1826 av_log(c->fc, AV_LOG_ERROR, "aclr not decoded - unable to add atom to extradata\n");
1827 }
1828 } else {
1829 av_log(c->fc, AV_LOG_WARNING, "aclr not decoded - unexpected size %"PRId64"\n", atom.size);
1830 }
1831 }
1832
1833 return ret;
1834 }
1835
mov_read_svq3(MOVContext * c,AVIOContext * pb,MOVAtom atom)1836 static int mov_read_svq3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1837 {
1838 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_SVQ3);
1839 }
1840
mov_read_wave(MOVContext * c,AVIOContext * pb,MOVAtom atom)1841 static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1842 {
1843 AVStream *st;
1844 int ret;
1845
1846 if (c->fc->nb_streams < 1)
1847 return 0;
1848 st = c->fc->streams[c->fc->nb_streams-1];
1849
1850 if ((uint64_t)atom.size > (1<<30))
1851 return AVERROR_INVALIDDATA;
1852
1853 if (st->codecpar->codec_id == AV_CODEC_ID_QDM2 ||
1854 st->codecpar->codec_id == AV_CODEC_ID_QDMC ||
1855 st->codecpar->codec_id == AV_CODEC_ID_SPEEX) {
1856 // pass all frma atom to codec, needed at least for QDMC and QDM2
1857 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size);
1858 if (ret < 0)
1859 return ret;
1860 } else if (atom.size > 8) { /* to read frma, esds atoms */
1861 if (st->codecpar->codec_id == AV_CODEC_ID_ALAC && atom.size >= 24) {
1862 uint64_t buffer;
1863 ret = ffio_ensure_seekback(pb, 8);
1864 if (ret < 0)
1865 return ret;
1866 buffer = avio_rb64(pb);
1867 atom.size -= 8;
1868 if ( (buffer & 0xFFFFFFFF) == MKBETAG('f','r','m','a')
1869 && buffer >> 32 <= atom.size
1870 && buffer >> 32 >= 8) {
1871 avio_skip(pb, -8);
1872 atom.size += 8;
1873 } else if (!st->codecpar->extradata_size) {
1874 #define ALAC_EXTRADATA_SIZE 36
1875 st->codecpar->extradata = av_mallocz(ALAC_EXTRADATA_SIZE + AV_INPUT_BUFFER_PADDING_SIZE);
1876 if (!st->codecpar->extradata)
1877 return AVERROR(ENOMEM);
1878 st->codecpar->extradata_size = ALAC_EXTRADATA_SIZE;
1879 AV_WB32(st->codecpar->extradata , ALAC_EXTRADATA_SIZE);
1880 AV_WB32(st->codecpar->extradata + 4, MKTAG('a','l','a','c'));
1881 AV_WB64(st->codecpar->extradata + 12, buffer);
1882 avio_read(pb, st->codecpar->extradata + 20, 16);
1883 avio_skip(pb, atom.size - 24);
1884 return 0;
1885 }
1886 }
1887 if ((ret = mov_read_default(c, pb, atom)) < 0)
1888 return ret;
1889 } else
1890 avio_skip(pb, atom.size);
1891 return 0;
1892 }
1893
1894 /**
1895 * This function reads atom content and puts data in extradata without tag
1896 * nor size unlike mov_read_extradata.
1897 */
mov_read_glbl(MOVContext * c,AVIOContext * pb,MOVAtom atom)1898 static int mov_read_glbl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1899 {
1900 AVStream *st;
1901 int ret;
1902
1903 if (c->fc->nb_streams < 1)
1904 return 0;
1905 st = c->fc->streams[c->fc->nb_streams-1];
1906
1907 if ((uint64_t)atom.size > (1<<30))
1908 return AVERROR_INVALIDDATA;
1909
1910 if (atom.size >= 10) {
1911 // Broken files created by legacy versions of libavformat will
1912 // wrap a whole fiel atom inside of a glbl atom.
1913 unsigned size = avio_rb32(pb);
1914 unsigned type = avio_rl32(pb);
1915 avio_seek(pb, -8, SEEK_CUR);
1916 if (type == MKTAG('f','i','e','l') && size == atom.size)
1917 return mov_read_default(c, pb, atom);
1918 }
1919 if (st->codecpar->extradata_size > 1 && st->codecpar->extradata) {
1920 av_log(c->fc, AV_LOG_WARNING, "ignoring multiple glbl\n");
1921 return 0;
1922 }
1923 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size);
1924 if (ret < 0)
1925 return ret;
1926 if (atom.type == MKTAG('h','v','c','C') && st->codecpar->codec_tag == MKTAG('d','v','h','1'))
1927 /* HEVC-based Dolby Vision derived from hvc1.
1928 Happens to match with an identifier
1929 previously utilized for DV. Thus, if we have
1930 the hvcC extradata box available as specified,
1931 set codec to HEVC */
1932 st->codecpar->codec_id = AV_CODEC_ID_HEVC;
1933
1934 return 0;
1935 }
1936
mov_read_dvc1(MOVContext * c,AVIOContext * pb,MOVAtom atom)1937 static int mov_read_dvc1(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1938 {
1939 AVStream *st;
1940 uint8_t profile_level;
1941 int ret;
1942
1943 if (c->fc->nb_streams < 1)
1944 return 0;
1945 st = c->fc->streams[c->fc->nb_streams-1];
1946
1947 if (atom.size >= (1<<28) || atom.size < 7)
1948 return AVERROR_INVALIDDATA;
1949
1950 profile_level = avio_r8(pb);
1951 if ((profile_level & 0xf0) != 0xc0)
1952 return 0;
1953
1954 avio_seek(pb, 6, SEEK_CUR);
1955 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size - 7);
1956 if (ret < 0)
1957 return ret;
1958
1959 return 0;
1960 }
1961
1962 /**
1963 * An strf atom is a BITMAPINFOHEADER struct. This struct is 40 bytes itself,
1964 * but can have extradata appended at the end after the 40 bytes belonging
1965 * to the struct.
1966 */
mov_read_strf(MOVContext * c,AVIOContext * pb,MOVAtom atom)1967 static int mov_read_strf(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1968 {
1969 AVStream *st;
1970 int ret;
1971
1972 if (c->fc->nb_streams < 1)
1973 return 0;
1974 if (atom.size <= 40)
1975 return 0;
1976 st = c->fc->streams[c->fc->nb_streams-1];
1977
1978 if ((uint64_t)atom.size > (1<<30))
1979 return AVERROR_INVALIDDATA;
1980
1981 avio_skip(pb, 40);
1982 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size - 40);
1983 if (ret < 0)
1984 return ret;
1985
1986 return 0;
1987 }
1988
mov_read_stco(MOVContext * c,AVIOContext * pb,MOVAtom atom)1989 static int mov_read_stco(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1990 {
1991 AVStream *st;
1992 MOVStreamContext *sc;
1993 unsigned int i, entries;
1994
1995 if (c->trak_index < 0) {
1996 av_log(c->fc, AV_LOG_WARNING, "STCO outside TRAK\n");
1997 return 0;
1998 }
1999 if (c->fc->nb_streams < 1)
2000 return 0;
2001 st = c->fc->streams[c->fc->nb_streams-1];
2002 sc = st->priv_data;
2003
2004 avio_r8(pb); /* version */
2005 avio_rb24(pb); /* flags */
2006
2007 entries = avio_rb32(pb);
2008
2009 if (!entries)
2010 return 0;
2011
2012 if (sc->chunk_offsets)
2013 av_log(c->fc, AV_LOG_WARNING, "Duplicated STCO atom\n");
2014 av_free(sc->chunk_offsets);
2015 sc->chunk_count = 0;
2016 sc->chunk_offsets = av_malloc_array(entries, sizeof(*sc->chunk_offsets));
2017 if (!sc->chunk_offsets)
2018 return AVERROR(ENOMEM);
2019 sc->chunk_count = entries;
2020
2021 if (atom.type == MKTAG('s','t','c','o'))
2022 for (i = 0; i < entries && !pb->eof_reached; i++)
2023 sc->chunk_offsets[i] = avio_rb32(pb);
2024 else if (atom.type == MKTAG('c','o','6','4'))
2025 for (i = 0; i < entries && !pb->eof_reached; i++)
2026 sc->chunk_offsets[i] = avio_rb64(pb);
2027 else
2028 return AVERROR_INVALIDDATA;
2029
2030 sc->chunk_count = i;
2031
2032 if (pb->eof_reached) {
2033 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STCO atom\n");
2034 return AVERROR_EOF;
2035 }
2036
2037 return 0;
2038 }
2039
mov_codec_id(AVStream * st,uint32_t format)2040 static int mov_codec_id(AVStream *st, uint32_t format)
2041 {
2042 int id = ff_codec_get_id(ff_codec_movaudio_tags, format);
2043
2044 if (id <= 0 &&
2045 ((format & 0xFFFF) == 'm' + ('s' << 8) ||
2046 (format & 0xFFFF) == 'T' + ('S' << 8)))
2047 id = ff_codec_get_id(ff_codec_wav_tags, av_bswap32(format) & 0xFFFF);
2048
2049 if (st->codecpar->codec_type != AVMEDIA_TYPE_VIDEO && id > 0) {
2050 st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
2051 } else if (st->codecpar->codec_type != AVMEDIA_TYPE_AUDIO &&
2052 /* skip old ASF MPEG-4 tag */
2053 format && format != MKTAG('m','p','4','s')) {
2054 id = ff_codec_get_id(ff_codec_movvideo_tags, format);
2055 if (id <= 0)
2056 id = ff_codec_get_id(ff_codec_bmp_tags, format);
2057 if (id > 0)
2058 st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO;
2059 else if (st->codecpar->codec_type == AVMEDIA_TYPE_DATA ||
2060 (st->codecpar->codec_type == AVMEDIA_TYPE_SUBTITLE &&
2061 st->codecpar->codec_id == AV_CODEC_ID_NONE)) {
2062 id = ff_codec_get_id(ff_codec_movsubtitle_tags, format);
2063 if (id > 0)
2064 st->codecpar->codec_type = AVMEDIA_TYPE_SUBTITLE;
2065 else
2066 id = ff_codec_get_id(ff_codec_movdata_tags, format);
2067 }
2068 }
2069
2070 st->codecpar->codec_tag = format;
2071
2072 return id;
2073 }
2074
mov_parse_stsd_video(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc)2075 static void mov_parse_stsd_video(MOVContext *c, AVIOContext *pb,
2076 AVStream *st, MOVStreamContext *sc)
2077 {
2078 uint8_t codec_name[32] = { 0 };
2079 int64_t stsd_start;
2080 unsigned int len;
2081
2082 /* The first 16 bytes of the video sample description are already
2083 * read in ff_mov_read_stsd_entries() */
2084 stsd_start = avio_tell(pb) - 16;
2085
2086 avio_rb16(pb); /* version */
2087 avio_rb16(pb); /* revision level */
2088 avio_rb32(pb); /* vendor */
2089 avio_rb32(pb); /* temporal quality */
2090 avio_rb32(pb); /* spatial quality */
2091
2092 st->codecpar->width = avio_rb16(pb); /* width */
2093 st->codecpar->height = avio_rb16(pb); /* height */
2094
2095 avio_rb32(pb); /* horiz resolution */
2096 avio_rb32(pb); /* vert resolution */
2097 avio_rb32(pb); /* data size, always 0 */
2098 avio_rb16(pb); /* frames per samples */
2099
2100 len = avio_r8(pb); /* codec name, pascal string */
2101 if (len > 31)
2102 len = 31;
2103 mov_read_mac_string(c, pb, len, codec_name, sizeof(codec_name));
2104 if (len < 31)
2105 avio_skip(pb, 31 - len);
2106
2107 if (codec_name[0])
2108 av_dict_set(&st->metadata, "encoder", codec_name, 0);
2109
2110 /* codec_tag YV12 triggers an UV swap in rawdec.c */
2111 if (!strncmp(codec_name, "Planar Y'CbCr 8-bit 4:2:0", 25)) {
2112 st->codecpar->codec_tag = MKTAG('I', '4', '2', '0');
2113 st->codecpar->width &= ~1;
2114 st->codecpar->height &= ~1;
2115 }
2116 /* Flash Media Server uses tag H.263 with Sorenson Spark */
2117 if (st->codecpar->codec_tag == MKTAG('H','2','6','3') &&
2118 !strncmp(codec_name, "Sorenson H263", 13))
2119 st->codecpar->codec_id = AV_CODEC_ID_FLV1;
2120
2121 st->codecpar->bits_per_coded_sample = avio_rb16(pb); /* depth */
2122
2123 avio_seek(pb, stsd_start, SEEK_SET);
2124
2125 if (ff_get_qtpalette(st->codecpar->codec_id, pb, sc->palette)) {
2126 st->codecpar->bits_per_coded_sample &= 0x1F;
2127 sc->has_palette = 1;
2128 }
2129 }
2130
mov_parse_stsd_audio(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc)2131 static void mov_parse_stsd_audio(MOVContext *c, AVIOContext *pb,
2132 AVStream *st, MOVStreamContext *sc)
2133 {
2134 int bits_per_sample, flags;
2135 uint16_t version = avio_rb16(pb);
2136 AVDictionaryEntry *compatible_brands = av_dict_get(c->fc->metadata, "compatible_brands", NULL, AV_DICT_MATCH_CASE);
2137
2138 avio_rb16(pb); /* revision level */
2139 avio_rb32(pb); /* vendor */
2140
2141 st->codecpar->channels = avio_rb16(pb); /* channel count */
2142 st->codecpar->bits_per_coded_sample = avio_rb16(pb); /* sample size */
2143 av_log(c->fc, AV_LOG_TRACE, "audio channels %d\n", st->codecpar->channels);
2144
2145 sc->audio_cid = avio_rb16(pb);
2146 avio_rb16(pb); /* packet size = 0 */
2147
2148 st->codecpar->sample_rate = ((avio_rb32(pb) >> 16));
2149
2150 // Read QT version 1 fields. In version 0 these do not exist.
2151 av_log(c->fc, AV_LOG_TRACE, "version =%d, isom =%d\n", version, c->isom);
2152 if (!c->isom ||
2153 (compatible_brands && strstr(compatible_brands->value, "qt ")) ||
2154 (sc->stsd_version == 0 && version > 0)) {
2155 if (version == 1) {
2156 sc->samples_per_frame = avio_rb32(pb);
2157 avio_rb32(pb); /* bytes per packet */
2158 sc->bytes_per_frame = avio_rb32(pb);
2159 avio_rb32(pb); /* bytes per sample */
2160 } else if (version == 2) {
2161 avio_rb32(pb); /* sizeof struct only */
2162 st->codecpar->sample_rate = av_int2double(avio_rb64(pb));
2163 st->codecpar->channels = avio_rb32(pb);
2164 avio_rb32(pb); /* always 0x7F000000 */
2165 st->codecpar->bits_per_coded_sample = avio_rb32(pb);
2166
2167 flags = avio_rb32(pb); /* lpcm format specific flag */
2168 sc->bytes_per_frame = avio_rb32(pb);
2169 sc->samples_per_frame = avio_rb32(pb);
2170 if (st->codecpar->codec_tag == MKTAG('l','p','c','m'))
2171 st->codecpar->codec_id =
2172 ff_mov_get_lpcm_codec_id(st->codecpar->bits_per_coded_sample,
2173 flags);
2174 }
2175 if (version == 0 || (version == 1 && sc->audio_cid != -2)) {
2176 /* can't correctly handle variable sized packet as audio unit */
2177 switch (st->codecpar->codec_id) {
2178 case AV_CODEC_ID_MP2:
2179 case AV_CODEC_ID_MP3:
2180 st->need_parsing = AVSTREAM_PARSE_FULL;
2181 break;
2182 }
2183 }
2184 }
2185
2186 if (sc->format == 0) {
2187 if (st->codecpar->bits_per_coded_sample == 8)
2188 st->codecpar->codec_id = mov_codec_id(st, MKTAG('r','a','w',' '));
2189 else if (st->codecpar->bits_per_coded_sample == 16)
2190 st->codecpar->codec_id = mov_codec_id(st, MKTAG('t','w','o','s'));
2191 }
2192
2193 switch (st->codecpar->codec_id) {
2194 case AV_CODEC_ID_PCM_S8:
2195 case AV_CODEC_ID_PCM_U8:
2196 if (st->codecpar->bits_per_coded_sample == 16)
2197 st->codecpar->codec_id = AV_CODEC_ID_PCM_S16BE;
2198 break;
2199 case AV_CODEC_ID_PCM_S16LE:
2200 case AV_CODEC_ID_PCM_S16BE:
2201 if (st->codecpar->bits_per_coded_sample == 8)
2202 st->codecpar->codec_id = AV_CODEC_ID_PCM_S8;
2203 else if (st->codecpar->bits_per_coded_sample == 24)
2204 st->codecpar->codec_id =
2205 st->codecpar->codec_id == AV_CODEC_ID_PCM_S16BE ?
2206 AV_CODEC_ID_PCM_S24BE : AV_CODEC_ID_PCM_S24LE;
2207 else if (st->codecpar->bits_per_coded_sample == 32)
2208 st->codecpar->codec_id =
2209 st->codecpar->codec_id == AV_CODEC_ID_PCM_S16BE ?
2210 AV_CODEC_ID_PCM_S32BE : AV_CODEC_ID_PCM_S32LE;
2211 break;
2212 /* set values for old format before stsd version 1 appeared */
2213 case AV_CODEC_ID_MACE3:
2214 sc->samples_per_frame = 6;
2215 sc->bytes_per_frame = 2 * st->codecpar->channels;
2216 break;
2217 case AV_CODEC_ID_MACE6:
2218 sc->samples_per_frame = 6;
2219 sc->bytes_per_frame = 1 * st->codecpar->channels;
2220 break;
2221 case AV_CODEC_ID_ADPCM_IMA_QT:
2222 sc->samples_per_frame = 64;
2223 sc->bytes_per_frame = 34 * st->codecpar->channels;
2224 break;
2225 case AV_CODEC_ID_GSM:
2226 sc->samples_per_frame = 160;
2227 sc->bytes_per_frame = 33;
2228 break;
2229 default:
2230 break;
2231 }
2232
2233 bits_per_sample = av_get_bits_per_sample(st->codecpar->codec_id);
2234 if (bits_per_sample) {
2235 st->codecpar->bits_per_coded_sample = bits_per_sample;
2236 sc->sample_size = (bits_per_sample >> 3) * st->codecpar->channels;
2237 }
2238 }
2239
mov_parse_stsd_subtitle(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc,int64_t size)2240 static void mov_parse_stsd_subtitle(MOVContext *c, AVIOContext *pb,
2241 AVStream *st, MOVStreamContext *sc,
2242 int64_t size)
2243 {
2244 // ttxt stsd contains display flags, justification, background
2245 // color, fonts, and default styles, so fake an atom to read it
2246 MOVAtom fake_atom = { .size = size };
2247 // mp4s contains a regular esds atom
2248 if (st->codecpar->codec_tag != AV_RL32("mp4s"))
2249 mov_read_glbl(c, pb, fake_atom);
2250 st->codecpar->width = sc->width;
2251 st->codecpar->height = sc->height;
2252 }
2253
yuv_to_rgba(uint32_t ycbcr)2254 static uint32_t yuv_to_rgba(uint32_t ycbcr)
2255 {
2256 uint8_t r, g, b;
2257 int y, cb, cr;
2258
2259 y = (ycbcr >> 16) & 0xFF;
2260 cr = (ycbcr >> 8) & 0xFF;
2261 cb = ycbcr & 0xFF;
2262
2263 b = av_clip_uint8((1164 * (y - 16) + 2018 * (cb - 128)) / 1000);
2264 g = av_clip_uint8((1164 * (y - 16) - 813 * (cr - 128) - 391 * (cb - 128)) / 1000);
2265 r = av_clip_uint8((1164 * (y - 16) + 1596 * (cr - 128) ) / 1000);
2266
2267 return (r << 16) | (g << 8) | b;
2268 }
2269
mov_rewrite_dvd_sub_extradata(AVStream * st)2270 static int mov_rewrite_dvd_sub_extradata(AVStream *st)
2271 {
2272 char buf[256] = {0};
2273 uint8_t *src = st->codecpar->extradata;
2274 int i, ret;
2275
2276 if (st->codecpar->extradata_size != 64)
2277 return 0;
2278
2279 if (st->codecpar->width > 0 && st->codecpar->height > 0)
2280 snprintf(buf, sizeof(buf), "size: %dx%d\n",
2281 st->codecpar->width, st->codecpar->height);
2282 av_strlcat(buf, "palette: ", sizeof(buf));
2283
2284 for (i = 0; i < 16; i++) {
2285 uint32_t yuv = AV_RB32(src + i * 4);
2286 uint32_t rgba = yuv_to_rgba(yuv);
2287
2288 av_strlcatf(buf, sizeof(buf), "%06"PRIx32"%s", rgba, i != 15 ? ", " : "");
2289 }
2290
2291 if (av_strlcat(buf, "\n", sizeof(buf)) >= sizeof(buf))
2292 return 0;
2293
2294 ret = ff_alloc_extradata(st->codecpar, strlen(buf));
2295 if (ret < 0)
2296 return ret;
2297 memcpy(st->codecpar->extradata, buf, st->codecpar->extradata_size);
2298
2299 return 0;
2300 }
2301
mov_parse_stsd_data(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc,int64_t size)2302 static int mov_parse_stsd_data(MOVContext *c, AVIOContext *pb,
2303 AVStream *st, MOVStreamContext *sc,
2304 int64_t size)
2305 {
2306 int ret;
2307
2308 if (st->codecpar->codec_tag == MKTAG('t','m','c','d')) {
2309 if ((int)size != size)
2310 return AVERROR(ENOMEM);
2311
2312 ret = ff_get_extradata(c->fc, st->codecpar, pb, size);
2313 if (ret < 0)
2314 return ret;
2315 if (size > 16) {
2316 MOVStreamContext *tmcd_ctx = st->priv_data;
2317 int val;
2318 val = AV_RB32(st->codecpar->extradata + 4);
2319 tmcd_ctx->tmcd_flags = val;
2320 st->avg_frame_rate.num = AV_RB32(st->codecpar->extradata + 8); /* timescale */
2321 st->avg_frame_rate.den = AV_RB32(st->codecpar->extradata + 12); /* frameDuration */
2322 #if FF_API_LAVF_AVCTX
2323 FF_DISABLE_DEPRECATION_WARNINGS
2324 st->codec->time_base = av_inv_q(st->avg_frame_rate);
2325 FF_ENABLE_DEPRECATION_WARNINGS
2326 #endif
2327 /* adjust for per frame dur in counter mode */
2328 if (tmcd_ctx->tmcd_flags & 0x0008) {
2329 int timescale = AV_RB32(st->codecpar->extradata + 8);
2330 int framedur = AV_RB32(st->codecpar->extradata + 12);
2331 st->avg_frame_rate.num *= timescale;
2332 st->avg_frame_rate.den *= framedur;
2333 #if FF_API_LAVF_AVCTX
2334 FF_DISABLE_DEPRECATION_WARNINGS
2335 st->codec->time_base.den *= timescale;
2336 st->codec->time_base.num *= framedur;
2337 FF_ENABLE_DEPRECATION_WARNINGS
2338 #endif
2339 }
2340 if (size > 30) {
2341 uint32_t len = AV_RB32(st->codecpar->extradata + 18); /* name atom length */
2342 uint32_t format = AV_RB32(st->codecpar->extradata + 22);
2343 if (format == AV_RB32("name") && (int64_t)size >= (int64_t)len + 18) {
2344 uint16_t str_size = AV_RB16(st->codecpar->extradata + 26); /* string length */
2345 if (str_size > 0 && size >= (int)str_size + 30) {
2346 char *reel_name = av_malloc(str_size + 1);
2347 if (!reel_name)
2348 return AVERROR(ENOMEM);
2349 memcpy(reel_name, st->codecpar->extradata + 30, str_size);
2350 reel_name[str_size] = 0; /* Add null terminator */
2351 /* don't add reel_name if emtpy string */
2352 if (*reel_name == 0) {
2353 av_free(reel_name);
2354 } else {
2355 av_dict_set(&st->metadata, "reel_name", reel_name, AV_DICT_DONT_STRDUP_VAL);
2356 }
2357 }
2358 }
2359 }
2360 }
2361 } else {
2362 /* other codec type, just skip (rtp, mp4s ...) */
2363 avio_skip(pb, size);
2364 }
2365 return 0;
2366 }
2367
mov_finalize_stsd_codec(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc)2368 static int mov_finalize_stsd_codec(MOVContext *c, AVIOContext *pb,
2369 AVStream *st, MOVStreamContext *sc)
2370 {
2371 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO &&
2372 !st->codecpar->sample_rate && sc->time_scale > 1)
2373 st->codecpar->sample_rate = sc->time_scale;
2374
2375 /* special codec parameters handling */
2376 switch (st->codecpar->codec_id) {
2377 #if CONFIG_DV_DEMUXER
2378 case AV_CODEC_ID_DVAUDIO:
2379 c->dv_fctx = avformat_alloc_context();
2380 if (!c->dv_fctx) {
2381 av_log(c->fc, AV_LOG_ERROR, "dv demux context alloc error\n");
2382 return AVERROR(ENOMEM);
2383 }
2384 c->dv_demux = avpriv_dv_init_demux(c->dv_fctx);
2385 if (!c->dv_demux) {
2386 av_log(c->fc, AV_LOG_ERROR, "dv demux context init error\n");
2387 return AVERROR(ENOMEM);
2388 }
2389 sc->dv_audio_container = 1;
2390 st->codecpar->codec_id = AV_CODEC_ID_PCM_S16LE;
2391 break;
2392 #endif
2393 /* no ifdef since parameters are always those */
2394 case AV_CODEC_ID_QCELP:
2395 st->codecpar->channels = 1;
2396 // force sample rate for qcelp when not stored in mov
2397 if (st->codecpar->codec_tag != MKTAG('Q','c','l','p'))
2398 st->codecpar->sample_rate = 8000;
2399 // FIXME: Why is the following needed for some files?
2400 sc->samples_per_frame = 160;
2401 if (!sc->bytes_per_frame)
2402 sc->bytes_per_frame = 35;
2403 break;
2404 case AV_CODEC_ID_AMR_NB:
2405 st->codecpar->channels = 1;
2406 /* force sample rate for amr, stsd in 3gp does not store sample rate */
2407 st->codecpar->sample_rate = 8000;
2408 break;
2409 case AV_CODEC_ID_AMR_WB:
2410 st->codecpar->channels = 1;
2411 st->codecpar->sample_rate = 16000;
2412 break;
2413 case AV_CODEC_ID_MP2:
2414 case AV_CODEC_ID_MP3:
2415 /* force type after stsd for m1a hdlr */
2416 st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
2417 break;
2418 case AV_CODEC_ID_GSM:
2419 case AV_CODEC_ID_ADPCM_MS:
2420 case AV_CODEC_ID_ADPCM_IMA_WAV:
2421 case AV_CODEC_ID_ILBC:
2422 case AV_CODEC_ID_MACE3:
2423 case AV_CODEC_ID_MACE6:
2424 case AV_CODEC_ID_QDM2:
2425 st->codecpar->block_align = sc->bytes_per_frame;
2426 break;
2427 case AV_CODEC_ID_ALAC:
2428 if (st->codecpar->extradata_size == 36) {
2429 st->codecpar->channels = AV_RB8 (st->codecpar->extradata + 21);
2430 st->codecpar->sample_rate = AV_RB32(st->codecpar->extradata + 32);
2431 }
2432 break;
2433 case AV_CODEC_ID_AC3:
2434 case AV_CODEC_ID_EAC3:
2435 case AV_CODEC_ID_MPEG1VIDEO:
2436 case AV_CODEC_ID_VC1:
2437 case AV_CODEC_ID_VP8:
2438 case AV_CODEC_ID_VP9:
2439 st->need_parsing = AVSTREAM_PARSE_FULL;
2440 break;
2441 default:
2442 break;
2443 }
2444 return 0;
2445 }
2446
mov_skip_multiple_stsd(MOVContext * c,AVIOContext * pb,int codec_tag,int format,int64_t size)2447 static int mov_skip_multiple_stsd(MOVContext *c, AVIOContext *pb,
2448 int codec_tag, int format,
2449 int64_t size)
2450 {
2451 int video_codec_id = ff_codec_get_id(ff_codec_movvideo_tags, format);
2452
2453 if (codec_tag &&
2454 (codec_tag != format &&
2455 // AVID 1:1 samples with differing data format and codec tag exist
2456 (codec_tag != AV_RL32("AV1x") || format != AV_RL32("AVup")) &&
2457 // prores is allowed to have differing data format and codec tag
2458 codec_tag != AV_RL32("apcn") && codec_tag != AV_RL32("apch") &&
2459 // so is dv (sigh)
2460 codec_tag != AV_RL32("dvpp") && codec_tag != AV_RL32("dvcp") &&
2461 (c->fc->video_codec_id ? video_codec_id != c->fc->video_codec_id
2462 : codec_tag != MKTAG('j','p','e','g')))) {
2463 /* Multiple fourcc, we skip JPEG. This is not correct, we should
2464 * export it as a separate AVStream but this needs a few changes
2465 * in the MOV demuxer, patch welcome. */
2466
2467 av_log(c->fc, AV_LOG_WARNING, "multiple fourcc not supported\n");
2468 avio_skip(pb, size);
2469 return 1;
2470 }
2471
2472 return 0;
2473 }
2474
ff_mov_read_stsd_entries(MOVContext * c,AVIOContext * pb,int entries)2475 int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries)
2476 {
2477 AVStream *st;
2478 MOVStreamContext *sc;
2479 int pseudo_stream_id;
2480
2481 av_assert0 (c->fc->nb_streams >= 1);
2482 st = c->fc->streams[c->fc->nb_streams-1];
2483 sc = st->priv_data;
2484
2485 for (pseudo_stream_id = 0;
2486 pseudo_stream_id < entries && !pb->eof_reached;
2487 pseudo_stream_id++) {
2488 //Parsing Sample description table
2489 enum AVCodecID id;
2490 int ret, dref_id = 1;
2491 MOVAtom a = { AV_RL32("stsd") };
2492 int64_t start_pos = avio_tell(pb);
2493 int64_t size = avio_rb32(pb); /* size */
2494 uint32_t format = avio_rl32(pb); /* data format */
2495
2496 if (size >= 16) {
2497 avio_rb32(pb); /* reserved */
2498 avio_rb16(pb); /* reserved */
2499 dref_id = avio_rb16(pb);
2500 } else if (size <= 7) {
2501 av_log(c->fc, AV_LOG_ERROR,
2502 "invalid size %"PRId64" in stsd\n", size);
2503 return AVERROR_INVALIDDATA;
2504 }
2505
2506 if (mov_skip_multiple_stsd(c, pb, st->codecpar->codec_tag, format,
2507 size - (avio_tell(pb) - start_pos))) {
2508 sc->stsd_count++;
2509 continue;
2510 }
2511
2512 sc->pseudo_stream_id = st->codecpar->codec_tag ? -1 : pseudo_stream_id;
2513 sc->dref_id= dref_id;
2514 sc->format = format;
2515
2516 id = mov_codec_id(st, format);
2517
2518 av_log(c->fc, AV_LOG_TRACE,
2519 "size=%"PRId64" 4CC=%s codec_type=%d\n", size,
2520 av_fourcc2str(format), st->codecpar->codec_type);
2521
2522 st->codecpar->codec_id = id;
2523 if (st->codecpar->codec_type==AVMEDIA_TYPE_VIDEO) {
2524 mov_parse_stsd_video(c, pb, st, sc);
2525 } else if (st->codecpar->codec_type==AVMEDIA_TYPE_AUDIO) {
2526 mov_parse_stsd_audio(c, pb, st, sc);
2527 if (st->codecpar->sample_rate < 0) {
2528 av_log(c->fc, AV_LOG_ERROR, "Invalid sample rate %d\n", st->codecpar->sample_rate);
2529 return AVERROR_INVALIDDATA;
2530 }
2531 } else if (st->codecpar->codec_type==AVMEDIA_TYPE_SUBTITLE){
2532 mov_parse_stsd_subtitle(c, pb, st, sc,
2533 size - (avio_tell(pb) - start_pos));
2534 } else {
2535 ret = mov_parse_stsd_data(c, pb, st, sc,
2536 size - (avio_tell(pb) - start_pos));
2537 if (ret < 0)
2538 return ret;
2539 }
2540 /* this will read extra atoms at the end (wave, alac, damr, avcC, hvcC, SMI ...) */
2541 a.size = size - (avio_tell(pb) - start_pos);
2542 if (a.size > 8) {
2543 if ((ret = mov_read_default(c, pb, a)) < 0)
2544 return ret;
2545 } else if (a.size > 0)
2546 avio_skip(pb, a.size);
2547
2548 if (sc->extradata && st->codecpar->extradata) {
2549 int extra_size = st->codecpar->extradata_size;
2550
2551 /* Move the current stream extradata to the stream context one. */
2552 sc->extradata_size[pseudo_stream_id] = extra_size;
2553 sc->extradata[pseudo_stream_id] = av_malloc(extra_size + AV_INPUT_BUFFER_PADDING_SIZE);
2554 if (!sc->extradata[pseudo_stream_id])
2555 return AVERROR(ENOMEM);
2556 memcpy(sc->extradata[pseudo_stream_id], st->codecpar->extradata, extra_size);
2557 av_freep(&st->codecpar->extradata);
2558 st->codecpar->extradata_size = 0;
2559 }
2560 sc->stsd_count++;
2561 }
2562
2563 if (pb->eof_reached) {
2564 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STSD atom\n");
2565 return AVERROR_EOF;
2566 }
2567
2568 return 0;
2569 }
2570
mov_read_stsd(MOVContext * c,AVIOContext * pb,MOVAtom atom)2571 static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2572 {
2573 AVStream *st;
2574 MOVStreamContext *sc;
2575 int ret, entries;
2576
2577 if (c->fc->nb_streams < 1)
2578 return 0;
2579 st = c->fc->streams[c->fc->nb_streams - 1];
2580 sc = st->priv_data;
2581
2582 sc->stsd_version = avio_r8(pb);
2583 avio_rb24(pb); /* flags */
2584 entries = avio_rb32(pb);
2585
2586 /* Each entry contains a size (4 bytes) and format (4 bytes). */
2587 if (entries <= 0 || entries > atom.size / 8) {
2588 av_log(c->fc, AV_LOG_ERROR, "invalid STSD entries %d\n", entries);
2589 return AVERROR_INVALIDDATA;
2590 }
2591
2592 if (sc->extradata) {
2593 av_log(c->fc, AV_LOG_ERROR,
2594 "Duplicate stsd found in this track.\n");
2595 return AVERROR_INVALIDDATA;
2596 }
2597
2598 /* Prepare space for hosting multiple extradata. */
2599 sc->extradata = av_mallocz_array(entries, sizeof(*sc->extradata));
2600 if (!sc->extradata)
2601 return AVERROR(ENOMEM);
2602
2603 sc->extradata_size = av_mallocz_array(entries, sizeof(*sc->extradata_size));
2604 if (!sc->extradata_size) {
2605 ret = AVERROR(ENOMEM);
2606 goto fail;
2607 }
2608
2609 ret = ff_mov_read_stsd_entries(c, pb, entries);
2610 if (ret < 0)
2611 goto fail;
2612
2613 /* Restore back the primary extradata. */
2614 av_freep(&st->codecpar->extradata);
2615 st->codecpar->extradata_size = sc->extradata_size[0];
2616 if (sc->extradata_size[0]) {
2617 st->codecpar->extradata = av_mallocz(sc->extradata_size[0] + AV_INPUT_BUFFER_PADDING_SIZE);
2618 if (!st->codecpar->extradata)
2619 return AVERROR(ENOMEM);
2620 memcpy(st->codecpar->extradata, sc->extradata[0], sc->extradata_size[0]);
2621 }
2622
2623 return mov_finalize_stsd_codec(c, pb, st, sc);
2624 fail:
2625 if (sc->extradata) {
2626 int j;
2627 for (j = 0; j < sc->stsd_count; j++)
2628 av_freep(&sc->extradata[j]);
2629 }
2630
2631 av_freep(&sc->extradata);
2632 av_freep(&sc->extradata_size);
2633 return ret;
2634 }
2635
mov_read_stsc(MOVContext * c,AVIOContext * pb,MOVAtom atom)2636 static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2637 {
2638 AVStream *st;
2639 MOVStreamContext *sc;
2640 unsigned int i, entries;
2641
2642 if (c->fc->nb_streams < 1)
2643 return 0;
2644 st = c->fc->streams[c->fc->nb_streams-1];
2645 sc = st->priv_data;
2646
2647 avio_r8(pb); /* version */
2648 avio_rb24(pb); /* flags */
2649
2650 entries = avio_rb32(pb);
2651 if ((uint64_t)entries * 12 + 4 > atom.size)
2652 return AVERROR_INVALIDDATA;
2653
2654 av_log(c->fc, AV_LOG_TRACE, "track[%u].stsc.entries = %u\n", c->fc->nb_streams - 1, entries);
2655
2656 if (!entries)
2657 return 0;
2658 if (sc->stsc_data)
2659 av_log(c->fc, AV_LOG_WARNING, "Duplicated STSC atom\n");
2660 av_free(sc->stsc_data);
2661 sc->stsc_count = 0;
2662 sc->stsc_data = av_malloc_array(entries, sizeof(*sc->stsc_data));
2663 if (!sc->stsc_data)
2664 return AVERROR(ENOMEM);
2665
2666 for (i = 0; i < entries && !pb->eof_reached; i++) {
2667 sc->stsc_data[i].first = avio_rb32(pb);
2668 sc->stsc_data[i].count = avio_rb32(pb);
2669 sc->stsc_data[i].id = avio_rb32(pb);
2670 }
2671
2672 sc->stsc_count = i;
2673 for (i = sc->stsc_count - 1; i < UINT_MAX; i--) {
2674 int64_t first_min = i + 1;
2675 if ((i+1 < sc->stsc_count && sc->stsc_data[i].first >= sc->stsc_data[i+1].first) ||
2676 (i > 0 && sc->stsc_data[i].first <= sc->stsc_data[i-1].first) ||
2677 sc->stsc_data[i].first < first_min ||
2678 sc->stsc_data[i].count < 1 ||
2679 sc->stsc_data[i].id < 1) {
2680 av_log(c->fc, AV_LOG_WARNING, "STSC entry %d is invalid (first=%d count=%d id=%d)\n", i, sc->stsc_data[i].first, sc->stsc_data[i].count, sc->stsc_data[i].id);
2681 if (i+1 >= sc->stsc_count) {
2682 if (sc->stsc_data[i].count == 0 && i > 0) {
2683 sc->stsc_count --;
2684 continue;
2685 }
2686 sc->stsc_data[i].first = FFMAX(sc->stsc_data[i].first, first_min);
2687 if (i > 0 && sc->stsc_data[i].first <= sc->stsc_data[i-1].first)
2688 sc->stsc_data[i].first = FFMIN(sc->stsc_data[i-1].first + 1LL, INT_MAX);
2689 sc->stsc_data[i].count = FFMAX(sc->stsc_data[i].count, 1);
2690 sc->stsc_data[i].id = FFMAX(sc->stsc_data[i].id, 1);
2691 continue;
2692 }
2693 av_assert0(sc->stsc_data[i+1].first >= 2);
2694 // We replace this entry by the next valid
2695 sc->stsc_data[i].first = sc->stsc_data[i+1].first - 1;
2696 sc->stsc_data[i].count = sc->stsc_data[i+1].count;
2697 sc->stsc_data[i].id = sc->stsc_data[i+1].id;
2698 }
2699 }
2700
2701 if (pb->eof_reached) {
2702 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STSC atom\n");
2703 return AVERROR_EOF;
2704 }
2705
2706 return 0;
2707 }
2708
mov_stsc_index_valid(unsigned int index,unsigned int count)2709 static inline int mov_stsc_index_valid(unsigned int index, unsigned int count)
2710 {
2711 return index < count - 1;
2712 }
2713
2714 /* Compute the samples value for the stsc entry at the given index. */
mov_get_stsc_samples(MOVStreamContext * sc,unsigned int index)2715 static inline int64_t mov_get_stsc_samples(MOVStreamContext *sc, unsigned int index)
2716 {
2717 int chunk_count;
2718
2719 if (mov_stsc_index_valid(index, sc->stsc_count))
2720 chunk_count = sc->stsc_data[index + 1].first - sc->stsc_data[index].first;
2721 else {
2722 // Validation for stsc / stco happens earlier in mov_read_stsc + mov_read_trak.
