1 /*
2 * MOV demuxer
3 * Copyright (c) 2001 Fabrice Bellard
4 * Copyright (c) 2009 Baptiste Coudurier <baptiste dot coudurier at gmail dot com>
5 *
6 * first version by Francois Revol <revol@free.fr>
7 * seek function by Gael Chardon <gael.dev@4now.net>
8 *
9 * This file is part of FFmpeg.
10 *
11 * FFmpeg is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU Lesser General Public
13 * License as published by the Free Software Foundation; either
14 * version 2.1 of the License, or (at your option) any later version.
15 *
16 * FFmpeg is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 * Lesser General Public License for more details.
20 *
21 * You should have received a copy of the GNU Lesser General Public
22 * License along with FFmpeg; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
24 */
25
26 #include "config_components.h"
27
28 #include <inttypes.h>
29 #include <limits.h>
30 #include <stdint.h>
31
32 #include "libavutil/attributes.h"
33 #include "libavutil/bprint.h"
34 #include "libavutil/channel_layout.h"
35 #include "libavutil/internal.h"
36 #include "libavutil/intreadwrite.h"
37 #include "libavutil/intfloat.h"
38 #include "libavutil/mathematics.h"
39 #include "libavutil/avassert.h"
40 #include "libavutil/avstring.h"
41 #include "libavutil/dict.h"
42 #include "libavutil/opt.h"
43 #include "libavutil/aes.h"
44 #include "libavutil/aes_ctr.h"
45 #include "libavutil/pixdesc.h"
46 #include "libavutil/sha.h"
47 #include "libavutil/spherical.h"
48 #include "libavutil/stereo3d.h"
49 #include "libavutil/timecode.h"
50 #include "libavutil/uuid.h"
51 #include "libavcodec/ac3tab.h"
52 #include "libavcodec/flac.h"
53 #include "libavcodec/hevc.h"
54 #include "libavcodec/mpegaudiodecheader.h"
55 #include "libavcodec/mlp_parse.h"
56 #include "avformat.h"
57 #include "internal.h"
58 #include "avio_internal.h"
59 #include "demux.h"
60 #include "dovi_isom.h"
61 #include "riff.h"
62 #include "isom.h"
63 #include "libavcodec/get_bits.h"
64 #include "id3v1.h"
65 #include "mov_chan.h"
66 #include "replaygain.h"
67 #include "libavcodec/av3a.h"
68
69 #if CONFIG_ZLIB
70 #include <zlib.h>
71 #endif
72
73 #include "qtpalette.h"
74
75 #ifdef OHOS_DRM
76 #define MOV_DRM_PSSH_TITLE_LEN (8)
77
78 static const uint8_t g_pssh_title_buf[4] = { // 4:bufSize
79 0x70, 0x73, 0x73, 0x68
80 };
81 #endif
82
83 /* those functions parse an atom */
84 /* links atom IDs to parse functions */
85 typedef struct MOVParseTableEntry {
86 uint32_t type;
87 int (*parse)(MOVContext *ctx, AVIOContext *pb, MOVAtom atom);
88 } MOVParseTableEntry;
89
90 static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom);
91 static int mov_read_mfra(MOVContext *c, AVIOContext *f);
92 static int64_t add_ctts_entry(MOVCtts** ctts_data, unsigned int* ctts_count, unsigned int* allocated_size,
93 int count, int duration);
94
mov_metadata_track_or_disc_number(MOVContext * c,AVIOContext * pb,unsigned len,const char * key)95 static int mov_metadata_track_or_disc_number(MOVContext *c, AVIOContext *pb,
96 unsigned len, const char *key)
97 {
98 char buf[16];
99
100 short current, total = 0;
101 avio_rb16(pb); // unknown
102 current = avio_rb16(pb);
103 if (len >= 6)
104 total = avio_rb16(pb);
105 if (!total)
106 snprintf(buf, sizeof(buf), "%d", current);
107 else
108 snprintf(buf, sizeof(buf), "%d/%d", current, total);
109 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
110 av_dict_set(&c->fc->metadata, key, buf, 0);
111
112 return 0;
113 }
114
mov_metadata_int8_bypass_padding(MOVContext * c,AVIOContext * pb,unsigned len,const char * key)115 static int mov_metadata_int8_bypass_padding(MOVContext *c, AVIOContext *pb,
116 unsigned len, const char *key)
117 {
118 /* bypass padding bytes */
119 avio_r8(pb);
120 avio_r8(pb);
121 avio_r8(pb);
122
123 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
124 av_dict_set_int(&c->fc->metadata, key, avio_r8(pb), 0);
125
126 return 0;
127 }
128
mov_metadata_int8_no_padding(MOVContext * c,AVIOContext * pb,unsigned len,const char * key)129 static int mov_metadata_int8_no_padding(MOVContext *c, AVIOContext *pb,
130 unsigned len, const char *key)
131 {
132 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
133 av_dict_set_int(&c->fc->metadata, key, avio_r8(pb), 0);
134
135 return 0;
136 }
137
mov_metadata_gnre(MOVContext * c,AVIOContext * pb,unsigned len,const char * key)138 static int mov_metadata_gnre(MOVContext *c, AVIOContext *pb,
139 unsigned len, const char *key)
140 {
141 short genre;
142
143 avio_r8(pb); // unknown
144
145 genre = avio_r8(pb);
146 if (genre < 1 || genre > ID3v1_GENRE_MAX)
147 return 0;
148 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
149 av_dict_set(&c->fc->metadata, key, ff_id3v1_genre_str[genre-1], 0);
150
151 return 0;
152 }
153
154 static const uint32_t mac_to_unicode[128] = {
155 0x00C4,0x00C5,0x00C7,0x00C9,0x00D1,0x00D6,0x00DC,0x00E1,
156 0x00E0,0x00E2,0x00E4,0x00E3,0x00E5,0x00E7,0x00E9,0x00E8,
157 0x00EA,0x00EB,0x00ED,0x00EC,0x00EE,0x00EF,0x00F1,0x00F3,
158 0x00F2,0x00F4,0x00F6,0x00F5,0x00FA,0x00F9,0x00FB,0x00FC,
159 0x2020,0x00B0,0x00A2,0x00A3,0x00A7,0x2022,0x00B6,0x00DF,
160 0x00AE,0x00A9,0x2122,0x00B4,0x00A8,0x2260,0x00C6,0x00D8,
161 0x221E,0x00B1,0x2264,0x2265,0x00A5,0x00B5,0x2202,0x2211,
162 0x220F,0x03C0,0x222B,0x00AA,0x00BA,0x03A9,0x00E6,0x00F8,
163 0x00BF,0x00A1,0x00AC,0x221A,0x0192,0x2248,0x2206,0x00AB,
164 0x00BB,0x2026,0x00A0,0x00C0,0x00C3,0x00D5,0x0152,0x0153,
165 0x2013,0x2014,0x201C,0x201D,0x2018,0x2019,0x00F7,0x25CA,
166 0x00FF,0x0178,0x2044,0x20AC,0x2039,0x203A,0xFB01,0xFB02,
167 0x2021,0x00B7,0x201A,0x201E,0x2030,0x00C2,0x00CA,0x00C1,
168 0x00CB,0x00C8,0x00CD,0x00CE,0x00CF,0x00CC,0x00D3,0x00D4,
169 0xF8FF,0x00D2,0x00DA,0x00DB,0x00D9,0x0131,0x02C6,0x02DC,
170 0x00AF,0x02D8,0x02D9,0x02DA,0x00B8,0x02DD,0x02DB,0x02C7,
171 };
172
mov_read_mac_string(MOVContext * c,AVIOContext * pb,int len,char * dst,int dstlen)173 static int mov_read_mac_string(MOVContext *c, AVIOContext *pb, int len,
174 char *dst, int dstlen)
175 {
176 char *p = dst;
177 char *end = dst+dstlen-1;
178 int i;
179
180 for (i = 0; i < len; i++) {
181 uint8_t t, c = avio_r8(pb);
182
183 if (p >= end)
184 continue;
185
186 if (c < 0x80)
187 *p++ = c;
188 else if (p < end)
189 PUT_UTF8(mac_to_unicode[c-0x80], t, if (p < end) *p++ = t;);
190 }
191 *p = 0;
192 return p - dst;
193 }
194
mov_read_covr(MOVContext * c,AVIOContext * pb,int type,int len)195 static int mov_read_covr(MOVContext *c, AVIOContext *pb, int type, int len)
196 {
197 AVStream *st;
198 MOVStreamContext *sc;
199 enum AVCodecID id;
200 int ret;
201
202 switch (type) {
203 case 0xd: id = AV_CODEC_ID_MJPEG; break;
204 case 0xe: id = AV_CODEC_ID_PNG; break;
205 case 0x1b: id = AV_CODEC_ID_BMP; break;
206 default:
207 av_log(c->fc, AV_LOG_WARNING, "Unknown cover type: 0x%x.\n", type);
208 avio_skip(pb, len);
209 return 0;
210 }
211
212 sc = av_mallocz(sizeof(*sc));
213 if (!sc)
214 return AVERROR(ENOMEM);
215 ret = ff_add_attached_pic(c->fc, NULL, pb, NULL, len);
216 if (ret < 0) {
217 av_free(sc);
218 return ret;
219 }
220 st = c->fc->streams[c->fc->nb_streams - 1];
221 st->priv_data = sc;
222
223 if (st->attached_pic.size >= 8 && id != AV_CODEC_ID_BMP) {
224 if (AV_RB64(st->attached_pic.data) == 0x89504e470d0a1a0a) {
225 id = AV_CODEC_ID_PNG;
226 } else {
227 id = AV_CODEC_ID_MJPEG;
228 }
229 }
230 st->codecpar->codec_id = id;
231
232 return 0;
233 }
234
235 // 3GPP TS 26.244
mov_metadata_loci(MOVContext * c,AVIOContext * pb,unsigned len)236 static int mov_metadata_loci(MOVContext *c, AVIOContext *pb, unsigned len)
237 {
238 char language[4] = { 0 };
239 char buf[200], place[100];
240 uint16_t langcode = 0;
241 double longitude, latitude, altitude;
242 const char *key = "location";
243
244 if (len < 4 + 2 + 1 + 1 + 4 + 4 + 4) {
245 av_log(c->fc, AV_LOG_ERROR, "loci too short\n");
246 return AVERROR_INVALIDDATA;
247 }
248
249 avio_skip(pb, 4); // version+flags
250 langcode = avio_rb16(pb);
251 ff_mov_lang_to_iso639(langcode, language);
252 len -= 6;
253
254 len -= avio_get_str(pb, len, place, sizeof(place));
255 if (len < 1) {
256 av_log(c->fc, AV_LOG_ERROR, "place name too long\n");
257 return AVERROR_INVALIDDATA;
258 }
259 avio_skip(pb, 1); // role
260 len -= 1;
261
262 if (len < 12) {
263 av_log(c->fc, AV_LOG_ERROR,
264 "loci too short (%u bytes left, need at least %d)\n", len, 12);
265 return AVERROR_INVALIDDATA;
266 }
267 longitude = ((int32_t) avio_rb32(pb)) / (float) (1 << 16);
268 latitude = ((int32_t) avio_rb32(pb)) / (float) (1 << 16);
269 altitude = ((int32_t) avio_rb32(pb)) / (float) (1 << 16);
270
271 // Try to output in the same format as the ?xyz field
272 snprintf(buf, sizeof(buf), "%+08.4f%+09.4f", latitude, longitude);
273 if (altitude)
274 av_strlcatf(buf, sizeof(buf), "%+f", altitude);
275 av_strlcatf(buf, sizeof(buf), "/%s", place);
276
277 if (*language && strcmp(language, "und")) {
278 char key2[16];
279 snprintf(key2, sizeof(key2), "%s-%s", key, language);
280 av_dict_set(&c->fc->metadata, key2, buf, 0);
281 }
282 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
283 return av_dict_set(&c->fc->metadata, key, buf, 0);
284 }
285
mov_metadata_hmmt(MOVContext * c,AVIOContext * pb,unsigned len)286 static int mov_metadata_hmmt(MOVContext *c, AVIOContext *pb, unsigned len)
287 {
288 int i, n_hmmt;
289
290 if (len < 2)
291 return 0;
292 if (c->ignore_chapters)
293 return 0;
294
295 n_hmmt = avio_rb32(pb);
296 if (n_hmmt > len / 4)
297 return AVERROR_INVALIDDATA;
298 for (i = 0; i < n_hmmt && !pb->eof_reached; i++) {
299 int moment_time = avio_rb32(pb);
300 avpriv_new_chapter(c->fc, i, av_make_q(1, 1000), moment_time, AV_NOPTS_VALUE, NULL);
301 }
302 if (avio_feof(pb))
303 return AVERROR_INVALIDDATA;
304 return 0;
305 }
306
mov_read_udta_string(MOVContext * c,AVIOContext * pb,MOVAtom atom)307 static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
308 {
309 char tmp_key[AV_FOURCC_MAX_STRING_SIZE] = {0};
310 char key2[32], language[4] = {0};
311 char *str = NULL;
312 const char *key = NULL;
313 uint16_t langcode = 0;
314 uint32_t data_type = 0, str_size, str_size_alloc;
315 int (*parse)(MOVContext*, AVIOContext*, unsigned, const char*) = NULL;
316 int raw = 0;
317 int num = 0;
318
319 switch (atom.type) {
320 case MKTAG( '@','P','R','M'): key = "premiere_version"; raw = 1; break;
321 case MKTAG( '@','P','R','Q'): key = "quicktime_version"; raw = 1; break;
322 case MKTAG( 'X','M','P','_'):
323 if (c->export_xmp) { key = "xmp"; raw = 1; } break;
324 case MKTAG( 'a','A','R','T'): key = "album_artist"; break;
325 case MKTAG( 'a','k','I','D'): key = "account_type";
326 parse = mov_metadata_int8_no_padding; break;
327 case MKTAG( 'a','p','I','D'): key = "account_id"; break;
328 case MKTAG( 'c','a','t','g'): key = "category"; break;
329 case MKTAG( 'c','p','i','l'): key = "compilation";
330 parse = mov_metadata_int8_no_padding; break;
331 case MKTAG( 'c','p','r','t'): key = "copyright"; break;
332 case MKTAG( 'd','e','s','c'): key = "description"; break;
333 case MKTAG( 'd','i','s','k'): key = "disc";
334 parse = mov_metadata_track_or_disc_number; break;
335 case MKTAG( 'e','g','i','d'): key = "episode_uid";
336 parse = mov_metadata_int8_no_padding; break;
337 case MKTAG( 'F','I','R','M'): key = "firmware"; raw = 1; break;
338 case MKTAG( 'g','n','r','e'): key = "genre";
339 parse = mov_metadata_gnre; break;
340 case MKTAG( 'h','d','v','d'): key = "hd_video";
341 parse = mov_metadata_int8_no_padding; break;
342 case MKTAG( 'H','M','M','T'):
343 return mov_metadata_hmmt(c, pb, atom.size);
344 case MKTAG( 'k','e','y','w'): key = "keywords"; break;
345 case MKTAG( 'l','d','e','s'): key = "synopsis"; break;
346 case MKTAG( 'l','o','c','i'):
347 return mov_metadata_loci(c, pb, atom.size);
348 case MKTAG( 'm','a','n','u'): key = "make"; break;
349 case MKTAG( 'm','o','d','l'): key = "model"; break;
350 case MKTAG( 'p','c','s','t'): key = "podcast";
351 parse = mov_metadata_int8_no_padding; break;
352 case MKTAG( 'p','g','a','p'): key = "gapless_playback";
353 parse = mov_metadata_int8_no_padding; break;
354 case MKTAG( 'p','u','r','d'): key = "purchase_date"; break;
355 case MKTAG( 'r','t','n','g'): key = "rating";
356 parse = mov_metadata_int8_no_padding; break;
357 case MKTAG( 's','o','a','a'): key = "sort_album_artist"; break;
358 case MKTAG( 's','o','a','l'): key = "sort_album"; break;
359 case MKTAG( 's','o','a','r'): key = "sort_artist"; break;
360 case MKTAG( 's','o','c','o'): key = "sort_composer"; break;
361 case MKTAG( 's','o','n','m'): key = "sort_name"; break;
362 case MKTAG( 's','o','s','n'): key = "sort_show"; break;
363 case MKTAG( 's','t','i','k'): key = "media_type";
364 parse = mov_metadata_int8_no_padding; break;
365 case MKTAG( 't','r','k','n'): key = "track";
366 parse = mov_metadata_track_or_disc_number; break;
367 case MKTAG( 't','v','e','n'): key = "episode_id"; break;
368 case MKTAG( 't','v','e','s'): key = "episode_sort";
369 parse = mov_metadata_int8_bypass_padding; break;
370 case MKTAG( 't','v','n','n'): key = "network"; break;
371 case MKTAG( 't','v','s','h'): key = "show"; break;
372 case MKTAG( 't','v','s','n'): key = "season_number";
373 parse = mov_metadata_int8_bypass_padding; break;
374 case MKTAG(0xa9,'A','R','T'): key = "artist"; break;
375 case MKTAG(0xa9,'P','R','D'): key = "producer"; break;
376 case MKTAG(0xa9,'a','l','b'): key = "album"; break;
377 case MKTAG(0xa9,'a','u','t'): key = "artist"; break;
378 case MKTAG(0xa9,'c','h','p'): key = "chapter"; break;
379 case MKTAG(0xa9,'c','m','t'): key = "comment"; break;
380 case MKTAG(0xa9,'c','o','m'): key = "composer"; break;
381 case MKTAG(0xa9,'c','p','y'): key = "copyright"; break;
382 case MKTAG(0xa9,'d','a','y'): key = "date"; break;
383 case MKTAG(0xa9,'d','i','r'): key = "director"; break;
384 case MKTAG(0xa9,'d','i','s'): key = "disclaimer"; break;
385 case MKTAG(0xa9,'e','d','1'): key = "edit_date"; break;
386 case MKTAG(0xa9,'e','n','c'): key = "encoder"; break;
387 case MKTAG(0xa9,'f','m','t'): key = "original_format"; break;
388 case MKTAG(0xa9,'g','e','n'): key = "genre"; break;
389 case MKTAG(0xa9,'g','r','p'): key = "grouping"; break;
390 case MKTAG(0xa9,'h','s','t'): key = "host_computer"; break;
391 case MKTAG(0xa9,'i','n','f'): key = "comment"; break;
392 case MKTAG(0xa9,'l','y','r'): key = "lyrics"; break;
393 case MKTAG(0xa9,'m','a','k'): key = "make"; break;
394 case MKTAG(0xa9,'m','o','d'): key = "model"; break;
395 case MKTAG(0xa9,'n','a','m'): key = "title"; break;
396 case MKTAG(0xa9,'o','p','e'): key = "original_artist"; break;
397 case MKTAG(0xa9,'p','r','d'): key = "producer"; break;
398 case MKTAG(0xa9,'p','r','f'): key = "performers"; break;
399 case MKTAG(0xa9,'r','e','q'): key = "playback_requirements"; break;
400 case MKTAG(0xa9,'s','r','c'): key = "original_source"; break;
401 case MKTAG(0xa9,'s','t','3'): key = "subtitle"; break;
402 case MKTAG(0xa9,'s','w','r'): key = "encoder"; break;
403 case MKTAG(0xa9,'t','o','o'): key = "encoder"; break;
404 case MKTAG(0xa9,'t','r','k'): key = "track"; break;
405 case MKTAG(0xa9,'u','r','l'): key = "URL"; break;
406 case MKTAG(0xa9,'w','r','n'): key = "warning"; break;
407 case MKTAG(0xa9,'w','r','t'): key = "composer"; break;
408 case MKTAG(0xa9,'x','y','z'): key = "location"; break;
409 }
410 retry:
411 if (c->itunes_metadata && atom.size > 8) {
412 int data_size = avio_rb32(pb);
413 int tag = avio_rl32(pb);
414 if (tag == MKTAG('d','a','t','a') && data_size <= atom.size && data_size >= 16) {
415 data_type = avio_rb32(pb); // type
416 avio_rb32(pb); // unknown
417 str_size = data_size - 16;
418 atom.size -= 16;
419
420 if (!key && c->found_hdlr_mdta && c->meta_keys) {
421 uint32_t index = av_bswap32(atom.type); // BE number has been read as LE
422 if (index < c->meta_keys_count && index > 0) {
423 key = c->meta_keys[index];
424 } else if (atom.type != MKTAG('c', 'o', 'v', 'r')) {
425 av_log(c->fc, AV_LOG_WARNING,
426 "The index of 'data' is out of range: %"PRId32" < 1 or >= %d.\n",
427 index, c->meta_keys_count);
428 }
429 }
430 if (atom.type == MKTAG('c', 'o', 'v', 'r') ||
431 (key && !strcmp(key, "com.apple.quicktime.artwork"))) {
432 int ret = mov_read_covr(c, pb, data_type, str_size);
433 if (ret < 0) {
434 av_log(c->fc, AV_LOG_ERROR, "Error parsing cover art.\n");
435 return ret;
436 }
437 atom.size -= str_size;
438 if (atom.size > 8)
439 goto retry;
440 return ret;
441 }
442 } else return 0;
443 } else if (atom.size > 4 && key && !c->itunes_metadata && !raw) {
444 str_size = avio_rb16(pb); // string length
445 if (str_size > atom.size) {
446 raw = 1;
447 avio_seek(pb, -2, SEEK_CUR);
448 av_log(c->fc, AV_LOG_WARNING, "UDTA parsing failed retrying raw\n");
449 goto retry;
450 }
451 langcode = avio_rb16(pb);
452 ff_mov_lang_to_iso639(langcode, language);
453 atom.size -= 4;
454 } else
455 str_size = atom.size;
456
457 if (c->export_all && !key) {
458 key = av_fourcc_make_string(tmp_key, atom.type);
459 }
460
461 if (!key)
462 return 0;
463 if (atom.size < 0 || str_size >= INT_MAX/2)
464 return AVERROR_INVALIDDATA;
465
466 // Allocates enough space if data_type is a int32 or float32 number, otherwise
467 // worst-case requirement for output string in case of utf8 coded input
468 #ifdef OHOS_MOOV_LEVEL_META
469 num = (data_type >= 21 && data_type <= 23) || (data_type == 67);
470 #else
471 num = (data_type >= 21 && data_type <= 23);
472 #endif
473 str_size_alloc = (num ? 512 : (raw ? str_size : str_size * 2)) + 1;
474 str = av_mallocz(str_size_alloc);
475 if (!str)
476 return AVERROR(ENOMEM);
477
478 if (parse)
479 parse(c, pb, str_size, key);
480 else {
481 if (!raw && (data_type == 3 || (data_type == 0 && (langcode < 0x400 || langcode == 0x7fff)))) { // MAC Encoded
482 mov_read_mac_string(c, pb, str_size, str, str_size_alloc);
483 #ifdef OHOS_MOOV_LEVEL_META
484 } else if (data_type == 21 || data_type == 67) { // BE signed integer, variable size
485 #else
486 } else if (data_type == 21) { // BE signed integer, variable size
487 #endif
488 int val = 0;
489 if (str_size == 1)
490 val = (int8_t)avio_r8(pb);
491 else if (str_size == 2)
492 val = (int16_t)avio_rb16(pb);
493 else if (str_size == 3)
494 val = ((int32_t)(avio_rb24(pb)<<8))>>8;
495 else if (str_size == 4)
496 val = (int32_t)avio_rb32(pb);
497 if (snprintf(str, str_size_alloc, "%d", val) >= str_size_alloc) {
498 av_log(c->fc, AV_LOG_ERROR,
499 "Failed to store the number (%d) in string.\n", val);
500 av_free(str);
501 return AVERROR_INVALIDDATA;
502 }
503 } else if (data_type == 22) { // BE unsigned integer, variable size
504 unsigned int val = 0;
505 if (str_size == 1)
506 val = avio_r8(pb);
507 else if (str_size == 2)
508 val = avio_rb16(pb);
509 else if (str_size == 3)
510 val = avio_rb24(pb);
511 else if (str_size == 4)
512 val = avio_rb32(pb);
513 if (snprintf(str, str_size_alloc, "%u", val) >= str_size_alloc) {
514 av_log(c->fc, AV_LOG_ERROR,
515 "Failed to store the number (%u) in string.\n", val);
516 av_free(str);
517 return AVERROR_INVALIDDATA;
518 }
519 } else if (data_type == 23 && str_size >= 4) { // BE float32
520 float val = av_int2float(avio_rb32(pb));
521 if (snprintf(str, str_size_alloc, "%f", val) >= str_size_alloc) {
522 av_log(c->fc, AV_LOG_ERROR,
523 "Failed to store the float32 number (%f) in string.\n", val);
524 av_free(str);
525 return AVERROR_INVALIDDATA;
526 }
527 } else if (data_type > 1 && data_type != 4) {
528 // data_type can be 0 if not set at all above. data_type 1 means
529 // UTF8 and 4 means "UTF8 sort". For any other type (UTF16 or e.g.
530 // a picture), don't return it blindly in a string that is supposed
531 // to be UTF8 text.
532 av_log(c->fc, AV_LOG_WARNING, "Skipping unhandled metadata %s of type %d\n", key, data_type);
533 av_free(str);
534 return 0;
535 } else {
536 int ret = ffio_read_size(pb, str, str_size);
537 if (ret < 0) {
538 av_free(str);
539 return ret;
540 }
541 str[str_size] = 0;
542 }
543 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
544 #ifdef OHOS_MOOV_LEVEL_META
545 if (!strncmp(key, "moov_level_meta_key_", 20)) {
546 char* typeStr;
547 switch(data_type) {
548 case 1:
549 typeStr = av_asprintf("%s%s", "00000001", str); // string
550 break;
551 case 21:
552 typeStr = av_asprintf("%s%s", "00000015", str); // int
553 break;
554 case 23:
555 typeStr = av_asprintf("%s%s", "00000017", str); // float
556 break;
557 case 67:
558 typeStr = av_asprintf("%s%s", "00000043", str); // int
559 break;
560 default:
561 typeStr = av_asprintf("%s%s", "0000004d", str); // unknow
562 break;
563 }
564 if (!typeStr) {
565 av_dict_set(&c->fc->metadata, key, str, 0);
566 } else {
567 av_dict_set(&c->fc->metadata, key, typeStr, 0);
568 av_freep(&typeStr);
569 }
570 } else {
571 av_dict_set(&c->fc->metadata, key, str, 0);
572 }
573 #else
574 av_dict_set(&c->fc->metadata, key, str, 0);
575 #endif
576 if (*language && strcmp(language, "und")) {
577 snprintf(key2, sizeof(key2), "%s-%s", key, language);
578 av_dict_set(&c->fc->metadata, key2, str, 0);
579 }
580 if (!strcmp(key, "encoder")) {
581 int major, minor, micro;
582 if (sscanf(str, "HandBrake %d.%d.%d", &major, &minor, µ) == 3) {
583 c->handbrake_version = 1000000*major + 1000*minor + micro;
584 }
585 }
586 }
587
588 av_freep(&str);
589 return 0;
590 }
591
mov_read_chpl(MOVContext * c,AVIOContext * pb,MOVAtom atom)592 static int mov_read_chpl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
593 {
594 int64_t start;
595 int i, nb_chapters, str_len, version;
596 char str[256+1];
597 int ret;
598
599 if (c->ignore_chapters)
600 return 0;
601
602 if ((atom.size -= 5) < 0)
603 return 0;
604
605 version = avio_r8(pb);
606 avio_rb24(pb);
607 if (version)
608 avio_rb32(pb); // ???