2723 av_assert0(sc->stsc_data[index].first <= sc->chunk_count);
2724 chunk_count = sc->chunk_count - (sc->stsc_data[index].first - 1);
2725 }
2726
2727 return sc->stsc_data[index].count * (int64_t)chunk_count;
2728 }
2729
mov_read_stps(MOVContext * c,AVIOContext * pb,MOVAtom atom)2730 static int mov_read_stps(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2731 {
2732 AVStream *st;
2733 MOVStreamContext *sc;
2734 unsigned i, entries;
2735
2736 if (c->fc->nb_streams < 1)
2737 return 0;
2738 st = c->fc->streams[c->fc->nb_streams-1];
2739 sc = st->priv_data;
2740
2741 avio_rb32(pb); // version + flags
2742
2743 entries = avio_rb32(pb);
2744 if (sc->stps_data)
2745 av_log(c->fc, AV_LOG_WARNING, "Duplicated STPS atom\n");
2746 av_free(sc->stps_data);
2747 sc->stps_count = 0;
2748 sc->stps_data = av_malloc_array(entries, sizeof(*sc->stps_data));
2749 if (!sc->stps_data)
2750 return AVERROR(ENOMEM);
2751
2752 for (i = 0; i < entries && !pb->eof_reached; i++) {
2753 sc->stps_data[i] = avio_rb32(pb);
2754 }
2755
2756 sc->stps_count = i;
2757
2758 if (pb->eof_reached) {
2759 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STPS atom\n");
2760 return AVERROR_EOF;
2761 }
2762
2763 return 0;
2764 }
2765
mov_read_stss(MOVContext * c,AVIOContext * pb,MOVAtom atom)2766 static int mov_read_stss(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2767 {
2768 AVStream *st;
2769 MOVStreamContext *sc;
2770 unsigned int i, entries;
2771
2772 if (c->fc->nb_streams < 1)
2773 return 0;
2774 st = c->fc->streams[c->fc->nb_streams-1];
2775 sc = st->priv_data;
2776
2777 avio_r8(pb); /* version */
2778 avio_rb24(pb); /* flags */
2779
2780 entries = avio_rb32(pb);
2781
2782 av_log(c->fc, AV_LOG_TRACE, "keyframe_count = %u\n", entries);
2783
2784 if (!entries)
2785 {
2786 sc->keyframe_absent = 1;
2787 if (!st->need_parsing && st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO)
2788 st->need_parsing = AVSTREAM_PARSE_HEADERS;
2789 return 0;
2790 }
2791 if (sc->keyframes)
2792 av_log(c->fc, AV_LOG_WARNING, "Duplicated STSS atom\n");
2793 if (entries >= UINT_MAX / sizeof(int))
2794 return AVERROR_INVALIDDATA;
2795 av_freep(&sc->keyframes);
2796 sc->keyframe_count = 0;
2797 sc->keyframes = av_malloc_array(entries, sizeof(*sc->keyframes));
2798 if (!sc->keyframes)
2799 return AVERROR(ENOMEM);
2800
2801 for (i = 0; i < entries && !pb->eof_reached; i++) {
2802 sc->keyframes[i] = avio_rb32(pb);
2803 }
2804
2805 sc->keyframe_count = i;
2806
2807 if (pb->eof_reached) {
2808 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STSS atom\n");
2809 return AVERROR_EOF;
2810 }
2811
2812 return 0;
2813 }
2814
mov_read_stsz(MOVContext * c,AVIOContext * pb,MOVAtom atom)2815 static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2816 {
2817 AVStream *st;
2818 MOVStreamContext *sc;
2819 unsigned int i, entries, sample_size, field_size, num_bytes;
2820 GetBitContext gb;
2821 unsigned char* buf;
2822 int ret;
2823
2824 if (c->fc->nb_streams < 1)
2825 return 0;
2826 st = c->fc->streams[c->fc->nb_streams-1];
2827 sc = st->priv_data;
2828
2829 avio_r8(pb); /* version */
2830 avio_rb24(pb); /* flags */
2831
2832 if (atom.type == MKTAG('s','t','s','z')) {
2833 sample_size = avio_rb32(pb);
2834 if (!sc->sample_size) /* do not overwrite value computed in stsd */
2835 sc->sample_size = sample_size;
2836 sc->stsz_sample_size = sample_size;
2837 field_size = 32;
2838 } else {
2839 sample_size = 0;
2840 avio_rb24(pb); /* reserved */
2841 field_size = avio_r8(pb);
2842 }
2843 entries = avio_rb32(pb);
2844
2845 av_log(c->fc, AV_LOG_TRACE, "sample_size = %u sample_count = %u\n", sc->sample_size, entries);
2846
2847 sc->sample_count = entries;
2848 if (sample_size)
2849 return 0;
2850
2851 if (field_size != 4 && field_size != 8 && field_size != 16 && field_size != 32) {
2852 av_log(c->fc, AV_LOG_ERROR, "Invalid sample field size %u\n", field_size);
2853 return AVERROR_INVALIDDATA;
2854 }
2855
2856 if (!entries)
2857 return 0;
2858 if (entries >= (UINT_MAX - 4) / field_size)
2859 return AVERROR_INVALIDDATA;
2860 if (sc->sample_sizes)
2861 av_log(c->fc, AV_LOG_WARNING, "Duplicated STSZ atom\n");
2862 av_free(sc->sample_sizes);
2863 sc->sample_count = 0;
2864 sc->sample_sizes = av_malloc_array(entries, sizeof(*sc->sample_sizes));
2865 if (!sc->sample_sizes)
2866 return AVERROR(ENOMEM);
2867
2868 num_bytes = (entries*field_size+4)>>3;
2869
2870 buf = av_malloc(num_bytes+AV_INPUT_BUFFER_PADDING_SIZE);
2871 if (!buf) {
2872 av_freep(&sc->sample_sizes);
2873 return AVERROR(ENOMEM);
2874 }
2875
2876 ret = ffio_read_size(pb, buf, num_bytes);
2877 if (ret < 0) {
2878 av_freep(&sc->sample_sizes);
2879 av_free(buf);
2880 av_log(c->fc, AV_LOG_WARNING, "STSZ atom truncated\n");
2881 return 0;
2882 }
2883
2884 init_get_bits(&gb, buf, 8*num_bytes);
2885
2886 for (i = 0; i < entries && !pb->eof_reached; i++) {
2887 sc->sample_sizes[i] = get_bits_long(&gb, field_size);
2888 if (sc->sample_sizes[i] < 0) {
2889 av_free(buf);
2890 av_log(c->fc, AV_LOG_ERROR, "Invalid sample size %d\n", sc->sample_sizes[i]);
2891 return AVERROR_INVALIDDATA;
2892 }
2893 sc->data_size += sc->sample_sizes[i];
2894 }
2895
2896 sc->sample_count = i;
2897
2898 av_free(buf);
2899
2900 if (pb->eof_reached) {
2901 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STSZ atom\n");
2902 return AVERROR_EOF;
2903 }
2904
2905 return 0;
2906 }
2907
mov_read_stts(MOVContext * c,AVIOContext * pb,MOVAtom atom)2908 static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2909 {
2910 AVStream *st;
2911 MOVStreamContext *sc;
2912 unsigned int i, entries, alloc_size = 0;
2913 int64_t duration=0;
2914 int64_t total_sample_count=0;
2915
2916 if (c->fc->nb_streams < 1)
2917 return 0;
2918 st = c->fc->streams[c->fc->nb_streams-1];
2919 sc = st->priv_data;
2920
2921 avio_r8(pb); /* version */
2922 avio_rb24(pb); /* flags */
2923 entries = avio_rb32(pb);
2924
2925 av_log(c->fc, AV_LOG_TRACE, "track[%u].stts.entries = %u\n",
2926 c->fc->nb_streams-1, entries);
2927
2928 if (sc->stts_data)
2929 av_log(c->fc, AV_LOG_WARNING, "Duplicated STTS atom\n");
2930 av_freep(&sc->stts_data);
2931 sc->stts_count = 0;
2932 if (entries >= INT_MAX / sizeof(*sc->stts_data))
2933 return AVERROR(ENOMEM);
2934
2935 for (i = 0; i < entries && !pb->eof_reached; i++) {
2936 int sample_duration;
2937 unsigned int sample_count;
2938 unsigned int min_entries = FFMIN(FFMAX(i + 1, 1024 * 1024), entries);
2939 MOVStts *stts_data = av_fast_realloc(sc->stts_data, &alloc_size,
2940 min_entries * sizeof(*sc->stts_data));
2941 if (!stts_data) {
2942 av_freep(&sc->stts_data);
2943 sc->stts_count = 0;
2944 return AVERROR(ENOMEM);
2945 }
2946 sc->stts_count = min_entries;
2947 sc->stts_data = stts_data;
2948
2949 sample_count=avio_rb32(pb);
2950 sample_duration = avio_rb32(pb);
2951
2952 sc->stts_data[i].count= sample_count;
2953 sc->stts_data[i].duration= sample_duration;
2954
2955 av_log(c->fc, AV_LOG_TRACE, "sample_count=%d, sample_duration=%d\n",
2956 sample_count, sample_duration);
2957
2958 duration+=(int64_t)sample_duration*(uint64_t)sample_count;
2959 total_sample_count+=sample_count;
2960 }
2961
2962 sc->stts_count = i;
2963
2964 if (duration > 0 &&
2965 duration <= INT64_MAX - sc->duration_for_fps &&
2966 total_sample_count <= INT_MAX - sc->nb_frames_for_fps
2967 ) {
2968 sc->duration_for_fps += duration;
2969 sc->nb_frames_for_fps += total_sample_count;
2970 }
2971
2972 if (pb->eof_reached) {
2973 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STTS atom\n");
2974 return AVERROR_EOF;
2975 }
2976
2977 st->nb_frames= total_sample_count;
2978 if (duration)
2979 st->duration= FFMIN(st->duration, duration);
2980 sc->track_end = duration;
2981 return 0;
2982 }
2983
mov_read_sdtp(MOVContext * c,AVIOContext * pb,MOVAtom atom)2984 static int mov_read_sdtp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2985 {
2986 AVStream *st;
2987 MOVStreamContext *sc;
2988 int64_t i, entries;
2989
2990 if (c->fc->nb_streams < 1)
2991 return 0;
2992 st = c->fc->streams[c->fc->nb_streams - 1];
2993 sc = st->priv_data;
2994
2995 avio_r8(pb); /* version */
2996 avio_rb24(pb); /* flags */
2997 entries = atom.size - 4;
2998
2999 av_log(c->fc, AV_LOG_TRACE, "track[%u].sdtp.entries = %" PRId64 "\n",
3000 c->fc->nb_streams - 1, entries);
3001
3002 if (sc->sdtp_data)
3003 av_log(c->fc, AV_LOG_WARNING, "Duplicated SDTP atom\n");
3004 av_freep(&sc->sdtp_data);
3005 sc->sdtp_count = 0;
3006
3007 sc->sdtp_data = av_mallocz(entries);
3008 if (!sc->sdtp_data)
3009 return AVERROR(ENOMEM);
3010
3011 for (i = 0; i < entries && !pb->eof_reached; i++)
3012 sc->sdtp_data[i] = avio_r8(pb);
3013 sc->sdtp_count = i;
3014
3015 return 0;
3016 }
3017
mov_update_dts_shift(MOVStreamContext * sc,int duration,void * logctx)3018 static void mov_update_dts_shift(MOVStreamContext *sc, int duration, void *logctx)
3019 {
3020 if (duration < 0) {
3021 if (duration == INT_MIN) {
3022 av_log(logctx, AV_LOG_WARNING, "mov_update_dts_shift(): dts_shift set to %d\n", INT_MAX);
3023 duration++;
3024 }
3025 sc->dts_shift = FFMAX(sc->dts_shift, -duration);
3026 }
3027 }
3028
mov_read_ctts(MOVContext * c,AVIOContext * pb,MOVAtom atom)3029 static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3030 {
3031 AVStream *st;
3032 MOVStreamContext *sc;
3033 unsigned int i, entries, ctts_count = 0;
3034
3035 if (c->fc->nb_streams < 1)
3036 return 0;
3037 st = c->fc->streams[c->fc->nb_streams-1];
3038 sc = st->priv_data;
3039
3040 avio_r8(pb); /* version */
3041 avio_rb24(pb); /* flags */
3042 entries = avio_rb32(pb);
3043
3044 av_log(c->fc, AV_LOG_TRACE, "track[%u].ctts.entries = %u\n", c->fc->nb_streams - 1, entries);
3045
3046 if (!entries)
3047 return 0;
3048 if (entries >= UINT_MAX / sizeof(*sc->ctts_data))
3049 return AVERROR_INVALIDDATA;
3050 av_freep(&sc->ctts_data);
3051 sc->ctts_data = av_fast_realloc(NULL, &sc->ctts_allocated_size, entries * sizeof(*sc->ctts_data));
3052 if (!sc->ctts_data)
3053 return AVERROR(ENOMEM);
3054
3055 for (i = 0; i < entries && !pb->eof_reached; i++) {
3056 int count =avio_rb32(pb);
3057 int duration =avio_rb32(pb);
3058
3059 if (count <= 0) {
3060 av_log(c->fc, AV_LOG_TRACE,
3061 "ignoring CTTS entry with count=%d duration=%d\n",
3062 count, duration);
3063 continue;
3064 }
3065
3066 add_ctts_entry(&sc->ctts_data, &ctts_count, &sc->ctts_allocated_size,
3067 count, duration);
3068
3069 av_log(c->fc, AV_LOG_TRACE, "count=%d, duration=%d\n",
3070 count, duration);
3071
3072 if (FFNABS(duration) < -(1<<28) && i+2<entries) {
3073 av_log(c->fc, AV_LOG_WARNING, "CTTS invalid\n");
3074 av_freep(&sc->ctts_data);
3075 sc->ctts_count = 0;
3076 return 0;
3077 }
3078
3079 if (i+2<entries)
3080 mov_update_dts_shift(sc, duration, c->fc);
3081 }
3082
3083 sc->ctts_count = ctts_count;
3084
3085 if (pb->eof_reached) {
3086 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted CTTS atom\n");
3087 return AVERROR_EOF;
3088 }
3089
3090 av_log(c->fc, AV_LOG_TRACE, "dts shift %d\n", sc->dts_shift);
3091
3092 return 0;
3093 }
3094
mov_read_sbgp(MOVContext * c,AVIOContext * pb,MOVAtom atom)3095 static int mov_read_sbgp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3096 {
3097 AVStream *st;
3098 MOVStreamContext *sc;
3099 unsigned int i, entries;
3100 uint8_t version;
3101 uint32_t grouping_type;
3102
3103 if (c->fc->nb_streams < 1)
3104 return 0;
3105 st = c->fc->streams[c->fc->nb_streams-1];
3106 sc = st->priv_data;
3107
3108 version = avio_r8(pb); /* version */
3109 avio_rb24(pb); /* flags */
3110 grouping_type = avio_rl32(pb);
3111 if (grouping_type != MKTAG( 'r','a','p',' '))
3112 return 0; /* only support 'rap ' grouping */
3113 if (version == 1)
3114 avio_rb32(pb); /* grouping_type_parameter */
3115
3116 entries = avio_rb32(pb);
3117 if (!entries)
3118 return 0;
3119 if (sc->rap_group)
3120 av_log(c->fc, AV_LOG_WARNING, "Duplicated SBGP atom\n");
3121 av_free(sc->rap_group);
3122 sc->rap_group_count = 0;
3123 sc->rap_group = av_malloc_array(entries, sizeof(*sc->rap_group));
3124 if (!sc->rap_group)
3125 return AVERROR(ENOMEM);
3126
3127 for (i = 0; i < entries && !pb->eof_reached; i++) {
3128 sc->rap_group[i].count = avio_rb32(pb); /* sample_count */
3129 sc->rap_group[i].index = avio_rb32(pb); /* group_description_index */
3130 }
3131
3132 sc->rap_group_count = i;
3133
3134 if (pb->eof_reached) {
3135 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted SBGP atom\n");
3136 return AVERROR_EOF;
3137 }
3138
3139 return 0;
3140 }
3141
3142 /**
3143 * Get ith edit list entry (media time, duration).
3144 */
get_edit_list_entry(MOVContext * mov,const MOVStreamContext * msc,unsigned int edit_list_index,int64_t * edit_list_media_time,int64_t * edit_list_duration,int64_t global_timescale)3145 static int get_edit_list_entry(MOVContext *mov,
3146 const MOVStreamContext *msc,
3147 unsigned int edit_list_index,
3148 int64_t *edit_list_media_time,
3149 int64_t *edit_list_duration,
3150 int64_t global_timescale)
3151 {
3152 if (edit_list_index == msc->elst_count) {
3153 return 0;
3154 }
3155 *edit_list_media_time = msc->elst_data[edit_list_index].time;
3156 *edit_list_duration = msc->elst_data[edit_list_index].duration;
3157
3158 /* duration is in global timescale units;convert to msc timescale */
3159 if (global_timescale == 0) {
3160 avpriv_request_sample(mov->fc, "Support for mvhd.timescale = 0 with editlists");
3161 return 0;
3162 }
3163 *edit_list_duration = av_rescale(*edit_list_duration, msc->time_scale,
3164 global_timescale);
3165 return 1;
3166 }
3167
3168 /**
3169 * Find the closest previous frame to the timestamp_pts, in e_old index
3170 * entries. Searching for just any frame / just key frames can be controlled by
3171 * last argument 'flag'.
3172 * Note that if ctts_data is not NULL, we will always search for a key frame
3173 * irrespective of the value of 'flag'. If we don't find any keyframe, we will
3174 * return the first frame of the video.
3175 *
3176 * Here the timestamp_pts is considered to be a presentation timestamp and
3177 * the timestamp of index entries are considered to be decoding timestamps.
3178 *
3179 * Returns 0 if successful in finding a frame, else returns -1.
3180 * Places the found index corresponding output arg.
3181 *
3182 * If ctts_old is not NULL, then refines the searched entry by searching
3183 * backwards from the found timestamp, to find the frame with correct PTS.
3184 *
3185 * Places the found ctts_index and ctts_sample in corresponding output args.
3186 */
find_prev_closest_index(AVStream * st,AVIndexEntry * e_old,int nb_old,MOVStts * ctts_data,int64_t ctts_count,int64_t timestamp_pts,int flag,int64_t * index,int64_t * ctts_index,int64_t * ctts_sample)3187 static int find_prev_closest_index(AVStream *st,
3188 AVIndexEntry *e_old,
3189 int nb_old,
3190 MOVStts* ctts_data,
3191 int64_t ctts_count,
3192 int64_t timestamp_pts,
3193 int flag,
3194 int64_t* index,
3195 int64_t* ctts_index,
3196 int64_t* ctts_sample)
3197 {
3198 MOVStreamContext *msc = st->priv_data;
3199 AVIndexEntry *e_keep = st->index_entries;
3200 int nb_keep = st->nb_index_entries;
3201 int64_t i = 0;
3202 int64_t index_ctts_count;
3203
3204 av_assert0(index);
3205
3206 // If dts_shift > 0, then all the index timestamps will have to be offset by
3207 // at least dts_shift amount to obtain PTS.
3208 // Hence we decrement the searched timestamp_pts by dts_shift to find the closest index element.
3209 if (msc->dts_shift > 0) {
3210 timestamp_pts -= msc->dts_shift;
3211 }
3212
3213 st->index_entries = e_old;
3214 st->nb_index_entries = nb_old;
3215 *index = av_index_search_timestamp(st, timestamp_pts, flag | AVSEEK_FLAG_BACKWARD);
3216
3217 // Keep going backwards in the index entries until the timestamp is the same.
3218 if (*index >= 0) {
3219 for (i = *index; i > 0 && e_old[i].timestamp == e_old[i - 1].timestamp;
3220 i--) {
3221 if ((flag & AVSEEK_FLAG_ANY) ||
3222 (e_old[i - 1].flags & AVINDEX_KEYFRAME)) {
3223 *index = i - 1;
3224 }
3225 }
3226 }
3227
3228 // If we have CTTS then refine the search, by searching backwards over PTS
3229 // computed by adding corresponding CTTS durations to index timestamps.
3230 if (ctts_data && *index >= 0) {
3231 av_assert0(ctts_index);
3232 av_assert0(ctts_sample);
3233 // Find out the ctts_index for the found frame.
3234 *ctts_index = 0;
3235 *ctts_sample = 0;
3236 for (index_ctts_count = 0; index_ctts_count < *index; index_ctts_count++) {
3237 if (*ctts_index < ctts_count) {
3238 (*ctts_sample)++;
3239 if (ctts_data[*ctts_index].count == *ctts_sample) {
3240 (*ctts_index)++;
3241 *ctts_sample = 0;
3242 }
3243 }
3244 }
3245
3246 while (*index >= 0 && (*ctts_index) >= 0 && (*ctts_index) < ctts_count) {
3247 // Find a "key frame" with PTS <= timestamp_pts (So that we can decode B-frames correctly).
3248 // No need to add dts_shift to the timestamp here becase timestamp_pts has already been
3249 // compensated by dts_shift above.
3250 if ((e_old[*index].timestamp + ctts_data[*ctts_index].duration) <= timestamp_pts &&
3251 (e_old[*index].flags & AVINDEX_KEYFRAME)) {
3252 break;
3253 }
3254
3255 (*index)--;
3256 if (*ctts_sample == 0) {
3257 (*ctts_index)--;
3258 if (*ctts_index >= 0)
3259 *ctts_sample = ctts_data[*ctts_index].count - 1;
3260 } else {
3261 (*ctts_sample)--;
3262 }
3263 }
3264 }
3265
3266 /* restore AVStream state*/
3267 st->index_entries = e_keep;
3268 st->nb_index_entries = nb_keep;
3269 return *index >= 0 ? 0 : -1;
3270 }
3271
3272 /**
3273 * Add index entry with the given values, to the end of st->index_entries.
3274 * Returns the new size st->index_entries if successful, else returns -1.
3275 *
3276 * This function is similar to ff_add_index_entry in libavformat/utils.c
3277 * except that here we are always unconditionally adding an index entry to
3278 * the end, instead of searching the entries list and skipping the add if
3279 * there is an existing entry with the same timestamp.
3280 * This is needed because the mov_fix_index calls this func with the same
3281 * unincremented timestamp for successive discarded frames.
3282 */
add_index_entry(AVStream * st,int64_t pos,int64_t timestamp,int size,int distance,int flags)3283 static int64_t add_index_entry(AVStream *st, int64_t pos, int64_t timestamp,
3284 int size, int distance, int flags)
3285 {
3286 AVIndexEntry *entries, *ie;
3287 int64_t index = -1;
3288 const size_t min_size_needed = (st->nb_index_entries + 1) * sizeof(AVIndexEntry);
3289
3290 // Double the allocation each time, to lower memory fragmentation.
3291 // Another difference from ff_add_index_entry function.
3292 const size_t requested_size =
3293 min_size_needed > st->index_entries_allocated_size ?
3294 FFMAX(min_size_needed, 2 * st->index_entries_allocated_size) :
3295 min_size_needed;
3296
3297 if((unsigned)st->nb_index_entries + 1 >= UINT_MAX / sizeof(AVIndexEntry))
3298 return -1;
3299
3300 entries = av_fast_realloc(st->index_entries,
3301 &st->index_entries_allocated_size,
3302 requested_size);
3303 if(!entries)
3304 return -1;
3305
3306 st->index_entries= entries;
3307
3308 index= st->nb_index_entries++;
3309 ie= &entries[index];
3310
3311 ie->pos = pos;
3312 ie->timestamp = timestamp;
3313 ie->min_distance= distance;
3314 ie->size= size;
3315 ie->flags = flags;
3316 return index;
3317 }
3318
3319 /**
3320 * Rewrite timestamps of index entries in the range [end_index - frame_duration_buffer_size, end_index)
3321 * by subtracting end_ts successively by the amounts given in frame_duration_buffer.
3322 */
fix_index_entry_timestamps(AVStream * st,int end_index,int64_t end_ts,int64_t * frame_duration_buffer,int frame_duration_buffer_size)3323 static void fix_index_entry_timestamps(AVStream* st, int end_index, int64_t end_ts,
3324 int64_t* frame_duration_buffer,
3325 int frame_duration_buffer_size) {
3326 int i = 0;
3327 av_assert0(end_index >= 0 && end_index <= st->nb_index_entries);
3328 for (i = 0; i < frame_duration_buffer_size; i++) {
3329 end_ts -= frame_duration_buffer[frame_duration_buffer_size - 1 - i];
3330 st->index_entries[end_index - 1 - i].timestamp = end_ts;
3331 }
3332 }
3333
3334 /**
3335 * Append a new ctts entry to ctts_data.
3336 * Returns the new ctts_count if successful, else returns -1.
3337 */
add_ctts_entry(MOVStts ** ctts_data,unsigned int * ctts_count,unsigned int * allocated_size,int count,int duration)3338 static int64_t add_ctts_entry(MOVStts** ctts_data, unsigned int* ctts_count, unsigned int* allocated_size,
3339 int count, int duration)
3340 {
3341 MOVStts *ctts_buf_new;
3342 const size_t min_size_needed = (*ctts_count + 1) * sizeof(MOVStts);
3343 const size_t requested_size =
3344 min_size_needed > *allocated_size ?
3345 FFMAX(min_size_needed, 2 * (*allocated_size)) :
3346 min_size_needed;
3347
3348 if((unsigned)(*ctts_count) >= UINT_MAX / sizeof(MOVStts) - 1)
3349 return -1;
3350
3351 ctts_buf_new = av_fast_realloc(*ctts_data, allocated_size, requested_size);
3352
3353 if(!ctts_buf_new)
3354 return -1;
3355
3356 *ctts_data = ctts_buf_new;
3357
3358 ctts_buf_new[*ctts_count].count = count;
3359 ctts_buf_new[*ctts_count].duration = duration;
3360
3361 *ctts_count = (*ctts_count) + 1;
3362 return *ctts_count;
3363 }
3364
3365 #define MAX_REORDER_DELAY 16
mov_estimate_video_delay(MOVContext * c,AVStream * st)3366 static void mov_estimate_video_delay(MOVContext *c, AVStream* st) {
3367 MOVStreamContext *msc = st->priv_data;
3368 int ind;
3369 int ctts_ind = 0;
3370 int ctts_sample = 0;
3371 int64_t pts_buf[MAX_REORDER_DELAY + 1]; // Circular buffer to sort pts.
3372 int buf_start = 0;
3373 int j, r, num_swaps;
3374
3375 for (j = 0; j < MAX_REORDER_DELAY + 1; j++)
3376 pts_buf[j] = INT64_MIN;
3377
3378 if (st->codecpar->video_delay <= 0 && msc->ctts_data &&
3379 st->codecpar->codec_id == AV_CODEC_ID_H264) {
3380 st->codecpar->video_delay = 0;
3381 for(ind = 0; ind < st->nb_index_entries && ctts_ind < msc->ctts_count; ++ind) {
3382 // Point j to the last elem of the buffer and insert the current pts there.
3383 j = buf_start;
3384 buf_start = (buf_start + 1);
3385 if (buf_start == MAX_REORDER_DELAY + 1)
3386 buf_start = 0;
3387
3388 pts_buf[j] = st->index_entries[ind].timestamp + msc->ctts_data[ctts_ind].duration;
3389
3390 // The timestamps that are already in the sorted buffer, and are greater than the
3391 // current pts, are exactly the timestamps that need to be buffered to output PTS
3392 // in correct sorted order.
3393 // Hence the video delay (which is the buffer size used to sort DTS and output PTS),
3394 // can be computed as the maximum no. of swaps any particular timestamp needs to
3395 // go through, to keep this buffer in sorted order.
3396 num_swaps = 0;
3397 while (j != buf_start) {
3398 r = j - 1;
3399 if (r < 0) r = MAX_REORDER_DELAY;
3400 if (pts_buf[j] < pts_buf[r]) {
3401 FFSWAP(int64_t, pts_buf[j], pts_buf[r]);
3402 ++num_swaps;
3403 } else {
3404 break;
3405 }
3406 j = r;
3407 }
3408 st->codecpar->video_delay = FFMAX(st->codecpar->video_delay, num_swaps);
3409
3410 ctts_sample++;
3411 if (ctts_sample == msc->ctts_data[ctts_ind].count) {
3412 ctts_ind++;
3413 ctts_sample = 0;
3414 }
3415 }
3416 av_log(c->fc, AV_LOG_DEBUG, "Setting codecpar->delay to %d for stream st: %d\n",
3417 st->codecpar->video_delay, st->index);
3418 }
3419 }
3420
mov_current_sample_inc(MOVStreamContext * sc)3421 static void mov_current_sample_inc(MOVStreamContext *sc)
3422 {
3423 sc->current_sample++;
3424 sc->current_index++;
3425 if (sc->index_ranges &&
3426 sc->current_index >= sc->current_index_range->end &&
3427 sc->current_index_range->end) {
3428 sc->current_index_range++;
3429 sc->current_index = sc->current_index_range->start;
3430 }
3431 }
3432
mov_current_sample_dec(MOVStreamContext * sc)3433 static void mov_current_sample_dec(MOVStreamContext *sc)
3434 {
3435 sc->current_sample--;
3436 sc->current_index--;
3437 if (sc->index_ranges &&
3438 sc->current_index < sc->current_index_range->start &&
3439 sc->current_index_range > sc->index_ranges) {
3440 sc->current_index_range--;
3441 sc->current_index = sc->current_index_range->end - 1;
3442 }
3443 }
3444
mov_current_sample_set(MOVStreamContext * sc,int current_sample)3445 static void mov_current_sample_set(MOVStreamContext *sc, int current_sample)
3446 {
3447 int64_t range_size;
3448
3449 sc->current_sample = current_sample;
3450 sc->current_index = current_sample;
3451 if (!sc->index_ranges) {
3452 return;
3453 }
3454
3455 for (sc->current_index_range = sc->index_ranges;
3456 sc->current_index_range->end;
3457 sc->current_index_range++) {
3458 range_size = sc->current_index_range->end - sc->current_index_range->start;
3459 if (range_size > current_sample) {
3460 sc->current_index = sc->current_index_range->start + current_sample;
3461 break;
3462 }
3463 current_sample -= range_size;
3464 }
3465 }
3466
3467 /**
3468 * Fix st->index_entries, so that it contains only the entries (and the entries
3469 * which are needed to decode them) that fall in the edit list time ranges.