609 nb_chapters = avio_r8(pb);
610
611 for (i = 0; i < nb_chapters; i++) {
612 if (atom.size < 9)
613 return 0;
614
615 start = avio_rb64(pb);
616 str_len = avio_r8(pb);
617
618 if ((atom.size -= 9+str_len) < 0)
619 return 0;
620
621 ret = ffio_read_size(pb, str, str_len);
622 if (ret < 0)
623 return ret;
624 str[str_len] = 0;
625 avpriv_new_chapter(c->fc, i, (AVRational){1,10000000}, start, AV_NOPTS_VALUE, str);
626 }
627 return 0;
628 }
629
630 #define MIN_DATA_ENTRY_BOX_SIZE 12
mov_read_dref(MOVContext * c,AVIOContext * pb,MOVAtom atom)631 static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
632 {
633 AVStream *st;
634 MOVStreamContext *sc;
635 int entries, i, j;
636
637 if (c->fc->nb_streams < 1)
638 return 0;
639 st = c->fc->streams[c->fc->nb_streams-1];
640 sc = st->priv_data;
641
642 avio_rb32(pb); // version + flags
643 entries = avio_rb32(pb);
644 if (!entries ||
645 entries > (atom.size - 1) / MIN_DATA_ENTRY_BOX_SIZE + 1 ||
646 entries >= UINT_MAX / sizeof(*sc->drefs))
647 return AVERROR_INVALIDDATA;
648
649 for (i = 0; i < sc->drefs_count; i++) {
650 MOVDref *dref = &sc->drefs[i];
651 av_freep(&dref->path);
652 av_freep(&dref->dir);
653 }
654 av_free(sc->drefs);
655 sc->drefs_count = 0;
656 sc->drefs = av_mallocz(entries * sizeof(*sc->drefs));
657 if (!sc->drefs)
658 return AVERROR(ENOMEM);
659 sc->drefs_count = entries;
660
661 for (i = 0; i < entries; i++) {
662 MOVDref *dref = &sc->drefs[i];
663 uint32_t size = avio_rb32(pb);
664 int64_t next = avio_tell(pb);
665
666 if (size < 12 || next < 0 || next > INT64_MAX - size)
667 return AVERROR_INVALIDDATA;
668
669 next += size - 4;
670
671 dref->type = avio_rl32(pb);
672 avio_rb32(pb); // version + flags
673
674 if (dref->type == MKTAG('a','l','i','s') && size > 150) {
675 /* macintosh alias record */
676 uint16_t volume_len, len;
677 int16_t type;
678 int ret;
679
680 avio_skip(pb, 10);
681
682 volume_len = avio_r8(pb);
683 volume_len = FFMIN(volume_len, 27);
684 ret = ffio_read_size(pb, dref->volume, 27);
685 if (ret < 0)
686 return ret;
687 dref->volume[volume_len] = 0;
688 av_log(c->fc, AV_LOG_DEBUG, "volume %s, len %d\n", dref->volume, volume_len);
689
690 avio_skip(pb, 12);
691
692 len = avio_r8(pb);
693 len = FFMIN(len, 63);
694 ret = ffio_read_size(pb, dref->filename, 63);
695 if (ret < 0)
696 return ret;
697 dref->filename[len] = 0;
698 av_log(c->fc, AV_LOG_DEBUG, "filename %s, len %d\n", dref->filename, len);
699
700 avio_skip(pb, 16);
701
702 /* read next level up_from_alias/down_to_target */
703 dref->nlvl_from = avio_rb16(pb);
704 dref->nlvl_to = avio_rb16(pb);
705 av_log(c->fc, AV_LOG_DEBUG, "nlvl from %d, nlvl to %d\n",
706 dref->nlvl_from, dref->nlvl_to);
707
708 avio_skip(pb, 16);
709
710 for (type = 0; type != -1 && avio_tell(pb) < next; ) {
711 if (avio_feof(pb))
712 return AVERROR_EOF;
713 type = avio_rb16(pb);
714 len = avio_rb16(pb);
715 av_log(c->fc, AV_LOG_DEBUG, "type %d, len %d\n", type, len);
716 if (len&1)
717 len += 1;
718 if (type == 2) { // absolute path
719 av_free(dref->path);
720 dref->path = av_mallocz(len+1);
721 if (!dref->path)
722 return AVERROR(ENOMEM);
723
724 ret = ffio_read_size(pb, dref->path, len);
725 if (ret < 0) {
726 av_freep(&dref->path);
727 return ret;
728 }
729 if (len > volume_len && !strncmp(dref->path, dref->volume, volume_len)) {
730 len -= volume_len;
731 memmove(dref->path, dref->path+volume_len, len);
732 dref->path[len] = 0;
733 }
734 // trim string of any ending zeros
735 for (j = len - 1; j >= 0; j--) {
736 if (dref->path[j] == 0)
737 len--;
738 else
739 break;
740 }
741 for (j = 0; j < len; j++)
742 if (dref->path[j] == ':' || dref->path[j] == 0)
743 dref->path[j] = '/';
744 av_log(c->fc, AV_LOG_DEBUG, "path %s\n", dref->path);
745 } else if (type == 0) { // directory name
746 av_free(dref->dir);
747 dref->dir = av_malloc(len+1);
748 if (!dref->dir)
749 return AVERROR(ENOMEM);
750
751 ret = ffio_read_size(pb, dref->dir, len);
752 if (ret < 0) {
753 av_freep(&dref->dir);
754 return ret;
755 }
756 dref->dir[len] = 0;
757 for (j = 0; j < len; j++)
758 if (dref->dir[j] == ':')
759 dref->dir[j] = '/';
760 av_log(c->fc, AV_LOG_DEBUG, "dir %s\n", dref->dir);
761 } else
762 avio_skip(pb, len);
763 }
764 } else {
765 av_log(c->fc, AV_LOG_DEBUG, "Unknown dref type 0x%08"PRIx32" size %"PRIu32"\n",
766 dref->type, size);
767 entries--;
768 i--;
769 }
770 avio_seek(pb, next, SEEK_SET);
771 }
772 return 0;
773 }
774
mov_read_hdlr(MOVContext * c,AVIOContext * pb,MOVAtom atom)775 static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
776 {
777 AVStream *st;
778 uint32_t type;
779 uint32_t ctype;
780 int64_t title_size;
781 char *title_str;
782 int ret;
783
784 avio_r8(pb); /* version */
785 avio_rb24(pb); /* flags */
786
787 /* component type */
788 ctype = avio_rl32(pb);
789 type = avio_rl32(pb); /* component subtype */
790
791 av_log(c->fc, AV_LOG_TRACE, "ctype=%s\n", av_fourcc2str(ctype));
792 av_log(c->fc, AV_LOG_TRACE, "stype=%s\n", av_fourcc2str(type));
793
794 if (c->trak_index < 0) { // meta not inside a trak
795 if (type == MKTAG('m','d','t','a')) {
796 c->found_hdlr_mdta = 1;
797 }
798 return 0;
799 }
800
801 st = c->fc->streams[c->fc->nb_streams-1];
802
803 if (type == MKTAG('v','i','d','e'))
804 st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO;
805 else if (type == MKTAG('s','o','u','n'))
806 st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
807 else if (type == MKTAG('m','1','a',' '))
808 st->codecpar->codec_id = AV_CODEC_ID_MP2;
809 #ifdef OHOS_SUBTITLE_DEMUXER
810 else if ((type == MKTAG('s','u','b','p')) || (type == MKTAG('c','l','c','p')) || (type == MKTAG('t','e','x','t')))
811 #else
812 else if ((type == MKTAG('s','u','b','p')) || (type == MKTAG('c','l','c','p')))
813 #endif
814 st->codecpar->codec_type = AVMEDIA_TYPE_SUBTITLE;
815 avio_rb32(pb); /* component manufacture */
816 avio_rb32(pb); /* component flags */
817 avio_rb32(pb); /* component flags mask */
818
819 title_size = atom.size - 24;
820 if (title_size > 0) {
821 if (title_size > FFMIN(INT_MAX, SIZE_MAX-1))
822 return AVERROR_INVALIDDATA;
823 title_str = av_malloc(title_size + 1); /* Add null terminator */
824 if (!title_str)
825 return AVERROR(ENOMEM);
826
827 ret = ffio_read_size(pb, title_str, title_size);
828 if (ret < 0) {
829 av_freep(&title_str);
830 return ret;
831 }
832 title_str[title_size] = 0;
833 if (title_str[0]) {
834 int off = (!c->isom && title_str[0] == title_size - 1);
835 // flag added so as to not set stream handler name if already set from mdia->hdlr
836 av_dict_set(&st->metadata, "handler_name", title_str + off, AV_DICT_DONT_OVERWRITE);
837 #ifdef OHOS_TIMED_META_TRACK
838 if (!strncmp(title_str + off, "timed_metadata", 14) && type == MKTAG('m', 'e', 't' ,'a')) {
839 st->codecpar->codec_type = AVMEDIA_TYPE_TIMEDMETA;
840 }
841 #endif
842 }
843 av_freep(&title_str);
844 }
845
846 return 0;
847 }
848
mov_read_esds(MOVContext * c,AVIOContext * pb,MOVAtom atom)849 static int mov_read_esds(MOVContext *c, AVIOContext *pb, MOVAtom atom)
850 {
851 return ff_mov_read_esds(c->fc, pb);
852 }
853
mov_read_dac3(MOVContext * c,AVIOContext * pb,MOVAtom atom)854 static int mov_read_dac3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
855 {
856 AVStream *st;
857 enum AVAudioServiceType *ast;
858 int ac3info, acmod, lfeon, bsmod;
859 uint64_t mask;
860
861 if (c->fc->nb_streams < 1)
862 return 0;
863 st = c->fc->streams[c->fc->nb_streams-1];
864
865 ast = (enum AVAudioServiceType*)av_stream_new_side_data(st, AV_PKT_DATA_AUDIO_SERVICE_TYPE,
866 sizeof(*ast));
867 if (!ast)
868 return AVERROR(ENOMEM);
869
870 ac3info = avio_rb24(pb);
871 bsmod = (ac3info >> 14) & 0x7;
872 acmod = (ac3info >> 11) & 0x7;
873 lfeon = (ac3info >> 10) & 0x1;
874
875 mask = ff_ac3_channel_layout_tab[acmod];
876 if (lfeon)
877 mask |= AV_CH_LOW_FREQUENCY;
878 av_channel_layout_uninit(&st->codecpar->ch_layout);
879 av_channel_layout_from_mask(&st->codecpar->ch_layout, mask);
880
881 *ast = bsmod;
882 if (st->codecpar->ch_layout.nb_channels > 1 && bsmod == 0x7)
883 *ast = AV_AUDIO_SERVICE_TYPE_KARAOKE;
884
885 return 0;
886 }
887
mov_read_dec3(MOVContext * c,AVIOContext * pb,MOVAtom atom)888 static int mov_read_dec3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
889 {
890 AVStream *st;
891 enum AVAudioServiceType *ast;
892 int eac3info, acmod, lfeon, bsmod;
893 uint64_t mask;
894
895 if (c->fc->nb_streams < 1)
896 return 0;
897 st = c->fc->streams[c->fc->nb_streams-1];
898
899 ast = (enum AVAudioServiceType*)av_stream_new_side_data(st, AV_PKT_DATA_AUDIO_SERVICE_TYPE,
900 sizeof(*ast));
901 if (!ast)
902 return AVERROR(ENOMEM);
903
904 /* No need to parse fields for additional independent substreams and its
905 * associated dependent substreams since libavcodec's E-AC-3 decoder
906 * does not support them yet. */
907 avio_rb16(pb); /* data_rate and num_ind_sub */
908 eac3info = avio_rb24(pb);
909 bsmod = (eac3info >> 12) & 0x1f;
910 acmod = (eac3info >> 9) & 0x7;
911 lfeon = (eac3info >> 8) & 0x1;
912
913 mask = ff_ac3_channel_layout_tab[acmod];
914 if (lfeon)
915 mask |= AV_CH_LOW_FREQUENCY;
916 av_channel_layout_uninit(&st->codecpar->ch_layout);
917 av_channel_layout_from_mask(&st->codecpar->ch_layout, mask);
918
919 *ast = bsmod;
920 if (st->codecpar->ch_layout.nb_channels > 1 && bsmod == 0x7)
921 *ast = AV_AUDIO_SERVICE_TYPE_KARAOKE;
922
923 return 0;
924 }
925
mov_read_ddts(MOVContext * c,AVIOContext * pb,MOVAtom atom)926 static int mov_read_ddts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
927 {
928 #define DDTS_SIZE 20
929 uint8_t buf[DDTS_SIZE + AV_INPUT_BUFFER_PADDING_SIZE];
930 AVStream *st = NULL;
931 uint32_t frame_duration_code = 0;
932 uint32_t channel_layout_code = 0;
933 GetBitContext gb;
934 int ret;
935
936 if ((ret = ffio_read_size(pb, buf, DDTS_SIZE)) < 0)
937 return ret;
938
939 init_get_bits(&gb, buf, 8 * DDTS_SIZE);
940
941 if (c->fc->nb_streams < 1) {
942 return 0;
943 }
944 st = c->fc->streams[c->fc->nb_streams-1];
945
946 st->codecpar->sample_rate = get_bits_long(&gb, 32);
947 if (st->codecpar->sample_rate <= 0) {
948 av_log(c->fc, AV_LOG_ERROR, "Invalid sample rate %d\n", st->codecpar->sample_rate);
949 return AVERROR_INVALIDDATA;
950 }
951 skip_bits_long(&gb, 32); /* max bitrate */
952 st->codecpar->bit_rate = get_bits_long(&gb, 32);
953 st->codecpar->bits_per_coded_sample = get_bits(&gb, 8);
954 frame_duration_code = get_bits(&gb, 2);
955 skip_bits(&gb, 30); /* various fields */
956 channel_layout_code = get_bits(&gb, 16);
957
958 st->codecpar->frame_size =
959 (frame_duration_code == 0) ? 512 :
960 (frame_duration_code == 1) ? 1024 :
961 (frame_duration_code == 2) ? 2048 :
962 (frame_duration_code == 3) ? 4096 : 0;
963
964 if (channel_layout_code > 0xff) {
965 av_log(c->fc, AV_LOG_WARNING, "Unsupported DTS audio channel layout\n");
966 }
967 av_channel_layout_uninit(&st->codecpar->ch_layout);
968 av_channel_layout_from_mask(&st->codecpar->ch_layout,
969 ((channel_layout_code & 0x1) ? AV_CH_FRONT_CENTER : 0) |
970 ((channel_layout_code & 0x2) ? AV_CH_FRONT_LEFT : 0) |
971 ((channel_layout_code & 0x2) ? AV_CH_FRONT_RIGHT : 0) |
972 ((channel_layout_code & 0x4) ? AV_CH_SIDE_LEFT : 0) |
973 ((channel_layout_code & 0x4) ? AV_CH_SIDE_RIGHT : 0) |
974 ((channel_layout_code & 0x8) ? AV_CH_LOW_FREQUENCY : 0));
975
976 return 0;
977 }
978
mov_read_chan(MOVContext * c,AVIOContext * pb,MOVAtom atom)979 static int mov_read_chan(MOVContext *c, AVIOContext *pb, MOVAtom atom)
980 {
981 AVStream *st;
982
983 if (c->fc->nb_streams < 1)
984 return 0;
985 st = c->fc->streams[c->fc->nb_streams-1];
986
987 if (atom.size < 16)
988 return 0;
989
990 /* skip version and flags */
991 avio_skip(pb, 4);
992
993 ff_mov_read_chan(c->fc, pb, st, atom.size - 4);
994
995 return 0;
996 }
997
mov_read_wfex(MOVContext * c,AVIOContext * pb,MOVAtom atom)998 static int mov_read_wfex(MOVContext *c, AVIOContext *pb, MOVAtom atom)
999 {
1000 AVStream *st;
1001 int ret;
1002
1003 if (c->fc->nb_streams < 1)
1004 return 0;
1005 st = c->fc->streams[c->fc->nb_streams-1];
1006
1007 if ((ret = ff_get_wav_header(c->fc, pb, st->codecpar, atom.size, 0)) < 0)
1008 av_log(c->fc, AV_LOG_WARNING, "get_wav_header failed\n");
1009
1010 return ret;
1011 }
1012
1013 /* This atom overrides any previously set aspect ratio */
mov_read_pasp(MOVContext * c,AVIOContext * pb,MOVAtom atom)1014 static int mov_read_pasp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1015 {
1016 const int num = avio_rb32(pb);
1017 const int den = avio_rb32(pb);
1018 AVStream *st;
1019
1020 if (c->fc->nb_streams < 1)
1021 return 0;
1022 st = c->fc->streams[c->fc->nb_streams-1];
1023
1024 if (den != 0) {
1025 av_reduce(&st->sample_aspect_ratio.num, &st->sample_aspect_ratio.den,
1026 num, den, 32767);
1027 }
1028 return 0;
1029 }
1030
1031 /* this atom contains actual media data */
mov_read_mdat(MOVContext * c,AVIOContext * pb,MOVAtom atom)1032 static int mov_read_mdat(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1033 {
1034 if (atom.size == 0) /* wrong one (MP4) */
1035 return 0;
1036 c->found_mdat=1;
1037 return 0; /* now go for moov */
1038 }
1039
1040 #define DRM_BLOB_SIZE 56
1041
mov_read_adrm(MOVContext * c,AVIOContext * pb,MOVAtom atom)1042 static int mov_read_adrm(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1043 {
1044 uint8_t intermediate_key[20];
1045 uint8_t intermediate_iv[20];
1046 uint8_t input[64];
1047 uint8_t output[64];
1048 uint8_t file_checksum[20];
1049 uint8_t calculated_checksum[20];
1050 char checksum_string[2 * sizeof(file_checksum) + 1];
1051 struct AVSHA *sha;
1052 int i;
1053 int ret = 0;
1054 uint8_t *activation_bytes = c->activation_bytes;
1055 uint8_t *fixed_key = c->audible_fixed_key;
1056
1057 c->aax_mode = 1;
1058
1059 sha = av_sha_alloc();
1060 if (!sha)
1061 return AVERROR(ENOMEM);
1062 av_free(c->aes_decrypt);
1063 c->aes_decrypt = av_aes_alloc();
1064 if (!c->aes_decrypt) {
1065 ret = AVERROR(ENOMEM);
1066 goto fail;
1067 }
1068
1069 /* drm blob processing */
1070 avio_read(pb, output, 8); // go to offset 8, absolute position 0x251
1071 avio_read(pb, input, DRM_BLOB_SIZE);
1072 avio_read(pb, output, 4); // go to offset 4, absolute position 0x28d
1073 avio_read(pb, file_checksum, 20);
1074
1075 // required by external tools
1076 ff_data_to_hex(checksum_string, file_checksum, sizeof(file_checksum), 1);
1077 av_log(c->fc, AV_LOG_INFO, "[aax] file checksum == %s\n", checksum_string);
1078
1079 /* verify activation data */
1080 if (!activation_bytes) {
1081 av_log(c->fc, AV_LOG_WARNING, "[aax] activation_bytes option is missing!\n");
1082 ret = 0; /* allow ffprobe to continue working on .aax files */
1083 goto fail;
1084 }
1085 if (c->activation_bytes_size != 4) {
1086 av_log(c->fc, AV_LOG_FATAL, "[aax] activation_bytes value needs to be 4 bytes!\n");
1087 ret = AVERROR(EINVAL);
1088 goto fail;
1089 }
1090
1091 /* verify fixed key */
1092 if (c->audible_fixed_key_size != 16) {
1093 av_log(c->fc, AV_LOG_FATAL, "[aax] audible_fixed_key value needs to be 16 bytes!\n");
1094 ret = AVERROR(EINVAL);
1095 goto fail;
1096 }
1097
1098 /* AAX (and AAX+) key derivation */
1099 av_sha_init(sha, 160);
1100 av_sha_update(sha, fixed_key, 16);
1101 av_sha_update(sha, activation_bytes, 4);
1102 av_sha_final(sha, intermediate_key);
1103 av_sha_init(sha, 160);
1104 av_sha_update(sha, fixed_key, 16);
1105 av_sha_update(sha, intermediate_key, 20);
1106 av_sha_update(sha, activation_bytes, 4);
1107 av_sha_final(sha, intermediate_iv);
1108 av_sha_init(sha, 160);
1109 av_sha_update(sha, intermediate_key, 16);
1110 av_sha_update(sha, intermediate_iv, 16);
1111 av_sha_final(sha, calculated_checksum);
1112 if (memcmp(calculated_checksum, file_checksum, 20)) { // critical error
1113 av_log(c->fc, AV_LOG_ERROR, "[aax] mismatch in checksums!\n");
1114 ret = AVERROR_INVALIDDATA;
1115 goto fail;
1116 }
1117 av_aes_init(c->aes_decrypt, intermediate_key, 128, 1);
1118 av_aes_crypt(c->aes_decrypt, output, input, DRM_BLOB_SIZE >> 4, intermediate_iv, 1);
1119 for (i = 0; i < 4; i++) {
1120 // file data (in output) is stored in big-endian mode
1121 if (activation_bytes[i] != output[3 - i]) { // critical error
1122 av_log(c->fc, AV_LOG_ERROR, "[aax] error in drm blob decryption!\n");
1123 ret = AVERROR_INVALIDDATA;
1124 goto fail;
1125 }
1126 }
1127 memcpy(c->file_key, output + 8, 16);
1128 memcpy(input, output + 26, 16);
1129 av_sha_init(sha, 160);
1130 av_sha_update(sha, input, 16);
1131 av_sha_update(sha, c->file_key, 16);
1132 av_sha_update(sha, fixed_key, 16);
1133 av_sha_final(sha, c->file_iv);
1134
1135 fail:
1136 av_free(sha);
1137
1138 return ret;
1139 }
1140
mov_aaxc_crypto(MOVContext * c)1141 static int mov_aaxc_crypto(MOVContext *c)
1142 {
1143 if (c->audible_key_size != 16) {
1144 av_log(c->fc, AV_LOG_FATAL, "[aaxc] audible_key value needs to be 16 bytes!\n");
1145 return AVERROR(EINVAL);
1146 }
1147
1148 if (c->audible_iv_size != 16) {
1149 av_log(c->fc, AV_LOG_FATAL, "[aaxc] audible_iv value needs to be 16 bytes!\n");
1150 return AVERROR(EINVAL);
1151 }
1152
1153 c->aes_decrypt = av_aes_alloc();
1154 if (!c->aes_decrypt) {
1155 return AVERROR(ENOMEM);
1156 }
1157
1158 memcpy(c->file_key, c->audible_key, 16);
1159 memcpy(c->file_iv, c->audible_iv, 16);
1160 c->aax_mode = 1;
1161
1162 return 0;
1163 }
1164
1165 // Audible AAX (and AAX+) bytestream decryption
aax_filter(uint8_t * input,int size,MOVContext * c)1166 static int aax_filter(uint8_t *input, int size, MOVContext *c)
1167 {
1168 int blocks = 0;
1169 unsigned char iv[16];
1170
1171 memcpy(iv, c->file_iv, 16); // iv is overwritten
1172 blocks = size >> 4; // trailing bytes are not encrypted!
1173 av_aes_init(c->aes_decrypt, c->file_key, 128, 1);
1174 av_aes_crypt(c->aes_decrypt, input, input, blocks, iv, 1);
1175
1176 return 0;
1177 }
1178
1179 /* read major brand, minor version and compatible brands and store them as metadata */
mov_read_ftyp(MOVContext * c,AVIOContext * pb,MOVAtom atom)1180 static int mov_read_ftyp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1181 {
1182 uint32_t minor_ver;
1183 int comp_brand_size;
1184 char* comp_brands_str;
1185 uint8_t type[5] = {0};
1186 int ret = ffio_read_size(pb, type, 4);
1187 if (ret < 0)
1188 return ret;
1189 if (c->fc->nb_streams)
1190 return AVERROR_INVALIDDATA;
1191
1192 if (strcmp(type, "qt "))
1193 c->isom = 1;
1194 av_log(c->fc, AV_LOG_DEBUG, "ISO: File Type Major Brand: %.4s\n",(char *)&type);
1195 av_dict_set(&c->fc->metadata, "major_brand", type, 0);
1196 c->is_still_picture_avif = !strncmp(type, "avif", 4);
1197 minor_ver = avio_rb32(pb); /* minor version */
1198 av_dict_set_int(&c->fc->metadata, "minor_version", minor_ver, 0);
1199
1200 comp_brand_size = atom.size - 8;
1201 if (comp_brand_size < 0 || comp_brand_size == INT_MAX)
1202 return AVERROR_INVALIDDATA;
1203 comp_brands_str = av_malloc(comp_brand_size + 1); /* Add null terminator */
1204 if (!comp_brands_str)
1205 return AVERROR(ENOMEM);
1206
1207 ret = ffio_read_size(pb, comp_brands_str, comp_brand_size);
1208 if (ret < 0) {
1209 av_freep(&comp_brands_str);
1210 return ret;
1211 }
1212 comp_brands_str[comp_brand_size] = 0;
1213 av_dict_set(&c->fc->metadata, "compatible_brands",
1214 comp_brands_str, AV_DICT_DONT_STRDUP_VAL);
1215
1216 // Logic for handling Audible's .aaxc files
1217 if (!strcmp(type, "aaxc")) {
1218 mov_aaxc_crypto(c);
1219 }
1220
1221 return 0;
1222 }
1223
1224 /* this atom should contain all header atoms */
mov_read_moov(MOVContext * c,AVIOContext * pb,MOVAtom atom)1225 static int mov_read_moov(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1226 {
1227 int ret;
1228
1229 if (c->found_moov) {
1230 av_log(c->fc, AV_LOG_WARNING, "Found duplicated MOOV Atom. Skipped it\n");
1231 avio_skip(pb, atom.size);
1232 return 0;
1233 }
1234
1235 if ((ret = mov_read_default(c, pb, atom)) < 0)
1236 return ret;
1237 /* we parsed the 'moov' atom, we can terminate the parsing as soon as we find the 'mdat' */
1238 /* so we don't parse the whole file if over a network */
1239 c->found_moov=1;
1240 return 0; /* now go for mdat */
1241 }
1242
get_frag_stream_info(MOVFragmentIndex * frag_index,int index,int id)1243 static MOVFragmentStreamInfo * get_frag_stream_info(
1244 MOVFragmentIndex *frag_index,
1245 int index,
1246 int id)
1247 {
1248 int i;
1249 MOVFragmentIndexItem * item;
1250
1251 if (index < 0 || index >= frag_index->nb_items)
1252 return NULL;
1253 item = &frag_index->item[index];
1254 for (i = 0; i < item->nb_stream_info; i++)
1255 if (item->stream_info[i].id == id)
1256 return &item->stream_info[i];
1257
1258 // This shouldn't happen
1259 return NULL;
1260 }
1261
set_frag_stream(MOVFragmentIndex * frag_index,int id)1262 static void set_frag_stream(MOVFragmentIndex *frag_index, int id)
1263 {
1264 int i;
1265 MOVFragmentIndexItem * item;
1266
1267 if (frag_index->current < 0 ||
1268 frag_index->current >= frag_index->nb_items)
1269 return;
1270
1271 item = &frag_index->item[frag_index->current];
1272 for (i = 0; i < item->nb_stream_info; i++)
1273 if (item->stream_info[i].id == id) {
1274 item->current = i;
1275 return;
1276 }
1277
1278 // id not found. This shouldn't happen.
1279 item->current = -1;
1280 }
1281
get_current_frag_stream_info(MOVFragmentIndex * frag_index)1282 static MOVFragmentStreamInfo * get_current_frag_stream_info(
1283 MOVFragmentIndex *frag_index)
1284 {
1285 MOVFragmentIndexItem *item;
1286 if (frag_index->current < 0 ||
1287 frag_index->current >= frag_index->nb_items)
1288 return NULL;
1289
1290 item = &frag_index->item[frag_index->current];
1291 if (item->current >= 0 && item->current < item->nb_stream_info)
1292 return &item->stream_info[item->current];
1293
1294 // This shouldn't happen
1295 return NULL;
1296 }
1297
search_frag_moof_offset(MOVFragmentIndex * frag_index,int64_t offset)1298 static int search_frag_moof_offset(MOVFragmentIndex *frag_index, int64_t offset)
1299 {
1300 int a, b, m;
1301 int64_t moof_offset;
1302
1303 // Optimize for appending new entries
1304 if (!frag_index->nb_items ||
1305 frag_index->item[frag_index->nb_items - 1].moof_offset < offset)
1306 return frag_index->nb_items;
1307
1308 a = -1;
1309 b = frag_index->nb_items;
1310
1311 while (b - a > 1) {
1312 m = (a + b) >> 1;
1313 moof_offset = frag_index->item[m].moof_offset;
1314 if (moof_offset >= offset)
1315 b = m;
1316 if (moof_offset <= offset)
1317 a = m;
1318 }
1319 return b;
1320 }
1321
get_stream_info_time(MOVFragmentStreamInfo * frag_stream_info)1322 static int64_t get_stream_info_time(MOVFragmentStreamInfo * frag_stream_info)
1323 {
1324 av_assert0(frag_stream_info);
1325 if (frag_stream_info->sidx_pts != AV_NOPTS_VALUE)
1326 return frag_stream_info->sidx_pts;
1327 if (frag_stream_info->first_tfra_pts != AV_NOPTS_VALUE)
1328 return frag_stream_info->first_tfra_pts;
1329 return frag_stream_info->tfdt_dts;
1330 }
1331
get_frag_time(MOVFragmentIndex * frag_index,int index,int track_id)1332 static int64_t get_frag_time(MOVFragmentIndex *frag_index,
1333 int index, int track_id)
1334 {
1335 MOVFragmentStreamInfo * frag_stream_info;
1336 int64_t timestamp;
1337 int i;
1338
1339 if (track_id >= 0) {
1340 frag_stream_info = get_frag_stream_info(frag_index, index, track_id);
1341 if (frag_stream_info->sidx_pts != AV_NOPTS_VALUE)
1342 return frag_stream_info->sidx_pts;
1343 if (frag_stream_info->first_tfra_pts != AV_NOPTS_VALUE)
1344 return frag_stream_info->first_tfra_pts;
1345 return frag_stream_info->sidx_pts;
1346 }
1347
1348 for (i = 0; i < frag_index->item[index].nb_stream_info; i++) {
1349 frag_stream_info = &frag_index->item[index].stream_info[i];
1350 timestamp = get_stream_info_time(frag_stream_info);
1351 if (timestamp != AV_NOPTS_VALUE)
1352 return timestamp;
1353 }
1354 return AV_NOPTS_VALUE;
1355 }
1356
search_frag_timestamp(MOVFragmentIndex * frag_index,AVStream * st,int64_t timestamp)1357 static int search_frag_timestamp(MOVFragmentIndex *frag_index,
1358 AVStream *st, int64_t timestamp)
1359 {
1360 int a, b, m, m0;
1361 int64_t frag_time;
1362 int id = -1;
1363
1364 if (st) {
1365 // If the stream is referenced by any sidx, limit the search
1366 // to fragments that referenced this stream in the sidx
1367 MOVStreamContext *sc = st->priv_data;
1368 if (sc->has_sidx)
1369 id = st->id;
1370 }
1371
1372 a = -1;
1373 b = frag_index->nb_items;
1374
1375 while (b - a > 1) {
1376 m0 = m = (a + b) >> 1;
1377
1378 while (m < b &&
1379 (frag_time = get_frag_time(frag_index, m, id)) == AV_NOPTS_VALUE)
1380 m++;
1381
1382 if (m < b && frag_time <= timestamp)
1383 a = m;
1384 else
1385 b = m0;
1386 }
1387
1388 return a;
1389 }
1390
update_frag_index(MOVContext * c,int64_t offset)1391 static int update_frag_index(MOVContext *c, int64_t offset)
1392 {
1393 int index, i;
1394 MOVFragmentIndexItem * item;
1395 MOVFragmentStreamInfo * frag_stream_info;
1396
1397 // If moof_offset already exists in frag_index, return index to it
1398 index = search_frag_moof_offset(&c->frag_index, offset);
1399 if (index < c->frag_index.nb_items &&
1400 c->frag_index.item[index].moof_offset == offset)
1401 return index;
1402
1403 // offset is not yet in frag index.