3470 * Also fixes the timestamps of the index entries to match the timeline
3471 * specified the edit lists.
3472 */
mov_fix_index(MOVContext * mov,AVStream * st)3473 static void mov_fix_index(MOVContext *mov, AVStream *st)
3474 {
3475 MOVStreamContext *msc = st->priv_data;
3476 AVIndexEntry *e_old = st->index_entries;
3477 int nb_old = st->nb_index_entries;
3478 const AVIndexEntry *e_old_end = e_old + nb_old;
3479 const AVIndexEntry *current = NULL;
3480 MOVStts *ctts_data_old = msc->ctts_data;
3481 int64_t ctts_index_old = 0;
3482 int64_t ctts_sample_old = 0;
3483 int64_t ctts_count_old = msc->ctts_count;
3484 int64_t edit_list_media_time = 0;
3485 int64_t edit_list_duration = 0;
3486 int64_t frame_duration = 0;
3487 int64_t edit_list_dts_counter = 0;
3488 int64_t edit_list_dts_entry_end = 0;
3489 int64_t edit_list_start_ctts_sample = 0;
3490 int64_t curr_cts;
3491 int64_t curr_ctts = 0;
3492 int64_t empty_edits_sum_duration = 0;
3493 int64_t edit_list_index = 0;
3494 int64_t index;
3495 int flags;
3496 int64_t start_dts = 0;
3497 int64_t edit_list_start_encountered = 0;
3498 int64_t search_timestamp = 0;
3499 int64_t* frame_duration_buffer = NULL;
3500 int num_discarded_begin = 0;
3501 int first_non_zero_audio_edit = -1;
3502 int packet_skip_samples = 0;
3503 MOVIndexRange *current_index_range;
3504 int i;
3505 int found_keyframe_after_edit = 0;
3506 int found_non_empty_edit = 0;
3507
3508 if (!msc->elst_data || msc->elst_count <= 0 || nb_old <= 0) {
3509 return;
3510 }
3511
3512 // allocate the index ranges array
3513 msc->index_ranges = av_malloc((msc->elst_count + 1) * sizeof(msc->index_ranges[0]));
3514 if (!msc->index_ranges) {
3515 av_log(mov->fc, AV_LOG_ERROR, "Cannot allocate index ranges buffer\n");
3516 return;
3517 }
3518 msc->current_index_range = msc->index_ranges;
3519 current_index_range = msc->index_ranges - 1;
3520
3521 // Clean AVStream from traces of old index
3522 st->index_entries = NULL;
3523 st->index_entries_allocated_size = 0;
3524 st->nb_index_entries = 0;
3525
3526 // Clean ctts fields of MOVStreamContext
3527 msc->ctts_data = NULL;
3528 msc->ctts_count = 0;
3529 msc->ctts_index = 0;
3530 msc->ctts_sample = 0;
3531 msc->ctts_allocated_size = 0;
3532
3533 // Reinitialize min_corrected_pts so that it can be computed again.
3534 msc->min_corrected_pts = -1;
3535
3536 // If the dts_shift is positive (in case of negative ctts values in mov),
3537 // then negate the DTS by dts_shift
3538 if (msc->dts_shift > 0) {
3539 edit_list_dts_entry_end -= msc->dts_shift;
3540 av_log(mov->fc, AV_LOG_DEBUG, "Shifting DTS by %d because of negative CTTS.\n", msc->dts_shift);
3541 }
3542
3543 start_dts = edit_list_dts_entry_end;
3544
3545 while (get_edit_list_entry(mov, msc, edit_list_index, &edit_list_media_time,
3546 &edit_list_duration, mov->time_scale)) {
3547 av_log(mov->fc, AV_LOG_DEBUG, "Processing st: %d, edit list %"PRId64" - media time: %"PRId64", duration: %"PRId64"\n",
3548 st->index, edit_list_index, edit_list_media_time, edit_list_duration);
3549 edit_list_index++;
3550 edit_list_dts_counter = edit_list_dts_entry_end;
3551 edit_list_dts_entry_end += edit_list_duration;
3552 num_discarded_begin = 0;
3553 if (!found_non_empty_edit && edit_list_media_time == -1) {
3554 empty_edits_sum_duration += edit_list_duration;
3555 continue;
3556 }
3557 found_non_empty_edit = 1;
3558
3559 // If we encounter a non-negative edit list reset the skip_samples/start_pad fields and set them
3560 // according to the edit list below.
3561 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO) {
3562 if (first_non_zero_audio_edit < 0) {
3563 first_non_zero_audio_edit = 1;
3564 } else {
3565 first_non_zero_audio_edit = 0;
3566 }
3567
3568 if (first_non_zero_audio_edit > 0)
3569 st->skip_samples = msc->start_pad = 0;
3570 }
3571
3572 // While reordering frame index according to edit list we must handle properly
3573 // the scenario when edit list entry starts from none key frame.
3574 // We find closest previous key frame and preserve it and consequent frames in index.
3575 // All frames which are outside edit list entry time boundaries will be dropped after decoding.
3576 search_timestamp = edit_list_media_time;
3577 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO) {
3578 // Audio decoders like AAC need need a decoder delay samples previous to the current sample,
3579 // to correctly decode this frame. Hence for audio we seek to a frame 1 sec. before the
3580 // edit_list_media_time to cover the decoder delay.
3581 search_timestamp = FFMAX(search_timestamp - msc->time_scale, e_old[0].timestamp);
3582 }
3583
3584 if (find_prev_closest_index(st, e_old, nb_old, ctts_data_old, ctts_count_old, search_timestamp, 0,
3585 &index, &ctts_index_old, &ctts_sample_old) < 0) {
3586 av_log(mov->fc, AV_LOG_WARNING,
3587 "st: %d edit list: %"PRId64" Missing key frame while searching for timestamp: %"PRId64"\n",
3588 st->index, edit_list_index, search_timestamp);
3589 if (find_prev_closest_index(st, e_old, nb_old, ctts_data_old, ctts_count_old, search_timestamp, AVSEEK_FLAG_ANY,
3590 &index, &ctts_index_old, &ctts_sample_old) < 0) {
3591 av_log(mov->fc, AV_LOG_WARNING,
3592 "st: %d edit list %"PRId64" Cannot find an index entry before timestamp: %"PRId64".\n",
3593 st->index, edit_list_index, search_timestamp);
3594 index = 0;
3595 ctts_index_old = 0;
3596 ctts_sample_old = 0;
3597 }
3598 }
3599 current = e_old + index;
3600 edit_list_start_ctts_sample = ctts_sample_old;
3601
3602 // Iterate over index and arrange it according to edit list
3603 edit_list_start_encountered = 0;
3604 found_keyframe_after_edit = 0;
3605 for (; current < e_old_end; current++, index++) {
3606 // check if frame outside edit list mark it for discard
3607 frame_duration = (current + 1 < e_old_end) ?
3608 ((current + 1)->timestamp - current->timestamp) : edit_list_duration;
3609
3610 flags = current->flags;
3611
3612 // frames (pts) before or after edit list
3613 curr_cts = current->timestamp + msc->dts_shift;
3614 curr_ctts = 0;
3615
3616 if (ctts_data_old && ctts_index_old < ctts_count_old) {
3617 curr_ctts = ctts_data_old[ctts_index_old].duration;
3618 av_log(mov->fc, AV_LOG_DEBUG, "stts: %"PRId64" ctts: %"PRId64", ctts_index: %"PRId64", ctts_count: %"PRId64"\n",
3619 curr_cts, curr_ctts, ctts_index_old, ctts_count_old);
3620 curr_cts += curr_ctts;
3621 ctts_sample_old++;
3622 if (ctts_sample_old == ctts_data_old[ctts_index_old].count) {
3623 if (add_ctts_entry(&msc->ctts_data, &msc->ctts_count,
3624 &msc->ctts_allocated_size,
3625 ctts_data_old[ctts_index_old].count - edit_list_start_ctts_sample,
3626 ctts_data_old[ctts_index_old].duration) == -1) {
3627 av_log(mov->fc, AV_LOG_ERROR, "Cannot add CTTS entry %"PRId64" - {%"PRId64", %d}\n",
3628 ctts_index_old,
3629 ctts_data_old[ctts_index_old].count - edit_list_start_ctts_sample,
3630 ctts_data_old[ctts_index_old].duration);
3631 break;
3632 }
3633 ctts_index_old++;
3634 ctts_sample_old = 0;
3635 edit_list_start_ctts_sample = 0;
3636 }
3637 }
3638
3639 if (curr_cts < edit_list_media_time || curr_cts >= (edit_list_duration + edit_list_media_time)) {
3640 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO && st->codecpar->codec_id != AV_CODEC_ID_VORBIS &&
3641 curr_cts < edit_list_media_time && curr_cts + frame_duration > edit_list_media_time &&
3642 first_non_zero_audio_edit > 0) {
3643 packet_skip_samples = edit_list_media_time - curr_cts;
3644 st->skip_samples += packet_skip_samples;
3645
3646 // Shift the index entry timestamp by packet_skip_samples to be correct.
3647 edit_list_dts_counter -= packet_skip_samples;
3648 if (edit_list_start_encountered == 0) {
3649 edit_list_start_encountered = 1;
3650 // Make timestamps strictly monotonically increasing for audio, by rewriting timestamps for
3651 // discarded packets.
3652 if (frame_duration_buffer) {
3653 fix_index_entry_timestamps(st, st->nb_index_entries, edit_list_dts_counter,
3654 frame_duration_buffer, num_discarded_begin);
3655 av_freep(&frame_duration_buffer);
3656 }
3657 }
3658
3659 av_log(mov->fc, AV_LOG_DEBUG, "skip %d audio samples from curr_cts: %"PRId64"\n", packet_skip_samples, curr_cts);
3660 } else {
3661 flags |= AVINDEX_DISCARD_FRAME;
3662 av_log(mov->fc, AV_LOG_DEBUG, "drop a frame at curr_cts: %"PRId64" @ %"PRId64"\n", curr_cts, index);
3663
3664 if (edit_list_start_encountered == 0) {
3665 num_discarded_begin++;
3666 frame_duration_buffer = av_realloc(frame_duration_buffer,
3667 num_discarded_begin * sizeof(int64_t));
3668 if (!frame_duration_buffer) {
3669 av_log(mov->fc, AV_LOG_ERROR, "Cannot reallocate frame duration buffer\n");
3670 break;
3671 }
3672 frame_duration_buffer[num_discarded_begin - 1] = frame_duration;
3673
3674 // Increment skip_samples for the first non-zero audio edit list
3675 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO &&
3676 first_non_zero_audio_edit > 0 && st->codecpar->codec_id != AV_CODEC_ID_VORBIS) {
3677 st->skip_samples += frame_duration;
3678 }
3679 }
3680 }
3681 } else {
3682 if (msc->min_corrected_pts < 0) {
3683 msc->min_corrected_pts = edit_list_dts_counter + curr_ctts + msc->dts_shift;
3684 } else {
3685 msc->min_corrected_pts = FFMIN(msc->min_corrected_pts, edit_list_dts_counter + curr_ctts + msc->dts_shift);
3686 }
3687 if (edit_list_start_encountered == 0) {
3688 edit_list_start_encountered = 1;
3689 // Make timestamps strictly monotonically increasing by rewriting timestamps for
3690 // discarded packets.
3691 if (frame_duration_buffer) {
3692 fix_index_entry_timestamps(st, st->nb_index_entries, edit_list_dts_counter,
3693 frame_duration_buffer, num_discarded_begin);
3694 av_freep(&frame_duration_buffer);
3695 }
3696 }
3697 }
3698
3699 if (add_index_entry(st, current->pos, edit_list_dts_counter, current->size,
3700 current->min_distance, flags) == -1) {
3701 av_log(mov->fc, AV_LOG_ERROR, "Cannot add index entry\n");
3702 break;
3703 }
3704
3705 // Update the index ranges array
3706 if (current_index_range < msc->index_ranges || index != current_index_range->end) {
3707 current_index_range++;
3708 current_index_range->start = index;
3709 }
3710 current_index_range->end = index + 1;
3711
3712 // Only start incrementing DTS in frame_duration amounts, when we encounter a frame in edit list.
3713 if (edit_list_start_encountered > 0) {
3714 edit_list_dts_counter = edit_list_dts_counter + frame_duration;
3715 }
3716
3717 // Break when found first key frame after edit entry completion
3718 if ((curr_cts + frame_duration >= (edit_list_duration + edit_list_media_time)) &&
3719 ((flags & AVINDEX_KEYFRAME) || ((st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO)))) {
3720 if (ctts_data_old) {
3721 // If we have CTTS and this is the first keyframe after edit elist,
3722 // wait for one more, because there might be trailing B-frames after this I-frame
3723 // that do belong to the edit.
3724 if (st->codecpar->codec_type != AVMEDIA_TYPE_AUDIO && found_keyframe_after_edit == 0) {
3725 found_keyframe_after_edit = 1;
3726 continue;
3727 }
3728 if (ctts_sample_old != 0) {
3729 if (add_ctts_entry(&msc->ctts_data, &msc->ctts_count,
3730 &msc->ctts_allocated_size,
3731 ctts_sample_old - edit_list_start_ctts_sample,
3732 ctts_data_old[ctts_index_old].duration) == -1) {
3733 av_log(mov->fc, AV_LOG_ERROR, "Cannot add CTTS entry %"PRId64" - {%"PRId64", %d}\n",
3734 ctts_index_old, ctts_sample_old - edit_list_start_ctts_sample,
3735 ctts_data_old[ctts_index_old].duration);
3736 break;
3737 }
3738 }
3739 }
3740 break;
3741 }
3742 }
3743 }
3744 // If there are empty edits, then msc->min_corrected_pts might be positive
3745 // intentionally. So we subtract the sum duration of emtpy edits here.
3746 msc->min_corrected_pts -= empty_edits_sum_duration;
3747
3748 // If the minimum pts turns out to be greater than zero after fixing the index, then we subtract the
3749 // dts by that amount to make the first pts zero.
3750 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) {
3751 if (msc->min_corrected_pts > 0) {
3752 av_log(mov->fc, AV_LOG_DEBUG, "Offset DTS by %"PRId64" to make first pts zero.\n", msc->min_corrected_pts);
3753 for (i = 0; i < st->nb_index_entries; ++i) {
3754 st->index_entries[i].timestamp -= msc->min_corrected_pts;
3755 }
3756 }
3757 }
3758 // Start time should be equal to zero or the duration of any empty edits.
3759 st->start_time = empty_edits_sum_duration;
3760
3761 // Update av stream length, if it ends up shorter than the track's media duration
3762 st->duration = FFMIN(st->duration, edit_list_dts_entry_end - start_dts);
3763 msc->start_pad = st->skip_samples;
3764
3765 // Free the old index and the old CTTS structures
3766 av_free(e_old);
3767 av_free(ctts_data_old);
3768 av_freep(&frame_duration_buffer);
3769
3770 // Null terminate the index ranges array
3771 current_index_range++;
3772 current_index_range->start = 0;
3773 current_index_range->end = 0;
3774 msc->current_index = msc->index_ranges[0].start;
3775 }
3776
mov_build_index(MOVContext * mov,AVStream * st)3777 static void mov_build_index(MOVContext *mov, AVStream *st)
3778 {
3779 MOVStreamContext *sc = st->priv_data;
3780 int64_t current_offset;
3781 int64_t current_dts = 0;
3782 unsigned int stts_index = 0;
3783 unsigned int stsc_index = 0;
3784 unsigned int stss_index = 0;
3785 unsigned int stps_index = 0;
3786 unsigned int i, j;
3787 uint64_t stream_size = 0;
3788 MOVStts *ctts_data_old = sc->ctts_data;
3789 unsigned int ctts_count_old = sc->ctts_count;
3790
3791 if (sc->elst_count) {
3792 int i, edit_start_index = 0, multiple_edits = 0;
3793 int64_t empty_duration = 0; // empty duration of the first edit list entry
3794 int64_t start_time = 0; // start time of the media
3795
3796 for (i = 0; i < sc->elst_count; i++) {
3797 const MOVElst *e = &sc->elst_data[i];
3798 if (i == 0 && e->time == -1) {
3799 /* if empty, the first entry is the start time of the stream
3800 * relative to the presentation itself */
3801 empty_duration = e->duration;
3802 edit_start_index = 1;
3803 } else if (i == edit_start_index && e->time >= 0) {
3804 start_time = e->time;
3805 } else {
3806 multiple_edits = 1;
3807 }
3808 }
3809
3810 if (multiple_edits && !mov->advanced_editlist)
3811 av_log(mov->fc, AV_LOG_WARNING, "multiple edit list entries, "
3812 "Use -advanced_editlist to correctly decode otherwise "
3813 "a/v desync might occur\n");
3814
3815 /* adjust first dts according to edit list */
3816 if ((empty_duration || start_time) && mov->time_scale > 0) {
3817 if (empty_duration)
3818 empty_duration = av_rescale(empty_duration, sc->time_scale, mov->time_scale);
3819 sc->time_offset = start_time - empty_duration;
3820 sc->min_corrected_pts = start_time;
3821 if (!mov->advanced_editlist)
3822 current_dts = -sc->time_offset;
3823 }
3824
3825 if (!multiple_edits && !mov->advanced_editlist &&
3826 st->codecpar->codec_id == AV_CODEC_ID_AAC && start_time > 0)
3827 sc->start_pad = start_time;
3828 }
3829
3830 /* only use old uncompressed audio chunk demuxing when stts specifies it */
3831 if (!(st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO &&
3832 sc->stts_count == 1 && sc->stts_data[0].duration == 1)) {
3833 unsigned int current_sample = 0;
3834 unsigned int stts_sample = 0;
3835 unsigned int sample_size;
3836 unsigned int distance = 0;
3837 unsigned int rap_group_index = 0;
3838 unsigned int rap_group_sample = 0;
3839 int64_t last_dts = 0;
3840 int64_t dts_correction = 0;
3841 int rap_group_present = sc->rap_group_count && sc->rap_group;
3842 int key_off = (sc->keyframe_count && sc->keyframes[0] > 0) || (sc->stps_count && sc->stps_data[0] > 0);
3843
3844 current_dts -= sc->dts_shift;
3845 last_dts = current_dts;
3846
3847 if (!sc->sample_count || st->nb_index_entries)
3848 return;
3849 if (sc->sample_count >= UINT_MAX / sizeof(*st->index_entries) - st->nb_index_entries)
3850 return;
3851 if (av_reallocp_array(&st->index_entries,
3852 st->nb_index_entries + sc->sample_count,
3853 sizeof(*st->index_entries)) < 0) {
3854 st->nb_index_entries = 0;
3855 return;
3856 }
3857 st->index_entries_allocated_size = (st->nb_index_entries + sc->sample_count) * sizeof(*st->index_entries);
3858
3859 if (ctts_data_old) {
3860 // Expand ctts entries such that we have a 1-1 mapping with samples
3861 if (sc->sample_count >= UINT_MAX / sizeof(*sc->ctts_data))
3862 return;
3863 sc->ctts_count = 0;
3864 sc->ctts_allocated_size = 0;
3865 sc->ctts_data = av_fast_realloc(NULL, &sc->ctts_allocated_size,
3866 sc->sample_count * sizeof(*sc->ctts_data));
3867 if (!sc->ctts_data) {
3868 av_free(ctts_data_old);
3869 return;
3870 }
3871
3872 memset((uint8_t*)(sc->ctts_data), 0, sc->ctts_allocated_size);
3873
3874 for (i = 0; i < ctts_count_old &&
3875 sc->ctts_count < sc->sample_count; i++)
3876 for (j = 0; j < ctts_data_old[i].count &&
3877 sc->ctts_count < sc->sample_count; j++)
3878 add_ctts_entry(&sc->ctts_data, &sc->ctts_count,
3879 &sc->ctts_allocated_size, 1,
3880 ctts_data_old[i].duration);
3881 av_free(ctts_data_old);
3882 }
3883
3884 for (i = 0; i < sc->chunk_count; i++) {
3885 int64_t next_offset = i+1 < sc->chunk_count ? sc->chunk_offsets[i+1] : INT64_MAX;
3886 current_offset = sc->chunk_offsets[i];
3887 while (mov_stsc_index_valid(stsc_index, sc->stsc_count) &&
3888 i + 1 == sc->stsc_data[stsc_index + 1].first)
3889 stsc_index++;
3890
3891 if (next_offset > current_offset && sc->sample_size>0 && sc->sample_size < sc->stsz_sample_size &&
3892 sc->stsc_data[stsc_index].count * (int64_t)sc->stsz_sample_size > next_offset - current_offset) {
3893 av_log(mov->fc, AV_LOG_WARNING, "STSZ sample size %d invalid (too large), ignoring\n", sc->stsz_sample_size);
3894 sc->stsz_sample_size = sc->sample_size;
3895 }
3896 if (sc->stsz_sample_size>0 && sc->stsz_sample_size < sc->sample_size) {
3897 av_log(mov->fc, AV_LOG_WARNING, "STSZ sample size %d invalid (too small), ignoring\n", sc->stsz_sample_size);
3898 sc->stsz_sample_size = sc->sample_size;
3899 }
3900
3901 for (j = 0; j < sc->stsc_data[stsc_index].count; j++) {
3902 int keyframe = 0;
3903 if (current_sample >= sc->sample_count) {
3904 av_log(mov->fc, AV_LOG_ERROR, "wrong sample count\n");
3905 return;
3906 }
3907
3908 if (!sc->keyframe_absent && (!sc->keyframe_count || current_sample+key_off == sc->keyframes[stss_index])) {
3909 keyframe = 1;
3910 if (stss_index + 1 < sc->keyframe_count)
3911 stss_index++;
3912 } else if (sc->stps_count && current_sample+key_off == sc->stps_data[stps_index]) {
3913 keyframe = 1;
3914 if (stps_index + 1 < sc->stps_count)
3915 stps_index++;
3916 }
3917 if (rap_group_present && rap_group_index < sc->rap_group_count) {
3918 if (sc->rap_group[rap_group_index].index > 0)
3919 keyframe = 1;
3920 if (++rap_group_sample == sc->rap_group[rap_group_index].count) {
3921 rap_group_sample = 0;
3922 rap_group_index++;
3923 }
3924 }
3925 if (sc->keyframe_absent
3926 && !sc->stps_count
3927 && !rap_group_present
3928 && (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO || (i==0 && j==0)))
3929 keyframe = 1;
3930 if (keyframe)
3931 distance = 0;
3932 sample_size = sc->stsz_sample_size > 0 ? sc->stsz_sample_size : sc->sample_sizes[current_sample];
3933 if (sc->pseudo_stream_id == -1 ||
3934 sc->stsc_data[stsc_index].id - 1 == sc->pseudo_stream_id) {
3935 AVIndexEntry *e;
3936 if (sample_size > 0x3FFFFFFF) {
3937 av_log(mov->fc, AV_LOG_ERROR, "Sample size %u is too large\n", sample_size);
3938 return;
3939 }
3940 e = &st->index_entries[st->nb_index_entries++];
3941 e->pos = current_offset;
3942 e->timestamp = current_dts;
3943 e->size = sample_size;
3944 e->min_distance = distance;
3945 e->flags = keyframe ? AVINDEX_KEYFRAME : 0;
3946 av_log(mov->fc, AV_LOG_TRACE, "AVIndex stream %d, sample %u, offset %"PRIx64", dts %"PRId64", "
3947 "size %u, distance %u, keyframe %d\n", st->index, current_sample,
3948 current_offset, current_dts, sample_size, distance, keyframe);
3949 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO && st->nb_index_entries < 100)
3950 ff_rfps_add_frame(mov->fc, st, current_dts);
3951 }
3952
3953 current_offset += sample_size;
3954 stream_size += sample_size;
3955
3956 /* A negative sample duration is invalid based on the spec,
3957 * but some samples need it to correct the DTS. */
3958 if (sc->stts_data[stts_index].duration < 0) {
3959 av_log(mov->fc, AV_LOG_WARNING,
3960 "Invalid SampleDelta %d in STTS, at %d st:%d\n",
3961 sc->stts_data[stts_index].duration, stts_index,
3962 st->index);
3963 dts_correction += sc->stts_data[stts_index].duration - 1;
3964 sc->stts_data[stts_index].duration = 1;
3965 }
3966 current_dts += sc->stts_data[stts_index].duration;
3967 if (!dts_correction || current_dts + dts_correction > last_dts) {
3968 current_dts += dts_correction;
3969 dts_correction = 0;
3970 } else {
3971 /* Avoid creating non-monotonous DTS */
3972 dts_correction += current_dts - last_dts - 1;
3973 current_dts = last_dts + 1;
3974 }
3975 last_dts = current_dts;
3976 distance++;
3977 stts_sample++;
3978 current_sample++;
3979 if (stts_index + 1 < sc->stts_count && stts_sample == sc->stts_data[stts_index].count) {
3980 stts_sample = 0;
3981 stts_index++;
3982 }
3983 }
3984 }
3985 if (st->duration > 0)
3986 st->codecpar->bit_rate = stream_size*8*sc->time_scale/st->duration;
3987 } else {
3988 unsigned chunk_samples, total = 0;
3989
3990 if (!sc->chunk_count)
3991 return;
3992
3993 // compute total chunk count
3994 for (i = 0; i < sc->stsc_count; i++) {
3995 unsigned count, chunk_count;
3996
3997 chunk_samples = sc->stsc_data[i].count;
3998 if (i != sc->stsc_count - 1 &&
3999 sc->samples_per_frame && chunk_samples % sc->samples_per_frame) {
4000 av_log(mov->fc, AV_LOG_ERROR, "error unaligned chunk\n");
4001 return;
4002 }
4003
4004 if (sc->samples_per_frame >= 160) { // gsm
4005 count = chunk_samples / sc->samples_per_frame;
4006 } else if (sc->samples_per_frame > 1) {
4007 unsigned samples = (1024/sc->samples_per_frame)*sc->samples_per_frame;
4008 count = (chunk_samples+samples-1) / samples;
4009 } else {
4010 count = (chunk_samples+1023) / 1024;
4011 }
4012
4013 if (mov_stsc_index_valid(i, sc->stsc_count))
4014 chunk_count = sc->stsc_data[i+1].first - sc->stsc_data[i].first;
4015 else
4016 chunk_count = sc->chunk_count - (sc->stsc_data[i].first - 1);
4017 total += chunk_count * count;
4018 }
4019
4020 av_log(mov->fc, AV_LOG_TRACE, "chunk count %u\n", total);
4021 if (total >= UINT_MAX / sizeof(*st->index_entries) - st->nb_index_entries)
4022 return;
4023 if (av_reallocp_array(&st->index_entries,
4024 st->nb_index_entries + total,
4025 sizeof(*st->index_entries)) < 0) {
4026 st->nb_index_entries = 0;
4027 return;
4028 }
4029 st->index_entries_allocated_size = (st->nb_index_entries + total) * sizeof(*st->index_entries);
4030
4031 // populate index
4032 for (i = 0; i < sc->chunk_count; i++) {
4033 current_offset = sc->chunk_offsets[i];
4034 if (mov_stsc_index_valid(stsc_index, sc->stsc_count) &&
4035 i + 1 == sc->stsc_data[stsc_index + 1].first)
4036 stsc_index++;
4037 chunk_samples = sc->stsc_data[stsc_index].count;
4038
4039 while (chunk_samples > 0) {
4040 AVIndexEntry *e;
4041 unsigned size, samples;
4042
4043 if (sc->samples_per_frame > 1 && !sc->bytes_per_frame) {
4044 avpriv_request_sample(mov->fc,
4045 "Zero bytes per frame, but %d samples per frame",
4046 sc->samples_per_frame);
4047 return;
4048 }
4049
4050 if (sc->samples_per_frame >= 160) { // gsm
4051 samples = sc->samples_per_frame;
4052 size = sc->bytes_per_frame;
4053 } else {
4054 if (sc->samples_per_frame > 1) {
4055 samples = FFMIN((1024 / sc->samples_per_frame)*
4056 sc->samples_per_frame, chunk_samples);
4057 size = (samples / sc->samples_per_frame) * sc->bytes_per_frame;
4058 } else {
4059 samples = FFMIN(1024, chunk_samples);
4060 size = samples * sc->sample_size;
4061 }
4062 }
4063
4064 if (st->nb_index_entries >= total) {
4065 av_log(mov->fc, AV_LOG_ERROR, "wrong chunk count %u\n", total);
4066 return;
4067 }
4068 if (size > 0x3FFFFFFF) {
4069 av_log(mov->fc, AV_LOG_ERROR, "Sample size %u is too large\n", size);
4070 return;
4071 }
4072 e = &st->index_entries[st->nb_index_entries++];
4073 e->pos = current_offset;
4074 e->timestamp = current_dts;
4075 e->size = size;
4076 e->min_distance = 0;
4077 e->flags = AVINDEX_KEYFRAME;
4078 av_log(mov->fc, AV_LOG_TRACE, "AVIndex stream %d, chunk %u, offset %"PRIx64", dts %"PRId64", "
4079 "size %u, duration %u\n", st->index, i, current_offset, current_dts,
4080 size, samples);
4081
4082 current_offset += size;
4083 current_dts += samples;
4084 chunk_samples -= samples;
4085 }
4086 }
4087 }
4088
4089 if (!mov->ignore_editlist && mov->advanced_editlist) {
4090 // Fix index according to edit lists.
4091 mov_fix_index(mov, st);
4092 }
4093
4094 // Update start time of the stream.
4095 if (st->start_time == AV_NOPTS_VALUE && st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO && st->nb_index_entries > 0) {
4096 st->start_time = st->index_entries[0].timestamp + sc->dts_shift;
4097 if (sc->ctts_data) {
4098 st->start_time += sc->ctts_data[0].duration;
4099 }
4100 }
4101
4102 mov_estimate_video_delay(mov, st);
4103 }
4104
test_same_origin(const char * src,const char * ref)4105 static int test_same_origin(const char *src, const char *ref) {
4106 char src_proto[64];
4107 char ref_proto[64];
4108 char src_auth[256];
4109 char ref_auth[256];
4110 char src_host[256];
4111 char ref_host[256];
4112 int src_port=-1;
4113 int ref_port=-1;
4114
4115 av_url_split(src_proto, sizeof(src_proto), src_auth, sizeof(src_auth), src_host, sizeof(src_host), &src_port, NULL, 0, src);
4116 av_url_split(ref_proto, sizeof(ref_proto), ref_auth, sizeof(ref_auth), ref_host, sizeof(ref_host), &ref_port, NULL, 0, ref);
4117
4118 if (strlen(src) == 0) {
4119 return -1;
4120 } else if (strlen(src_auth) + 1 >= sizeof(src_auth) ||
4121 strlen(ref_auth) + 1 >= sizeof(ref_auth) ||
4122 strlen(src_host) + 1 >= sizeof(src_host) ||
4123 strlen(ref_host) + 1 >= sizeof(ref_host)) {
4124 return 0;
4125 } else if (strcmp(src_proto, ref_proto) ||
4126 strcmp(src_auth, ref_auth) ||
4127 strcmp(src_host, ref_host) ||
4128 src_port != ref_port) {
4129 return 0;
4130 } else
4131 return 1;
4132 }
4133
mov_open_dref(MOVContext * c,AVIOContext ** pb,const char * src,MOVDref * ref)4134 static int mov_open_dref(MOVContext *c, AVIOContext **pb, const char *src, MOVDref *ref)
4135 {
4136 /* try relative path, we do not try the absolute because it can leak information about our
4137 system to an attacker */
4138 if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
4139 char filename[1025];
4140 const char *src_path;
4141 int i, l;
4142
4143 /* find a source dir */
4144 src_path = strrchr(src, '/');
4145 if (src_path)
4146 src_path++;
4147 else
4148 src_path = src;
4149
4150 /* find a next level down to target */
4151 for (i = 0, l = strlen(ref->path) - 1; l >= 0; l--)
4152 if (ref->path[l] == '/') {
4153 if (i == ref->nlvl_to - 1)
4154 break;
4155 else
4156 i++;
4157 }
4158
4159 /* compose filename if next level down to target was found */
4160 if (i == ref->nlvl_to - 1 && src_path - src < sizeof(filename)) {
4161 memcpy(filename, src, src_path - src);
4162 filename[src_path - src] = 0;
4163
4164 for (i = 1; i < ref->nlvl_from; i++)
4165 av_strlcat(filename, "../", sizeof(filename));
4166
4167 av_strlcat(filename, ref->path + l + 1, sizeof(filename));
4168 if (!c->use_absolute_path) {
4169 int same_origin = test_same_origin(src, filename);
4170
4171 if (!same_origin) {
4172 av_log(c->fc, AV_LOG_ERROR,
4173 "Reference with mismatching origin, %s not tried for security reasons, "
4174 "set demuxer option use_absolute_path to allow it anyway\n",
4175 ref->path);
4176 return AVERROR(ENOENT);
4177 }
4178
4179 if(strstr(ref->path + l + 1, "..") ||
4180 strstr(ref->path + l + 1, ":") ||
4181 (ref->nlvl_from > 1 && same_origin < 0) ||
4182 (filename[0] == '/' && src_path == src))
4183 return AVERROR(ENOENT);
4184 }
4185
4186 if (strlen(filename) + 1 == sizeof(filename))
4187 return AVERROR(ENOENT);
4188 if (!c->fc->io_open(c->fc, pb, filename, AVIO_FLAG_READ, NULL))
4189 return 0;
4190 }
4191 } else if (c->use_absolute_path) {
4192 av_log(c->fc, AV_LOG_WARNING, "Using absolute path on user request, "
4193 "this is a possible security issue\n");
4194 if (!c->fc->io_open(c->fc, pb, ref->path, AVIO_FLAG_READ, NULL))
4195 return 0;
4196 } else {
4197 av_log(c->fc, AV_LOG_ERROR,
4198 "Absolute path %s not tried for security reasons, "
4199 "set demuxer option use_absolute_path to allow absolute paths\n",
4200 ref->path);
4201 }
4202
4203 return AVERROR(ENOENT);
4204 }
4205
fix_timescale(MOVContext * c,MOVStreamContext * sc)4206 static void fix_timescale(MOVContext *c, MOVStreamContext *sc)
4207 {
4208 if (sc->time_scale <= 0) {
4209 av_log(c->fc, AV_LOG_WARNING, "stream %d, timescale not set\n", sc->ffindex);
4210 sc->time_scale = c->time_scale;
4211 if (sc->time_scale <= 0)
4212 sc->time_scale = 1;
4213 }
4214 }
4215
mov_read_trak(MOVContext * c,AVIOContext * pb,MOVAtom atom)4216 static int mov_read_trak(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4217 {
4218 AVStream *st;
4219 MOVStreamContext *sc;
4220 int ret;
4221
4222 st = avformat_new_stream(c->fc, NULL);
4223 if (!st) return AVERROR(ENOMEM);
4224 st->id = -1;
4225 sc = av_mallocz(sizeof(MOVStreamContext));
4226 if (!sc) return AVERROR(ENOMEM);
4227
4228 st->priv_data = sc;
4229 st->codecpar->codec_type = AVMEDIA_TYPE_DATA;
4230 sc->ffindex = st->index;
4231 c->trak_index = st->index;
4232
4233 if ((ret = mov_read_default(c, pb, atom)) < 0)
4234 return ret;
4235
4236 c->trak_index = -1;
4237
4238 // Here stsc refers to a chunk not described in stco. This is technically invalid,
4239 // but we can overlook it (clearing stsc) whenever stts_count == 0 (indicating no samples).