1404 // Insert new item at index (sorted by moof offset)
1405 item = av_fast_realloc(c->frag_index.item,
1406 &c->frag_index.allocated_size,
1407 (c->frag_index.nb_items + 1) *
1408 sizeof(*c->frag_index.item));
1409 if (!item)
1410 return -1;
1411 c->frag_index.item = item;
1412
1413 frag_stream_info = av_realloc_array(NULL, c->fc->nb_streams,
1414 sizeof(*item->stream_info));
1415 if (!frag_stream_info)
1416 return -1;
1417
1418 for (i = 0; i < c->fc->nb_streams; i++) {
1419 // Avoid building frag index if streams lack track id.
1420 if (c->fc->streams[i]->id < 0) {
1421 av_free(frag_stream_info);
1422 return AVERROR_INVALIDDATA;
1423 }
1424
1425 frag_stream_info[i].id = c->fc->streams[i]->id;
1426 frag_stream_info[i].sidx_pts = AV_NOPTS_VALUE;
1427 frag_stream_info[i].tfdt_dts = AV_NOPTS_VALUE;
1428 frag_stream_info[i].next_trun_dts = AV_NOPTS_VALUE;
1429 frag_stream_info[i].first_tfra_pts = AV_NOPTS_VALUE;
1430 frag_stream_info[i].index_entry = -1;
1431 frag_stream_info[i].encryption_index = NULL;
1432 }
1433
1434 if (index < c->frag_index.nb_items)
1435 memmove(c->frag_index.item + index + 1, c->frag_index.item + index,
1436 (c->frag_index.nb_items - index) * sizeof(*c->frag_index.item));
1437
1438 item = &c->frag_index.item[index];
1439 item->headers_read = 0;
1440 item->current = 0;
1441 item->nb_stream_info = c->fc->nb_streams;
1442 item->moof_offset = offset;
1443 item->stream_info = frag_stream_info;
1444 c->frag_index.nb_items++;
1445
1446 return index;
1447 }
1448
fix_frag_index_entries(MOVFragmentIndex * frag_index,int index,int id,int entries)1449 static void fix_frag_index_entries(MOVFragmentIndex *frag_index, int index,
1450 int id, int entries)
1451 {
1452 int i;
1453 MOVFragmentStreamInfo * frag_stream_info;
1454
1455 if (index < 0)
1456 return;
1457 for (i = index; i < frag_index->nb_items; i++) {
1458 frag_stream_info = get_frag_stream_info(frag_index, i, id);
1459 if (frag_stream_info && frag_stream_info->index_entry >= 0)
1460 frag_stream_info->index_entry += entries;
1461 }
1462 }
1463
mov_read_moof(MOVContext * c,AVIOContext * pb,MOVAtom atom)1464 static int mov_read_moof(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1465 {
1466 // Set by mov_read_tfhd(). mov_read_trun() will reject files missing tfhd.
1467 c->fragment.found_tfhd = 0;
1468
1469 if (!c->has_looked_for_mfra && c->use_mfra_for > 0) {
1470 c->has_looked_for_mfra = 1;
1471 if (pb->seekable & AVIO_SEEKABLE_NORMAL) {
1472 int ret;
1473 av_log(c->fc, AV_LOG_VERBOSE, "stream has moof boxes, will look "
1474 "for a mfra\n");
1475 if ((ret = mov_read_mfra(c, pb)) < 0) {
1476 av_log(c->fc, AV_LOG_VERBOSE, "found a moof box but failed to "
1477 "read the mfra (may be a live ismv)\n");
1478 }
1479 } else {
1480 av_log(c->fc, AV_LOG_VERBOSE, "found a moof box but stream is not "
1481 "seekable, can not look for mfra\n");
1482 }
1483 }
1484 c->fragment.moof_offset = c->fragment.implicit_offset = avio_tell(pb) - 8;
1485 av_log(c->fc, AV_LOG_TRACE, "moof offset %"PRIx64"\n", c->fragment.moof_offset);
1486 c->frag_index.current = update_frag_index(c, c->fragment.moof_offset);
1487 return mov_read_default(c, pb, atom);
1488 }
1489
mov_metadata_creation_time(AVDictionary ** metadata,int64_t time,void * logctx)1490 static void mov_metadata_creation_time(AVDictionary **metadata, int64_t time, void *logctx)
1491 {
1492 if (time) {
1493 if (time >= 2082844800)
1494 time -= 2082844800; /* seconds between 1904-01-01 and Epoch */
1495
1496 if ((int64_t)(time * 1000000ULL) / 1000000 != time) {
1497 av_log(logctx, AV_LOG_DEBUG, "creation_time is not representable\n");
1498 return;
1499 }
1500
1501 avpriv_dict_set_timestamp(metadata, "creation_time", time * 1000000);
1502 }
1503 }
1504
mov_read_mdhd(MOVContext * c,AVIOContext * pb,MOVAtom atom)1505 static int mov_read_mdhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1506 {
1507 AVStream *st;
1508 MOVStreamContext *sc;
1509 int version;
1510 char language[4] = {0};
1511 unsigned lang;
1512 int64_t creation_time;
1513
1514 if (c->fc->nb_streams < 1)
1515 return 0;
1516 st = c->fc->streams[c->fc->nb_streams-1];
1517 sc = st->priv_data;
1518
1519 if (sc->time_scale) {
1520 av_log(c->fc, AV_LOG_ERROR, "Multiple mdhd?\n");
1521 return AVERROR_INVALIDDATA;
1522 }
1523
1524 version = avio_r8(pb);
1525 if (version > 1) {
1526 avpriv_request_sample(c->fc, "Version %d", version);
1527 return AVERROR_PATCHWELCOME;
1528 }
1529 avio_rb24(pb); /* flags */
1530 if (version == 1) {
1531 creation_time = avio_rb64(pb);
1532 avio_rb64(pb);
1533 } else {
1534 creation_time = avio_rb32(pb);
1535 avio_rb32(pb); /* modification time */
1536 }
1537 mov_metadata_creation_time(&st->metadata, creation_time, c->fc);
1538
1539 sc->time_scale = avio_rb32(pb);
1540 if (sc->time_scale <= 0) {
1541 av_log(c->fc, AV_LOG_ERROR, "Invalid mdhd time scale %d, defaulting to 1\n", sc->time_scale);
1542 sc->time_scale = 1;
1543 }
1544 st->duration = (version == 1) ? avio_rb64(pb) : avio_rb32(pb); /* duration */
1545
1546 lang = avio_rb16(pb); /* language */
1547 if (ff_mov_lang_to_iso639(lang, language))
1548 av_dict_set(&st->metadata, "language", language, 0);
1549 avio_rb16(pb); /* quality */
1550
1551 #ifdef OHOS_EXPAND_MP4_INFO
1552 st->time_scale = sc->time_scale;
1553 #endif
1554
1555 return 0;
1556 }
1557
mov_read_mvhd(MOVContext * c,AVIOContext * pb,MOVAtom atom)1558 static int mov_read_mvhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1559 {
1560 int i;
1561 int64_t creation_time;
1562 int version = avio_r8(pb); /* version */
1563 avio_rb24(pb); /* flags */
1564
1565 if (version == 1) {
1566 creation_time = avio_rb64(pb);
1567 avio_rb64(pb);
1568 } else {
1569 creation_time = avio_rb32(pb);
1570 avio_rb32(pb); /* modification time */
1571 }
1572 mov_metadata_creation_time(&c->fc->metadata, creation_time, c->fc);
1573 c->time_scale = avio_rb32(pb); /* time scale */
1574 if (c->time_scale <= 0) {
1575 av_log(c->fc, AV_LOG_ERROR, "Invalid mvhd time scale %d, defaulting to 1\n", c->time_scale);
1576 c->time_scale = 1;
1577 }
1578 av_log(c->fc, AV_LOG_TRACE, "time scale = %i\n", c->time_scale);
1579
1580 c->duration = (version == 1) ? avio_rb64(pb) : avio_rb32(pb); /* duration */
1581 // set the AVFormatContext duration because the duration of individual tracks
1582 // may be inaccurate
1583 if (!c->trex_data)
1584 c->fc->duration = av_rescale(c->duration, AV_TIME_BASE, c->time_scale);
1585 avio_rb32(pb); /* preferred scale */
1586
1587 avio_rb16(pb); /* preferred volume */
1588
1589 avio_skip(pb, 10); /* reserved */
1590
1591 /* movie display matrix, store it in main context and use it later on */
1592 for (i = 0; i < 3; i++) {
1593 c->movie_display_matrix[i][0] = avio_rb32(pb); // 16.16 fixed point
1594 c->movie_display_matrix[i][1] = avio_rb32(pb); // 16.16 fixed point
1595 c->movie_display_matrix[i][2] = avio_rb32(pb); // 2.30 fixed point
1596 }
1597
1598 avio_rb32(pb); /* preview time */
1599 avio_rb32(pb); /* preview duration */
1600 avio_rb32(pb); /* poster time */
1601 avio_rb32(pb); /* selection time */
1602 avio_rb32(pb); /* selection duration */
1603 avio_rb32(pb); /* current time */
1604 avio_rb32(pb); /* next track ID */
1605
1606 return 0;
1607 }
1608
set_last_stream_little_endian(AVFormatContext * fc)1609 static void set_last_stream_little_endian(AVFormatContext *fc)
1610 {
1611 AVStream *st;
1612
1613 if (fc->nb_streams < 1)
1614 return;
1615 st = fc->streams[fc->nb_streams-1];
1616
1617 switch (st->codecpar->codec_id) {
1618 case AV_CODEC_ID_PCM_S16BE:
1619 st->codecpar->codec_id = AV_CODEC_ID_PCM_S16LE;
1620 break;
1621 case AV_CODEC_ID_PCM_S24BE:
1622 st->codecpar->codec_id = AV_CODEC_ID_PCM_S24LE;
1623 break;
1624 case AV_CODEC_ID_PCM_S32BE:
1625 st->codecpar->codec_id = AV_CODEC_ID_PCM_S32LE;
1626 break;
1627 case AV_CODEC_ID_PCM_F32BE:
1628 st->codecpar->codec_id = AV_CODEC_ID_PCM_F32LE;
1629 break;
1630 case AV_CODEC_ID_PCM_F64BE:
1631 st->codecpar->codec_id = AV_CODEC_ID_PCM_F64LE;
1632 break;
1633 default:
1634 break;
1635 }
1636 }
1637
mov_read_enda(MOVContext * c,AVIOContext * pb,MOVAtom atom)1638 static int mov_read_enda(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1639 {
1640 int little_endian = avio_rb16(pb) & 0xFF;
1641 av_log(c->fc, AV_LOG_TRACE, "enda %d\n", little_endian);
1642 if (little_endian == 1)
1643 set_last_stream_little_endian(c->fc);
1644 return 0;
1645 }
1646
mov_read_pcmc(MOVContext * c,AVIOContext * pb,MOVAtom atom)1647 static int mov_read_pcmc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1648 {
1649 int format_flags;
1650
1651 if (atom.size < 6) {
1652 av_log(c->fc, AV_LOG_ERROR, "Empty pcmC box\n");
1653 return AVERROR_INVALIDDATA;
1654 }
1655
1656 avio_r8(pb); // version
1657 avio_rb24(pb); // flags
1658 format_flags = avio_r8(pb);
1659 if (format_flags == 1) // indicates little-endian format. If not present, big-endian format is used
1660 set_last_stream_little_endian(c->fc);
1661
1662 return 0;
1663 }
1664
mov_read_colr(MOVContext * c,AVIOContext * pb,MOVAtom atom)1665 static int mov_read_colr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1666 {
1667 AVStream *st;
1668 uint8_t *icc_profile;
1669 char color_parameter_type[5] = { 0 };
1670 uint16_t color_primaries, color_trc, color_matrix;
1671 int ret;
1672
1673 if (c->fc->nb_streams < 1)
1674 return 0;
1675 st = c->fc->streams[c->fc->nb_streams - 1];
1676
1677 ret = ffio_read_size(pb, color_parameter_type, 4);
1678 if (ret < 0)
1679 return ret;
1680 if (strncmp(color_parameter_type, "nclx", 4) &&
1681 strncmp(color_parameter_type, "nclc", 4) &&
1682 strncmp(color_parameter_type, "prof", 4)) {
1683 av_log(c->fc, AV_LOG_WARNING, "unsupported color_parameter_type %s\n",
1684 color_parameter_type);
1685 return 0;
1686 }
1687
1688 if (!strncmp(color_parameter_type, "prof", 4)) {
1689 icc_profile = av_stream_new_side_data(st, AV_PKT_DATA_ICC_PROFILE, atom.size - 4);
1690 if (!icc_profile)
1691 return AVERROR(ENOMEM);
1692 ret = ffio_read_size(pb, icc_profile, atom.size - 4);
1693 if (ret < 0)
1694 return ret;
1695 } else {
1696 color_primaries = avio_rb16(pb);
1697 color_trc = avio_rb16(pb);
1698 color_matrix = avio_rb16(pb);
1699
1700 av_log(c->fc, AV_LOG_TRACE,
1701 "%s: pri %d trc %d matrix %d",
1702 color_parameter_type, color_primaries, color_trc, color_matrix);
1703
1704 if (!strncmp(color_parameter_type, "nclx", 4)) {
1705 uint8_t color_range = avio_r8(pb) >> 7;
1706 av_log(c->fc, AV_LOG_TRACE, " full %"PRIu8"", color_range);
1707 if (color_range)
1708 st->codecpar->color_range = AVCOL_RANGE_JPEG;
1709 else
1710 st->codecpar->color_range = AVCOL_RANGE_MPEG;
1711 }
1712
1713 if (!av_color_primaries_name(color_primaries))
1714 color_primaries = AVCOL_PRI_UNSPECIFIED;
1715 if (!av_color_transfer_name(color_trc))
1716 color_trc = AVCOL_TRC_UNSPECIFIED;
1717 if (!av_color_space_name(color_matrix))
1718 color_matrix = AVCOL_SPC_UNSPECIFIED;
1719
1720 st->codecpar->color_primaries = color_primaries;
1721 st->codecpar->color_trc = color_trc;
1722 st->codecpar->color_space = color_matrix;
1723 av_log(c->fc, AV_LOG_TRACE, "\n");
1724 }
1725 return 0;
1726 }
1727
mov_read_fiel(MOVContext * c,AVIOContext * pb,MOVAtom atom)1728 static int mov_read_fiel(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1729 {
1730 AVStream *st;
1731 unsigned mov_field_order;
1732 enum AVFieldOrder decoded_field_order = AV_FIELD_UNKNOWN;
1733
1734 if (c->fc->nb_streams < 1) // will happen with jp2 files
1735 return 0;
1736 st = c->fc->streams[c->fc->nb_streams-1];
1737 if (atom.size < 2)
1738 return AVERROR_INVALIDDATA;
1739 mov_field_order = avio_rb16(pb);
1740 if ((mov_field_order & 0xFF00) == 0x0100)
1741 decoded_field_order = AV_FIELD_PROGRESSIVE;
1742 else if ((mov_field_order & 0xFF00) == 0x0200) {
1743 switch (mov_field_order & 0xFF) {
1744 case 0x01: decoded_field_order = AV_FIELD_TT;
1745 break;
1746 case 0x06: decoded_field_order = AV_FIELD_BB;
1747 break;
1748 case 0x09: decoded_field_order = AV_FIELD_TB;
1749 break;
1750 case 0x0E: decoded_field_order = AV_FIELD_BT;
1751 break;
1752 }
1753 }
1754 if (decoded_field_order == AV_FIELD_UNKNOWN && mov_field_order) {
1755 av_log(c->fc, AV_LOG_ERROR, "Unknown MOV field order 0x%04x\n", mov_field_order);
1756 }
1757 st->codecpar->field_order = decoded_field_order;
1758
1759 return 0;
1760 }
1761
mov_realloc_extradata(AVCodecParameters * par,MOVAtom atom)1762 static int mov_realloc_extradata(AVCodecParameters *par, MOVAtom atom)
1763 {
1764 int err = 0;
1765 uint64_t size = (uint64_t)par->extradata_size + atom.size + 8 + AV_INPUT_BUFFER_PADDING_SIZE;
1766 if (size > INT_MAX || (uint64_t)atom.size > INT_MAX)
1767 return AVERROR_INVALIDDATA;
1768 if ((err = av_reallocp(&par->extradata, size)) < 0) {
1769 par->extradata_size = 0;
1770 return err;
1771 }
1772 par->extradata_size = size - AV_INPUT_BUFFER_PADDING_SIZE;
1773 return 0;
1774 }
1775
1776 /* Read a whole atom into the extradata return the size of the atom read, possibly truncated if != atom.size */
mov_read_atom_into_extradata(MOVContext * c,AVIOContext * pb,MOVAtom atom,AVCodecParameters * par,uint8_t * buf)1777 static int64_t mov_read_atom_into_extradata(MOVContext *c, AVIOContext *pb, MOVAtom atom,
1778 AVCodecParameters *par, uint8_t *buf)
1779 {
1780 int64_t result = atom.size;
1781 int err;
1782
1783 AV_WB32(buf , atom.size + 8);
1784 AV_WL32(buf + 4, atom.type);
1785 err = ffio_read_size(pb, buf + 8, atom.size);
1786 if (err < 0) {
1787 par->extradata_size -= atom.size;
1788 return err;
1789 } else if (err < atom.size) {
1790 av_log(c->fc, AV_LOG_WARNING, "truncated extradata\n");
1791 par->extradata_size -= atom.size - err;
1792 result = err;
1793 }
1794 memset(buf + 8 + err, 0, AV_INPUT_BUFFER_PADDING_SIZE);
1795 return result;
1796 }
1797
1798 /* FIXME modify QDM2/SVQ3/H.264 decoders to take full atom as extradata */
mov_read_extradata(MOVContext * c,AVIOContext * pb,MOVAtom atom,enum AVCodecID codec_id)1799 static int mov_read_extradata(MOVContext *c, AVIOContext *pb, MOVAtom atom,
1800 enum AVCodecID codec_id)
1801 {
1802 AVStream *st;
1803 uint64_t original_size;
1804 int err;
1805
1806 if (c->fc->nb_streams < 1) // will happen with jp2 files
1807 return 0;
1808 st = c->fc->streams[c->fc->nb_streams-1];
1809
1810 if (st->codecpar->codec_id != codec_id)
1811 return 0; /* unexpected codec_id - don't mess with extradata */
1812
1813 original_size = st->codecpar->extradata_size;
1814 err = mov_realloc_extradata(st->codecpar, atom);
1815 if (err)
1816 return err;
1817
1818 err = mov_read_atom_into_extradata(c, pb, atom, st->codecpar, st->codecpar->extradata + original_size);
1819 if (err < 0)
1820 return err;
1821 return 0; // Note: this is the original behavior to ignore truncation.