4240 if (!sc->chunk_count && !sc->stts_count && sc->stsc_count) {
4241 sc->stsc_count = 0;
4242 av_freep(&sc->stsc_data);
4243 }
4244
4245 /* sanity checks */
4246 if ((sc->chunk_count && (!sc->stts_count || !sc->stsc_count ||
4247 (!sc->sample_size && !sc->sample_count))) ||
4248 (!sc->chunk_count && sc->sample_count)) {
4249 av_log(c->fc, AV_LOG_ERROR, "stream %d, missing mandatory atoms, broken header\n",
4250 st->index);
4251 return 0;
4252 }
4253 if (sc->stsc_count && sc->stsc_data[ sc->stsc_count - 1 ].first > sc->chunk_count) {
4254 av_log(c->fc, AV_LOG_ERROR, "stream %d, contradictionary STSC and STCO\n",
4255 st->index);
4256 return AVERROR_INVALIDDATA;
4257 }
4258
4259 fix_timescale(c, sc);
4260
4261 avpriv_set_pts_info(st, 64, 1, sc->time_scale);
4262
4263 mov_build_index(c, st);
4264
4265 if (sc->dref_id-1 < sc->drefs_count && sc->drefs[sc->dref_id-1].path) {
4266 MOVDref *dref = &sc->drefs[sc->dref_id - 1];
4267 if (c->enable_drefs) {
4268 if (mov_open_dref(c, &sc->pb, c->fc->url, dref) < 0)
4269 av_log(c->fc, AV_LOG_ERROR,
4270 "stream %d, error opening alias: path='%s', dir='%s', "
4271 "filename='%s', volume='%s', nlvl_from=%d, nlvl_to=%d\n",
4272 st->index, dref->path, dref->dir, dref->filename,
4273 dref->volume, dref->nlvl_from, dref->nlvl_to);
4274 } else {
4275 av_log(c->fc, AV_LOG_WARNING,
4276 "Skipped opening external track: "
4277 "stream %d, alias: path='%s', dir='%s', "
4278 "filename='%s', volume='%s', nlvl_from=%d, nlvl_to=%d."
4279 "Set enable_drefs to allow this.\n",
4280 st->index, dref->path, dref->dir, dref->filename,
4281 dref->volume, dref->nlvl_from, dref->nlvl_to);
4282 }
4283 } else {
4284 sc->pb = c->fc->pb;
4285 sc->pb_is_copied = 1;
4286 }
4287
4288 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) {
4289 if (!st->sample_aspect_ratio.num && st->codecpar->width && st->codecpar->height &&
4290 sc->height && sc->width &&
4291 (st->codecpar->width != sc->width || st->codecpar->height != sc->height)) {
4292 st->sample_aspect_ratio = av_d2q(((double)st->codecpar->height * sc->width) /
4293 ((double)st->codecpar->width * sc->height), INT_MAX);
4294 }
4295
4296 #if FF_API_R_FRAME_RATE
4297 if (sc->stts_count == 1 || (sc->stts_count == 2 && sc->stts_data[1].count == 1))
4298 av_reduce(&st->r_frame_rate.num, &st->r_frame_rate.den,
4299 sc->time_scale, sc->stts_data[0].duration, INT_MAX);
4300 #endif
4301 }
4302
4303 // done for ai5q, ai52, ai55, ai1q, ai12 and ai15.
4304 if (!st->codecpar->extradata_size && st->codecpar->codec_id == AV_CODEC_ID_H264 &&
4305 TAG_IS_AVCI(st->codecpar->codec_tag)) {
4306 ret = ff_generate_avci_extradata(st);
4307 if (ret < 0)
4308 return ret;
4309 }
4310
4311 switch (st->codecpar->codec_id) {
4312 #if CONFIG_H261_DECODER
4313 case AV_CODEC_ID_H261:
4314 #endif
4315 #if CONFIG_H263_DECODER
4316 case AV_CODEC_ID_H263:
4317 #endif
4318 #if CONFIG_MPEG4_DECODER
4319 case AV_CODEC_ID_MPEG4:
4320 #endif
4321 st->codecpar->width = 0; /* let decoder init width/height */
4322 st->codecpar->height= 0;
4323 break;
4324 }
4325
4326 // If the duration of the mp3 packets is not constant, then they could need a parser
4327 if (st->codecpar->codec_id == AV_CODEC_ID_MP3
4328 && sc->stts_count > 3
4329 && sc->stts_count*10 > st->nb_frames
4330 && sc->time_scale == st->codecpar->sample_rate) {
4331 st->need_parsing = AVSTREAM_PARSE_FULL;
4332 }
4333 /* Do not need those anymore. */
4334 av_freep(&sc->chunk_offsets);
4335 av_freep(&sc->sample_sizes);
4336 av_freep(&sc->keyframes);
4337 av_freep(&sc->stts_data);
4338 av_freep(&sc->stps_data);
4339 av_freep(&sc->elst_data);
4340 av_freep(&sc->rap_group);
4341
4342 return 0;
4343 }
4344
mov_read_ilst(MOVContext * c,AVIOContext * pb,MOVAtom atom)4345 static int mov_read_ilst(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4346 {
4347 int ret;
4348 c->itunes_metadata = 1;
4349 ret = mov_read_default(c, pb, atom);
4350 c->itunes_metadata = 0;
4351 return ret;
4352 }
4353
mov_read_keys(MOVContext * c,AVIOContext * pb,MOVAtom atom)4354 static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4355 {
4356 uint32_t count;
4357 uint32_t i;
4358
4359 if (atom.size < 8)
4360 return 0;
4361
4362 avio_skip(pb, 4);
4363 count = avio_rb32(pb);
4364 if (count > UINT_MAX / sizeof(*c->meta_keys) - 1) {
4365 av_log(c->fc, AV_LOG_ERROR,
4366 "The 'keys' atom with the invalid key count: %"PRIu32"\n", count);
4367 return AVERROR_INVALIDDATA;
4368 }
4369
4370 c->meta_keys_count = count + 1;
4371 c->meta_keys = av_mallocz(c->meta_keys_count * sizeof(*c->meta_keys));
4372 if (!c->meta_keys)
4373 return AVERROR(ENOMEM);
4374
4375 for (i = 1; i <= count; ++i) {
4376 uint32_t key_size = avio_rb32(pb);
4377 uint32_t type = avio_rl32(pb);
4378 if (key_size < 8) {
4379 av_log(c->fc, AV_LOG_ERROR,
4380 "The key# %"PRIu32" in meta has invalid size:"
4381 "%"PRIu32"\n", i, key_size);
4382 return AVERROR_INVALIDDATA;
4383 }
4384 key_size -= 8;
4385 if (type != MKTAG('m','d','t','a')) {
4386 avio_skip(pb, key_size);
4387 }
4388 c->meta_keys[i] = av_mallocz(key_size + 1);
4389 if (!c->meta_keys[i])
4390 return AVERROR(ENOMEM);
4391 avio_read(pb, c->meta_keys[i], key_size);
4392 }
4393
4394 return 0;
4395 }
4396
mov_read_custom(MOVContext * c,AVIOContext * pb,MOVAtom atom)4397 static int mov_read_custom(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4398 {
4399 int64_t end = avio_tell(pb) + atom.size;
4400 uint8_t *key = NULL, *val = NULL, *mean = NULL;
4401 int i;
4402 int ret = 0;
4403 AVStream *st;
4404 MOVStreamContext *sc;
4405
4406 if (c->fc->nb_streams < 1)
4407 return 0;
4408 st = c->fc->streams[c->fc->nb_streams-1];
4409 sc = st->priv_data;
4410
4411 for (i = 0; i < 3; i++) {
4412 uint8_t **p;
4413 uint32_t len, tag;
4414
4415 if (end - avio_tell(pb) <= 12)
4416 break;
4417
4418 len = avio_rb32(pb);
4419 tag = avio_rl32(pb);
4420 avio_skip(pb, 4); // flags
4421
4422 if (len < 12 || len - 12 > end - avio_tell(pb))
4423 break;
4424 len -= 12;
4425
4426 if (tag == MKTAG('m', 'e', 'a', 'n'))
4427 p = &mean;
4428 else if (tag == MKTAG('n', 'a', 'm', 'e'))
4429 p = &key;
4430 else if (tag == MKTAG('d', 'a', 't', 'a') && len > 4) {
4431 avio_skip(pb, 4);
4432 len -= 4;
4433 p = &val;
4434 } else
4435 break;
4436
4437 if (*p)
4438 break;
4439
4440 *p = av_malloc(len + 1);
4441 if (!*p) {
4442 ret = AVERROR(ENOMEM);
4443 break;
4444 }
4445 ret = ffio_read_size(pb, *p, len);
4446 if (ret < 0) {
4447 av_freep(p);
4448 break;
4449 }
4450 (*p)[len] = 0;
4451 }
4452
4453 if (mean && key && val) {
4454 if (strcmp(key, "iTunSMPB") == 0) {
4455 int priming, remainder, samples;
4456 if(sscanf(val, "%*X %X %X %X", &priming, &remainder, &samples) == 3){
4457 if(priming>0 && priming<16384)
4458 sc->start_pad = priming;
4459 }
4460 }
4461 if (strcmp(key, "cdec") != 0) {
4462 av_dict_set(&c->fc->metadata, key, val,
4463 AV_DICT_DONT_STRDUP_KEY | AV_DICT_DONT_STRDUP_VAL);
4464 key = val = NULL;
4465 }
4466 } else {
4467 av_log(c->fc, AV_LOG_VERBOSE,
4468 "Unhandled or malformed custom metadata of size %"PRId64"\n", atom.size);
4469 }
4470
4471 avio_seek(pb, end, SEEK_SET);
4472 av_freep(&key);
4473 av_freep(&val);
4474 av_freep(&mean);
4475 return ret;
4476 }
4477
mov_read_meta(MOVContext * c,AVIOContext * pb,MOVAtom atom)4478 static int mov_read_meta(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4479 {
4480 while (atom.size > 8) {
4481 uint32_t tag;
4482 if (avio_feof(pb))
4483 return AVERROR_EOF;
4484 tag = avio_rl32(pb);
4485 atom.size -= 4;
4486 if (tag == MKTAG('h','d','l','r')) {
4487 avio_seek(pb, -8, SEEK_CUR);
4488 atom.size += 8;
4489 return mov_read_default(c, pb, atom);
4490 }
4491 }
4492 return 0;
4493 }
4494
4495 // return 1 when matrix is identity, 0 otherwise
4496 #define IS_MATRIX_IDENT(matrix) \
4497 ( (matrix)[0][0] == (1 << 16) && \
4498 (matrix)[1][1] == (1 << 16) && \
4499 (matrix)[2][2] == (1 << 30) && \
4500 !(matrix)[0][1] && !(matrix)[0][2] && \
4501 !(matrix)[1][0] && !(matrix)[1][2] && \
4502 !(matrix)[2][0] && !(matrix)[2][1])
4503
mov_read_tkhd(MOVContext * c,AVIOContext * pb,MOVAtom atom)4504 static int mov_read_tkhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4505 {
4506 int i, j, e;
4507 int width;
4508 int height;
4509 int display_matrix[3][3];
4510 int res_display_matrix[3][3] = { { 0 } };
4511 AVStream *st;
4512 MOVStreamContext *sc;
4513 int version;
4514 int flags;
4515
4516 if (c->fc->nb_streams < 1)
4517 return 0;
4518 st = c->fc->streams[c->fc->nb_streams-1];
4519 sc = st->priv_data;
4520
4521 // Each stream (trak) should have exactly 1 tkhd. This catches bad files and
4522 // avoids corrupting AVStreams mapped to an earlier tkhd.
4523 if (st->id != -1)
4524 return AVERROR_INVALIDDATA;
4525
4526 version = avio_r8(pb);
4527 flags = avio_rb24(pb);
4528 st->disposition |= (flags & MOV_TKHD_FLAG_ENABLED) ? AV_DISPOSITION_DEFAULT : 0;
4529
4530 if (version == 1) {
4531 avio_rb64(pb);
4532 avio_rb64(pb);
4533 } else {
4534 avio_rb32(pb); /* creation time */
4535 avio_rb32(pb); /* modification time */
4536 }
4537 st->id = (int)avio_rb32(pb); /* track id (NOT 0 !)*/
4538 avio_rb32(pb); /* reserved */
4539
4540 /* highlevel (considering edits) duration in movie timebase */
4541 (version == 1) ? avio_rb64(pb) : avio_rb32(pb);
4542 avio_rb32(pb); /* reserved */
4543 avio_rb32(pb); /* reserved */
4544
4545 avio_rb16(pb); /* layer */
4546 avio_rb16(pb); /* alternate group */
4547 avio_rb16(pb); /* volume */
4548 avio_rb16(pb); /* reserved */
4549
4550 //read in the display matrix (outlined in ISO 14496-12, Section 6.2.2)
4551 // they're kept in fixed point format through all calculations
4552 // save u,v,z to store the whole matrix in the AV_PKT_DATA_DISPLAYMATRIX
4553 // side data, but the scale factor is not needed to calculate aspect ratio
4554 for (i = 0; i < 3; i++) {
4555 display_matrix[i][0] = avio_rb32(pb); // 16.16 fixed point
4556 display_matrix[i][1] = avio_rb32(pb); // 16.16 fixed point
4557 display_matrix[i][2] = avio_rb32(pb); // 2.30 fixed point
4558 }
4559
4560 width = avio_rb32(pb); // 16.16 fixed point track width
4561 height = avio_rb32(pb); // 16.16 fixed point track height
4562 sc->width = width >> 16;
4563 sc->height = height >> 16;
4564
4565 // apply the moov display matrix (after the tkhd one)
4566 for (i = 0; i < 3; i++) {
4567 const int sh[3] = { 16, 16, 30 };
4568 for (j = 0; j < 3; j++) {
4569 for (e = 0; e < 3; e++) {
4570 res_display_matrix[i][j] +=
4571 ((int64_t) display_matrix[i][e] *
4572 c->movie_display_matrix[e][j]) >> sh[e];
4573 }
4574 }
4575 }
4576
4577 // save the matrix when it is not the default identity
4578 if (!IS_MATRIX_IDENT(res_display_matrix)) {
4579 double rotate;
4580
4581 av_freep(&sc->display_matrix);
4582 sc->display_matrix = av_malloc(sizeof(int32_t) * 9);
4583 if (!sc->display_matrix)
4584 return AVERROR(ENOMEM);
4585
4586 for (i = 0; i < 3; i++)
4587 for (j = 0; j < 3; j++)
4588 sc->display_matrix[i * 3 + j] = res_display_matrix[i][j];
4589
4590 #if FF_API_OLD_ROTATE_API
4591 rotate = av_display_rotation_get(sc->display_matrix);
4592 if (!isnan(rotate)) {
4593 char rotate_buf[64];
4594 rotate = -rotate;
4595 if (rotate < 0) // for backward compatibility
4596 rotate += 360;
4597 snprintf(rotate_buf, sizeof(rotate_buf), "%g", rotate);
4598 av_dict_set(&st->metadata, "rotate", rotate_buf, 0);
4599 }
4600 #endif
4601 }
4602
4603 // transform the display width/height according to the matrix
4604 // to keep the same scale, use [width height 1<<16]
4605 if (width && height && sc->display_matrix) {
4606 double disp_transform[2];
4607
4608 for (i = 0; i < 2; i++)
4609 disp_transform[i] = hypot(sc->display_matrix[0 + i],
4610 sc->display_matrix[3 + i]);
4611
4612 if (disp_transform[0] > 0 && disp_transform[1] > 0 &&
4613 disp_transform[0] < (1<<24) && disp_transform[1] < (1<<24) &&
4614 fabs((disp_transform[0] / disp_transform[1]) - 1.0) > 0.01)
4615 st->sample_aspect_ratio = av_d2q(
4616 disp_transform[0] / disp_transform[1],
4617 INT_MAX);
4618 }
4619 return 0;
4620 }
4621
mov_read_tfhd(MOVContext * c,AVIOContext * pb,MOVAtom atom)4622 static int mov_read_tfhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4623 {
4624 MOVFragment *frag = &c->fragment;
4625 MOVTrackExt *trex = NULL;
4626 int flags, track_id, i;
4627 MOVFragmentStreamInfo * frag_stream_info;
4628
4629 avio_r8(pb); /* version */
4630 flags = avio_rb24(pb);
4631
4632 track_id = avio_rb32(pb);
4633 if (!track_id)
4634 return AVERROR_INVALIDDATA;
4635 for (i = 0; i < c->trex_count; i++)
4636 if (c->trex_data[i].track_id == track_id) {
4637 trex = &c->trex_data[i];
4638 break;
4639 }
4640 if (!trex) {
4641 av_log(c->fc, AV_LOG_WARNING, "could not find corresponding trex (id %u)\n", track_id);
4642 return 0;
4643 }
4644 c->fragment.found_tfhd = 1;
4645 frag->track_id = track_id;
4646 set_frag_stream(&c->frag_index, track_id);
4647
4648 frag->base_data_offset = flags & MOV_TFHD_BASE_DATA_OFFSET ?
4649 avio_rb64(pb) : flags & MOV_TFHD_DEFAULT_BASE_IS_MOOF ?
4650 frag->moof_offset : frag->implicit_offset;
4651 frag->stsd_id = flags & MOV_TFHD_STSD_ID ? avio_rb32(pb) : trex->stsd_id;
4652
4653 frag->duration = flags & MOV_TFHD_DEFAULT_DURATION ?
4654 avio_rb32(pb) : trex->duration;
4655 frag->size = flags & MOV_TFHD_DEFAULT_SIZE ?
4656 avio_rb32(pb) : trex->size;
4657 frag->flags = flags & MOV_TFHD_DEFAULT_FLAGS ?
4658 avio_rb32(pb) : trex->flags;
4659 av_log(c->fc, AV_LOG_TRACE, "frag flags 0x%x\n", frag->flags);
4660
4661 frag_stream_info = get_current_frag_stream_info(&c->frag_index);
4662 if (frag_stream_info)
4663 frag_stream_info->next_trun_dts = AV_NOPTS_VALUE;
4664
4665 return 0;
4666 }
4667
mov_read_chap(MOVContext * c,AVIOContext * pb,MOVAtom atom)4668 static int mov_read_chap(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4669 {
4670 unsigned i, num;
4671 void *new_tracks;
4672
4673 num = atom.size / 4;
4674 if (!(new_tracks = av_malloc_array(num, sizeof(int))))
4675 return AVERROR(ENOMEM);
4676
4677 av_free(c->chapter_tracks);
4678 c->chapter_tracks = new_tracks;
4679 c->nb_chapter_tracks = num;
4680
4681 for (i = 0; i < num && !pb->eof_reached; i++)
4682 c->chapter_tracks[i] = avio_rb32(pb);
4683
4684 return 0;
4685 }
4686
mov_read_trex(MOVContext * c,AVIOContext * pb,MOVAtom atom)4687 static int mov_read_trex(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4688 {
4689 MOVTrackExt *trex;
4690 int err;
4691
4692 if ((uint64_t)c->trex_count+1 >= UINT_MAX / sizeof(*c->trex_data))
4693 return AVERROR_INVALIDDATA;
4694 if ((err = av_reallocp_array(&c->trex_data, c->trex_count + 1,
4695 sizeof(*c->trex_data))) < 0) {
4696 c->trex_count = 0;
4697 return err;
4698 }
4699
4700 c->fc->duration = AV_NOPTS_VALUE; // the duration from mvhd is not representing the whole file when fragments are used.
4701
4702 trex = &c->trex_data[c->trex_count++];
4703 avio_r8(pb); /* version */
4704 avio_rb24(pb); /* flags */
4705 trex->track_id = avio_rb32(pb);
4706 trex->stsd_id = avio_rb32(pb);
4707 trex->duration = avio_rb32(pb);
4708 trex->size = avio_rb32(pb);
4709 trex->flags = avio_rb32(pb);
4710 return 0;
4711 }
4712
mov_read_tfdt(MOVContext * c,AVIOContext * pb,MOVAtom atom)4713 static int mov_read_tfdt(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4714 {
4715 MOVFragment *frag = &c->fragment;
4716 AVStream *st = NULL;
4717 MOVStreamContext *sc;
4718 int version, i;
4719 MOVFragmentStreamInfo * frag_stream_info;
4720 int64_t base_media_decode_time;
4721
4722 for (i = 0; i < c->fc->nb_streams; i++) {
4723 if (c->fc->streams[i]->id == frag->track_id) {
4724 st = c->fc->streams[i];
4725 break;
4726 }
4727 }
4728 if (!st) {
4729 av_log(c->fc, AV_LOG_WARNING, "could not find corresponding track id %u\n", frag->track_id);
4730 return 0;
4731 }
4732 sc = st->priv_data;
4733 if (sc->pseudo_stream_id + 1 != frag->stsd_id && sc->pseudo_stream_id != -1)
4734 return 0;
4735 version = avio_r8(pb);
4736 avio_rb24(pb); /* flags */
4737 if (version) {
4738 base_media_decode_time = avio_rb64(pb);
4739 } else {
4740 base_media_decode_time = avio_rb32(pb);
4741 }
4742
4743 frag_stream_info = get_current_frag_stream_info(&c->frag_index);
4744 if (frag_stream_info)
4745 frag_stream_info->tfdt_dts = base_media_decode_time;
4746 sc->track_end = base_media_decode_time;
4747
4748 return 0;
4749 }
4750
mov_read_trun(MOVContext * c,AVIOContext * pb,MOVAtom atom)4751 static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4752 {
4753 MOVFragment *frag = &c->fragment;
4754 AVStream *st = NULL;
4755 MOVStreamContext *sc;
4756 MOVStts *ctts_data;
4757 uint64_t offset;
4758 int64_t dts, pts = AV_NOPTS_VALUE;
4759 int data_offset = 0;
4760 unsigned entries, first_sample_flags = frag->flags;
4761 int flags, distance, i;
4762 int64_t prev_dts = AV_NOPTS_VALUE;
4763 int next_frag_index = -1, index_entry_pos;
4764 size_t requested_size;
4765 size_t old_ctts_allocated_size;
4766 AVIndexEntry *new_entries;
4767 MOVFragmentStreamInfo * frag_stream_info;
4768
4769 if (!frag->found_tfhd) {
4770 av_log(c->fc, AV_LOG_ERROR, "trun track id unknown, no tfhd was found\n");
4771 return AVERROR_INVALIDDATA;
4772 }
4773
4774 for (i = 0; i < c->fc->nb_streams; i++) {
4775 if (c->fc->streams[i]->id == frag->track_id) {
4776 st = c->fc->streams[i];
4777 break;
4778 }
4779 }
4780 if (!st) {
4781 av_log(c->fc, AV_LOG_WARNING, "could not find corresponding track id %u\n", frag->track_id);
4782 return 0;
4783 }
4784 sc = st->priv_data;
4785 if (sc->pseudo_stream_id+1 != frag->stsd_id && sc->pseudo_stream_id != -1)
4786 return 0;
4787
4788 // Find the next frag_index index that has a valid index_entry for
4789 // the current track_id.
4790 //
4791 // A valid index_entry means the trun for the fragment was read
4792 // and it's samples are in index_entries at the given position.
4793 // New index entries will be inserted before the index_entry found.
4794 index_entry_pos = st->nb_index_entries;
4795 for (i = c->frag_index.current + 1; i < c->frag_index.nb_items; i++) {
4796 frag_stream_info = get_frag_stream_info(&c->frag_index, i, frag->track_id);
4797 if (frag_stream_info && frag_stream_info->index_entry >= 0) {
4798 next_frag_index = i;
4799 index_entry_pos = frag_stream_info->index_entry;
4800 break;
4801 }
4802 }
4803 av_assert0(index_entry_pos <= st->nb_index_entries);
4804
4805 avio_r8(pb); /* version */
4806 flags = avio_rb24(pb);
4807 entries = avio_rb32(pb);
4808 av_log(c->fc, AV_LOG_TRACE, "flags 0x%x entries %u\n", flags, entries);
4809
4810 if ((uint64_t)entries+sc->ctts_count >= UINT_MAX/sizeof(*sc->ctts_data))
4811 return AVERROR_INVALIDDATA;
4812 if (flags & MOV_TRUN_DATA_OFFSET) data_offset = avio_rb32(pb);
4813 if (flags & MOV_TRUN_FIRST_SAMPLE_FLAGS) first_sample_flags = avio_rb32(pb);
4814
4815 frag_stream_info = get_current_frag_stream_info(&c->frag_index);
4816 if (frag_stream_info)
4817 {
4818 if (frag_stream_info->next_trun_dts != AV_NOPTS_VALUE) {
4819 dts = frag_stream_info->next_trun_dts - sc->time_offset;
4820 } else if (frag_stream_info->first_tfra_pts != AV_NOPTS_VALUE &&
4821 c->use_mfra_for == FF_MOV_FLAG_MFRA_PTS) {
4822 pts = frag_stream_info->first_tfra_pts;
4823 av_log(c->fc, AV_LOG_DEBUG, "found mfra time %"PRId64
4824 ", using it for pts\n", pts);
4825 } else if (frag_stream_info->first_tfra_pts != AV_NOPTS_VALUE &&
4826 c->use_mfra_for == FF_MOV_FLAG_MFRA_DTS) {
4827 dts = frag_stream_info->first_tfra_pts;
4828 av_log(c->fc, AV_LOG_DEBUG, "found mfra time %"PRId64
4829 ", using it for dts\n", pts);
4830 } else if (frag_stream_info->sidx_pts != AV_NOPTS_VALUE) {
4831 // FIXME: sidx earliest_presentation_time is *PTS*, s.b.
4832 // pts = frag_stream_info->sidx_pts;
4833 dts = frag_stream_info->sidx_pts - sc->time_offset;
4834 av_log(c->fc, AV_LOG_DEBUG, "found sidx time %"PRId64
4835 ", using it for pts\n", pts);
4836 } else if (frag_stream_info->tfdt_dts != AV_NOPTS_VALUE) {
4837 dts = frag_stream_info->tfdt_dts - sc->time_offset;
4838 av_log(c->fc, AV_LOG_DEBUG, "found tfdt time %"PRId64
4839 ", using it for dts\n", dts);
4840 } else {
4841 dts = sc->track_end - sc->time_offset;
4842 av_log(c->fc, AV_LOG_DEBUG, "found track end time %"PRId64
4843 ", using it for dts\n", dts);
4844 }
4845 } else {
4846 dts = sc->track_end - sc->time_offset;
4847 av_log(c->fc, AV_LOG_DEBUG, "found track end time %"PRId64
4848 ", using it for dts\n", dts);
4849 }
4850 offset = frag->base_data_offset + data_offset;
4851 distance = 0;
4852 av_log(c->fc, AV_LOG_TRACE, "first sample flags 0x%x\n", first_sample_flags);
4853
4854 // realloc space for new index entries
4855 if((uint64_t)st->nb_index_entries + entries >= UINT_MAX / sizeof(AVIndexEntry)) {
4856 entries = UINT_MAX / sizeof(AVIndexEntry) - st->nb_index_entries;
4857 av_log(c->fc, AV_LOG_ERROR, "Failed to add index entry\n");
4858 }
4859 if (entries == 0)
4860 return 0;
4861
4862 requested_size = (st->nb_index_entries + entries) * sizeof(AVIndexEntry);
4863 new_entries = av_fast_realloc(st->index_entries,
4864 &st->index_entries_allocated_size,
4865 requested_size);
4866 if(!new_entries)
4867 return AVERROR(ENOMEM);
4868 st->index_entries= new_entries;
4869
4870 requested_size = (st->nb_index_entries + entries) * sizeof(*sc->ctts_data);
4871 old_ctts_allocated_size = sc->ctts_allocated_size;
4872 ctts_data = av_fast_realloc(sc->ctts_data, &sc->ctts_allocated_size,
4873 requested_size);
4874 if (!ctts_data)
4875 return AVERROR(ENOMEM);
4876 sc->ctts_data = ctts_data;
4877
4878 // In case there were samples without ctts entries, ensure they get
4879 // zero valued entries. This ensures clips which mix boxes with and
4880 // without ctts entries don't pickup uninitialized data.
4881 memset((uint8_t*)(sc->ctts_data) + old_ctts_allocated_size, 0,
4882 sc->ctts_allocated_size - old_ctts_allocated_size);
4883
4884 if (index_entry_pos < st->nb_index_entries) {
4885 // Make hole in index_entries and ctts_data for new samples
4886 memmove(st->index_entries + index_entry_pos + entries,
4887 st->index_entries + index_entry_pos,
4888 sizeof(*st->index_entries) *
4889 (st->nb_index_entries - index_entry_pos));
4890 memmove(sc->ctts_data + index_entry_pos + entries,
4891 sc->ctts_data + index_entry_pos,
4892 sizeof(*sc->ctts_data) * (sc->ctts_count - index_entry_pos));
4893 if (index_entry_pos < sc->current_sample) {
4894 sc->current_sample += entries;
4895 }
4896 }
4897
4898 st->nb_index_entries += entries;
4899 sc->ctts_count = st->nb_index_entries;
4900
4901 // Record the index_entry position in frag_index of this fragment
4902 if (frag_stream_info)
4903 frag_stream_info->index_entry = index_entry_pos;
4904
4905 if (index_entry_pos > 0)
4906 prev_dts = st->index_entries[index_entry_pos-1].timestamp;
4907
4908 for (i = 0; i < entries && !pb->eof_reached; i++) {
4909 unsigned sample_size = frag->size;
4910 int sample_flags = i ? frag->flags : first_sample_flags;
4911 unsigned sample_duration = frag->duration;
4912 unsigned ctts_duration = 0;
4913 int keyframe = 0;
4914 int index_entry_flags = 0;
4915
4916 if (flags & MOV_TRUN_SAMPLE_DURATION) sample_duration = avio_rb32(pb);
4917 if (flags & MOV_TRUN_SAMPLE_SIZE) sample_size = avio_rb32(pb);
4918 if (flags & MOV_TRUN_SAMPLE_FLAGS) sample_flags = avio_rb32(pb);
4919 if (flags & MOV_TRUN_SAMPLE_CTS) ctts_duration = avio_rb32(pb);
4920
4921 mov_update_dts_shift(sc, ctts_duration, c->fc);
4922 if (pts != AV_NOPTS_VALUE) {
4923 dts = pts - sc->dts_shift;
4924 if (flags & MOV_TRUN_SAMPLE_CTS) {
4925 dts -= ctts_duration;
4926 } else {
4927 dts -= sc->time_offset;
4928 }
4929 av_log(c->fc, AV_LOG_DEBUG,
4930 "pts %"PRId64" calculated dts %"PRId64
4931 " sc->dts_shift %d ctts.duration %d"
4932 " sc->time_offset %"PRId64
4933 " flags & MOV_TRUN_SAMPLE_CTS %d\n",
4934 pts, dts,
4935 sc->dts_shift, ctts_duration,
4936 sc->time_offset, flags & MOV_TRUN_SAMPLE_CTS);
4937 pts = AV_NOPTS_VALUE;
4938 }
4939
4940 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO)
4941 keyframe = 1;
4942 else
4943 keyframe =
4944 !(sample_flags & (MOV_FRAG_SAMPLE_FLAG_IS_NON_SYNC |
4945 MOV_FRAG_SAMPLE_FLAG_DEPENDS_YES));
4946 if (keyframe) {
4947 distance = 0;
4948 index_entry_flags |= AVINDEX_KEYFRAME;
4949 }
4950 // Fragments can overlap in time. Discard overlapping frames after
4951 // decoding.
4952 if (prev_dts >= dts)
4953 index_entry_flags |= AVINDEX_DISCARD_FRAME;
4954
4955 st->index_entries[index_entry_pos].pos = offset;
4956 st->index_entries[index_entry_pos].timestamp = dts;
4957 st->index_entries[index_entry_pos].size= sample_size;
4958 st->index_entries[index_entry_pos].min_distance= distance;
4959 st->index_entries[index_entry_pos].flags = index_entry_flags;
4960
4961 sc->ctts_data[index_entry_pos].count = 1;
4962 sc->ctts_data[index_entry_pos].duration = ctts_duration;
4963 index_entry_pos++;
4964
4965 av_log(c->fc, AV_LOG_TRACE, "AVIndex stream %d, sample %d, offset %"PRIx64", dts %"PRId64", "
4966 "size %u, distance %d, keyframe %d\n", st->index,
4967 index_entry_pos, offset, dts, sample_size, distance, keyframe);
4968 distance++;
4969 dts += sample_duration;
4970 offset += sample_size;
4971 sc->data_size += sample_size;
4972
4973 if (sample_duration <= INT64_MAX - sc->duration_for_fps &&
4974 1 <= INT_MAX - sc->nb_frames_for_fps
4975 ) {
4976 sc->duration_for_fps += sample_duration;
4977 sc->nb_frames_for_fps ++;
4978 }
4979 }
4980 if (frag_stream_info)
4981 frag_stream_info->next_trun_dts = dts + sc->time_offset;
4982 if (i < entries) {
4983 // EOF found before reading all entries. Fix the hole this would
4984 // leave in index_entries and ctts_data
4985 int gap = entries - i;
4986 memmove(st->index_entries + index_entry_pos,
4987 st->index_entries + index_entry_pos + gap,
4988 sizeof(*st->index_entries) *
4989 (st->nb_index_entries - (index_entry_pos + gap)));
4990 memmove(sc->ctts_data + index_entry_pos,
4991 sc->ctts_data + index_entry_pos + gap,
4992 sizeof(*sc->ctts_data) *
4993 (sc->ctts_count - (index_entry_pos + gap)));
4994
4995 st->nb_index_entries -= gap;
4996 sc->ctts_count -= gap;
4997 if (index_entry_pos < sc->current_sample) {
4998 sc->current_sample -= gap;
4999 }
5000 entries = i;
5001 }
5002
5003 // The end of this new fragment may overlap in time with the start
5004 // of the next fragment in index_entries. Mark the samples in the next
5005 // fragment that overlap with AVINDEX_DISCARD_FRAME
5006 prev_dts = AV_NOPTS_VALUE;
5007 if (index_entry_pos > 0)
5008 prev_dts = st->index_entries[index_entry_pos-1].timestamp;
5009 for (i = index_entry_pos; i < st->nb_index_entries; i++) {
5010 if (prev_dts < st->index_entries[i].timestamp)
5011 break;
5012 st->index_entries[i].flags |= AVINDEX_DISCARD_FRAME;
5013 }
5014
5015 // If a hole was created to insert the new index_entries into,
5016 // the index_entry recorded for all subsequent moof must
5017 // be incremented by the number of entries inserted.