1822 }
1823
1824 /* wrapper functions for reading ALAC/AVS/MJPEG/MJPEG2000 extradata atoms only for those codecs */
mov_read_alac(MOVContext * c,AVIOContext * pb,MOVAtom atom)1825 static int mov_read_alac(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1826 {
1827 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_ALAC);
1828 }
1829
mov_read_avss(MOVContext * c,AVIOContext * pb,MOVAtom atom)1830 static int mov_read_avss(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1831 {
1832 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_AVS);
1833 }
1834
mov_read_jp2h(MOVContext * c,AVIOContext * pb,MOVAtom atom)1835 static int mov_read_jp2h(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1836 {
1837 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_JPEG2000);
1838 }
1839
mov_read_dpxe(MOVContext * c,AVIOContext * pb,MOVAtom atom)1840 static int mov_read_dpxe(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1841 {
1842 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_R10K);
1843 }
1844
mov_read_avid(MOVContext * c,AVIOContext * pb,MOVAtom atom)1845 static int mov_read_avid(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1846 {
1847 int ret = mov_read_extradata(c, pb, atom, AV_CODEC_ID_AVUI);
1848 if (!ret)
1849 ret = mov_read_extradata(c, pb, atom, AV_CODEC_ID_DNXHD);
1850 return ret;
1851 }
1852
mov_read_targa_y216(MOVContext * c,AVIOContext * pb,MOVAtom atom)1853 static int mov_read_targa_y216(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1854 {
1855 int ret = mov_read_extradata(c, pb, atom, AV_CODEC_ID_TARGA_Y216);
1856
1857 if (!ret && c->fc->nb_streams >= 1) {
1858 AVCodecParameters *par = c->fc->streams[c->fc->nb_streams-1]->codecpar;
1859 if (par->extradata_size >= 40) {
1860 par->height = AV_RB16(&par->extradata[36]);
1861 par->width = AV_RB16(&par->extradata[38]);
1862 }
1863 }
1864 return ret;
1865 }
1866
mov_read_ares(MOVContext * c,AVIOContext * pb,MOVAtom atom)1867 static int mov_read_ares(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1868 {
1869 if (c->fc->nb_streams >= 1) {
1870 AVStream *const st = c->fc->streams[c->fc->nb_streams - 1];
1871 FFStream *const sti = ffstream(st);
1872 AVCodecParameters *par = st->codecpar;
1873
1874 if (par->codec_tag == MKTAG('A', 'V', 'i', 'n') &&
1875 par->codec_id == AV_CODEC_ID_H264 &&
1876 atom.size > 11) {
1877 int cid;
1878 avio_skip(pb, 10);
1879 cid = avio_rb16(pb);
1880 /* For AVID AVCI50, force width of 1440 to be able to select the correct SPS and PPS */
1881 if (cid == 0xd4d || cid == 0xd4e)
1882 par->width = 1440;
1883 return 0;
1884 } else if ((par->codec_tag == MKTAG('A', 'V', 'd', '1') ||
1885 par->codec_tag == MKTAG('A', 'V', 'j', '2') ||
1886 par->codec_tag == MKTAG('A', 'V', 'd', 'n')) &&
1887 atom.size >= 24) {
1888 int num, den;
1889 avio_skip(pb, 12);
1890 num = avio_rb32(pb);
1891 den = avio_rb32(pb);
1892 if (num <= 0 || den <= 0)
1893 return 0;
1894 switch (avio_rb32(pb)) {
1895 case 2:
1896 if (den >= INT_MAX / 2)
1897 return 0;
1898 den *= 2;
1899 case 1:
1900 sti->display_aspect_ratio = (AVRational){ num, den };
1901 default:
1902 return 0;
1903 }
1904 }
1905 }
1906
1907 return mov_read_avid(c, pb, atom);
1908 }
1909
mov_read_aclr(MOVContext * c,AVIOContext * pb,MOVAtom atom)1910 static int mov_read_aclr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1911 {
1912 int ret = 0;
1913 int length = 0;
1914 uint64_t original_size;
1915 if (c->fc->nb_streams >= 1) {
1916 AVCodecParameters *par = c->fc->streams[c->fc->nb_streams-1]->codecpar;
1917 if (par->codec_id == AV_CODEC_ID_H264)
1918 return 0;
1919 if (atom.size == 16) {
1920 original_size = par->extradata_size;
1921 ret = mov_realloc_extradata(par, atom);
1922 if (!ret) {
1923 length = mov_read_atom_into_extradata(c, pb, atom, par, par->extradata + original_size);
1924 if (length == atom.size) {
1925 const uint8_t range_value = par->extradata[original_size + 19];
1926 switch (range_value) {
1927 case 1:
1928 par->color_range = AVCOL_RANGE_MPEG;
1929 break;
1930 case 2:
1931 par->color_range = AVCOL_RANGE_JPEG;
1932 break;
1933 default:
1934 av_log(c->fc, AV_LOG_WARNING, "ignored unknown aclr value (%d)\n", range_value);
1935 break;
1936 }
1937 ff_dlog(c->fc, "color_range: %d\n", par->color_range);
1938 } else {
1939 /* For some reason the whole atom was not added to the extradata */
1940 av_log(c->fc, AV_LOG_ERROR, "aclr not decoded - incomplete atom\n");
1941 }
1942 } else {
1943 av_log(c->fc, AV_LOG_ERROR, "aclr not decoded - unable to add atom to extradata\n");
1944 }
1945 } else {
1946 av_log(c->fc, AV_LOG_WARNING, "aclr not decoded - unexpected size %"PRId64"\n", atom.size);
1947 }
1948 }
1949
1950 return ret;
1951 }
1952
mov_read_svq3(MOVContext * c,AVIOContext * pb,MOVAtom atom)1953 static int mov_read_svq3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1954 {
1955 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_SVQ3);
1956 }
1957
mov_read_wave(MOVContext * c,AVIOContext * pb,MOVAtom atom)1958 static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1959 {
1960 AVStream *st;
1961 int ret;
1962
1963 if (c->fc->nb_streams < 1)
1964 return 0;
1965 st = c->fc->streams[c->fc->nb_streams-1];
1966
1967 if ((uint64_t)atom.size > (1<<30))
1968 return AVERROR_INVALIDDATA;
1969
1970 if (st->codecpar->codec_id == AV_CODEC_ID_QDM2 ||
1971 st->codecpar->codec_id == AV_CODEC_ID_QDMC ||
1972 st->codecpar->codec_id == AV_CODEC_ID_SPEEX) {
1973 // pass all frma atom to codec, needed at least for QDMC and QDM2
1974 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size);
1975 if (ret < 0)
1976 return ret;
1977 } else if (atom.size > 8) { /* to read frma, esds atoms */
1978 if (st->codecpar->codec_id == AV_CODEC_ID_ALAC && atom.size >= 24) {
1979 uint64_t buffer;
1980 ret = ffio_ensure_seekback(pb, 8);
1981 if (ret < 0)
1982 return ret;
1983 buffer = avio_rb64(pb);
1984 atom.size -= 8;
1985 if ( (buffer & 0xFFFFFFFF) == MKBETAG('f','r','m','a')
1986 && buffer >> 32 <= atom.size
1987 && buffer >> 32 >= 8) {
1988 avio_skip(pb, -8);
1989 atom.size += 8;
1990 } else if (!st->codecpar->extradata_size) {
1991 #define ALAC_EXTRADATA_SIZE 36
1992 st->codecpar->extradata = av_mallocz(ALAC_EXTRADATA_SIZE + AV_INPUT_BUFFER_PADDING_SIZE);
1993 if (!st->codecpar->extradata)
1994 return AVERROR(ENOMEM);
1995 st->codecpar->extradata_size = ALAC_EXTRADATA_SIZE;
1996 AV_WB32(st->codecpar->extradata , ALAC_EXTRADATA_SIZE);
1997 AV_WB32(st->codecpar->extradata + 4, MKTAG('a','l','a','c'));
1998 AV_WB64(st->codecpar->extradata + 12, buffer);
1999 avio_read(pb, st->codecpar->extradata + 20, 16);
2000 avio_skip(pb, atom.size - 24);
2001 return 0;
2002 }
2003 }
2004 if ((ret = mov_read_default(c, pb, atom)) < 0)
2005 return ret;
2006 } else
2007 avio_skip(pb, atom.size);
2008 return 0;
2009 }
2010
2011 /**
2012 * This function reads atom content and puts data in extradata without tag
2013 * nor size unlike mov_read_extradata.
2014 */
mov_read_glbl(MOVContext * c,AVIOContext * pb,MOVAtom atom)2015 static int mov_read_glbl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2016 {
2017 AVStream *st;
2018 int ret;
2019
2020 if (c->fc->nb_streams < 1)
2021 return 0;
2022 st = c->fc->streams[c->fc->nb_streams-1];
2023
2024 if ((uint64_t)atom.size > (1<<30))
2025 return AVERROR_INVALIDDATA;
2026 #ifdef OHOS_OPT_COMPAT
2027 if (atom.type == MKTAG('v','v','c','C')) {
2028 avio_rb32(pb);
2029 atom.size -= 4;
2030 }
2031 #endif
2032 if (atom.size >= 10) {
2033 // Broken files created by legacy versions of libavformat will
2034 // wrap a whole fiel atom inside of a glbl atom.
2035 unsigned size = avio_rb32(pb);
2036 unsigned type = avio_rl32(pb);
2037 if (avio_feof(pb))
2038 return AVERROR_INVALIDDATA;
2039 avio_seek(pb, -8, SEEK_CUR);
2040 if (type == MKTAG('f','i','e','l') && size == atom.size)
2041 return mov_read_default(c, pb, atom);
2042 }
2043 if (st->codecpar->extradata_size > 1 && st->codecpar->extradata) {
2044 av_log(c->fc, AV_LOG_WARNING, "ignoring multiple glbl\n");
2045 return 0;
2046 }
2047 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size);
2048 if (ret < 0)
2049 return ret;
2050 if (atom.type == MKTAG('h','v','c','C') && st->codecpar->codec_tag == MKTAG('d','v','h','1'))
2051 /* HEVC-based Dolby Vision derived from hvc1.