5018 fix_frag_index_entries(&c->frag_index, next_frag_index,
5019 frag->track_id, entries);
5020
5021 if (pb->eof_reached) {
5022 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted TRUN atom\n");
5023 return AVERROR_EOF;
5024 }
5025
5026 frag->implicit_offset = offset;
5027
5028 sc->track_end = dts + sc->time_offset;
5029 if (st->duration < sc->track_end)
5030 st->duration = sc->track_end;
5031
5032 return 0;
5033 }
5034
mov_read_sidx(MOVContext * c,AVIOContext * pb,MOVAtom atom)5035 static int mov_read_sidx(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5036 {
5037 int64_t offset = avio_tell(pb) + atom.size, pts, timestamp;
5038 uint8_t version;
5039 unsigned i, j, track_id, item_count;
5040 AVStream *st = NULL;
5041 AVStream *ref_st = NULL;
5042 MOVStreamContext *sc, *ref_sc = NULL;
5043 AVRational timescale;
5044
5045 version = avio_r8(pb);
5046 if (version > 1) {
5047 avpriv_request_sample(c->fc, "sidx version %u", version);
5048 return 0;
5049 }
5050
5051 avio_rb24(pb); // flags
5052
5053 track_id = avio_rb32(pb); // Reference ID
5054 for (i = 0; i < c->fc->nb_streams; i++) {
5055 if (c->fc->streams[i]->id == track_id) {
5056 st = c->fc->streams[i];
5057 break;
5058 }
5059 }
5060 if (!st) {
5061 av_log(c->fc, AV_LOG_WARNING, "could not find corresponding track id %d\n", track_id);
5062 return 0;
5063 }
5064
5065 sc = st->priv_data;
5066
5067 timescale = av_make_q(1, avio_rb32(pb));
5068
5069 if (timescale.den <= 0) {
5070 av_log(c->fc, AV_LOG_ERROR, "Invalid sidx timescale 1/%d\n", timescale.den);
5071 return AVERROR_INVALIDDATA;
5072 }
5073
5074 if (version == 0) {
5075 pts = avio_rb32(pb);
5076 offset += avio_rb32(pb);
5077 } else {
5078 pts = avio_rb64(pb);
5079 offset += avio_rb64(pb);
5080 }
5081
5082 avio_rb16(pb); // reserved
5083
5084 item_count = avio_rb16(pb);
5085
5086 for (i = 0; i < item_count; i++) {
5087 int index;
5088 MOVFragmentStreamInfo * frag_stream_info;
5089 uint32_t size = avio_rb32(pb);
5090 uint32_t duration = avio_rb32(pb);
5091 if (size & 0x80000000) {
5092 avpriv_request_sample(c->fc, "sidx reference_type 1");
5093 return AVERROR_PATCHWELCOME;
5094 }
5095 avio_rb32(pb); // sap_flags
5096 timestamp = av_rescale_q(pts, timescale, st->time_base);
5097
5098 index = update_frag_index(c, offset);
5099 frag_stream_info = get_frag_stream_info(&c->frag_index, index, track_id);
5100 if (frag_stream_info)
5101 frag_stream_info->sidx_pts = timestamp;
5102
5103 offset += size;
5104 pts += duration;
5105 }
5106
5107 st->duration = sc->track_end = pts;
5108
5109 sc->has_sidx = 1;
5110
5111 if (offset == avio_size(pb)) {
5112 // Find first entry in fragment index that came from an sidx.
5113 // This will pretty much always be the first entry.
5114 for (i = 0; i < c->frag_index.nb_items; i++) {
5115 MOVFragmentIndexItem * item = &c->frag_index.item[i];
5116 for (j = 0; ref_st == NULL && j < item->nb_stream_info; j++) {
5117 MOVFragmentStreamInfo * si;
5118 si = &item->stream_info[j];
5119 if (si->sidx_pts != AV_NOPTS_VALUE) {
5120 ref_st = c->fc->streams[j];
5121 ref_sc = ref_st->priv_data;
5122 break;
5123 }
5124 }
5125 }
5126 if (ref_st) for (i = 0; i < c->fc->nb_streams; i++) {
5127 st = c->fc->streams[i];
5128 sc = st->priv_data;
5129 if (!sc->has_sidx) {
5130 st->duration = sc->track_end = av_rescale(ref_st->duration, sc->time_scale, ref_sc->time_scale);
5131 }
5132 }
5133
5134 c->frag_index.complete = 1;
5135 }
5136
5137 return 0;
5138 }
5139
5140 /* this atom should be null (from specs), but some buggy files put the 'moov' atom inside it... */
5141 /* like the files created with Adobe Premiere 5.0, for samples see */
5142 /* http://graphics.tudelft.nl/~wouter/publications/soundtests/ */
mov_read_wide(MOVContext * c,AVIOContext * pb,MOVAtom atom)5143 static int mov_read_wide(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5144 {
5145 int err;
5146
5147 if (atom.size < 8)
5148 return 0; /* continue */
5149 if (avio_rb32(pb) != 0) { /* 0 sized mdat atom... use the 'wide' atom size */
5150 avio_skip(pb, atom.size - 4);
5151 return 0;
5152 }
5153 atom.type = avio_rl32(pb);
5154 atom.size -= 8;
5155 if (atom.type != MKTAG('m','d','a','t')) {
5156 avio_skip(pb, atom.size);
5157 return 0;
5158 }
5159 err = mov_read_mdat(c, pb, atom);
5160 return err;
5161 }
5162
mov_read_cmov(MOVContext * c,AVIOContext * pb,MOVAtom atom)5163 static int mov_read_cmov(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5164 {
5165 #if CONFIG_ZLIB
5166 AVIOContext ctx;
5167 uint8_t *cmov_data;
5168 uint8_t *moov_data; /* uncompressed data */
5169 long cmov_len, moov_len;
5170 int ret = -1;
5171
5172 avio_rb32(pb); /* dcom atom */
5173 if (avio_rl32(pb) != MKTAG('d','c','o','m'))
5174 return AVERROR_INVALIDDATA;
5175 if (avio_rl32(pb) != MKTAG('z','l','i','b')) {
5176 av_log(c->fc, AV_LOG_ERROR, "unknown compression for cmov atom !\n");
5177 return AVERROR_INVALIDDATA;
5178 }
5179 avio_rb32(pb); /* cmvd atom */
5180 if (avio_rl32(pb) != MKTAG('c','m','v','d'))
5181 return AVERROR_INVALIDDATA;
5182 moov_len = avio_rb32(pb); /* uncompressed size */
5183 cmov_len = atom.size - 6 * 4;
5184
5185 cmov_data = av_malloc(cmov_len);
5186 if (!cmov_data)
5187 return AVERROR(ENOMEM);
5188 moov_data = av_malloc(moov_len);
5189 if (!moov_data) {
5190 av_free(cmov_data);
5191 return AVERROR(ENOMEM);
5192 }
5193 ret = ffio_read_size(pb, cmov_data, cmov_len);
5194 if (ret < 0)
5195 goto free_and_return;
5196
5197 ret = AVERROR_INVALIDDATA;
5198 if (uncompress (moov_data, (uLongf *) &moov_len, (const Bytef *)cmov_data, cmov_len) != Z_OK)
5199 goto free_and_return;
5200 if (ffio_init_context(&ctx, moov_data, moov_len, 0, NULL, NULL, NULL, NULL) != 0)
5201 goto free_and_return;
5202 ctx.seekable = AVIO_SEEKABLE_NORMAL;
5203 atom.type = MKTAG('m','o','o','v');
5204 atom.size = moov_len;
5205 ret = mov_read_default(c, &ctx, atom);
5206 free_and_return:
5207 av_free(moov_data);
5208 av_free(cmov_data);
5209 return ret;
5210 #else
5211 av_log(c->fc, AV_LOG_ERROR, "this file requires zlib support compiled in\n");
5212 return AVERROR(ENOSYS);
5213 #endif
5214 }
5215
5216 /* edit list atom */
mov_read_elst(MOVContext * c,AVIOContext * pb,MOVAtom atom)5217 static int mov_read_elst(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5218 {
5219 MOVStreamContext *sc;
5220 int i, edit_count, version;
5221 int64_t elst_entry_size;
5222
5223 if (c->fc->nb_streams < 1 || c->ignore_editlist)
5224 return 0;
5225 sc = c->fc->streams[c->fc->nb_streams-1]->priv_data;
5226
5227 version = avio_r8(pb); /* version */
5228 avio_rb24(pb); /* flags */
5229 edit_count = avio_rb32(pb); /* entries */
5230 atom.size -= 8;
5231
5232 elst_entry_size = version == 1 ? 20 : 12;
5233 if (atom.size != edit_count * elst_entry_size) {
5234 if (c->fc->strict_std_compliance >= FF_COMPLIANCE_STRICT) {
5235 av_log(c->fc, AV_LOG_ERROR, "Invalid edit list entry_count: %d for elst atom of size: %"PRId64" bytes.\n",
5236 edit_count, atom.size + 8);
5237 return AVERROR_INVALIDDATA;
5238 } else {
5239 edit_count = atom.size / elst_entry_size;
5240 if (edit_count * elst_entry_size != atom.size) {
5241 av_log(c->fc, AV_LOG_WARNING, "ELST atom of %"PRId64" bytes, bigger than %d entries.", atom.size, edit_count);
5242 }
5243 }
5244 }
5245
5246 if (!edit_count)
5247 return 0;
5248 if (sc->elst_data)
5249 av_log(c->fc, AV_LOG_WARNING, "Duplicated ELST atom\n");
5250 av_free(sc->elst_data);
5251 sc->elst_count = 0;
5252 sc->elst_data = av_malloc_array(edit_count, sizeof(*sc->elst_data));
5253 if (!sc->elst_data)
5254 return AVERROR(ENOMEM);
5255
5256 av_log(c->fc, AV_LOG_TRACE, "track[%u].edit_count = %i\n", c->fc->nb_streams - 1, edit_count);
5257 for (i = 0; i < edit_count && atom.size > 0 && !pb->eof_reached; i++) {
5258 MOVElst *e = &sc->elst_data[i];
5259
5260 if (version == 1) {
5261 e->duration = avio_rb64(pb);
5262 e->time = avio_rb64(pb);
5263 atom.size -= 16;
5264 } else {
5265 e->duration = avio_rb32(pb); /* segment duration */
5266 e->time = (int32_t)avio_rb32(pb); /* media time */
5267 atom.size -= 8;
5268 }
5269 e->rate = avio_rb32(pb) / 65536.0;
5270 atom.size -= 4;
5271 av_log(c->fc, AV_LOG_TRACE, "duration=%"PRId64" time=%"PRId64" rate=%f\n",
5272 e->duration, e->time, e->rate);
5273
5274 if (e->time < 0 && e->time != -1 &&
5275 c->fc->strict_std_compliance >= FF_COMPLIANCE_STRICT) {
5276 av_log(c->fc, AV_LOG_ERROR, "Track %d, edit %d: Invalid edit list media time=%"PRId64"\n",
5277 c->fc->nb_streams-1, i, e->time);
5278 return AVERROR_INVALIDDATA;
5279 }
5280 }
5281 sc->elst_count = i;
5282
5283 return 0;
5284 }
5285
mov_read_tmcd(MOVContext * c,AVIOContext * pb,MOVAtom atom)5286 static int mov_read_tmcd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5287 {
5288 MOVStreamContext *sc;
5289
5290 if (c->fc->nb_streams < 1)
5291 return AVERROR_INVALIDDATA;
5292 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5293 sc->timecode_track = avio_rb32(pb);
5294 return 0;
5295 }
5296
mov_read_av1c(MOVContext * c,AVIOContext * pb,MOVAtom atom)5297 static int mov_read_av1c(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5298 {
5299 AVStream *st;
5300 int ret;
5301
5302 if (c->fc->nb_streams < 1)
5303 return 0;
5304 st = c->fc->streams[c->fc->nb_streams - 1];
5305
5306 if (atom.size < 4) {
5307 av_log(c->fc, AV_LOG_ERROR, "Empty AV1 Codec Configuration Box\n");
5308 return AVERROR_INVALIDDATA;
5309 }
5310
5311 /* For now, propagate only the OBUs, if any. Once libavcodec is
5312 updated to handle isobmff style extradata this can be removed. */
5313 avio_skip(pb, 4);
5314
5315 if (atom.size == 4)
5316 return 0;
5317
5318 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size - 4);
5319 if (ret < 0)
5320 return ret;
5321
5322 return 0;
5323 }
5324
mov_read_vpcc(MOVContext * c,AVIOContext * pb,MOVAtom atom)5325 static int mov_read_vpcc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5326 {
5327 AVStream *st;
5328 int version, color_range, color_primaries, color_trc, color_space;
5329
5330 if (c->fc->nb_streams < 1)
5331 return 0;
5332 st = c->fc->streams[c->fc->nb_streams - 1];
5333
5334 if (atom.size < 5) {
5335 av_log(c->fc, AV_LOG_ERROR, "Empty VP Codec Configuration box\n");
5336 return AVERROR_INVALIDDATA;
5337 }
5338
5339 version = avio_r8(pb);
5340 if (version != 1) {
5341 av_log(c->fc, AV_LOG_WARNING, "Unsupported VP Codec Configuration box version %d\n", version);
5342 return 0;
5343 }
5344 avio_skip(pb, 3); /* flags */
5345
5346 avio_skip(pb, 2); /* profile + level */
5347 color_range = avio_r8(pb); /* bitDepth, chromaSubsampling, videoFullRangeFlag */
5348 color_primaries = avio_r8(pb);
5349 color_trc = avio_r8(pb);
5350 color_space = avio_r8(pb);
5351 if (avio_rb16(pb)) /* codecIntializationDataSize */
5352 return AVERROR_INVALIDDATA;
5353
5354 if (!av_color_primaries_name(color_primaries))
5355 color_primaries = AVCOL_PRI_UNSPECIFIED;
5356 if (!av_color_transfer_name(color_trc))
5357 color_trc = AVCOL_TRC_UNSPECIFIED;
5358 if (!av_color_space_name(color_space))
5359 color_space = AVCOL_SPC_UNSPECIFIED;
5360
5361 st->codecpar->color_range = (color_range & 1) ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG;
5362 st->codecpar->color_primaries = color_primaries;
5363 st->codecpar->color_trc = color_trc;
5364 st->codecpar->color_space = color_space;
5365
5366 return 0;
5367 }
5368
mov_read_smdm(MOVContext * c,AVIOContext * pb,MOVAtom atom)5369 static int mov_read_smdm(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5370 {
5371 MOVStreamContext *sc;
5372 int i, version;
5373
5374 if (c->fc->nb_streams < 1)
5375 return AVERROR_INVALIDDATA;
5376
5377 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5378
5379 if (atom.size < 5) {
5380 av_log(c->fc, AV_LOG_ERROR, "Empty Mastering Display Metadata box\n");
5381 return AVERROR_INVALIDDATA;
5382 }
5383
5384 version = avio_r8(pb);
5385 if (version) {
5386 av_log(c->fc, AV_LOG_WARNING, "Unsupported Mastering Display Metadata box version %d\n", version);
5387 return 0;
5388 }
5389 avio_skip(pb, 3); /* flags */
5390
5391 sc->mastering = av_mastering_display_metadata_alloc();
5392 if (!sc->mastering)
5393 return AVERROR(ENOMEM);
5394
5395 for (i = 0; i < 3; i++) {
5396 sc->mastering->display_primaries[i][0] = av_make_q(avio_rb16(pb), 1 << 16);
5397 sc->mastering->display_primaries[i][1] = av_make_q(avio_rb16(pb), 1 << 16);
5398 }
5399 sc->mastering->white_point[0] = av_make_q(avio_rb16(pb), 1 << 16);
5400 sc->mastering->white_point[1] = av_make_q(avio_rb16(pb), 1 << 16);
5401
5402 sc->mastering->max_luminance = av_make_q(avio_rb32(pb), 1 << 8);
5403 sc->mastering->min_luminance = av_make_q(avio_rb32(pb), 1 << 14);
5404
5405 sc->mastering->has_primaries = 1;
5406 sc->mastering->has_luminance = 1;
5407
5408 return 0;
5409 }
5410
mov_read_mdcv(MOVContext * c,AVIOContext * pb,MOVAtom atom)5411 static int mov_read_mdcv(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5412 {
5413 MOVStreamContext *sc;
5414 const int mapping[3] = {1, 2, 0};
5415 const int chroma_den = 50000;
5416 const int luma_den = 10000;
5417 int i;
5418
5419 if (c->fc->nb_streams < 1)
5420 return AVERROR_INVALIDDATA;
5421
5422 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5423
5424 if (atom.size < 24) {
5425 av_log(c->fc, AV_LOG_ERROR, "Invalid Mastering Display Color Volume box\n");
5426 return AVERROR_INVALIDDATA;
5427 }
5428
5429 sc->mastering = av_mastering_display_metadata_alloc();
5430 if (!sc->mastering)
5431 return AVERROR(ENOMEM);
5432
5433 for (i = 0; i < 3; i++) {
5434 const int j = mapping[i];
5435 sc->mastering->display_primaries[j][0] = av_make_q(avio_rb16(pb), chroma_den);
5436 sc->mastering->display_primaries[j][1] = av_make_q(avio_rb16(pb), chroma_den);
5437 }
5438 sc->mastering->white_point[0] = av_make_q(avio_rb16(pb), chroma_den);
5439 sc->mastering->white_point[1] = av_make_q(avio_rb16(pb), chroma_den);
5440
5441 sc->mastering->max_luminance = av_make_q(avio_rb32(pb), luma_den);
5442 sc->mastering->min_luminance = av_make_q(avio_rb32(pb), luma_den);
5443
5444 sc->mastering->has_luminance = 1;
5445 sc->mastering->has_primaries = 1;
5446
5447 return 0;
5448 }
5449
mov_read_coll(MOVContext * c,AVIOContext * pb,MOVAtom atom)5450 static int mov_read_coll(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5451 {
5452 MOVStreamContext *sc;
5453 int version;
5454
5455 if (c->fc->nb_streams < 1)
5456 return AVERROR_INVALIDDATA;
5457
5458 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5459
5460 if (atom.size < 5) {
5461 av_log(c->fc, AV_LOG_ERROR, "Empty Content Light Level box\n");
5462 return AVERROR_INVALIDDATA;
5463 }
5464
5465 version = avio_r8(pb);
5466 if (version) {
5467 av_log(c->fc, AV_LOG_WARNING, "Unsupported Content Light Level box version %d\n", version);
5468 return 0;
5469 }
5470 avio_skip(pb, 3); /* flags */
5471
5472 sc->coll = av_content_light_metadata_alloc(&sc->coll_size);
5473 if (!sc->coll)
5474 return AVERROR(ENOMEM);
5475
5476 sc->coll->MaxCLL = avio_rb16(pb);
5477 sc->coll->MaxFALL = avio_rb16(pb);
5478
5479 return 0;
5480 }
5481
mov_read_clli(MOVContext * c,AVIOContext * pb,MOVAtom atom)5482 static int mov_read_clli(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5483 {
5484 MOVStreamContext *sc;
5485
5486 if (c->fc->nb_streams < 1)
5487 return AVERROR_INVALIDDATA;
5488
5489 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5490
5491 if (atom.size < 4) {
5492 av_log(c->fc, AV_LOG_ERROR, "Empty Content Light Level Info box\n");
5493 return AVERROR_INVALIDDATA;
5494 }
5495
5496 sc->coll = av_content_light_metadata_alloc(&sc->coll_size);
5497 if (!sc->coll)
5498 return AVERROR(ENOMEM);
5499
5500 sc->coll->MaxCLL = avio_rb16(pb);
5501 sc->coll->MaxFALL = avio_rb16(pb);
5502
5503 return 0;
5504 }
5505
mov_read_st3d(MOVContext * c,AVIOContext * pb,MOVAtom atom)5506 static int mov_read_st3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5507 {
5508 AVStream *st;
5509 MOVStreamContext *sc;
5510 enum AVStereo3DType type;
5511 int mode;
5512
5513 if (c->fc->nb_streams < 1)
5514 return 0;
5515
5516 st = c->fc->streams[c->fc->nb_streams - 1];
5517 sc = st->priv_data;
5518
5519 if (atom.size < 5) {
5520 av_log(c->fc, AV_LOG_ERROR, "Empty stereoscopic video box\n");
5521 return AVERROR_INVALIDDATA;
5522 }
5523 avio_skip(pb, 4); /* version + flags */
5524
5525 mode = avio_r8(pb);
5526 switch (mode) {
5527 case 0:
5528 type = AV_STEREO3D_2D;
5529 break;
5530 case 1:
5531 type = AV_STEREO3D_TOPBOTTOM;
5532 break;
5533 case 2:
5534 type = AV_STEREO3D_SIDEBYSIDE;
5535 break;
5536 default:
5537 av_log(c->fc, AV_LOG_WARNING, "Unknown st3d mode value %d\n", mode);
5538 return 0;
5539 }
5540
5541 sc->stereo3d = av_stereo3d_alloc();
5542 if (!sc->stereo3d)
5543 return AVERROR(ENOMEM);
5544
5545 sc->stereo3d->type = type;
5546 return 0;
5547 }
5548
mov_read_sv3d(MOVContext * c,AVIOContext * pb,MOVAtom atom)5549 static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5550 {
5551 AVStream *st;
5552 MOVStreamContext *sc;
5553 int size, version, layout;
5554 int32_t yaw, pitch, roll;
5555 uint32_t l = 0, t = 0, r = 0, b = 0;
5556 uint32_t tag, padding = 0;
5557 enum AVSphericalProjection projection;
5558
5559 if (c->fc->nb_streams < 1)
5560 return 0;
5561
5562 st = c->fc->streams[c->fc->nb_streams - 1];
5563 sc = st->priv_data;
5564
5565 if (atom.size < 8) {
5566 av_log(c->fc, AV_LOG_ERROR, "Empty spherical video box\n");
5567 return AVERROR_INVALIDDATA;
5568 }
5569
5570 size = avio_rb32(pb);
5571 if (size <= 12 || size > atom.size)
5572 return AVERROR_INVALIDDATA;
5573
5574 tag = avio_rl32(pb);
5575 if (tag != MKTAG('s','v','h','d')) {
5576 av_log(c->fc, AV_LOG_ERROR, "Missing spherical video header\n");
5577 return 0;
5578 }
5579 version = avio_r8(pb);
5580 if (version != 0) {
5581 av_log(c->fc, AV_LOG_WARNING, "Unknown spherical version %d\n",
5582 version);
5583 return 0;
5584 }
5585 avio_skip(pb, 3); /* flags */
5586 avio_skip(pb, size - 12); /* metadata_source */
5587
5588 size = avio_rb32(pb);
5589 if (size > atom.size)
5590 return AVERROR_INVALIDDATA;
5591
5592 tag = avio_rl32(pb);
5593 if (tag != MKTAG('p','r','o','j')) {
5594 av_log(c->fc, AV_LOG_ERROR, "Missing projection box\n");
5595 return 0;
5596 }
5597
5598 size = avio_rb32(pb);
5599 if (size > atom.size)
5600 return AVERROR_INVALIDDATA;
5601
5602 tag = avio_rl32(pb);
5603 if (tag != MKTAG('p','r','h','d')) {
5604 av_log(c->fc, AV_LOG_ERROR, "Missing projection header box\n");
5605 return 0;
5606 }
5607 version = avio_r8(pb);
5608 if (version != 0) {
5609 av_log(c->fc, AV_LOG_WARNING, "Unknown spherical version %d\n",
5610 version);
5611 return 0;
5612 }
5613 avio_skip(pb, 3); /* flags */
5614
5615 /* 16.16 fixed point */
5616 yaw = avio_rb32(pb);
5617 pitch = avio_rb32(pb);
5618 roll = avio_rb32(pb);
5619
5620 size = avio_rb32(pb);
5621 if (size > atom.size)
5622 return AVERROR_INVALIDDATA;
5623
5624 tag = avio_rl32(pb);
5625 version = avio_r8(pb);
5626 if (version != 0) {
5627 av_log(c->fc, AV_LOG_WARNING, "Unknown spherical version %d\n",
5628 version);
5629 return 0;
5630 }
5631 avio_skip(pb, 3); /* flags */
5632 switch (tag) {
5633 case MKTAG('c','b','m','p'):
5634 layout = avio_rb32(pb);
5635 if (layout) {
5636 av_log(c->fc, AV_LOG_WARNING,
5637 "Unsupported cubemap layout %d\n", layout);
5638 return 0;
5639 }
5640 projection = AV_SPHERICAL_CUBEMAP;
5641 padding = avio_rb32(pb);
5642 break;
5643 case MKTAG('e','q','u','i'):
5644 t = avio_rb32(pb);
5645 b = avio_rb32(pb);
5646 l = avio_rb32(pb);
5647 r = avio_rb32(pb);
5648
5649 if (b >= UINT_MAX - t || r >= UINT_MAX - l) {
5650 av_log(c->fc, AV_LOG_ERROR,
5651 "Invalid bounding rectangle coordinates "
5652 "%"PRIu32",%"PRIu32",%"PRIu32",%"PRIu32"\n", l, t, r, b);
5653 return AVERROR_INVALIDDATA;
5654 }
5655
5656 if (l || t || r || b)
5657 projection = AV_SPHERICAL_EQUIRECTANGULAR_TILE;
5658 else
5659 projection = AV_SPHERICAL_EQUIRECTANGULAR;
5660 break;
5661 default:
5662 av_log(c->fc, AV_LOG_ERROR, "Unknown projection type: %s\n", av_fourcc2str(tag));
5663 return 0;
5664 }
5665
5666 sc->spherical = av_spherical_alloc(&sc->spherical_size);
5667 if (!sc->spherical)
5668 return AVERROR(ENOMEM);
5669
5670 sc->spherical->projection = projection;
5671
5672 sc->spherical->yaw = yaw;
5673 sc->spherical->pitch = pitch;
5674 sc->spherical->roll = roll;
5675
5676 sc->spherical->padding = padding;
5677
5678 sc->spherical->bound_left = l;
5679 sc->spherical->bound_top = t;
5680 sc->spherical->bound_right = r;
5681 sc->spherical->bound_bottom = b;
5682
5683 return 0;
5684 }
5685
mov_parse_uuid_spherical(MOVStreamContext * sc,AVIOContext * pb,size_t len)5686 static int mov_parse_uuid_spherical(MOVStreamContext *sc, AVIOContext *pb, size_t len)
5687 {
5688 int ret = 0;
5689 uint8_t *buffer = av_malloc(len + 1);
5690 const char *val;
5691
5692 if (!buffer)
5693 return AVERROR(ENOMEM);
5694 buffer[len] = '\0';
5695
5696 ret = ffio_read_size(pb, buffer, len);
5697 if (ret < 0)
5698 goto out;
5699
5700 /* Check for mandatory keys and values, try to support XML as best-effort */
5701 if (!sc->spherical &&
5702 av_stristr(buffer, "<GSpherical:StitchingSoftware>") &&
5703 (val = av_stristr(buffer, "<GSpherical:Spherical>")) &&
5704 av_stristr(val, "true") &&
5705 (val = av_stristr(buffer, "<GSpherical:Stitched>")) &&
5706 av_stristr(val, "true") &&
5707 (val = av_stristr(buffer, "<GSpherical:ProjectionType>")) &&
5708 av_stristr(val, "equirectangular")) {
5709 sc->spherical = av_spherical_alloc(&sc->spherical_size);
5710 if (!sc->spherical)
5711 goto out;
5712
5713 sc->spherical->projection = AV_SPHERICAL_EQUIRECTANGULAR;
5714
5715 if (av_stristr(buffer, "<GSpherical:StereoMode>") && !sc->stereo3d) {
5716 enum AVStereo3DType mode;
5717
5718 if (av_stristr(buffer, "left-right"))
5719 mode = AV_STEREO3D_SIDEBYSIDE;
5720 else if (av_stristr(buffer, "top-bottom"))
5721 mode = AV_STEREO3D_TOPBOTTOM;
5722 else
5723 mode = AV_STEREO3D_2D;
5724
5725 sc->stereo3d = av_stereo3d_alloc();
5726 if (!sc->stereo3d)
5727 goto out;
5728
5729 sc->stereo3d->type = mode;
5730 }
5731
5732 /* orientation */
5733 val = av_stristr(buffer, "<GSpherical:InitialViewHeadingDegrees>");
5734 if (val)
5735 sc->spherical->yaw = strtol(val, NULL, 10) * (1 << 16);
5736 val = av_stristr(buffer, "<GSpherical:InitialViewPitchDegrees>");
5737 if (val)
5738 sc->spherical->pitch = strtol(val, NULL, 10) * (1 << 16);
5739 val = av_stristr(buffer, "<GSpherical:InitialViewRollDegrees>");
5740 if (val)
5741 sc->spherical->roll = strtol(val, NULL, 10) * (1 << 16);
5742 }
5743
5744 out:
5745 av_free(buffer);
5746 return ret;
5747 }
5748
mov_read_uuid(MOVContext * c,AVIOContext * pb,MOVAtom atom)5749 static int mov_read_uuid(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5750 {
5751 AVStream *st;
5752 MOVStreamContext *sc;
5753 int64_t ret;
5754 uint8_t uuid[16];
5755 static const uint8_t uuid_isml_manifest[] = {
5756 0xa5, 0xd4, 0x0b, 0x30, 0xe8, 0x14, 0x11, 0xdd,
5757 0xba, 0x2f, 0x08, 0x00, 0x20, 0x0c, 0x9a, 0x66
5758 };
5759 static const uint8_t uuid_xmp[] = {
5760 0xbe, 0x7a, 0xcf, 0xcb, 0x97, 0xa9, 0x42, 0xe8,
5761 0x9c, 0x71, 0x99, 0x94, 0x91, 0xe3, 0xaf, 0xac
5762 };
5763 static const uint8_t uuid_spherical[] = {
5764 0xff, 0xcc, 0x82, 0x63, 0xf8, 0x55, 0x4a, 0x93,
5765 0x88, 0x14, 0x58, 0x7a, 0x02, 0x52, 0x1f, 0xdd,
5766 };
5767
5768 if (atom.size < sizeof(uuid) || atom.size >= FFMIN(INT_MAX, SIZE_MAX))
5769 return AVERROR_INVALIDDATA;
5770
5771 if (c->fc->nb_streams < 1)
5772 return 0;
5773 st = c->fc->streams[c->fc->nb_streams - 1];
5774 sc = st->priv_data;
5775
5776 ret = avio_read(pb, uuid, sizeof(uuid));
5777 if (ret < 0) {
5778 return ret;
5779 } else if (ret != sizeof(uuid)) {
5780 return AVERROR_INVALIDDATA;
5781 }
5782 if (!memcmp(uuid, uuid_isml_manifest, sizeof(uuid))) {
5783 uint8_t *buffer, *ptr;
5784 char *endptr;
5785 size_t len = atom.size - sizeof(uuid);
5786
5787 if (len < 4) {
5788 return AVERROR_INVALIDDATA;
5789 }
5790 ret = avio_skip(pb, 4); // zeroes
5791 len -= 4;
5792
5793 buffer = av_mallocz(len + 1);
5794 if (!buffer) {
5795 return AVERROR(ENOMEM);
5796 }
5797 ret = avio_read(pb, buffer, len);
5798 if (ret < 0) {
5799 av_free(buffer);
5800 return ret;
5801 } else if (ret != len) {
5802 av_free(buffer);
5803 return AVERROR_INVALIDDATA;
5804 }
5805
5806 ptr = buffer;
5807 while ((ptr = av_stristr(ptr, "systemBitrate=\""))) {
5808 ptr += sizeof("systemBitrate=\"") - 1;
5809 c->bitrates_count++;
5810 c->bitrates = av_realloc_f(c->bitrates, c->bitrates_count, sizeof(*c->bitrates));
5811 if (!c->bitrates) {
5812 c->bitrates_count = 0;
5813 av_free(buffer);
5814 return AVERROR(ENOMEM);
5815 }
5816 errno = 0;
5817 ret = strtol(ptr, &endptr, 10);
5818 if (ret < 0 || errno || *endptr != '"') {
5819 c->bitrates[c->bitrates_count - 1] = 0;
5820 } else {
5821 c->bitrates[c->bitrates_count - 1] = ret;
5822 }
5823 }
5824
5825 av_free(buffer);
5826 } else if (!memcmp(uuid, uuid_xmp, sizeof(uuid))) {
5827 uint8_t *buffer;
5828 size_t len = atom.size - sizeof(uuid);
5829 if (c->export_xmp) {
5830 buffer = av_mallocz(len + 1);
5831 if (!buffer) {
5832 return AVERROR(ENOMEM);
5833 }
5834 ret = avio_read(pb, buffer, len);
5835 if (ret < 0) {
5836 av_free(buffer);
5837 return ret;
5838 } else if (ret != len) {
5839 av_free(buffer);
5840 return AVERROR_INVALIDDATA;
5841 }
5842 buffer[len] = '\0';
5843 av_dict_set(&c->fc->metadata, "xmp",
5844 buffer, AV_DICT_DONT_STRDUP_VAL);
5845 } else {
5846 // skip all uuid atom, which makes it fast for long uuid-xmp file
5847 ret = avio_skip(pb, len);
5848 if (ret < 0)
5849 return ret;
5850 }
5851 } else if (!memcmp(uuid, uuid_spherical, sizeof(uuid))) {
5852 size_t len = atom.size - sizeof(uuid);
5853 ret = mov_parse_uuid_spherical(sc, pb, len);
5854 if (ret < 0)
5855 return ret;
5856 if (!sc->spherical)
5857 av_log(c->fc, AV_LOG_WARNING, "Invalid spherical metadata found\n");
5858 }
5859
5860 return 0;
5861 }
5862
mov_read_free(MOVContext * c,AVIOContext * pb,MOVAtom atom)5863 static int mov_read_free(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5864 {
5865 int ret;
5866 uint8_t content[16];
5867
5868 if (atom.size < 8)
5869 return 0;
5870
5871 ret = avio_read(pb, content, FFMIN(sizeof(content), atom.size));
5872 if (ret < 0)
5873 return ret;
5874
5875 if ( !c->found_moov
5876 && !c->found_mdat
5877 && !memcmp(content, "Anevia\x1A\x1A", 8)
5878 && c->use_mfra_for == FF_MOV_FLAG_MFRA_AUTO) {
5879 c->use_mfra_for = FF_MOV_FLAG_MFRA_PTS;
5880 }
5881
5882 return 0;
5883 }
5884
mov_read_frma(MOVContext * c,AVIOContext * pb,MOVAtom atom)5885 static int mov_read_frma(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5886 {
5887 uint32_t format = avio_rl32(pb);
5888 MOVStreamContext *sc;
5889 enum AVCodecID id;
5890 AVStream *st;
5891
5892 if (c->fc->nb_streams < 1)
5893 return 0;
5894 st = c->fc->streams[c->fc->nb_streams - 1];
5895 sc = st->priv_data;
5896
5897 switch (sc->format)
5898 {
5899 case MKTAG('e','n','c','v'): // encrypted video
5900 case MKTAG('e','n','c','a'): // encrypted audio
5901 id = mov_codec_id(st, format);
5902 if (st->codecpar->codec_id != AV_CODEC_ID_NONE &&
5903 st->codecpar->codec_id != id) {
5904 av_log(c->fc, AV_LOG_WARNING,
5905 "ignoring 'frma' atom of '%.4s', stream has codec id %d\n",
5906 (char*)&format, st->codecpar->codec_id);
5907 break;
5908 }
5909
5910 st->codecpar->codec_id = id;
5911 sc->format = format;
5912 break;
5913
5914 default:
5915 if (format != sc->format) {
5916 av_log(c->fc, AV_LOG_WARNING,
5917 "ignoring 'frma' atom of '%.4s', stream format is '%.4s'\n",
5918 (char*)&format, (char*)&sc->format);
5919 }
5920 break;
5921 }
5922
5923 return 0;
5924 }
5925
5926 /**
5927 * Gets the current encryption info and associated current stream context. If
5928 * we are parsing a track fragment, this will return the specific encryption
5929 * info for this fragment; otherwise this will return the global encryption
5930 * info for the current stream.