2052 Happens to match with an identifier
2053 previously utilized for DV. Thus, if we have
2054 the hvcC extradata box available as specified,
2055 set codec to HEVC */
2056 st->codecpar->codec_id = AV_CODEC_ID_HEVC;
2057 #ifdef OHOS_OPT_COMPAT
2058 if (atom.type == MKTAG('v','v','c','C'))
2059 st->codecpar->codec_id = AV_CODEC_ID_VVC;
2060 #endif
2061 return 0;
2062 }
2063
mov_read_dvc1(MOVContext * c,AVIOContext * pb,MOVAtom atom)2064 static int mov_read_dvc1(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2065 {
2066 AVStream *st;
2067 uint8_t profile_level;
2068 int ret;
2069
2070 if (c->fc->nb_streams < 1)
2071 return 0;
2072 st = c->fc->streams[c->fc->nb_streams-1];
2073
2074 if (atom.size >= (1<<28) || atom.size < 7)
2075 return AVERROR_INVALIDDATA;
2076
2077 profile_level = avio_r8(pb);
2078 if ((profile_level & 0xf0) != 0xc0)
2079 return 0;
2080
2081 avio_seek(pb, 6, SEEK_CUR);
2082 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size - 7);
2083 if (ret < 0)
2084 return ret;
2085
2086 return 0;
2087 }
2088
2089 /**
2090 * An strf atom is a BITMAPINFOHEADER struct. This struct is 40 bytes itself,
2091 * but can have extradata appended at the end after the 40 bytes belonging
2092 * to the struct.
2093 */
mov_read_strf(MOVContext * c,AVIOContext * pb,MOVAtom atom)2094 static int mov_read_strf(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2095 {
2096 AVStream *st;
2097 int ret;
2098
2099 if (c->fc->nb_streams < 1)
2100 return 0;
2101 if (atom.size <= 40)
2102 return 0;
2103 st = c->fc->streams[c->fc->nb_streams-1];
2104
2105 if ((uint64_t)atom.size > (1<<30))
2106 return AVERROR_INVALIDDATA;
2107
2108 avio_skip(pb, 40);
2109 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size - 40);
2110 if (ret < 0)
2111 return ret;
2112
2113 return 0;
2114 }
2115
mov_read_stco(MOVContext * c,AVIOContext * pb,MOVAtom atom)2116 static int mov_read_stco(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2117 {
2118 AVStream *st;
2119 MOVStreamContext *sc;
2120 unsigned int i, entries;
2121
2122 if (c->trak_index < 0) {
2123 av_log(c->fc, AV_LOG_WARNING, "STCO outside TRAK\n");
2124 return 0;
2125 }
2126 if (c->fc->nb_streams < 1)
2127 return 0;
2128 st = c->fc->streams[c->fc->nb_streams-1];
2129 sc = st->priv_data;
2130
2131 avio_r8(pb); /* version */
2132 avio_rb24(pb); /* flags */
2133
2134 entries = avio_rb32(pb);
2135
2136 if (!entries)
2137 return 0;
2138
2139 if (sc->chunk_offsets) {
2140 av_log(c->fc, AV_LOG_WARNING, "Ignoring duplicated STCO atom\n");
2141 return 0;
2142 }
2143 av_free(sc->chunk_offsets);
2144 sc->chunk_count = 0;
2145 sc->chunk_offsets = av_malloc_array(entries, sizeof(*sc->chunk_offsets));
2146 if (!sc->chunk_offsets)
2147 return AVERROR(ENOMEM);
2148 sc->chunk_count = entries;
2149
2150 if (atom.type == MKTAG('s','t','c','o'))
2151 for (i = 0; i < entries && !pb->eof_reached; i++)
2152 sc->chunk_offsets[i] = avio_rb32(pb);
2153 else if (atom.type == MKTAG('c','o','6','4'))
2154 for (i = 0; i < entries && !pb->eof_reached; i++)
2155 sc->chunk_offsets[i] = avio_rb64(pb);
2156 else
2157 return AVERROR_INVALIDDATA;
2158
2159 sc->chunk_count = i;
2160
2161 if (pb->eof_reached) {
2162 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STCO atom\n");
2163 return AVERROR_EOF;
2164 }
2165
2166 return 0;
2167 }
2168
mov_codec_id(AVStream * st,uint32_t format)2169 static int mov_codec_id(AVStream *st, uint32_t format)
2170 {
2171 int id = ff_codec_get_id(ff_codec_movaudio_tags, format);
2172
2173 if (id <= 0 &&
2174 ((format & 0xFFFF) == 'm' + ('s' << 8) ||
2175 (format & 0xFFFF) == 'T' + ('S' << 8)))
2176 id = ff_codec_get_id(ff_codec_wav_tags, av_bswap32(format) & 0xFFFF);
2177
2178 if (st->codecpar->codec_type != AVMEDIA_TYPE_VIDEO && id > 0) {
2179 st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
2180 } else if (st->codecpar->codec_type != AVMEDIA_TYPE_AUDIO &&
2181 /* skip old ASF MPEG-4 tag */
2182 format && format != MKTAG('m','p','4','s')) {
2183 id = ff_codec_get_id(ff_codec_movvideo_tags, format);
2184 if (id <= 0)
2185 id = ff_codec_get_id(ff_codec_bmp_tags, format);
2186 if (id > 0)
2187 st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO;
2188 else if (st->codecpar->codec_type == AVMEDIA_TYPE_DATA ||
2189 (st->codecpar->codec_type == AVMEDIA_TYPE_SUBTITLE &&
2190 st->codecpar->codec_id == AV_CODEC_ID_NONE)) {
2191 id = ff_codec_get_id(ff_codec_movsubtitle_tags, format);
2192 if (id > 0)
2193 st->codecpar->codec_type = AVMEDIA_TYPE_SUBTITLE;
2194 else
2195 id = ff_codec_get_id(ff_codec_movdata_tags, format);
2196 #ifdef OHOS_TIMED_META_TRACK
2197 } else if (st->codecpar->codec_type == AVMEDIA_TYPE_TIMEDMETA) {
2198 id = AV_CODEC_ID_FFMETADATA;
2199 }
2200 #else
2201 }
2202 #endif
2203 }
2204
2205 st->codecpar->codec_tag = format;
2206
2207 return id;
2208 }
2209
mov_parse_stsd_video(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc)2210 static void mov_parse_stsd_video(MOVContext *c, AVIOContext *pb,
2211 AVStream *st, MOVStreamContext *sc)
2212 {
2213 uint8_t codec_name[32] = { 0 };
2214 int64_t stsd_start;
2215 unsigned int len;
2216 uint32_t id = 0;
2217
2218 /* The first 16 bytes of the video sample description are already
2219 * read in ff_mov_read_stsd_entries() */
2220 stsd_start = avio_tell(pb) - 16;
2221
2222 avio_rb16(pb); /* version */
2223 avio_rb16(pb); /* revision level */
2224 id = avio_rl32(pb); /* vendor */
2225 av_dict_set(&st->metadata, "vendor_id", av_fourcc2str(id), 0);
2226 avio_rb32(pb); /* temporal quality */
2227 avio_rb32(pb); /* spatial quality */
2228
2229 st->codecpar->width = avio_rb16(pb); /* width */
2230 st->codecpar->height = avio_rb16(pb); /* height */
2231
2232 avio_rb32(pb); /* horiz resolution */
2233 avio_rb32(pb); /* vert resolution */
2234 avio_rb32(pb); /* data size, always 0 */
2235 avio_rb16(pb); /* frames per samples */
2236
2237 len = avio_r8(pb); /* codec name, pascal string */
2238 if (len > 31)
2239 len = 31;
2240 mov_read_mac_string(c, pb, len, codec_name, sizeof(codec_name));
2241 if (len < 31)
2242 avio_skip(pb, 31 - len);
2243
2244 if (codec_name[0])
2245 av_dict_set(&st->metadata, "encoder", codec_name, 0);
2246
2247 /* codec_tag YV12 triggers an UV swap in rawdec.c */
2248 if (!strncmp(codec_name, "Planar Y'CbCr 8-bit 4:2:0", 25)) {
2249 st->codecpar->codec_tag = MKTAG('I', '4', '2', '0');
2250 st->codecpar->width &= ~1;
2251 st->codecpar->height &= ~1;
2252 }
2253 /* Flash Media Server uses tag H.263 with Sorenson Spark */
2254 if (st->codecpar->codec_tag == MKTAG('H','2','6','3') &&
2255 !strncmp(codec_name, "Sorenson H263", 13))
2256 st->codecpar->codec_id = AV_CODEC_ID_FLV1;
2257
2258 st->codecpar->bits_per_coded_sample = avio_rb16(pb); /* depth */
2259
2260 avio_seek(pb, stsd_start, SEEK_SET);
2261
2262 if (ff_get_qtpalette(st->codecpar->codec_id, pb, sc->palette)) {
2263 st->codecpar->bits_per_coded_sample &= 0x1F;
2264 sc->has_palette = 1;
2265 }
2266 }
2267
mov_parse_stsd_audio(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc)2268 static void mov_parse_stsd_audio(MOVContext *c, AVIOContext *pb,
2269 AVStream *st, MOVStreamContext *sc)
2270 {
2271 int bits_per_sample, flags;
2272 uint16_t version = avio_rb16(pb);
2273 uint32_t id = 0;
2274 AVDictionaryEntry *compatible_brands = av_dict_get(c->fc->metadata, "compatible_brands", NULL, AV_DICT_MATCH_CASE);
2275 int channel_count;
2276
2277 avio_rb16(pb); /* revision level */
2278 id = avio_rl32(pb); /* vendor */
2279 av_dict_set(&st->metadata, "vendor_id", av_fourcc2str(id), 0);
2280
2281 channel_count = avio_rb16(pb);
2282
2283 st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_UNSPEC;
2284 st->codecpar->ch_layout.nb_channels = channel_count;
2285 st->codecpar->bits_per_coded_sample = avio_rb16(pb); /* sample size */
2286 av_log(c->fc, AV_LOG_TRACE, "audio channels %d\n", channel_count);
2287
2288 sc->audio_cid = avio_rb16(pb);
2289 avio_rb16(pb); /* packet size = 0 */
2290
2291 st->codecpar->sample_rate = ((avio_rb32(pb) >> 16));
2292
2293 // Read QT version 1 fields. In version 0 these do not exist.
2294 av_log(c->fc, AV_LOG_TRACE, "version =%d, isom =%d\n", version, c->isom);
2295 if (!c->isom ||
2296 (compatible_brands && strstr(compatible_brands->value, "qt ")) ||
2297 (sc->stsd_version == 0 && version > 0)) {
2298 if (version == 1) {
2299 sc->samples_per_frame = avio_rb32(pb);
2300 avio_rb32(pb); /* bytes per packet */
2301 sc->bytes_per_frame = avio_rb32(pb);
2302 avio_rb32(pb); /* bytes per sample */
2303 } else if (version == 2) {
2304 avio_rb32(pb); /* sizeof struct only */
2305 st->codecpar->sample_rate = av_int2double(avio_rb64(pb));
2306 channel_count = avio_rb32(pb);
2307 st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_UNSPEC;
2308 st->codecpar->ch_layout.nb_channels = channel_count;
2309 avio_rb32(pb); /* always 0x7F000000 */
2310 st->codecpar->bits_per_coded_sample = avio_rb32(pb);
2311
2312 flags = avio_rb32(pb); /* lpcm format specific flag */
2313 sc->bytes_per_frame = avio_rb32(pb);
2314 sc->samples_per_frame = avio_rb32(pb);
2315 if (st->codecpar->codec_tag == MKTAG('l','p','c','m'))
2316 st->codecpar->codec_id =
2317 ff_mov_get_lpcm_codec_id(st->codecpar->bits_per_coded_sample,
2318 flags);
2319 }
2320 if (version == 0 || (version == 1 && sc->audio_cid != -2)) {
2321 /* can't correctly handle variable sized packet as audio unit */
2322 switch (st->codecpar->codec_id) {
2323 case AV_CODEC_ID_MP2:
2324 case AV_CODEC_ID_MP3:
2325 ffstream(st)->need_parsing = AVSTREAM_PARSE_FULL;
2326 break;
2327 }
2328 }
2329 }
2330
2331 if (sc->format == 0) {
2332 if (st->codecpar->bits_per_coded_sample == 8)
2333 st->codecpar->codec_id = mov_codec_id(st, MKTAG('r','a','w',' '));
2334 else if (st->codecpar->bits_per_coded_sample == 16)
2335 st->codecpar->codec_id = mov_codec_id(st, MKTAG('t','w','o','s'));
2336 }
2337
2338 switch (st->codecpar->codec_id) {
2339 case AV_CODEC_ID_PCM_S8:
2340 case AV_CODEC_ID_PCM_U8:
2341 if (st->codecpar->bits_per_coded_sample == 16)
2342 st->codecpar->codec_id = AV_CODEC_ID_PCM_S16BE;
2343 break;
2344 case AV_CODEC_ID_PCM_S16LE:
2345 case AV_CODEC_ID_PCM_S16BE:
2346 if (st->codecpar->bits_per_coded_sample == 8)
2347 st->codecpar->codec_id = AV_CODEC_ID_PCM_S8;
2348 else if (st->codecpar->bits_per_coded_sample == 24)
2349 st->codecpar->codec_id =
2350 st->codecpar->codec_id == AV_CODEC_ID_PCM_S16BE ?
2351 AV_CODEC_ID_PCM_S24BE : AV_CODEC_ID_PCM_S24LE;
2352 else if (st->codecpar->bits_per_coded_sample == 32)
2353 st->codecpar->codec_id =
2354 st->codecpar->codec_id == AV_CODEC_ID_PCM_S16BE ?