5931 */
get_current_encryption_info(MOVContext * c,MOVEncryptionIndex ** encryption_index,MOVStreamContext ** sc)5932 static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encryption_index, MOVStreamContext **sc)
5933 {
5934 MOVFragmentStreamInfo *frag_stream_info;
5935 AVStream *st;
5936 int i;
5937
5938 frag_stream_info = get_current_frag_stream_info(&c->frag_index);
5939 if (frag_stream_info) {
5940 for (i = 0; i < c->fc->nb_streams; i++) {
5941 if (c->fc->streams[i]->id == frag_stream_info->id) {
5942 st = c->fc->streams[i];
5943 break;
5944 }
5945 }
5946 if (i == c->fc->nb_streams)
5947 return 0;
5948 *sc = st->priv_data;
5949
5950 if (!frag_stream_info->encryption_index) {
5951 // If this stream isn't encrypted, don't create the index.
5952 if (!(*sc)->cenc.default_encrypted_sample)
5953 return 0;
5954 frag_stream_info->encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
5955 if (!frag_stream_info->encryption_index)
5956 return AVERROR(ENOMEM);
5957 }
5958 *encryption_index = frag_stream_info->encryption_index;
5959 return 1;
5960 } else {
5961 // No current track fragment, using stream level encryption info.
5962
5963 if (c->fc->nb_streams < 1)
5964 return 0;
5965 st = c->fc->streams[c->fc->nb_streams - 1];
5966 *sc = st->priv_data;
5967
5968 if (!(*sc)->cenc.encryption_index) {
5969 // If this stream isn't encrypted, don't create the index.
5970 if (!(*sc)->cenc.default_encrypted_sample)
5971 return 0;
5972 (*sc)->cenc.encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
5973 if (!(*sc)->cenc.encryption_index)
5974 return AVERROR(ENOMEM);
5975 }
5976
5977 *encryption_index = (*sc)->cenc.encryption_index;
5978 return 1;
5979 }
5980 }
5981
mov_read_sample_encryption_info(MOVContext * c,AVIOContext * pb,MOVStreamContext * sc,AVEncryptionInfo ** sample,int use_subsamples)5982 static int mov_read_sample_encryption_info(MOVContext *c, AVIOContext *pb, MOVStreamContext *sc, AVEncryptionInfo **sample, int use_subsamples)
5983 {
5984 int i;
5985 unsigned int subsample_count;
5986 AVSubsampleEncryptionInfo *subsamples;
5987
5988 if (!sc->cenc.default_encrypted_sample) {
5989 av_log(c->fc, AV_LOG_ERROR, "Missing schm or tenc\n");
5990 return AVERROR_INVALIDDATA;
5991 }
5992
5993 *sample = av_encryption_info_clone(sc->cenc.default_encrypted_sample);
5994 if (!*sample)
5995 return AVERROR(ENOMEM);
5996
5997 if (sc->cenc.per_sample_iv_size != 0) {
5998 if (avio_read(pb, (*sample)->iv, sc->cenc.per_sample_iv_size) != sc->cenc.per_sample_iv_size) {
5999 av_log(c->fc, AV_LOG_ERROR, "failed to read the initialization vector\n");
6000 av_encryption_info_free(*sample);
6001 *sample = NULL;
6002 return AVERROR_INVALIDDATA;
6003 }
6004 }
6005
6006 if (use_subsamples) {
6007 subsample_count = avio_rb16(pb);
6008 av_free((*sample)->subsamples);
6009 (*sample)->subsamples = av_mallocz_array(subsample_count, sizeof(*subsamples));
6010 if (!(*sample)->subsamples) {
6011 av_encryption_info_free(*sample);
6012 *sample = NULL;
6013 return AVERROR(ENOMEM);
6014 }
6015
6016 for (i = 0; i < subsample_count && !pb->eof_reached; i++) {
6017 (*sample)->subsamples[i].bytes_of_clear_data = avio_rb16(pb);
6018 (*sample)->subsamples[i].bytes_of_protected_data = avio_rb32(pb);
6019 }
6020
6021 if (pb->eof_reached) {
6022 av_log(c->fc, AV_LOG_ERROR, "hit EOF while reading sub-sample encryption info\n");
6023 av_encryption_info_free(*sample);
6024 *sample = NULL;
6025 return AVERROR_INVALIDDATA;
6026 }
6027 (*sample)->subsample_count = subsample_count;
6028 }
6029
6030 return 0;
6031 }
6032
mov_read_senc(MOVContext * c,AVIOContext * pb,MOVAtom atom)6033 static int mov_read_senc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6034 {
6035 AVEncryptionInfo **encrypted_samples;
6036 MOVEncryptionIndex *encryption_index;
6037 MOVStreamContext *sc;
6038 int use_subsamples, ret;
6039 unsigned int sample_count, i, alloc_size = 0;
6040
6041 ret = get_current_encryption_info(c, &encryption_index, &sc);
6042 if (ret != 1)
6043 return ret;
6044
6045 if (encryption_index->nb_encrypted_samples) {
6046 // This can happen if we have both saio/saiz and senc atoms.
6047 av_log(c->fc, AV_LOG_DEBUG, "Ignoring duplicate encryption info in senc\n");
6048 return 0;
6049 }
6050
6051 avio_r8(pb); /* version */
6052 use_subsamples = avio_rb24(pb) & 0x02; /* flags */
6053
6054 sample_count = avio_rb32(pb);
6055 if (sample_count >= INT_MAX / sizeof(*encrypted_samples))
6056 return AVERROR(ENOMEM);
6057
6058 for (i = 0; i < sample_count; i++) {
6059 unsigned int min_samples = FFMIN(FFMAX(i + 1, 1024 * 1024), sample_count);
6060 encrypted_samples = av_fast_realloc(encryption_index->encrypted_samples, &alloc_size,
6061 min_samples * sizeof(*encrypted_samples));
6062 if (encrypted_samples) {
6063 encryption_index->encrypted_samples = encrypted_samples;
6064
6065 ret = mov_read_sample_encryption_info(
6066 c, pb, sc, &encryption_index->encrypted_samples[i], use_subsamples);
6067 } else {
6068 ret = AVERROR(ENOMEM);
6069 }
6070 if (pb->eof_reached) {
6071 av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading senc\n");
6072 ret = AVERROR_INVALIDDATA;
6073 }
6074
6075 if (ret < 0) {
6076 for (; i > 0; i--)
6077 av_encryption_info_free(encryption_index->encrypted_samples[i - 1]);
6078 av_freep(&encryption_index->encrypted_samples);
6079 return ret;
6080 }
6081 }
6082 encryption_index->nb_encrypted_samples = sample_count;
6083
6084 return 0;
6085 }
6086
mov_parse_auxiliary_info(MOVContext * c,MOVStreamContext * sc,AVIOContext * pb,MOVEncryptionIndex * encryption_index)6087 static int mov_parse_auxiliary_info(MOVContext *c, MOVStreamContext *sc, AVIOContext *pb, MOVEncryptionIndex *encryption_index)
6088 {
6089 AVEncryptionInfo **sample, **encrypted_samples;
6090 int64_t prev_pos;
6091 size_t sample_count, sample_info_size, i;
6092 int ret = 0;
6093 unsigned int alloc_size = 0;
6094
6095 if (encryption_index->nb_encrypted_samples)
6096 return 0;
6097 sample_count = encryption_index->auxiliary_info_sample_count;
6098 if (encryption_index->auxiliary_offsets_count != 1) {
6099 av_log(c->fc, AV_LOG_ERROR, "Multiple auxiliary info chunks are not supported\n");
6100 return AVERROR_PATCHWELCOME;
6101 }
6102 if (sample_count >= INT_MAX / sizeof(*encrypted_samples))
6103 return AVERROR(ENOMEM);
6104
6105 prev_pos = avio_tell(pb);
6106 if (!(pb->seekable & AVIO_SEEKABLE_NORMAL) ||
6107 avio_seek(pb, encryption_index->auxiliary_offsets[0], SEEK_SET) != encryption_index->auxiliary_offsets[0]) {
6108 av_log(c->fc, AV_LOG_INFO, "Failed to seek for auxiliary info, will only parse senc atoms for encryption info\n");
6109 goto finish;
6110 }
6111
6112 for (i = 0; i < sample_count && !pb->eof_reached; i++) {
6113 unsigned int min_samples = FFMIN(FFMAX(i + 1, 1024 * 1024), sample_count);
6114 encrypted_samples = av_fast_realloc(encryption_index->encrypted_samples, &alloc_size,
6115 min_samples * sizeof(*encrypted_samples));
6116 if (!encrypted_samples) {
6117 ret = AVERROR(ENOMEM);
6118 goto finish;
6119 }
6120 encryption_index->encrypted_samples = encrypted_samples;
6121
6122 sample = &encryption_index->encrypted_samples[i];
6123 sample_info_size = encryption_index->auxiliary_info_default_size
6124 ? encryption_index->auxiliary_info_default_size
6125 : encryption_index->auxiliary_info_sizes[i];
6126
6127 ret = mov_read_sample_encryption_info(c, pb, sc, sample, sample_info_size > sc->cenc.per_sample_iv_size);
6128 if (ret < 0)
6129 goto finish;
6130 }
6131 if (pb->eof_reached) {
6132 av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading auxiliary info\n");
6133 ret = AVERROR_INVALIDDATA;
6134 } else {
6135 encryption_index->nb_encrypted_samples = sample_count;
6136 }
6137
6138 finish:
6139 avio_seek(pb, prev_pos, SEEK_SET);
6140 if (ret < 0) {
6141 for (; i > 0; i--) {
6142 av_encryption_info_free(encryption_index->encrypted_samples[i - 1]);
6143 }
6144 av_freep(&encryption_index->encrypted_samples);
6145 }
6146 return ret;
6147 }
6148
6149 /**
6150 * Tries to read the given number of bytes from the stream and puts it in a
6151 * newly allocated buffer. This reads in small chunks to avoid allocating large
6152 * memory if the file contains an invalid/malicious size value.
6153 */
mov_try_read_block(AVIOContext * pb,size_t size,uint8_t ** data)6154 static int mov_try_read_block(AVIOContext *pb, size_t size, uint8_t **data)
6155 {
6156 const unsigned int block_size = 1024 * 1024;
6157 uint8_t *buffer = NULL;
6158 unsigned int alloc_size = 0, offset = 0;
6159 while (offset < size) {
6160 unsigned int new_size =
6161 alloc_size >= INT_MAX - block_size ? INT_MAX : alloc_size + block_size;
6162 uint8_t *new_buffer = av_fast_realloc(buffer, &alloc_size, new_size);
6163 unsigned int to_read = FFMIN(size, alloc_size) - offset;
6164 if (!new_buffer) {
6165 av_free(buffer);
6166 return AVERROR(ENOMEM);
6167 }
6168 buffer = new_buffer;
6169
6170 if (avio_read(pb, buffer + offset, to_read) != to_read) {
6171 av_free(buffer);
6172 return AVERROR_INVALIDDATA;
6173 }
6174 offset += to_read;
6175 }
6176
6177 *data = buffer;
6178 return 0;
6179 }
6180
mov_read_saiz(MOVContext * c,AVIOContext * pb,MOVAtom atom)6181 static int mov_read_saiz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6182 {
6183 MOVEncryptionIndex *encryption_index;
6184 MOVStreamContext *sc;
6185 int ret;
6186 unsigned int sample_count, aux_info_type, aux_info_param;
6187
6188 ret = get_current_encryption_info(c, &encryption_index, &sc);
6189 if (ret != 1)
6190 return ret;
6191
6192 if (encryption_index->nb_encrypted_samples) {
6193 // This can happen if we have both saio/saiz and senc atoms.
6194 av_log(c->fc, AV_LOG_DEBUG, "Ignoring duplicate encryption info in saiz\n");
6195 return 0;
6196 }
6197
6198 if (encryption_index->auxiliary_info_sample_count) {
6199 av_log(c->fc, AV_LOG_ERROR, "Duplicate saiz atom\n");
6200 return AVERROR_INVALIDDATA;
6201 }
6202
6203 avio_r8(pb); /* version */
6204 if (avio_rb24(pb) & 0x01) { /* flags */
6205 aux_info_type = avio_rb32(pb);
6206 aux_info_param = avio_rb32(pb);
6207 if (sc->cenc.default_encrypted_sample) {
6208 if (aux_info_type != sc->cenc.default_encrypted_sample->scheme) {
6209 av_log(c->fc, AV_LOG_DEBUG, "Ignoring saiz box with non-zero aux_info_type\n");
6210 return 0;
6211 }
6212 if (aux_info_param != 0) {
6213 av_log(c->fc, AV_LOG_DEBUG, "Ignoring saiz box with non-zero aux_info_type_parameter\n");
6214 return 0;
6215 }
6216 } else {
6217 // Didn't see 'schm' or 'tenc', so this isn't encrypted.
6218 if ((aux_info_type == MKBETAG('c','e','n','c') ||
6219 aux_info_type == MKBETAG('c','e','n','s') ||
6220 aux_info_type == MKBETAG('c','b','c','1') ||
6221 aux_info_type == MKBETAG('c','b','c','s')) &&
6222 aux_info_param == 0) {
6223 av_log(c->fc, AV_LOG_ERROR, "Saw encrypted saiz without schm/tenc\n");
6224 return AVERROR_INVALIDDATA;
6225 } else {
6226 return 0;
6227 }
6228 }
6229 } else if (!sc->cenc.default_encrypted_sample) {
6230 // Didn't see 'schm' or 'tenc', so this isn't encrypted.
6231 return 0;
6232 }
6233
6234 encryption_index->auxiliary_info_default_size = avio_r8(pb);
6235 sample_count = avio_rb32(pb);
6236 encryption_index->auxiliary_info_sample_count = sample_count;
6237
6238 if (encryption_index->auxiliary_info_default_size == 0) {
6239 ret = mov_try_read_block(pb, sample_count, &encryption_index->auxiliary_info_sizes);
6240 if (ret < 0) {
6241 av_log(c->fc, AV_LOG_ERROR, "Failed to read the auxiliary info\n");
6242 return ret;
6243 }
6244 }
6245
6246 if (encryption_index->auxiliary_offsets_count) {
6247 return mov_parse_auxiliary_info(c, sc, pb, encryption_index);
6248 }
6249
6250 return 0;
6251 }
6252
mov_read_saio(MOVContext * c,AVIOContext * pb,MOVAtom atom)6253 static int mov_read_saio(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6254 {
6255 uint64_t *auxiliary_offsets;
6256 MOVEncryptionIndex *encryption_index;
6257 MOVStreamContext *sc;
6258 int i, ret;
6259 unsigned int version, entry_count, aux_info_type, aux_info_param;
6260 unsigned int alloc_size = 0;
6261
6262 ret = get_current_encryption_info(c, &encryption_index, &sc);
6263 if (ret != 1)
6264 return ret;
6265
6266 if (encryption_index->nb_encrypted_samples) {
6267 // This can happen if we have both saio/saiz and senc atoms.
6268 av_log(c->fc, AV_LOG_DEBUG, "Ignoring duplicate encryption info in saio\n");
6269 return 0;
6270 }
6271
6272 if (encryption_index->auxiliary_offsets_count) {
6273 av_log(c->fc, AV_LOG_ERROR, "Duplicate saio atom\n");
6274 return AVERROR_INVALIDDATA;
6275 }
6276
6277 version = avio_r8(pb); /* version */
6278 if (avio_rb24(pb) & 0x01) { /* flags */
6279 aux_info_type = avio_rb32(pb);
6280 aux_info_param = avio_rb32(pb);
6281 if (sc->cenc.default_encrypted_sample) {
6282 if (aux_info_type != sc->cenc.default_encrypted_sample->scheme) {
6283 av_log(c->fc, AV_LOG_DEBUG, "Ignoring saio box with non-zero aux_info_type\n");
6284 return 0;
6285 }
6286 if (aux_info_param != 0) {
6287 av_log(c->fc, AV_LOG_DEBUG, "Ignoring saio box with non-zero aux_info_type_parameter\n");
6288 return 0;
6289 }
6290 } else {
6291 // Didn't see 'schm' or 'tenc', so this isn't encrypted.
6292 if ((aux_info_type == MKBETAG('c','e','n','c') ||
6293 aux_info_type == MKBETAG('c','e','n','s') ||
6294 aux_info_type == MKBETAG('c','b','c','1') ||
6295 aux_info_type == MKBETAG('c','b','c','s')) &&
6296 aux_info_param == 0) {
6297 av_log(c->fc, AV_LOG_ERROR, "Saw encrypted saio without schm/tenc\n");
6298 return AVERROR_INVALIDDATA;
6299 } else {
6300 return 0;
6301 }
6302 }
6303 } else if (!sc->cenc.default_encrypted_sample) {
6304 // Didn't see 'schm' or 'tenc', so this isn't encrypted.
6305 return 0;
6306 }
6307
6308 entry_count = avio_rb32(pb);
6309 if (entry_count >= INT_MAX / sizeof(*auxiliary_offsets))
6310 return AVERROR(ENOMEM);
6311
6312 for (i = 0; i < entry_count && !pb->eof_reached; i++) {
6313 unsigned int min_offsets = FFMIN(FFMAX(i + 1, 1024), entry_count);
6314 auxiliary_offsets = av_fast_realloc(
6315 encryption_index->auxiliary_offsets, &alloc_size,
6316 min_offsets * sizeof(*auxiliary_offsets));
6317 if (!auxiliary_offsets) {
6318 av_freep(&encryption_index->auxiliary_offsets);
6319 return AVERROR(ENOMEM);
6320 }
6321 encryption_index->auxiliary_offsets = auxiliary_offsets;
6322
6323 if (version == 0) {
6324 encryption_index->auxiliary_offsets[i] = avio_rb32(pb);
6325 } else {
6326 encryption_index->auxiliary_offsets[i] = avio_rb64(pb);
6327 }
6328 if (c->frag_index.current >= 0) {
6329 encryption_index->auxiliary_offsets[i] += c->fragment.base_data_offset;
6330 }
6331 }
6332
6333 if (pb->eof_reached) {
6334 av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading saio\n");
6335 av_freep(&encryption_index->auxiliary_offsets);
6336 return AVERROR_INVALIDDATA;
6337 }
6338
6339 encryption_index->auxiliary_offsets_count = entry_count;
6340
6341 if (encryption_index->auxiliary_info_sample_count) {
6342 return mov_parse_auxiliary_info(c, sc, pb, encryption_index);
6343 }
6344
6345 return 0;
6346 }
6347
mov_read_pssh(MOVContext * c,AVIOContext * pb,MOVAtom atom)6348 static int mov_read_pssh(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6349 {
6350 AVEncryptionInitInfo *info, *old_init_info;
6351 uint8_t **key_ids;
6352 AVStream *st;
6353 uint8_t *side_data, *extra_data, *old_side_data;
6354 size_t side_data_size;
6355 int ret = 0, old_side_data_size;
6356 unsigned int version, kid_count, extra_data_size, alloc_size = 0;
6357
6358 if (c->fc->nb_streams < 1)
6359 return 0;
6360 st = c->fc->streams[c->fc->nb_streams-1];
6361
6362 version = avio_r8(pb); /* version */
6363 avio_rb24(pb); /* flags */
6364
6365 info = av_encryption_init_info_alloc(/* system_id_size */ 16, /* num_key_ids */ 0,
6366 /* key_id_size */ 16, /* data_size */ 0);
6367 if (!info)
6368 return AVERROR(ENOMEM);
6369
6370 if (avio_read(pb, info->system_id, 16) != 16) {
6371 av_log(c->fc, AV_LOG_ERROR, "Failed to read the system id\n");
6372 ret = AVERROR_INVALIDDATA;
6373 goto finish;
6374 }
6375
6376 if (version > 0) {
6377 kid_count = avio_rb32(pb);
6378 if (kid_count >= INT_MAX / sizeof(*key_ids)) {
6379 ret = AVERROR(ENOMEM);
6380 goto finish;
6381 }
6382
6383 for (unsigned int i = 0; i < kid_count && !pb->eof_reached; i++) {
6384 unsigned int min_kid_count = FFMIN(FFMAX(i + 1, 1024), kid_count);
6385 key_ids = av_fast_realloc(info->key_ids, &alloc_size,
6386 min_kid_count * sizeof(*key_ids));
6387 if (!key_ids) {
6388 ret = AVERROR(ENOMEM);
6389 goto finish;
6390 }
6391 info->key_ids = key_ids;
6392
6393 info->key_ids[i] = av_mallocz(16);
6394 if (!info->key_ids[i]) {
6395 ret = AVERROR(ENOMEM);
6396 goto finish;
6397 }
6398 info->num_key_ids = i + 1;
6399
6400 if (avio_read(pb, info->key_ids[i], 16) != 16) {
6401 av_log(c->fc, AV_LOG_ERROR, "Failed to read the key id\n");
6402 ret = AVERROR_INVALIDDATA;
6403 goto finish;
6404 }
6405 }
6406
6407 if (pb->eof_reached) {
6408 av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading pssh\n");
6409 ret = AVERROR_INVALIDDATA;
6410 goto finish;
6411 }
6412 }
6413
6414 extra_data_size = avio_rb32(pb);
6415 ret = mov_try_read_block(pb, extra_data_size, &extra_data);
6416 if (ret < 0)
6417 goto finish;
6418
6419 av_freep(&info->data); // malloc(0) may still allocate something.
6420 info->data = extra_data;
6421 info->data_size = extra_data_size;
6422
6423 // If there is existing initialization data, append to the list.
6424 old_side_data = av_stream_get_side_data(st, AV_PKT_DATA_ENCRYPTION_INIT_INFO, &old_side_data_size);
6425 if (old_side_data) {
6426 old_init_info = av_encryption_init_info_get_side_data(old_side_data, old_side_data_size);
6427 if (old_init_info) {
6428 // Append to the end of the list.
6429 for (AVEncryptionInitInfo *cur = old_init_info;; cur = cur->next) {
6430 if (!cur->next) {
6431 cur->next = info;
6432 break;
6433 }
6434 }
6435 info = old_init_info;
6436 } else {
6437 // Assume existing side-data will be valid, so the only error we could get is OOM.
6438 ret = AVERROR(ENOMEM);
6439 goto finish;
6440 }
6441 }
6442
6443 side_data = av_encryption_init_info_add_side_data(info, &side_data_size);
6444 if (!side_data) {
6445 ret = AVERROR(ENOMEM);
6446 goto finish;
6447 }
6448 ret = av_stream_add_side_data(st, AV_PKT_DATA_ENCRYPTION_INIT_INFO,
6449 side_data, side_data_size);
6450 if (ret < 0)
6451 av_free(side_data);
6452
6453 finish:
6454 av_encryption_init_info_free(info);
6455 return ret;
6456 }
6457
mov_read_schm(MOVContext * c,AVIOContext * pb,MOVAtom atom)6458 static int mov_read_schm(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6459 {
6460 AVStream *st;
6461 MOVStreamContext *sc;
6462
6463 if (c->fc->nb_streams < 1)
6464 return 0;
6465 st = c->fc->streams[c->fc->nb_streams-1];
6466 sc = st->priv_data;
6467
6468 if (sc->pseudo_stream_id != 0) {
6469 av_log(c->fc, AV_LOG_ERROR, "schm boxes are only supported in first sample descriptor\n");
6470 return AVERROR_PATCHWELCOME;
6471 }
6472
6473 if (atom.size < 8)
6474 return AVERROR_INVALIDDATA;
6475
6476 avio_rb32(pb); /* version and flags */
6477
6478 if (!sc->cenc.default_encrypted_sample) {
6479 sc->cenc.default_encrypted_sample = av_encryption_info_alloc(0, 16, 16);
6480 if (!sc->cenc.default_encrypted_sample) {
6481 return AVERROR(ENOMEM);
6482 }
6483 }
6484
6485 sc->cenc.default_encrypted_sample->scheme = avio_rb32(pb);
6486 return 0;
6487 }
6488
mov_read_tenc(MOVContext * c,AVIOContext * pb,MOVAtom atom)6489 static int mov_read_tenc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6490 {
6491 AVStream *st;
6492 MOVStreamContext *sc;
6493 unsigned int version, pattern, is_protected, iv_size;
6494
6495 if (c->fc->nb_streams < 1)
6496 return 0;
6497 st = c->fc->streams[c->fc->nb_streams-1];
6498 sc = st->priv_data;
6499
6500 if (sc->pseudo_stream_id != 0) {
6501 av_log(c->fc, AV_LOG_ERROR, "tenc atom are only supported in first sample descriptor\n");
6502 return AVERROR_PATCHWELCOME;
6503 }
6504
6505 if (!sc->cenc.default_encrypted_sample) {
6506 sc->cenc.default_encrypted_sample = av_encryption_info_alloc(0, 16, 16);
6507 if (!sc->cenc.default_encrypted_sample) {
6508 return AVERROR(ENOMEM);
6509 }
6510 }
6511
6512 if (atom.size < 20)
6513 return AVERROR_INVALIDDATA;
6514
6515 version = avio_r8(pb); /* version */
6516 avio_rb24(pb); /* flags */
6517
6518 avio_r8(pb); /* reserved */
6519 pattern = avio_r8(pb);
6520
6521 if (version > 0) {
6522 sc->cenc.default_encrypted_sample->crypt_byte_block = pattern >> 4;
6523 sc->cenc.default_encrypted_sample->skip_byte_block = pattern & 0xf;
6524 }
6525
6526 is_protected = avio_r8(pb);
6527 if (is_protected && !sc->cenc.encryption_index) {
6528 // The whole stream should be by-default encrypted.
6529 sc->cenc.encryption_index = av_mallocz(sizeof(MOVEncryptionIndex));
6530 if (!sc->cenc.encryption_index)
6531 return AVERROR(ENOMEM);
6532 }
6533 sc->cenc.per_sample_iv_size = avio_r8(pb);
6534 if (sc->cenc.per_sample_iv_size != 0 && sc->cenc.per_sample_iv_size != 8 &&
6535 sc->cenc.per_sample_iv_size != 16) {
6536 av_log(c->fc, AV_LOG_ERROR, "invalid per-sample IV size value\n");
6537 return AVERROR_INVALIDDATA;
6538 }
6539 if (avio_read(pb, sc->cenc.default_encrypted_sample->key_id, 16) != 16) {
6540 av_log(c->fc, AV_LOG_ERROR, "failed to read the default key ID\n");
6541 return AVERROR_INVALIDDATA;
6542 }
6543
6544 if (is_protected && !sc->cenc.per_sample_iv_size) {
6545 iv_size = avio_r8(pb);
6546 if (iv_size != 8 && iv_size != 16) {
6547 av_log(c->fc, AV_LOG_ERROR, "invalid default_constant_IV_size in tenc atom\n");
6548 return AVERROR_INVALIDDATA;
6549 }
6550
6551 if (avio_read(pb, sc->cenc.default_encrypted_sample->iv, iv_size) != iv_size) {
6552 av_log(c->fc, AV_LOG_ERROR, "failed to read the default IV\n");
6553 return AVERROR_INVALIDDATA;
6554 }
6555 }
6556
6557 return 0;
6558 }
6559
mov_read_dfla(MOVContext * c,AVIOContext * pb,MOVAtom atom)6560 static int mov_read_dfla(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6561 {
6562 AVStream *st;
6563 int last, type, size, ret;
6564 uint8_t buf[4];
6565
6566 if (c->fc->nb_streams < 1)
6567 return 0;
6568 st = c->fc->streams[c->fc->nb_streams-1];
6569
6570 if ((uint64_t)atom.size > (1<<30) || atom.size < 42)
6571 return AVERROR_INVALIDDATA;
6572
6573 /* Check FlacSpecificBox version. */
6574 if (avio_r8(pb) != 0)
6575 return AVERROR_INVALIDDATA;
6576
6577 avio_rb24(pb); /* Flags */
6578
6579 avio_read(pb, buf, sizeof(buf));
6580 flac_parse_block_header(buf, &last, &type, &size);
6581
6582 if (type != FLAC_METADATA_TYPE_STREAMINFO || size != FLAC_STREAMINFO_SIZE) {
6583 av_log(c->fc, AV_LOG_ERROR, "STREAMINFO must be first FLACMetadataBlock\n");
6584 return AVERROR_INVALIDDATA;
6585 }
6586
6587 ret = ff_get_extradata(c->fc, st->codecpar, pb, size);
6588 if (ret < 0)
6589 return ret;
6590
6591 if (!last)
6592 av_log(c->fc, AV_LOG_WARNING, "non-STREAMINFO FLACMetadataBlock(s) ignored\n");
6593
6594 return 0;
6595 }
6596
cenc_decrypt(MOVContext * c,MOVStreamContext * sc,AVEncryptionInfo * sample,uint8_t * input,int size)6597 static int cenc_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *sample, uint8_t *input, int size)
6598 {
6599 int i, ret;
6600
6601 if (sample->scheme != MKBETAG('c','e','n','c') || sample->crypt_byte_block != 0 || sample->skip_byte_block != 0) {
6602 av_log(c->fc, AV_LOG_ERROR, "Only the 'cenc' encryption scheme is supported\n");
6603 return AVERROR_PATCHWELCOME;
6604 }
6605
6606 if (!sc->cenc.aes_ctr) {
6607 /* initialize the cipher */
6608 sc->cenc.aes_ctr = av_aes_ctr_alloc();
6609 if (!sc->cenc.aes_ctr) {
6610 return AVERROR(ENOMEM);
6611 }
6612
6613 ret = av_aes_ctr_init(sc->cenc.aes_ctr, c->decryption_key);
6614 if (ret < 0) {
6615 return ret;
6616 }
6617 }
6618
6619 av_aes_ctr_set_full_iv(sc->cenc.aes_ctr, sample->iv);
6620
6621 if (!sample->subsample_count)
6622 {
6623 /* decrypt the whole packet */
6624 av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, size);
6625 return 0;
6626 }
6627
6628 for (i = 0; i < sample->subsample_count; i++)
6629 {
6630 if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) {
6631 av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n");
6632 return AVERROR_INVALIDDATA;
6633 }
6634
6635 /* skip the clear bytes */
6636 input += sample->subsamples[i].bytes_of_clear_data;
6637 size -= sample->subsamples[i].bytes_of_clear_data;
6638
6639 /* decrypt the encrypted bytes */
6640 av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, sample->subsamples[i].bytes_of_protected_data);
6641 input += sample->subsamples[i].bytes_of_protected_data;
6642 size -= sample->subsamples[i].bytes_of_protected_data;
6643 }
6644
6645 if (size > 0) {
6646 av_log(c->fc, AV_LOG_ERROR, "leftover packet bytes after subsample processing\n");
6647 return AVERROR_INVALIDDATA;
6648 }
6649
6650 return 0;
6651 }
6652
cenc_filter(MOVContext * mov,AVStream * st,MOVStreamContext * sc,AVPacket * pkt,int current_index)6653 static int cenc_filter(MOVContext *mov, AVStream* st, MOVStreamContext *sc, AVPacket *pkt, int current_index)
6654 {
6655 MOVFragmentStreamInfo *frag_stream_info;
6656 MOVEncryptionIndex *encryption_index;
6657 AVEncryptionInfo *encrypted_sample;
6658 int encrypted_index, ret;
6659
6660 frag_stream_info = get_frag_stream_info(&mov->frag_index, mov->frag_index.current, st->id);
6661 encrypted_index = current_index;
6662 encryption_index = NULL;
6663 if (frag_stream_info) {
6664 // Note this only supports encryption info in the first sample descriptor.
6665 if (mov->fragment.stsd_id == 1) {
6666 if (frag_stream_info->encryption_index) {
6667 encrypted_index = current_index - frag_stream_info->index_entry;
6668 encryption_index = frag_stream_info->encryption_index;
6669 } else {
6670 encryption_index = sc->cenc.encryption_index;
6671 }
6672 }
6673 } else {
6674 encryption_index = sc->cenc.encryption_index;
6675 }
6676
6677 if (encryption_index) {
6678 if (encryption_index->auxiliary_info_sample_count &&
6679 !encryption_index->nb_encrypted_samples) {
6680 av_log(mov->fc, AV_LOG_ERROR, "saiz atom found without saio\n");
6681 return AVERROR_INVALIDDATA;
6682 }
6683 if (encryption_index->auxiliary_offsets_count &&
6684 !encryption_index->nb_encrypted_samples) {
6685 av_log(mov->fc, AV_LOG_ERROR, "saio atom found without saiz\n");
6686 return AVERROR_INVALIDDATA;
6687 }
6688
6689 if (!encryption_index->nb_encrypted_samples) {
6690 // Full-sample encryption with default settings.
6691 encrypted_sample = sc->cenc.default_encrypted_sample;
6692 } else if (encrypted_index >= 0 && encrypted_index < encryption_index->nb_encrypted_samples) {
6693 // Per-sample setting override.
6694 encrypted_sample = encryption_index->encrypted_samples[encrypted_index];
6695 } else {
6696 av_log(mov->fc, AV_LOG_ERROR, "Incorrect number of samples in encryption info\n");
6697 return AVERROR_INVALIDDATA;
6698 }
6699
6700 if (mov->decryption_key) {
6701 return cenc_decrypt(mov, sc, encrypted_sample, pkt->data, pkt->size);
6702 } else {
6703 size_t size;
6704 uint8_t *side_data = av_encryption_info_add_side_data(encrypted_sample, &size);
6705 if (!side_data)
6706 return AVERROR(ENOMEM);
6707 ret = av_packet_add_side_data(pkt, AV_PKT_DATA_ENCRYPTION_INFO, side_data, size);
6708 if (ret < 0)
6709 av_free(side_data);
6710 return ret;
6711 }
6712 }
6713
6714 return 0;
6715 }
6716
mov_read_dops(MOVContext * c,AVIOContext * pb,MOVAtom atom)6717 static int mov_read_dops(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6718 {
6719 const int OPUS_SEEK_PREROLL_MS = 80;
6720 int ret;
6721 AVStream *st;
6722 size_t size;
6723 uint16_t pre_skip;
6724
6725 if (c->fc->nb_streams < 1)
6726 return 0;
6727 st = c->fc->streams[c->fc->nb_streams-1];
6728
6729 if ((uint64_t)atom.size > (1<<30) || atom.size < 11)
6730 return AVERROR_INVALIDDATA;
6731
6732 /* Check OpusSpecificBox version. */
6733 if (avio_r8(pb) != 0) {
6734 av_log(c->fc, AV_LOG_ERROR, "unsupported OpusSpecificBox version\n");
6735 return AVERROR_INVALIDDATA;
6736 }
6737
6738 /* OpusSpecificBox size plus magic for Ogg OpusHead header. */
6739 size = atom.size + 8;
6740
6741 if ((ret = ff_alloc_extradata(st->codecpar, size)) < 0)
6742 return ret;
6743
6744 AV_WL32(st->codecpar->extradata, MKTAG('O','p','u','s'));
6745 AV_WL32(st->codecpar->extradata + 4, MKTAG('H','e','a','d'));
6746 AV_WB8(st->codecpar->extradata + 8, 1); /* OpusHead version */
6747 avio_read(pb, st->codecpar->extradata + 9, size - 9);
6748
6749 /* OpusSpecificBox is stored in big-endian, but OpusHead is
6750 little-endian; aside from the preceeding magic and version they're
6751 otherwise currently identical. Data after output gain at offset 16
6752 doesn't need to be bytewapped. */
6753 pre_skip = AV_RB16(st->codecpar->extradata + 10);
6754 AV_WL16(st->codecpar->extradata + 10, pre_skip);
6755 AV_WL32(st->codecpar->extradata + 12, AV_RB32(st->codecpar->extradata + 12));
6756 AV_WL16(st->codecpar->extradata + 16, AV_RB16(st->codecpar->extradata + 16));
6757
6758 st->codecpar->initial_padding = pre_skip;
6759 st->codecpar->seek_preroll = av_rescale_q(OPUS_SEEK_PREROLL_MS,
6760 (AVRational){1, 1000},
6761 (AVRational){1, 48000});
6762
6763 return 0;
6764 }
6765
mov_read_dmlp(MOVContext * c,AVIOContext * pb,MOVAtom atom)6766 static int mov_read_dmlp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6767 {
6768 AVStream *st;
6769 unsigned format_info;
6770 int channel_assignment, channel_assignment1, channel_assignment2;
6771 int ratebits;
6772
6773 if (c->fc->nb_streams < 1)
6774 return 0;
6775 st = c->fc->streams[c->fc->nb_streams-1];
6776
6777 if (atom.size < 10)
6778 return AVERROR_INVALIDDATA;
6779
6780 format_info = avio_rb32(pb);
6781
6782 ratebits = (format_info >> 28) & 0xF;
6783 channel_assignment1 = (format_info >> 15) & 0x1F;
6784 channel_assignment2 = format_info & 0x1FFF;
6785 if (channel_assignment2)
6786 channel_assignment = channel_assignment2;
6787 else
6788 channel_assignment = channel_assignment1;
6789
6790 st->codecpar->frame_size = 40 << (ratebits & 0x7);
6791 st->codecpar->sample_rate = mlp_samplerate(ratebits);
6792 st->codecpar->channels = truehd_channels(channel_assignment);
6793 st->codecpar->channel_layout = truehd_layout(channel_assignment);
6794
6795 return 0;
6796 }
6797
mov_read_dvcc_dvvc(MOVContext * c,AVIOContext * pb,MOVAtom atom)6798 static int mov_read_dvcc_dvvc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6799 {
6800 AVStream *st;
6801 uint32_t buf;
6802 AVDOVIDecoderConfigurationRecord *dovi;
6803 size_t dovi_size;
6804 int ret;
6805
6806 if (c->fc->nb_streams < 1)
6807 return 0;
6808 st = c->fc->streams[c->fc->nb_streams-1];
6809
6810 if ((uint64_t)atom.size > (1<<30) || atom.size < 4)
6811 return AVERROR_INVALIDDATA;
6812
6813 dovi = av_dovi_alloc(&dovi_size);
6814 if (!dovi)
6815 return AVERROR(ENOMEM);
6816
6817 dovi->dv_version_major = avio_r8(pb);
6818 dovi->dv_version_minor = avio_r8(pb);
6819
6820 buf = avio_rb16(pb);
6821 dovi->dv_profile = (buf >> 9) & 0x7f; // 7 bits
6822 dovi->dv_level = (buf >> 3) & 0x3f; // 6 bits
6823 dovi->rpu_present_flag = (buf >> 2) & 0x01; // 1 bit
6824 dovi->el_present_flag = (buf >> 1) & 0x01; // 1 bit
6825 dovi->bl_present_flag = buf & 0x01; // 1 bit
6826 if (atom.size >= 24) { // 4 + 4 + 4 * 4
6827 buf = avio_r8(pb);
6828 dovi->dv_bl_signal_compatibility_id = (buf >> 4) & 0x0f; // 4 bits
6829 } else {
6830 // 0 stands for None
6831 // Dolby Vision V1.2.93 profiles and levels
6832 dovi->dv_bl_signal_compatibility_id = 0;
6833 }
6834
6835 ret = av_stream_add_side_data(st, AV_PKT_DATA_DOVI_CONF,
6836 (uint8_t *)dovi, dovi_size);
6837 if (ret < 0) {
6838 av_free(dovi);
6839 return ret;
6840 }
6841
6842 av_log(c, AV_LOG_TRACE, "DOVI in dvcC/dvvC box, version: %d.%d, profile: %d, level: %d, "
6843 "rpu flag: %d, el flag: %d, bl flag: %d, compatibility id: %d\n",
6844 dovi->dv_version_major, dovi->dv_version_minor,
6845 dovi->dv_profile, dovi->dv_level,
6846 dovi->rpu_present_flag,
6847 dovi->el_present_flag,
6848 dovi->bl_present_flag,
6849 dovi->dv_bl_signal_compatibility_id
6850 );
6851
6852 return 0;
6853 }
6854
6855 static const MOVParseTableEntry mov_default_parse_table[] = {
6856 { MKTAG('A','C','L','R'), mov_read_aclr },
6857 { MKTAG('A','P','R','G'), mov_read_avid },
6858 { MKTAG('A','A','L','P'), mov_read_avid },
6859 { MKTAG('A','R','E','S'), mov_read_ares },
6860 { MKTAG('a','v','s','s'), mov_read_avss },
6861 { MKTAG('a','v','1','C'), mov_read_av1c },
6862 { MKTAG('c','h','p','l'), mov_read_chpl },
6863 { MKTAG('c','o','6','4'), mov_read_stco },
6864 { MKTAG('c','o','l','r'), mov_read_colr },
6865 { MKTAG('c','t','t','s'), mov_read_ctts }, /* composition time to sample */
6866 { MKTAG('d','i','n','f'), mov_read_default },
6867 { MKTAG('D','p','x','E'), mov_read_dpxe },
6868 { MKTAG('d','r','e','f'), mov_read_dref },
6869 { MKTAG('e','d','t','s'), mov_read_default },
6870 { MKTAG('e','l','s','t'), mov_read_elst },
6871 { MKTAG('e','n','d','a'), mov_read_enda },
6872 { MKTAG('f','i','e','l'), mov_read_fiel },
6873 { MKTAG('a','d','r','m'), mov_read_adrm },
6874 { MKTAG('f','t','y','p'), mov_read_ftyp },
6875 { MKTAG('g','l','b','l'), mov_read_glbl },
6876 { MKTAG('h','d','l','r'), mov_read_hdlr },
6877 { MKTAG('i','l','s','t'), mov_read_ilst },
6878 { MKTAG('j','p','2','h'), mov_read_jp2h },
6879 { MKTAG('m','d','a','t'), mov_read_mdat },
6880 { MKTAG('m','d','h','d'), mov_read_mdhd },
6881 { MKTAG('m','d','i','a'), mov_read_default },
6882 { MKTAG('m','e','t','a'), mov_read_meta },
6883 { MKTAG('m','i','n','f'), mov_read_default },
6884 { MKTAG('m','o','o','f'), mov_read_moof },
6885 { MKTAG('m','o','o','v'), mov_read_moov },
6886 { MKTAG('m','v','e','x'), mov_read_default },
6887 { MKTAG('m','v','h','d'), mov_read_mvhd },
6888 { MKTAG('S','M','I',' '), mov_read_svq3 },
6889 { MKTAG('a','l','a','c'), mov_read_alac }, /* alac specific atom */
6890 { MKTAG('a','v','c','C'), mov_read_glbl },
6891 { MKTAG('p','a','s','p'), mov_read_pasp },
6892 { MKTAG('s','i','d','x'), mov_read_sidx },
6893 { MKTAG('s','t','b','l'), mov_read_default },
6894 { MKTAG('s','t','c','o'), mov_read_stco },
6895 { MKTAG('s','t','p','s'), mov_read_stps },
6896 { MKTAG('s','t','r','f'), mov_read_strf },
6897 { MKTAG('s','t','s','c'), mov_read_stsc },
6898 { MKTAG('s','t','s','d'), mov_read_stsd }, /* sample description */
6899 { MKTAG('s','t','s','s'), mov_read_stss }, /* sync sample */
6900 { MKTAG('s','t','s','z'), mov_read_stsz }, /* sample size */
6901 { MKTAG('s','t','t','s'), mov_read_stts },
6902 { MKTAG('s','t','z','2'), mov_read_stsz }, /* compact sample size */
6903 { MKTAG('s','d','t','p'), mov_read_sdtp }, /* independent and disposable samples */
6904 { MKTAG('t','k','h','d'), mov_read_tkhd }, /* track header */
6905 { MKTAG('t','f','d','t'), mov_read_tfdt },
6906 { MKTAG('t','f','h','d'), mov_read_tfhd }, /* track fragment header */
6907 { MKTAG('t','r','a','k'), mov_read_trak },
6908 { MKTAG('t','r','a','f'), mov_read_default },
6909 { MKTAG('t','r','e','f'), mov_read_default },
6910 { MKTAG('t','m','c','d'), mov_read_tmcd },
6911 { MKTAG('c','h','a','p'), mov_read_chap },
6912 { MKTAG('t','r','e','x'), mov_read_trex },
6913 { MKTAG('t','r','u','n'), mov_read_trun },
6914 { MKTAG('u','d','t','a'), mov_read_default },
6915 { MKTAG('w','a','v','e'), mov_read_wave },
6916 { MKTAG('e','s','d','s'), mov_read_esds },
6917 { MKTAG('d','a','c','3'), mov_read_dac3 }, /* AC-3 info */
6918 { MKTAG('d','e','c','3'), mov_read_dec3 }, /* EAC-3 info */
6919 { MKTAG('d','d','t','s'), mov_read_ddts }, /* DTS audio descriptor */
6920 { MKTAG('w','i','d','e'), mov_read_wide }, /* place holder */
6921 { MKTAG('w','f','e','x'), mov_read_wfex },
6922 { MKTAG('c','m','o','v'), mov_read_cmov },
6923 { MKTAG('c','h','a','n'), mov_read_chan }, /* channel layout */
6924 { MKTAG('d','v','c','1'), mov_read_dvc1 },
6925 { MKTAG('s','b','g','p'), mov_read_sbgp },
6926 { MKTAG('h','v','c','C'), mov_read_glbl },
6927 { MKTAG('u','u','i','d'), mov_read_uuid },
6928 { MKTAG('C','i','n', 0x8e), mov_read_targa_y216 },
6929 { MKTAG('f','r','e','e'), mov_read_free },
6930 { MKTAG('-','-','-','-'), mov_read_custom },
6931 { MKTAG('s','i','n','f'), mov_read_default },
6932 { MKTAG('f','r','m','a'), mov_read_frma },
6933 { MKTAG('s','e','n','c'), mov_read_senc },
6934 { MKTAG('s','a','i','z'), mov_read_saiz },
6935 { MKTAG('s','a','i','o'), mov_read_saio },
6936 { MKTAG('p','s','s','h'), mov_read_pssh },
6937 { MKTAG('s','c','h','m'), mov_read_schm },
6938 { MKTAG('s','c','h','i'), mov_read_default },
6939 { MKTAG('t','e','n','c'), mov_read_tenc },
6940 { MKTAG('d','f','L','a'), mov_read_dfla },
6941 { MKTAG('s','t','3','d'), mov_read_st3d }, /* stereoscopic 3D video box */
6942 { MKTAG('s','v','3','d'), mov_read_sv3d }, /* spherical video box */
6943 { MKTAG('d','O','p','s'), mov_read_dops },
6944 { MKTAG('d','m','l','p'), mov_read_dmlp },
6945 { MKTAG('S','m','D','m'), mov_read_smdm },
6946 { MKTAG('C','o','L','L'), mov_read_coll },
6947 { MKTAG('v','p','c','C'), mov_read_vpcc },
6948 { MKTAG('m','d','c','v'), mov_read_mdcv },
6949 { MKTAG('c','l','l','i'), mov_read_clli },
6950 { MKTAG('d','v','c','C'), mov_read_dvcc_dvvc },
6951 { MKTAG('d','v','v','C'), mov_read_dvcc_dvvc },
6952 { 0, NULL }
6953 };
6954
mov_read_default(MOVContext * c,AVIOContext * pb,MOVAtom atom)6955 static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6956 {
6957 int64_t total_size = 0;
6958 MOVAtom a;
6959 int i;
6960
6961 if (c->atom_depth > 10) {
6962 av_log(c->fc, AV_LOG_ERROR, "Atoms too deeply nested\n");
6963 return AVERROR_INVALIDDATA;
6964 }
6965 c->atom_depth ++;
6966
6967 if (atom.size < 0)
6968 atom.size = INT64_MAX;
6969 while (total_size <= atom.size - 8 && !avio_feof(pb)) {
6970 int (*parse)(MOVContext*, AVIOContext*, MOVAtom) = NULL;
6971 a.size = atom.size;
6972 a.type=0;
6973 if (atom.size >= 8) {
6974 a.size = avio_rb32(pb);
6975 a.type = avio_rl32(pb);
6976 if (((a.type == MKTAG('f','r','e','e') && c->moov_retry) ||
6977 a.type == MKTAG('h','o','o','v')) &&
6978 a.size >= 8 &&
6979 c->fc->strict_std_compliance < FF_COMPLIANCE_STRICT) {
6980 uint32_t type;
6981 avio_skip(pb, 4);
6982 type = avio_rl32(pb);
6983 avio_seek(pb, -8, SEEK_CUR);
6984 if (type == MKTAG('m','v','h','d') ||
6985 type == MKTAG('c','m','o','v')) {
6986 av_log(c->fc, AV_LOG_ERROR, "Detected moov in a free or hoov atom.\n");
6987 a.type = MKTAG('m','o','o','v');
6988 }
6989 }
6990 if (atom.type != MKTAG('r','o','o','t') &&
6991 atom.type != MKTAG('m','o','o','v'))
6992 {
6993 if (a.type == MKTAG('t','r','a','k') || a.type == MKTAG('m','d','a','t'))
6994 {
6995 av_log(c->fc, AV_LOG_ERROR, "Broken file, trak/mdat not at top-level\n");
6996 avio_skip(pb, -8);
6997 c->atom_depth --;
6998 return 0;
6999 }
7000 }
7001 total_size += 8;
7002 if (a.size == 1 && total_size + 8 <= atom.size) { /* 64 bit extended size */
7003 a.size = avio_rb64(pb) - 8;
7004 total_size += 8;
7005 }
7006 }
7007 av_log(c->fc, AV_LOG_TRACE, "type:'%s' parent:'%s' sz: %"PRId64" %"PRId64" %"PRId64"\n",
7008 av_fourcc2str(a.type), av_fourcc2str(atom.type), a.size, total_size, atom.size);
7009 if (a.size == 0) {
7010 a.size = atom.size - total_size + 8;
7011 }
7012 a.size -= 8;
7013 if (a.size < 0)
7014 break;
7015 a.size = FFMIN(a.size, atom.size - total_size);
7016
7017 for (i = 0; mov_default_parse_table[i].type; i++)
7018 if (mov_default_parse_table[i].type == a.type) {
7019 parse = mov_default_parse_table[i].parse;
7020 break;
7021 }
7022
7023 // container is user data
7024 if (!parse && (atom.type == MKTAG('u','d','t','a') ||
7025 atom.type == MKTAG('i','l','s','t')))
7026 parse = mov_read_udta_string;
7027
7028 // Supports parsing the QuickTime Metadata Keys.
7029 // https://developer.apple.com/library/mac/documentation/QuickTime/QTFF/Metadata/Metadata.html
7030 if (!parse && c->found_hdlr_mdta &&
7031 atom.type == MKTAG('m','e','t','a') &&
7032 a.type == MKTAG('k','e','y','s') &&
7033 c->meta_keys_count == 0) {
7034 parse = mov_read_keys;
7035 }
7036
7037 if (!parse) { /* skip leaf atoms data */
7038 avio_skip(pb, a.size);
7039 } else {
7040 int64_t start_pos = avio_tell(pb);
7041 int64_t left;
7042 int err = parse(c, pb, a);
7043 if (err < 0) {
7044 c->atom_depth --;
7045 return err;
7046 }
7047 if (c->found_moov && c->found_mdat &&
7048 ((!(pb->seekable & AVIO_SEEKABLE_NORMAL) || c->fc->flags & AVFMT_FLAG_IGNIDX || c->frag_index.complete) ||
7049 start_pos + a.size == avio_size(pb))) {
7050 if (!(pb->seekable & AVIO_SEEKABLE_NORMAL) || c->fc->flags & AVFMT_FLAG_IGNIDX || c->frag_index.complete)
7051 c->next_root_atom = start_pos + a.size;
7052 c->atom_depth --;
7053 return 0;
7054 }
7055 left = a.size - avio_tell(pb) + start_pos;
7056 if (left > 0) /* skip garbage at atom end */
7057 avio_skip(pb, left);
7058 else if (left < 0) {
7059 av_log(c->fc, AV_LOG_WARNING,
7060 "overread end of atom '%.4s' by %"PRId64" bytes\n",
7061 (char*)&a.type, -left);
7062 avio_seek(pb, left, SEEK_CUR);
7063 }
7064 }
7065
7066 total_size += a.size;
7067 }
7068
7069 if (total_size < atom.size && atom.size < 0x7ffff)
7070 avio_skip(pb, atom.size - total_size);
7071
7072 c->atom_depth --;
7073 return 0;
7074 }
7075
mov_probe(const AVProbeData * p)7076 static int mov_probe(const AVProbeData *p)
7077 {
7078 int64_t offset;
7079 uint32_t tag;
7080 int score = 0;
7081 int moov_offset = -1;
7082
7083 /* check file header */
7084 offset = 0;
7085 for (;;) {
7086 /* ignore invalid offset */
7087 if ((offset + 8) > (unsigned int)p->buf_size)
7088 break;
7089 tag = AV_RL32(p->buf + offset + 4);
7090 switch(tag) {
7091 /* check for obvious tags */
7092 case MKTAG('m','o','o','v'):
7093 moov_offset = offset + 4;
7094 case MKTAG('m','d','a','t'):
7095 case MKTAG('p','n','o','t'): /* detect movs with preview pics like ew.mov and april.mov */
7096 case MKTAG('u','d','t','a'): /* Packet Video PVAuthor adds this and a lot of more junk */
7097 case MKTAG('f','t','y','p'):
7098 if (AV_RB32(p->buf+offset) < 8 &&
7099 (AV_RB32(p->buf+offset) != 1 ||
7100 offset + 12 > (unsigned int)p->buf_size ||
7101 AV_RB64(p->buf+offset + 8) == 0)) {
7102 score = FFMAX(score, AVPROBE_SCORE_EXTENSION);
7103 } else if (tag == MKTAG('f','t','y','p') &&
7104 ( AV_RL32(p->buf + offset + 8) == MKTAG('j','p','2',' ')
7105 || AV_RL32(p->buf + offset + 8) == MKTAG('j','p','x',' ')
7106 )) {
7107 score = FFMAX(score, 5);
7108 } else {
7109 score = AVPROBE_SCORE_MAX;
7110 }
7111 offset = FFMAX(4, AV_RB32(p->buf+offset)) + offset;
7112 break;
7113 /* those are more common words, so rate then a bit less */
7114 case MKTAG('e','d','i','w'): /* xdcam files have reverted first tags */
7115 case MKTAG('w','i','d','e'):
7116 case MKTAG('f','r','e','e'):
7117 case MKTAG('j','u','n','k'):
7118 case MKTAG('p','i','c','t'):
7119 score = FFMAX(score, AVPROBE_SCORE_MAX - 5);
7120 offset = FFMAX(4, AV_RB32(p->buf+offset)) + offset;
7121 break;
7122 case MKTAG(0x82,0x82,0x7f,0x7d):
7123 case MKTAG('s','k','i','p'):
7124 case MKTAG('u','u','i','d'):
7125 case MKTAG('p','r','f','l'):
7126 /* if we only find those cause probedata is too small at least rate them */
7127 score = FFMAX(score, AVPROBE_SCORE_EXTENSION);
7128 offset = FFMAX(4, AV_RB32(p->buf+offset)) + offset;
7129 break;
7130 default:
7131 offset = FFMAX(4, AV_RB32(p->buf+offset)) + offset;
7132 }
7133 }
7134 if(score > AVPROBE_SCORE_MAX - 50 && moov_offset != -1) {
7135 /* moov atom in the header - we should make sure that this is not a
7136 * MOV-packed MPEG-PS */
7137 offset = moov_offset;
7138
7139 while(offset < (p->buf_size - 16)){ /* Sufficient space */
7140 /* We found an actual hdlr atom */
7141 if(AV_RL32(p->buf + offset ) == MKTAG('h','d','l','r') &&
7142 AV_RL32(p->buf + offset + 8) == MKTAG('m','h','l','r') &&
7143 AV_RL32(p->buf + offset + 12) == MKTAG('M','P','E','G')){
7144 av_log(NULL, AV_LOG_WARNING, "Found media data tag MPEG indicating this is a MOV-packed MPEG-PS.\n");
7145 /* We found a media handler reference atom describing an
7146 * MPEG-PS-in-MOV, return a
7147 * low score to force expanding the probe window until
7148 * mpegps_probe finds what it needs */
7149 return 5;
7150 }else
7151 /* Keep looking */
7152 offset+=2;
7153 }
7154 }
7155
7156 return score;
7157 }
7158
7159 // must be done after parsing all trak because there's no order requirement
mov_read_chapters(AVFormatContext * s)7160 static void mov_read_chapters(AVFormatContext *s)
7161 {
7162 MOVContext *mov = s->priv_data;
7163 AVStream *st;
7164 MOVStreamContext *sc;
7165 int64_t cur_pos;
7166 int i, j;
7167 int chapter_track;
7168
7169 for (j = 0; j < mov->nb_chapter_tracks; j++) {
7170 chapter_track = mov->chapter_tracks[j];
7171 st = NULL;
7172 for (i = 0; i < s->nb_streams; i++)
7173 if (s->streams[i]->id == chapter_track) {
7174 st = s->streams[i];
7175 break;
7176 }
7177 if (!st) {
7178 av_log(s, AV_LOG_ERROR, "Referenced QT chapter track not found\n");
7179 continue;
7180 }
7181
7182 sc = st->priv_data;
7183 cur_pos = avio_tell(sc->pb);
7184
7185 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) {
7186 st->disposition |= AV_DISPOSITION_ATTACHED_PIC | AV_DISPOSITION_TIMED_THUMBNAILS;
7187 if (st->nb_index_entries) {
7188 // Retrieve the first frame, if possible
7189 AVPacket pkt;
7190 AVIndexEntry *sample = &st->index_entries[0];
7191 if (avio_seek(sc->pb, sample->pos, SEEK_SET) != sample->pos) {
7192 av_log(s, AV_LOG_ERROR, "Failed to retrieve first frame\n");
7193 goto finish;
7194 }
7195
7196 if (av_get_packet(sc->pb, &pkt, sample->size) < 0)
7197 goto finish;
7198
7199 st->attached_pic = pkt;
7200 st->attached_pic.stream_index = st->index;
7201 st->attached_pic.flags |= AV_PKT_FLAG_KEY;
7202 }
7203 } else {
7204 st->codecpar->codec_type = AVMEDIA_TYPE_DATA;
7205 st->codecpar->codec_id = AV_CODEC_ID_BIN_DATA;
7206 st->discard = AVDISCARD_ALL;
7207 for (i = 0; i < st->nb_index_entries; i++) {
7208 AVIndexEntry *sample = &st->index_entries[i];
7209 int64_t end = i+1 < st->nb_index_entries ? st->index_entries[i+1].timestamp : st->duration;
7210 uint8_t *title;
7211 uint16_t ch;
7212 int len, title_len;
7213
7214 if (end < sample->timestamp) {
7215 av_log(s, AV_LOG_WARNING, "ignoring stream duration which is shorter than chapters\n");
7216 end = AV_NOPTS_VALUE;
7217 }
7218
7219 if (avio_seek(sc->pb, sample->pos, SEEK_SET) != sample->pos) {
7220 av_log(s, AV_LOG_ERROR, "Chapter %d not found in file\n", i);
7221 goto finish;
7222 }
7223
7224 // the first two bytes are the length of the title
7225 len = avio_rb16(sc->pb);
7226 if (len > sample->size-2)
7227 continue;
7228 title_len = 2*len + 1;
7229 if (!(title = av_mallocz(title_len)))
7230 goto finish;
7231
7232 // The samples could theoretically be in any encoding if there's an encd
7233 // atom following, but in practice are only utf-8 or utf-16, distinguished
7234 // instead by the presence of a BOM
7235 if (!len) {
7236 title[0] = 0;
7237 } else {
7238 ch = avio_rb16(sc->pb);
7239 if (ch == 0xfeff)
7240 avio_get_str16be(sc->pb, len, title, title_len);
7241 else if (ch == 0xfffe)
7242 avio_get_str16le(sc->pb, len, title, title_len);
7243 else {
7244 AV_WB16(title, ch);
7245 if (len == 1 || len == 2)
7246 title[len] = 0;
7247 else
7248 avio_get_str(sc->pb, INT_MAX, title + 2, len - 1);
7249 }
7250 }
7251
7252 avpriv_new_chapter(s, i, st->time_base, sample->timestamp, end, title);
7253 av_freep(&title);
7254 }
7255 }
7256 finish:
7257 avio_seek(sc->pb, cur_pos, SEEK_SET);
7258 }
7259 }
7260
parse_timecode_in_framenum_format(AVFormatContext * s,AVStream * st,uint32_t value,int flags)7261 static int parse_timecode_in_framenum_format(AVFormatContext *s, AVStream *st,
7262 uint32_t value, int flags)
7263 {
7264 AVTimecode tc;
7265 char buf[AV_TIMECODE_STR_SIZE];
7266 AVRational rate = st->avg_frame_rate;
7267 int ret = av_timecode_init(&tc, rate, flags, 0, s);
7268 if (ret < 0)
7269 return ret;
7270 av_dict_set(&st->metadata, "timecode",
7271 av_timecode_make_string(&tc, buf, value), 0);
7272 return 0;
7273 }
7274
mov_read_rtmd_track(AVFormatContext * s,AVStream * st)7275 static int mov_read_rtmd_track(AVFormatContext *s, AVStream *st)
7276 {
7277 MOVStreamContext *sc = st->priv_data;
7278 char buf[AV_TIMECODE_STR_SIZE];
7279 int64_t cur_pos = avio_tell(sc->pb);
7280 int hh, mm, ss, ff, drop;
7281
7282 if (!st->nb_index_entries)
7283 return -1;
7284
7285 avio_seek(sc->pb, st->index_entries->pos, SEEK_SET);
7286 avio_skip(s->pb, 13);
7287 hh = avio_r8(s->pb);
7288 mm = avio_r8(s->pb);
7289 ss = avio_r8(s->pb);
7290 drop = avio_r8(s->pb);
7291 ff = avio_r8(s->pb);
7292 snprintf(buf, AV_TIMECODE_STR_SIZE, "%02d:%02d:%02d%c%02d",
7293 hh, mm, ss, drop ? ';' : ':', ff);
7294 av_dict_set(&st->metadata, "timecode", buf, 0);
7295
7296 avio_seek(sc->pb, cur_pos, SEEK_SET);
7297 return 0;
7298 }
7299
mov_read_timecode_track(AVFormatContext * s,AVStream * st)7300 static int mov_read_timecode_track(AVFormatContext *s, AVStream *st)
7301 {
7302 MOVStreamContext *sc = st->priv_data;
7303 int flags = 0;
7304 int64_t cur_pos = avio_tell(sc->pb);
7305 uint32_t value;
7306
7307 if (!st->nb_index_entries)
7308 return -1;
7309
7310 avio_seek(sc->pb, st->index_entries->pos, SEEK_SET);
7311 value = avio_rb32(s->pb);
7312
7313 if (sc->tmcd_flags & 0x0001) flags |= AV_TIMECODE_FLAG_DROPFRAME;
7314 if (sc->tmcd_flags & 0x0002) flags |= AV_TIMECODE_FLAG_24HOURSMAX;
7315 if (sc->tmcd_flags & 0x0004) flags |= AV_TIMECODE_FLAG_ALLOWNEGATIVE;
7316
7317 /* Assume Counter flag is set to 1 in tmcd track (even though it is likely
7318 * not the case) and thus assume "frame number format" instead of QT one.
7319 * No sample with tmcd track can be found with a QT timecode at the moment,
7320 * despite what the tmcd track "suggests" (Counter flag set to 0 means QT
7321 * format). */
7322 parse_timecode_in_framenum_format(s, st, value, flags);
7323
7324 avio_seek(sc->pb, cur_pos, SEEK_SET);
7325 return 0;
7326 }
7327
mov_free_encryption_index(MOVEncryptionIndex ** index)7328 static void mov_free_encryption_index(MOVEncryptionIndex **index) {
7329 int i;
7330 if (!index || !*index) return;
7331 for (i = 0; i < (*index)->nb_encrypted_samples; i++) {
7332 av_encryption_info_free((*index)->encrypted_samples[i]);
7333 }
7334 av_freep(&(*index)->encrypted_samples);
7335 av_freep(&(*index)->auxiliary_info_sizes);
7336 av_freep(&(*index)->auxiliary_offsets);
7337 av_freep(index);
7338 }
7339
mov_read_close(AVFormatContext * s)7340 static int mov_read_close(AVFormatContext *s)
7341 {
7342 MOVContext *mov = s->priv_data;
7343 int i, j;
7344
7345 for (i = 0; i < s->nb_streams; i++) {
7346 AVStream *st = s->streams[i];
7347 MOVStreamContext *sc = st->priv_data;
7348
7349 if (!sc)
7350 continue;
7351
7352 av_freep(&sc->ctts_data);
7353 for (j = 0; j < sc->drefs_count; j++) {
7354 av_freep(&sc->drefs[j].path);
7355 av_freep(&sc->drefs[j].dir);
7356 }
7357 av_freep(&sc->drefs);
7358
7359 sc->drefs_count = 0;
7360
7361 if (!sc->pb_is_copied)
7362 ff_format_io_close(s, &sc->pb);
7363
7364 sc->pb = NULL;
7365 av_freep(&sc->chunk_offsets);
7366 av_freep(&sc->stsc_data);
7367 av_freep(&sc->sample_sizes);
7368 av_freep(&sc->keyframes);
7369 av_freep(&sc->stts_data);
7370 av_freep(&sc->sdtp_data);
7371 av_freep(&sc->stps_data);
7372 av_freep(&sc->elst_data);
7373 av_freep(&sc->rap_group);
7374 av_freep(&sc->display_matrix);
7375 av_freep(&sc->index_ranges);
7376
7377 if (sc->extradata)
7378 for (j = 0; j < sc->stsd_count; j++)
7379 av_free(sc->extradata[j]);
7380 av_freep(&sc->extradata);
7381 av_freep(&sc->extradata_size);
7382
7383 mov_free_encryption_index(&sc->cenc.encryption_index);
7384 av_encryption_info_free(sc->cenc.default_encrypted_sample);
7385 av_aes_ctr_free(sc->cenc.aes_ctr);
7386
7387 av_freep(&sc->stereo3d);
7388 av_freep(&sc->spherical);
7389 av_freep(&sc->mastering);
7390 av_freep(&sc->coll);
7391 }
7392
7393 av_freep(&mov->dv_demux);
7394 avformat_free_context(mov->dv_fctx);
7395 mov->dv_fctx = NULL;
7396
7397 if (mov->meta_keys) {
7398 for (i = 1; i < mov->meta_keys_count; i++) {
7399 av_freep(&mov->meta_keys[i]);
7400 }
7401 av_freep(&mov->meta_keys);
7402 }
7403
7404 av_freep(&mov->trex_data);
7405 av_freep(&mov->bitrates);
7406
7407 for (i = 0; i < mov->frag_index.nb_items; i++) {
7408 MOVFragmentStreamInfo *frag = mov->frag_index.item[i].stream_info;
7409 for (j = 0; j < mov->frag_index.item[i].nb_stream_info; j++) {
7410 mov_free_encryption_index(&frag[j].encryption_index);
7411 }
7412 av_freep(&mov->frag_index.item[i].stream_info);
7413 }
7414 av_freep(&mov->frag_index.item);
7415
7416 av_freep(&mov->aes_decrypt);
7417 av_freep(&mov->chapter_tracks);
7418
7419 return 0;
7420 }
7421
tmcd_is_referenced(AVFormatContext * s,int tmcd_id)7422 static int tmcd_is_referenced(AVFormatContext *s, int tmcd_id)
7423 {
7424 int i;
7425
7426 for (i = 0; i < s->nb_streams; i++) {
7427 AVStream *st = s->streams[i];
7428 MOVStreamContext *sc = st->priv_data;
7429
7430 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO &&
7431 sc->timecode_track == tmcd_id)
7432 return 1;
7433 }
7434 return 0;
7435 }
7436
7437 /* look for a tmcd track not referenced by any video track, and export it globally */
export_orphan_timecode(AVFormatContext * s)7438 static void export_orphan_timecode(AVFormatContext *s)
7439 {
7440 int i;
7441
7442 for (i = 0; i < s->nb_streams; i++) {
7443 AVStream *st = s->streams[i];
7444
7445 if (st->codecpar->codec_tag == MKTAG('t','m','c','d') &&
7446 !tmcd_is_referenced(s, i + 1)) {
7447 AVDictionaryEntry *tcr = av_dict_get(st->metadata, "timecode", NULL, 0);
7448 if (tcr) {
7449 av_dict_set(&s->metadata, "timecode", tcr->value, 0);
7450 break;
7451 }
7452 }
7453 }
7454 }
7455
read_tfra(MOVContext * mov,AVIOContext * f)7456 static int read_tfra(MOVContext *mov, AVIOContext *f)
7457 {
7458 int version, fieldlength, i, j;
7459 int64_t pos = avio_tell(f);
7460 uint32_t size = avio_rb32(f);
7461 unsigned track_id, item_count;
7462
7463 if (avio_rb32(f) != MKBETAG('t', 'f', 'r', 'a')) {
7464 return 1;
7465 }
7466 av_log(mov->fc, AV_LOG_VERBOSE, "found tfra\n");
7467
7468 version = avio_r8(f);
7469 avio_rb24(f);
7470 track_id = avio_rb32(f);
7471 fieldlength = avio_rb32(f);
7472 item_count = avio_rb32(f);
7473 for (i = 0; i < item_count; i++) {
7474 int64_t time, offset;
7475 int index;
7476 MOVFragmentStreamInfo * frag_stream_info;
7477
7478 if (avio_feof(f)) {
7479 return AVERROR_INVALIDDATA;
7480 }
7481
7482 if (version == 1) {
7483 time = avio_rb64(f);
7484 offset = avio_rb64(f);
7485 } else {
7486 time = avio_rb32(f);
7487 offset = avio_rb32(f);
7488 }
7489
7490 // The first sample of each stream in a fragment is always a random
7491 // access sample. So it's entry in the tfra can be used as the
7492 // initial PTS of the fragment.
7493 index = update_frag_index(mov, offset);
7494 frag_stream_info = get_frag_stream_info(&mov->frag_index, index, track_id);
7495 if (frag_stream_info &&
7496 frag_stream_info->first_tfra_pts == AV_NOPTS_VALUE)
7497 frag_stream_info->first_tfra_pts = time;
7498
7499 for (j = 0; j < ((fieldlength >> 4) & 3) + 1; j++)
7500 avio_r8(f);
7501 for (j = 0; j < ((fieldlength >> 2) & 3) + 1; j++)
7502 avio_r8(f);
7503 for (j = 0; j < ((fieldlength >> 0) & 3) + 1; j++)
7504 avio_r8(f);
7505 }
7506
7507 avio_seek(f, pos + size, SEEK_SET);
7508 return 0;
7509 }
7510
mov_read_mfra(MOVContext * c,AVIOContext * f)7511 static int mov_read_mfra(MOVContext *c, AVIOContext *f)
7512 {
7513 int64_t stream_size = avio_size(f);
7514 int64_t original_pos = avio_tell(f);
7515 int64_t seek_ret;
7516 int32_t mfra_size;
7517 int ret = -1;
7518 if ((seek_ret = avio_seek(f, stream_size - 4, SEEK_SET)) < 0) {
7519 ret = seek_ret;
7520 goto fail;
7521 }
7522 mfra_size = avio_rb32(f);
7523 if (mfra_size < 0 || mfra_size > stream_size) {
7524 av_log(c->fc, AV_LOG_DEBUG, "doesn't look like mfra (unreasonable size)\n");
7525 goto fail;
7526 }
7527 if ((seek_ret = avio_seek(f, -mfra_size, SEEK_CUR)) < 0) {
7528 ret = seek_ret;
7529 goto fail;
7530 }
7531 if (avio_rb32(f) != mfra_size) {
7532 av_log(c->fc, AV_LOG_DEBUG, "doesn't look like mfra (size mismatch)\n");
7533 goto fail;
7534 }
7535 if (avio_rb32(f) != MKBETAG('m', 'f', 'r', 'a')) {
7536 av_log(c->fc, AV_LOG_DEBUG, "doesn't look like mfra (tag mismatch)\n");
7537 goto fail;
7538 }
7539 av_log(c->fc, AV_LOG_VERBOSE, "stream has mfra\n");
7540 do {
7541 ret = read_tfra(c, f);
7542 if (ret < 0)
7543 goto fail;
7544 } while (!ret);
7545 ret = 0;
7546 fail:
7547 seek_ret = avio_seek(f, original_pos, SEEK_SET);
7548 if (seek_ret < 0) {
7549 av_log(c->fc, AV_LOG_ERROR,
7550 "failed to seek back after looking for mfra\n");
7551 ret = seek_ret;
7552 }
7553 return ret;
7554 }
7555
mov_read_header(AVFormatContext * s)7556 static int mov_read_header(AVFormatContext *s)
7557 {
7558 MOVContext *mov = s->priv_data;
7559 AVIOContext *pb = s->pb;
7560 int j, err;
7561 MOVAtom atom = { AV_RL32("root") };
7562 int i;
7563
7564 if (mov->decryption_key_len != 0 && mov->decryption_key_len != AES_CTR_KEY_SIZE) {
7565 av_log(s, AV_LOG_ERROR, "Invalid decryption key len %d expected %d\n",
7566 mov->decryption_key_len, AES_CTR_KEY_SIZE);
7567 return AVERROR(EINVAL);
7568 }
7569
7570 mov->fc = s;
7571 mov->trak_index = -1;
7572 /* .mov and .mp4 aren't streamable anyway (only progressive download if moov is before mdat) */
7573 if (pb->seekable & AVIO_SEEKABLE_NORMAL)
7574 atom.size = avio_size(pb);
7575 else
7576 atom.size = INT64_MAX;
7577
7578 /* check MOV header */
7579 do {
7580 if (mov->moov_retry)
7581 avio_seek(pb, 0, SEEK_SET);
7582 if ((err = mov_read_default(mov, pb, atom)) < 0) {
7583 av_log(s, AV_LOG_ERROR, "error reading header\n");
7584 goto fail;
7585 }
7586 } while ((pb->seekable & AVIO_SEEKABLE_NORMAL) && !mov->found_moov && !mov->moov_retry++);
7587 if (!mov->found_moov) {
7588 av_log(s, AV_LOG_ERROR, "moov atom not found\n");
7589 err = AVERROR_INVALIDDATA;
7590 goto fail;
7591 }
7592 av_log(mov->fc, AV_LOG_TRACE, "on_parse_exit_offset=%"PRId64"\n", avio_tell(pb));
7593
7594 if (pb->seekable & AVIO_SEEKABLE_NORMAL) {
7595 if (mov->nb_chapter_tracks > 0 && !mov->ignore_chapters)
7596 mov_read_chapters(s);
7597 for (i = 0; i < s->nb_streams; i++)
7598 if (s->streams[i]->codecpar->codec_tag == AV_RL32("tmcd")) {
7599 mov_read_timecode_track(s, s->streams[i]);
7600 } else if (s->streams[i]->codecpar->codec_tag == AV_RL32("rtmd")) {
7601 mov_read_rtmd_track(s, s->streams[i]);
7602 }
7603 }
7604
7605 /* copy timecode metadata from tmcd tracks to the related video streams */
7606 for (i = 0; i < s->nb_streams; i++) {
7607 AVStream *st = s->streams[i];
7608 MOVStreamContext *sc = st->priv_data;
7609 if (sc->timecode_track > 0) {
7610 AVDictionaryEntry *tcr;
7611 int tmcd_st_id = -1;
7612
7613 for (j = 0; j < s->nb_streams; j++)
7614 if (s->streams[j]->id == sc->timecode_track)
7615 tmcd_st_id = j;
7616
7617 if (tmcd_st_id < 0 || tmcd_st_id == i)
7618 continue;
7619 tcr = av_dict_get(s->streams[tmcd_st_id]->metadata, "timecode", NULL, 0);
7620 if (tcr)
7621 av_dict_set(&st->metadata, "timecode", tcr->value, 0);
7622 }
7623 }
7624 export_orphan_timecode(s);
7625
7626 for (i = 0; i < s->nb_streams; i++) {
7627 AVStream *st = s->streams[i];
7628 MOVStreamContext *sc = st->priv_data;
7629 fix_timescale(mov, sc);
7630 if(st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO && st->codecpar->codec_id == AV_CODEC_ID_AAC) {
7631 st->skip_samples = sc->start_pad;
7632 }
7633 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO && sc->nb_frames_for_fps > 0 && sc->duration_for_fps > 0)
7634 av_reduce(&st->avg_frame_rate.num, &st->avg_frame_rate.den,
7635 sc->time_scale*(int64_t)sc->nb_frames_for_fps, sc->duration_for_fps, INT_MAX);
7636 if (st->codecpar->codec_type == AVMEDIA_TYPE_SUBTITLE) {
7637 if (st->codecpar->width <= 0 || st->codecpar->height <= 0) {
7638 st->codecpar->width = sc->width;
7639 st->codecpar->height = sc->height;
7640 }
7641 if (st->codecpar->codec_id == AV_CODEC_ID_DVD_SUBTITLE) {
7642 if ((err = mov_rewrite_dvd_sub_extradata(st)) < 0)
7643 goto fail;
7644 }
7645 }
7646 if (mov->handbrake_version &&
7647 mov->handbrake_version <= 1000000*0 + 1000*10 + 2 && // 0.10.2
7648 st->codecpar->codec_id == AV_CODEC_ID_MP3
7649 ) {
7650 av_log(s, AV_LOG_VERBOSE, "Forcing full parsing for mp3 stream\n");
7651 st->need_parsing = AVSTREAM_PARSE_FULL;
7652 }
7653 }
7654
7655 if (mov->trex_data) {
7656 for (i = 0; i < s->nb_streams; i++) {
7657 AVStream *st = s->streams[i];
7658 MOVStreamContext *sc = st->priv_data;
7659 if (st->duration > 0) {
7660 if (sc->data_size > INT64_MAX / sc->time_scale / 8) {
7661 av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n",
7662 sc->data_size, sc->time_scale);
7663 err = AVERROR_INVALIDDATA;
7664 goto fail;
7665 }
7666 st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale / st->duration;
7667 }
7668 }
7669 }
7670
7671 if (mov->use_mfra_for > 0) {
7672 for (i = 0; i < s->nb_streams; i++) {
7673 AVStream *st = s->streams[i];
7674 MOVStreamContext *sc = st->priv_data;
7675 if (sc->duration_for_fps > 0) {
7676 if (sc->data_size > INT64_MAX / sc->time_scale / 8) {
7677 av_log(s, AV_LOG_ERROR, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n",
7678 sc->data_size, sc->time_scale);
7679 err = AVERROR_INVALIDDATA;
7680 goto fail;
7681 }
7682 st->codecpar->bit_rate = sc->data_size * 8 * sc->time_scale /
7683 sc->duration_for_fps;
7684 }
7685 }
7686 }
7687
7688 for (i = 0; i < mov->bitrates_count && i < s->nb_streams; i++) {
7689 if (mov->bitrates[i]) {
7690 s->streams[i]->codecpar->bit_rate = mov->bitrates[i];
7691 }
7692 }
7693
7694 ff_rfps_calculate(s);
7695
7696 for (i = 0; i < s->nb_streams; i++) {
7697 AVStream *st = s->streams[i];
7698 MOVStreamContext *sc = st->priv_data;
7699
7700 switch (st->codecpar->codec_type) {
7701 case AVMEDIA_TYPE_AUDIO:
7702 err = ff_replaygain_export(st, s->metadata);
7703 if (err < 0) {
7704 goto fail;
7705 }
7706 break;
7707 case AVMEDIA_TYPE_VIDEO:
7708 if (sc->display_matrix) {
7709 err = av_stream_add_side_data(st, AV_PKT_DATA_DISPLAYMATRIX, (uint8_t*)sc->display_matrix,
7710 sizeof(int32_t) * 9);
7711 if (err < 0)
7712 goto fail;
7713
7714 sc->display_matrix = NULL;
7715 }
7716 if (sc->stereo3d) {
7717 err = av_stream_add_side_data(st, AV_PKT_DATA_STEREO3D,
7718 (uint8_t *)sc->stereo3d,
7719 sizeof(*sc->stereo3d));
7720 if (err < 0)
7721 goto fail;
7722
7723 sc->stereo3d = NULL;
7724 }
7725 if (sc->spherical) {
7726 err = av_stream_add_side_data(st, AV_PKT_DATA_SPHERICAL,
7727 (uint8_t *)sc->spherical,
7728 sc->spherical_size);
7729 if (err < 0)
7730 goto fail;
7731
7732 sc->spherical = NULL;
7733 }
7734 if (sc->mastering) {
7735 err = av_stream_add_side_data(st, AV_PKT_DATA_MASTERING_DISPLAY_METADATA,
7736 (uint8_t *)sc->mastering,
7737 sizeof(*sc->mastering));
7738 if (err < 0)
7739 goto fail;
7740
7741 sc->mastering = NULL;
7742 }
7743 if (sc->coll) {
7744 err = av_stream_add_side_data(st, AV_PKT_DATA_CONTENT_LIGHT_LEVEL,
7745 (uint8_t *)sc->coll,
7746 sc->coll_size);
7747 if (err < 0)
7748 goto fail;
7749
7750 sc->coll = NULL;
7751 }
7752 break;
7753 }
7754 }
7755 ff_configure_buffers_for_index(s, AV_TIME_BASE);
7756
7757 for (i = 0; i < mov->frag_index.nb_items; i++)
7758 if (mov->frag_index.item[i].moof_offset <= mov->fragment.moof_offset)
7759 mov->frag_index.item[i].headers_read = 1;
7760
7761 return 0;
7762 fail:
7763 mov_read_close(s);
7764 return err;
7765 }
7766
mov_find_next_sample(AVFormatContext * s,AVStream ** st)7767 static AVIndexEntry *mov_find_next_sample(AVFormatContext *s, AVStream **st)
7768 {
7769 AVIndexEntry *sample = NULL;
7770 int64_t best_dts = INT64_MAX;
7771 int i;
7772 for (i = 0; i < s->nb_streams; i++) {
7773 AVStream *avst = s->streams[i];
7774 MOVStreamContext *msc = avst->priv_data;
7775 if (msc->pb && msc->current_sample < avst->nb_index_entries) {
7776 AVIndexEntry *current_sample = &avst->index_entries[msc->current_sample];
7777 int64_t dts = av_rescale(current_sample->timestamp, AV_TIME_BASE, msc->time_scale);
7778 av_log(s, AV_LOG_TRACE, "stream %d, sample %d, dts %"PRId64"\n", i, msc->current_sample, dts);
7779 if (!sample || (!(s->pb->seekable & AVIO_SEEKABLE_NORMAL) && current_sample->pos < sample->pos) ||
7780 ((s->pb->seekable & AVIO_SEEKABLE_NORMAL) &&
7781 ((msc->pb != s->pb && dts < best_dts) || (msc->pb == s->pb && dts != AV_NOPTS_VALUE &&
7782 ((FFABS(best_dts - dts) <= AV_TIME_BASE && current_sample->pos < sample->pos) ||
7783 (FFABS(best_dts - dts) > AV_TIME_BASE && dts < best_dts)))))) {
7784 sample = current_sample;
7785 best_dts = dts;
7786 *st = avst;
7787 }
7788 }
7789 }
7790 return sample;
7791 }
7792
should_retry(AVIOContext * pb,int error_code)7793 static int should_retry(AVIOContext *pb, int error_code) {
7794 if (error_code == AVERROR_EOF || avio_feof(pb))
7795 return 0;
7796
7797 return 1;
7798 }
7799
mov_switch_root(AVFormatContext * s,int64_t target,int index)7800 static int mov_switch_root(AVFormatContext *s, int64_t target, int index)
7801 {
7802 int ret;
7803 MOVContext *mov = s->priv_data;
7804
7805 if (index >= 0 && index < mov->frag_index.nb_items)
7806 target = mov->frag_index.item[index].moof_offset;
7807 if (avio_seek(s->pb, target, SEEK_SET) != target) {
7808 av_log(mov->fc, AV_LOG_ERROR, "root atom offset 0x%"PRIx64": partial file\n", target);
7809 return AVERROR_INVALIDDATA;
7810 }
7811
7812 mov->next_root_atom = 0;
7813 if (index < 0 || index >= mov->frag_index.nb_items)
7814 index = search_frag_moof_offset(&mov->frag_index, target);
7815 if (index < mov->frag_index.nb_items &&
7816 mov->frag_index.item[index].moof_offset == target) {
7817 if (index + 1 < mov->frag_index.nb_items)
7818 mov->next_root_atom = mov->frag_index.item[index + 1].moof_offset;
7819 if (mov->frag_index.item[index].headers_read)
7820 return 0;
7821 mov->frag_index.item[index].headers_read = 1;
7822 }
7823
7824 mov->found_mdat = 0;
7825
7826 ret = mov_read_default(mov, s->pb, (MOVAtom){ AV_RL32("root"), INT64_MAX });
7827 if (ret < 0)
7828 return ret;
7829 if (avio_feof(s->pb))
7830 return AVERROR_EOF;
7831 av_log(s, AV_LOG_TRACE, "read fragments, offset 0x%"PRIx64"\n", avio_tell(s->pb));
7832
7833 return 1;
7834 }
7835
mov_change_extradata(MOVStreamContext * sc,AVPacket * pkt)7836 static int mov_change_extradata(MOVStreamContext *sc, AVPacket *pkt)
7837 {
7838 uint8_t *side, *extradata;
7839 int extradata_size;
7840
7841 /* Save the current index. */
7842 sc->last_stsd_index = sc->stsc_data[sc->stsc_index].id - 1;
7843
7844 /* Notify the decoder that extradata changed. */
7845 extradata_size = sc->extradata_size[sc->last_stsd_index];
7846 extradata = sc->extradata[sc->last_stsd_index];
7847 if (extradata_size > 0 && extradata) {
7848 side = av_packet_new_side_data(pkt,
7849 AV_PKT_DATA_NEW_EXTRADATA,
7850 extradata_size);
7851 if (!side)
7852 return AVERROR(ENOMEM);
7853 memcpy(side, extradata, extradata_size);
7854 }
7855
7856 return 0;
7857 }
7858
mov_read_packet(AVFormatContext * s,AVPacket * pkt)7859 static int mov_read_packet(AVFormatContext *s, AVPacket *pkt)
7860 {
7861 MOVContext *mov = s->priv_data;
7862 MOVStreamContext *sc;
7863 AVIndexEntry *sample;
7864 AVStream *st = NULL;
7865 int64_t current_index;
7866 int ret;
7867 mov->fc = s;
7868 retry:
7869 sample = mov_find_next_sample(s, &st);
7870 if (!sample || (mov->next_root_atom && sample->pos > mov->next_root_atom)) {
7871 if (!mov->next_root_atom)
7872 return AVERROR_EOF;
7873 if ((ret = mov_switch_root(s, mov->next_root_atom, -1)) < 0)
7874 return ret;
7875 goto retry;
7876 }
7877 sc = st->priv_data;
7878 /* must be done just before reading, to avoid infinite loop on sample */
7879 current_index = sc->current_index;
7880 mov_current_sample_inc(sc);
7881
7882 if (mov->next_root_atom) {
7883 sample->pos = FFMIN(sample->pos, mov->next_root_atom);
7884 sample->size = FFMIN(sample->size, (mov->next_root_atom - sample->pos));
7885 }
7886
7887 if (st->discard != AVDISCARD_ALL) {
7888 int64_t ret64 = avio_seek(sc->pb, sample->pos, SEEK_SET);
7889 if (ret64 != sample->pos) {
7890 av_log(mov->fc, AV_LOG_ERROR, "stream %d, offset 0x%"PRIx64": partial file\n",
7891 sc->ffindex, sample->pos);
7892 if (should_retry(sc->pb, ret64)) {
7893 mov_current_sample_dec(sc);
7894 }
7895 return AVERROR_INVALIDDATA;
7896 }
7897
7898 if( st->discard == AVDISCARD_NONKEY && 0==(sample->flags & AVINDEX_KEYFRAME) ) {
7899 av_log(mov->fc, AV_LOG_DEBUG, "Nonkey frame from stream %d discarded due to AVDISCARD_NONKEY\n", sc->ffindex);
7900 goto retry;
7901 }
7902
7903 ret = av_get_packet(sc->pb, pkt, sample->size);
7904 if (ret < 0) {
7905 if (should_retry(sc->pb, ret)) {
7906 mov_current_sample_dec(sc);
7907 }
7908 return ret;
7909 }
7910 #if CONFIG_DV_DEMUXER
7911 if (mov->dv_demux && sc->dv_audio_container) {
7912 AVBufferRef *buf = pkt->buf;
7913 ret = avpriv_dv_produce_packet(mov->dv_demux, pkt, pkt->data, pkt->size, pkt->pos);
7914 pkt->buf = buf;
7915 av_packet_unref(pkt);
7916 if (ret < 0)
7917 return ret;
7918 ret = avpriv_dv_get_packet(mov->dv_demux, pkt);
7919 if (ret < 0)
7920 return ret;
7921 }
7922 #endif
7923 if (sc->has_palette) {
7924 uint8_t *pal;
7925
7926 pal = av_packet_new_side_data(pkt, AV_PKT_DATA_PALETTE, AVPALETTE_SIZE);
7927 if (!pal) {
7928 av_log(mov->fc, AV_LOG_ERROR, "Cannot append palette to packet\n");
7929 } else {
7930 memcpy(pal, sc->palette, AVPALETTE_SIZE);
7931 sc->has_palette = 0;
7932 }
7933 }
7934 if (st->codecpar->codec_id == AV_CODEC_ID_MP3 && !st->need_parsing && pkt->size > 4) {
7935 if (ff_mpa_check_header(AV_RB32(pkt->data)) < 0)
7936 st->need_parsing = AVSTREAM_PARSE_FULL;
7937 }
7938 }
7939
7940 pkt->stream_index = sc->ffindex;
7941 pkt->dts = sample->timestamp;
7942 if (sample->flags & AVINDEX_DISCARD_FRAME) {
7943 pkt->flags |= AV_PKT_FLAG_DISCARD;
7944 }
7945 if (sc->ctts_data && sc->ctts_index < sc->ctts_count) {
7946 pkt->pts = pkt->dts + sc->dts_shift + sc->ctts_data[sc->ctts_index].duration;
7947 /* update ctts context */
7948 sc->ctts_sample++;
7949 if (sc->ctts_index < sc->ctts_count &&
7950 sc->ctts_data[sc->ctts_index].count == sc->ctts_sample) {
7951 sc->ctts_index++;
7952 sc->ctts_sample = 0;
7953 }
7954 } else {
7955 int64_t next_dts = (sc->current_sample < st->nb_index_entries) ?
7956 st->index_entries[sc->current_sample].timestamp : st->duration;
7957
7958 if (next_dts >= pkt->dts)
7959 pkt->duration = next_dts - pkt->dts;
7960 pkt->pts = pkt->dts;
7961 }
7962 if (st->discard == AVDISCARD_ALL)
7963 goto retry;
7964 if (sc->sdtp_data && sc->current_sample <= sc->sdtp_count) {
7965 uint8_t sample_flags = sc->sdtp_data[sc->current_sample - 1];
7966 uint8_t sample_is_depended_on = (sample_flags >> 2) & 0x3;
7967 pkt->flags |= sample_is_depended_on == MOV_SAMPLE_DEPENDENCY_NO ? AV_PKT_FLAG_DISPOSABLE : 0;
7968 }
7969 pkt->flags |= sample->flags & AVINDEX_KEYFRAME ? AV_PKT_FLAG_KEY : 0;
7970 pkt->pos = sample->pos;
7971
7972 /* Multiple stsd handling. */
7973 if (sc->stsc_data) {
7974 /* Keep track of the stsc index for the given sample, then check
7975 * if the stsd index is different from the last used one. */
7976 sc->stsc_sample++;
7977 if (mov_stsc_index_valid(sc->stsc_index, sc->stsc_count) &&
7978 mov_get_stsc_samples(sc, sc->stsc_index) == sc->stsc_sample) {
7979 sc->stsc_index++;
7980 sc->stsc_sample = 0;
7981 /* Do not check indexes after a switch. */
7982 } else if (sc->stsc_data[sc->stsc_index].id > 0 &&
7983 sc->stsc_data[sc->stsc_index].id - 1 < sc->stsd_count &&
7984 sc->stsc_data[sc->stsc_index].id - 1 != sc->last_stsd_index) {
7985 ret = mov_change_extradata(sc, pkt);
7986 if (ret < 0)
7987 return ret;
7988 }
7989 }
7990
7991 if (mov->aax_mode)
7992 aax_filter(pkt->data, pkt->size, mov);
7993
7994 ret = cenc_filter(mov, st, sc, pkt, current_index);
7995 if (ret < 0) {
7996 return ret;
7997 }
7998
7999 return 0;
8000 }
8001
mov_seek_fragment(AVFormatContext * s,AVStream * st,int64_t timestamp)8002 static int mov_seek_fragment(AVFormatContext *s, AVStream *st, int64_t timestamp)
8003 {
8004 MOVContext *mov = s->priv_data;
8005 int index;
8006
8007 if (!mov->frag_index.complete)
8008 return 0;
8009
8010 index = search_frag_timestamp(&mov->frag_index, st, timestamp);
8011 if (index < 0)
8012 index = 0;
8013 if (!mov->frag_index.item[index].headers_read)
8014 return mov_switch_root(s, -1, index);
8015 if (index + 1 < mov->frag_index.nb_items)
8016 mov->next_root_atom = mov->frag_index.item[index + 1].moof_offset;
8017
8018 return 0;
8019 }
8020
mov_seek_stream(AVFormatContext * s,AVStream * st,int64_t timestamp,int flags)8021 static int mov_seek_stream(AVFormatContext *s, AVStream *st, int64_t timestamp, int flags)
8022 {
8023 MOVStreamContext *sc = st->priv_data;
8024 int sample, time_sample, ret;
8025 unsigned int i;
8026
8027 // Here we consider timestamp to be PTS, hence try to offset it so that we
8028 // can search over the DTS timeline.
8029 timestamp -= (sc->min_corrected_pts + sc->dts_shift);
8030
8031 ret = mov_seek_fragment(s, st, timestamp);
8032 if (ret < 0)
8033 return ret;
8034
8035 sample = av_index_search_timestamp(st, timestamp, flags);
8036 av_log(s, AV_LOG_TRACE, "stream %d, timestamp %"PRId64", sample %d\n", st->index, timestamp, sample);
8037 if (sample < 0 && st->nb_index_entries && timestamp < st->index_entries[0].timestamp)
8038 sample = 0;
8039 if (sample < 0) /* not sure what to do */
8040 return AVERROR_INVALIDDATA;
8041 mov_current_sample_set(sc, sample);
8042 av_log(s, AV_LOG_TRACE, "stream %d, found sample %d\n", st->index, sc->current_sample);
8043 /* adjust ctts index */
8044 if (sc->ctts_data) {
8045 time_sample = 0;
8046 for (i = 0; i < sc->ctts_count; i++) {
8047 int next = time_sample + sc->ctts_data[i].count;
8048 if (next > sc->current_sample) {
8049 sc->ctts_index = i;
8050 sc->ctts_sample = sc->current_sample - time_sample;
8051 break;
8052 }
8053 time_sample = next;
8054 }
8055 }
8056
8057 /* adjust stsd index */
8058 if (sc->chunk_count) {
8059 time_sample = 0;
8060 for (i = 0; i < sc->stsc_count; i++) {
8061 int64_t next = time_sample + mov_get_stsc_samples(sc, i);
8062 if (next > sc->current_sample) {
8063 sc->stsc_index = i;
8064 sc->stsc_sample = sc->current_sample - time_sample;
8065 break;
8066 }
8067 av_assert0(next == (int)next);
8068 time_sample = next;
8069 }
8070 }
8071
8072 return sample;
8073 }
8074
mov_read_seek(AVFormatContext * s,int stream_index,int64_t sample_time,int flags)8075 static int mov_read_seek(AVFormatContext *s, int stream_index, int64_t sample_time, int flags)
8076 {
8077 MOVContext *mc = s->priv_data;
8078 AVStream *st;
8079 int sample;
8080 int i;
8081
8082 if (stream_index >= s->nb_streams)
8083 return AVERROR_INVALIDDATA;
8084
8085 st = s->streams[stream_index];
8086 sample = mov_seek_stream(s, st, sample_time, flags);
8087 if (sample < 0)
8088 return sample;
8089
8090 if (mc->seek_individually) {
8091 /* adjust seek timestamp to found sample timestamp */
8092 int64_t seek_timestamp = st->index_entries[sample].timestamp;
8093
8094 for (i = 0; i < s->nb_streams; i++) {
8095 int64_t timestamp;
8096 MOVStreamContext *sc = s->streams[i]->priv_data;
8097 st = s->streams[i];
8098 st->skip_samples = (sample_time <= 0) ? sc->start_pad : 0;
8099
8100 if (stream_index == i)
8101 continue;
8102
8103 timestamp = av_rescale_q(seek_timestamp, s->streams[stream_index]->time_base, st->time_base);
8104 mov_seek_stream(s, st, timestamp, flags);
8105 }
8106 } else {
8107 for (i = 0; i < s->nb_streams; i++) {
8108 MOVStreamContext *sc;
8109 st = s->streams[i];
8110 sc = st->priv_data;
8111 mov_current_sample_set(sc, 0);
8112 }
8113 while (1) {
8114 MOVStreamContext *sc;
8115 AVIndexEntry *entry = mov_find_next_sample(s, &st);
8116 if (!entry)
8117 return AVERROR_INVALIDDATA;
8118 sc = st->priv_data;
8119 if (sc->ffindex == stream_index && sc->current_sample == sample)
8120 break;
8121 mov_current_sample_inc(sc);
8122 }
8123 }
8124 return 0;
8125 }
8126
8127 #define OFFSET(x) offsetof(MOVContext, x)
8128 #define FLAGS AV_OPT_FLAG_VIDEO_PARAM | AV_OPT_FLAG_DECODING_PARAM
8129 static const AVOption mov_options[] = {
8130 {"use_absolute_path",
8131 "allow using absolute path when opening alias, this is a possible security issue",
8132 OFFSET(use_absolute_path), AV_OPT_TYPE_BOOL, {.i64 = 0},
8133 0, 1, FLAGS},
8134 {"seek_streams_individually",
8135 "Seek each stream individually to the closest point",
8136 OFFSET(seek_individually), AV_OPT_TYPE_BOOL, { .i64 = 1 },
8137 0, 1, FLAGS},
8138 {"ignore_editlist", "Ignore the edit list atom.", OFFSET(ignore_editlist), AV_OPT_TYPE_BOOL, {.i64 = 0},
8139 0, 1, FLAGS},
8140 {"advanced_editlist",
8141 "Modify the AVIndex according to the editlists. Use this option to decode in the order specified by the edits.",
8142 OFFSET(advanced_editlist), AV_OPT_TYPE_BOOL, {.i64 = 1},
8143 0, 1, FLAGS},
8144 {"ignore_chapters", "", OFFSET(ignore_chapters), AV_OPT_TYPE_BOOL, {.i64 = 0},
8145 0, 1, FLAGS},
8146 {"use_mfra_for",
8147 "use mfra for fragment timestamps",
8148 OFFSET(use_mfra_for), AV_OPT_TYPE_INT, {.i64 = FF_MOV_FLAG_MFRA_AUTO},
8149 -1, FF_MOV_FLAG_MFRA_PTS, FLAGS,
8150 "use_mfra_for"},
8151 {"auto", "auto", 0, AV_OPT_TYPE_CONST, {.i64 = FF_MOV_FLAG_MFRA_AUTO}, 0, 0,
8152 FLAGS, "use_mfra_for" },
8153 {"dts", "dts", 0, AV_OPT_TYPE_CONST, {.i64 = FF_MOV_FLAG_MFRA_DTS}, 0, 0,
8154 FLAGS, "use_mfra_for" },
8155 {"pts", "pts", 0, AV_OPT_TYPE_CONST, {.i64 = FF_MOV_FLAG_MFRA_PTS}, 0, 0,
8156 FLAGS, "use_mfra_for" },
8157 { "export_all", "Export unrecognized metadata entries", OFFSET(export_all),
8158 AV_OPT_TYPE_BOOL, { .i64 = 0 }, 0, 1, .flags = FLAGS },
8159 { "export_xmp", "Export full XMP metadata", OFFSET(export_xmp),
8160 AV_OPT_TYPE_BOOL, { .i64 = 0 }, 0, 1, .flags = FLAGS },
8161 { "activation_bytes", "Secret bytes for Audible AAX files", OFFSET(activation_bytes),
8162 AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_DECODING_PARAM },
8163 { "audible_fixed_key", // extracted from libAAX_SDK.so and AAXSDKWin.dll files!
8164 "Fixed key used for handling Audible AAX files", OFFSET(audible_fixed_key),
8165 AV_OPT_TYPE_BINARY, {.str="77214d4b196a87cd520045fd20a51d67"},
8166 .flags = AV_OPT_FLAG_DECODING_PARAM },
8167 { "decryption_key", "The media decryption key (hex)", OFFSET(decryption_key), AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_DECODING_PARAM },
8168 { "enable_drefs", "Enable external track support.", OFFSET(enable_drefs), AV_OPT_TYPE_BOOL,
8169 {.i64 = 0}, 0, 1, FLAGS },
8170
8171 { NULL },
8172 };
8173
8174 static const AVClass mov_class = {
8175 .class_name = "mov,mp4,m4a,3gp,3g2,mj2",
8176 .item_name = av_default_item_name,
8177 .option = mov_options,
8178 .version = LIBAVUTIL_VERSION_INT,
8179 };
8180
8181 AVInputFormat ff_mov_demuxer = {
8182 .name = "mov,mp4,m4a,3gp,3g2,mj2",
8183 .long_name = NULL_IF_CONFIG_SMALL("QuickTime / MOV"),
8184 .priv_class = &mov_class,
8185 .priv_data_size = sizeof(MOVContext),
8186 .extensions = "mov,mp4,m4a,3gp,3g2,mj2,psp,m4b,ism,ismv,isma,f4v",
8187 .read_probe = mov_probe,
8188 .read_header = mov_read_header,
8189 .read_packet = mov_read_packet,
8190 .read_close = mov_read_close,
8191 .read_seek = mov_read_seek,
8192 .flags = AVFMT_NO_BYTE_SEEK | AVFMT_SEEK_TO_PTS,
8193 };
8194