2355 AV_CODEC_ID_PCM_S32BE : AV_CODEC_ID_PCM_S32LE;
2356 break;
2357 /* set values for old format before stsd version 1 appeared */
2358 case AV_CODEC_ID_MACE3:
2359 sc->samples_per_frame = 6;
2360 sc->bytes_per_frame = 2 * st->codecpar->ch_layout.nb_channels;
2361 break;
2362 case AV_CODEC_ID_MACE6:
2363 sc->samples_per_frame = 6;
2364 sc->bytes_per_frame = 1 * st->codecpar->ch_layout.nb_channels;
2365 break;
2366 case AV_CODEC_ID_ADPCM_IMA_QT:
2367 sc->samples_per_frame = 64;
2368 sc->bytes_per_frame = 34 * st->codecpar->ch_layout.nb_channels;
2369 break;
2370 case AV_CODEC_ID_GSM:
2371 sc->samples_per_frame = 160;
2372 sc->bytes_per_frame = 33;
2373 break;
2374 default:
2375 break;
2376 }
2377
2378 bits_per_sample = av_get_bits_per_sample(st->codecpar->codec_id);
2379 if (bits_per_sample && (bits_per_sample >> 3) * (uint64_t)st->codecpar->ch_layout.nb_channels <= INT_MAX) {
2380 st->codecpar->bits_per_coded_sample = bits_per_sample;
2381 sc->sample_size = (bits_per_sample >> 3) * st->codecpar->ch_layout.nb_channels;
2382 }
2383 }
2384
mov_parse_stsd_subtitle(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc,int64_t size)2385 static void mov_parse_stsd_subtitle(MOVContext *c, AVIOContext *pb,
2386 AVStream *st, MOVStreamContext *sc,
2387 int64_t size)
2388 {
2389 // ttxt stsd contains display flags, justification, background
2390 // color, fonts, and default styles, so fake an atom to read it
2391 MOVAtom fake_atom = { .size = size };
2392 // mp4s contains a regular esds atom
2393 if (st->codecpar->codec_tag != AV_RL32("mp4s"))
2394 mov_read_glbl(c, pb, fake_atom);
2395 st->codecpar->width = sc->width;
2396 st->codecpar->height = sc->height;
2397 }
2398
yuv_to_rgba(uint32_t ycbcr)2399 static uint32_t yuv_to_rgba(uint32_t ycbcr)
2400 {
2401 uint8_t r, g, b;
2402 int y, cb, cr;
2403
2404 y = (ycbcr >> 16) & 0xFF;
2405 cr = (ycbcr >> 8) & 0xFF;
2406 cb = ycbcr & 0xFF;
2407
2408 b = av_clip_uint8((1164 * (y - 16) + 2018 * (cb - 128)) / 1000);
2409 g = av_clip_uint8((1164 * (y - 16) - 813 * (cr - 128) - 391 * (cb - 128)) / 1000);
2410 r = av_clip_uint8((1164 * (y - 16) + 1596 * (cr - 128) ) / 1000);
2411
2412 return (r << 16) | (g << 8) | b;
2413 }
2414
mov_rewrite_dvd_sub_extradata(AVStream * st)2415 static int mov_rewrite_dvd_sub_extradata(AVStream *st)
2416 {
2417 char buf[256] = {0};
2418 uint8_t *src = st->codecpar->extradata;
2419 int i, ret;
2420
2421 if (st->codecpar->extradata_size != 64)
2422 return 0;
2423
2424 if (st->codecpar->width > 0 && st->codecpar->height > 0)
2425 snprintf(buf, sizeof(buf), "size: %dx%d\n",
2426 st->codecpar->width, st->codecpar->height);
2427 av_strlcat(buf, "palette: ", sizeof(buf));
2428
2429 for (i = 0; i < 16; i++) {
2430 uint32_t yuv = AV_RB32(src + i * 4);
2431 uint32_t rgba = yuv_to_rgba(yuv);
2432
2433 av_strlcatf(buf, sizeof(buf), "%06"PRIx32"%s", rgba, i != 15 ? ", " : "");
2434 }
2435
2436 if (av_strlcat(buf, "\n", sizeof(buf)) >= sizeof(buf))
2437 return 0;
2438
2439 ret = ff_alloc_extradata(st->codecpar, strlen(buf));
2440 if (ret < 0)
2441 return ret;
2442 memcpy(st->codecpar->extradata, buf, st->codecpar->extradata_size);
2443
2444 return 0;
2445 }
2446 #ifdef OHOS_TIMED_META_TRACK
mov_parse_mebx_keyd(MOVContext * c,AVIOContext * pb,AVStream * st)2447 static int mov_parse_mebx_keyd(MOVContext *c, AVIOContext *pb, AVStream *st)
2448 {
2449 int atom_size = (int)avio_rb32(pb);
2450 avio_rb32(pb); // local key id
2451 int keyd_size = (int)avio_rb32(pb);
2452 avio_rb32(pb); // keyd
2453 avio_rb32(pb); // mdta
2454 int key_value_size = keyd_size - 12; // 12 bytes to skip
2455
2456 unsigned char* buf = av_malloc(key_value_size + 1);
2457 if (!buf)
2458 return AVERROR(ENOMEM);
2459 int ret = ffio_read_size(pb, buf, key_value_size);
2460 if (ret < 0) {
2461 av_freep(&buf);
2462 av_log(c->fc, AV_LOG_WARNING, "failed to read key value\n");
2463 return ret;
2464 }
2465 buf[key_value_size] = 0;
2466 av_dict_set(&st->metadata, "timed_metadata_key", buf, 0);
2467 av_freep(&buf);
2468 return atom_size;
2469 }
mov_parse_mebx_data(MOVContext * c,AVIOContext * pb,AVStream * st,int64_t size)2470 static int mov_parse_mebx_data(MOVContext *c, AVIOContext *pb,
2471 AVStream *st, int64_t size)
2472 {
2473 int read_size = 0;
2474
2475 if (c->fc->nb_streams < 1)
2476 return 0;
2477 st = c->fc->streams[c->fc->nb_streams-1];
2478
2479 int size_keys = (int)avio_rb32(pb); // size of keys
2480 avio_rb32(pb); // keys
2481 const int read_counts = 8;
2482 read_size += read_counts;
2483 while (read_size < size_keys) {
2484 int atom_size = mov_parse_mebx_keyd(c, pb, st);
2485 if (atom_size < 0) {
2486 return atom_size;
2487 }
2488 read_size += atom_size;
2489 }
2490 return 0;
2491 }
mov_read_cdsc(MOVContext * c,AVIOContext * pb,MOVAtom atom)2492 static int mov_read_cdsc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2493 {
2494 AVStream *st;
2495
2496 if (c->fc->nb_streams < 1)
2497 return 0;
2498 st = c->fc->streams[c->fc->nb_streams - 1];
2499 int src_track_id = (int)avio_rb32(pb);
2500 char* metaKeyStr;
2501 metaKeyStr = av_d2str(src_track_id - 1);
2502 if (!metaKeyStr)
2503 return AVERROR(ENOMEM);
2504 av_dict_set(&st->metadata, "src_track_id", metaKeyStr, 0);
2505 av_freep(&metaKeyStr);
2506 return 0;
2507 }
2508 #endif
2509
mov_parse_stsd_data(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc,int64_t size)2510 static int mov_parse_stsd_data(MOVContext *c, AVIOContext *pb,
2511 AVStream *st, MOVStreamContext *sc,
2512 int64_t size)
2513 {
2514 int ret;
2515
2516 if (st->codecpar->codec_tag == MKTAG('t','m','c','d')) {
2517 if ((int)size != size)
2518 return AVERROR(ENOMEM);
2519
2520 ret = ff_get_extradata(c->fc, st->codecpar, pb, size);
2521 if (ret < 0)
2522 return ret;
2523 if (size > 16) {
2524 MOVStreamContext *tmcd_ctx = st->priv_data;
2525 int val;
2526 val = AV_RB32(st->codecpar->extradata + 4);
2527 tmcd_ctx->tmcd_flags = val;
2528 st->avg_frame_rate.num = AV_RB32(st->codecpar->extradata + 8); /* timescale */
2529 st->avg_frame_rate.den = AV_RB32(st->codecpar->extradata + 12); /* frameDuration */
2530 tmcd_ctx->tmcd_nb_frames = st->codecpar->extradata[16]; /* number of frames */
2531 if (size > 30) {
2532 uint32_t len = AV_RB32(st->codecpar->extradata + 18); /* name atom length */
2533 uint32_t format = AV_RB32(st->codecpar->extradata + 22);
2534 if (format == AV_RB32("name") && (int64_t)size >= (int64_t)len + 18) {
2535 uint16_t str_size = AV_RB16(st->codecpar->extradata + 26); /* string length */
2536 if (str_size > 0 && size >= (int)str_size + 30 &&
2537 st->codecpar->extradata[30] /* Don't add empty string */) {
2538 char *reel_name = av_malloc(str_size + 1);
2539 if (!reel_name)
2540 return AVERROR(ENOMEM);
2541 memcpy(reel_name, st->codecpar->extradata + 30, str_size);
2542 reel_name[str_size] = 0; /* Add null terminator */
2543 av_dict_set(&st->metadata, "reel_name", reel_name,
2544 AV_DICT_DONT_STRDUP_VAL);
2545 }
2546 }
2547 }
2548 }
2549 } else {
2550 /* other codec type, just skip (rtp, mp4s ...) */
2551 avio_skip(pb, size);
2552 }
2553 return 0;
2554 }
2555
mov_finalize_stsd_codec(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc)2556 static int mov_finalize_stsd_codec(MOVContext *c, AVIOContext *pb,
2557 AVStream *st, MOVStreamContext *sc)
2558 {
2559 FFStream *const sti = ffstream(st);
2560
2561 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO &&
2562 !st->codecpar->sample_rate && sc->time_scale > 1)
2563 st->codecpar->sample_rate = sc->time_scale;
2564
2565 /* special codec parameters handling */
2566 switch (st->codecpar->codec_id) {
2567 #if CONFIG_DV_DEMUXER
2568 case AV_CODEC_ID_DVAUDIO:
2569 c->dv_fctx = avformat_alloc_context();
2570 if (!c->dv_fctx) {
2571 av_log(c->fc, AV_LOG_ERROR, "dv demux context alloc error\n");
2572 return AVERROR(ENOMEM);
2573 }
2574 c->dv_demux = avpriv_dv_init_demux(c->dv_fctx);
2575 if (!c->dv_demux) {
2576 av_log(c->fc, AV_LOG_ERROR, "dv demux context init error\n");
2577 return AVERROR(ENOMEM);
2578 }
2579 sc->dv_audio_container = 1;
2580 st->codecpar->codec_id = AV_CODEC_ID_PCM_S16LE;
2581 break;
2582 #endif
2583 /* no ifdef since parameters are always those */
2584 case AV_CODEC_ID_QCELP:
2585 av_channel_layout_uninit(&st->codecpar->ch_layout);
2586 st->codecpar->ch_layout = (AVChannelLayout)AV_CHANNEL_LAYOUT_MONO;
2587 // force sample rate for qcelp when not stored in mov
2588 if (st->codecpar->codec_tag != MKTAG('Q','c','l','p'))
2589 st->codecpar->sample_rate = 8000;
2590 // FIXME: Why is the following needed for some files?
2591 sc->samples_per_frame = 160;
2592 if (!sc->bytes_per_frame)
2593 sc->bytes_per_frame = 35;
2594 break;
2595 case AV_CODEC_ID_AMR_NB:
2596 av_channel_layout_uninit(&st->codecpar->ch_layout);
2597 st->codecpar->ch_layout = (AVChannelLayout)AV_CHANNEL_LAYOUT_MONO;
2598 /* force sample rate for amr, stsd in 3gp does not store sample rate */
2599 st->codecpar->sample_rate = 8000;
2600 break;
2601 case AV_CODEC_ID_AMR_WB:
2602 av_channel_layout_uninit(&st->codecpar->ch_layout);
2603 st->codecpar->ch_layout = (AVChannelLayout)AV_CHANNEL_LAYOUT_MONO;
2604 st->codecpar->sample_rate = 16000;
2605 break;
2606 case AV_CODEC_ID_MP2:
2607 case AV_CODEC_ID_MP3:
2608 /* force type after stsd for m1a hdlr */
2609 st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
2610 break;
2611 case AV_CODEC_ID_GSM:
2612 case AV_CODEC_ID_ADPCM_MS:
2613 case AV_CODEC_ID_ADPCM_IMA_WAV:
2614 case AV_CODEC_ID_ILBC:
2615 case AV_CODEC_ID_MACE3:
2616 case AV_CODEC_ID_MACE6:
2617 case AV_CODEC_ID_QDM2:
2618 st->codecpar->block_align = sc->bytes_per_frame;
2619 break;
2620 case AV_CODEC_ID_ALAC:
2621 if (st->codecpar->extradata_size == 36) {
2622 int channel_count = AV_RB8(st->codecpar->extradata + 21);
2623 if (st->codecpar->ch_layout.nb_channels != channel_count) {
2624 av_channel_layout_uninit(&st->codecpar->ch_layout);
2625 st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_UNSPEC;
2626 st->codecpar->ch_layout.nb_channels = channel_count;
2627 }
2628 st->codecpar->sample_rate = AV_RB32(st->codecpar->extradata + 32);
2629 }
2630 break;
2631 case AV_CODEC_ID_AC3:
2632 case AV_CODEC_ID_EAC3:
2633 case AV_CODEC_ID_MPEG1VIDEO:
2634 case AV_CODEC_ID_VC1:
2635 case AV_CODEC_ID_VP8:
2636 case AV_CODEC_ID_VP9:
2637 sti->need_parsing = AVSTREAM_PARSE_FULL;
2638 break;
2639 case AV_CODEC_ID_AV1:
2640 /* field_order detection of H264 requires parsing */
2641 case AV_CODEC_ID_H264:
2642 sti->need_parsing = AVSTREAM_PARSE_HEADERS;
2643 break;
2644 default:
2645 break;
2646 }
2647 return 0;
2648 }
2649
mov_skip_multiple_stsd(MOVContext * c,AVIOContext * pb,int codec_tag,int format,int64_t size)2650 static int mov_skip_multiple_stsd(MOVContext *c, AVIOContext *pb,
2651 int codec_tag, int format,
2652 int64_t size)
2653 {
2654 if (codec_tag &&
2655 (codec_tag != format &&
2656 // AVID 1:1 samples with differing data format and codec tag exist
2657 (codec_tag != AV_RL32("AV1x") || format != AV_RL32("AVup")) &&
2658 // prores is allowed to have differing data format and codec tag
2659 codec_tag != AV_RL32("apcn") && codec_tag != AV_RL32("apch") &&
2660 // so is dv (sigh)
2661 codec_tag != AV_RL32("dvpp") && codec_tag != AV_RL32("dvcp") &&
2662 (c->fc->video_codec_id ? ff_codec_get_id(ff_codec_movvideo_tags, format) != c->fc->video_codec_id
2663 : codec_tag != MKTAG('j','p','e','g')))) {
2664 /* Multiple fourcc, we skip JPEG. This is not correct, we should
2665 * export it as a separate AVStream but this needs a few changes
2666 * in the MOV demuxer, patch welcome. */
2667
2668 av_log(c->fc, AV_LOG_WARNING, "multiple fourcc not supported\n");
2669 avio_skip(pb, size);
2670 return 1;
2671 }
2672
2673 return 0;
2674 }
2675
ff_mov_read_stsd_entries(MOVContext * c,AVIOContext * pb,int entries)2676 int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries)
2677 {
2678 av_log(c->fc, AV_LOG_INFO, "enter\n");
2679 AVStream *st;
2680 MOVStreamContext *sc;
2681 int pseudo_stream_id;
2682
2683 av_assert0 (c->fc->nb_streams >= 1);
2684 st = c->fc->streams[c->fc->nb_streams-1];
2685 sc = st->priv_data;
2686
2687 for (pseudo_stream_id = 0;
2688 pseudo_stream_id < entries && !pb->eof_reached;
2689 pseudo_stream_id++) {
2690 //Parsing Sample description table
2691 enum AVCodecID id;
2692 int ret, dref_id = 1;
2693 MOVAtom a = { AV_RL32("stsd") };
2694 int64_t start_pos = avio_tell(pb);
2695 int64_t size = avio_rb32(pb); /* size */
2696 uint32_t format = avio_rl32(pb); /* data format */
2697 av_log(c->fc, AV_LOG_INFO, "stsd_entries, size:%ld, format:%u\n", size, format);
2698
2699 if (size >= 16) {
2700 avio_rb32(pb); /* reserved */
2701 avio_rb16(pb); /* reserved */
2702 dref_id = avio_rb16(pb);
2703 } else if (size <= 7) {
2704 av_log(c->fc, AV_LOG_ERROR,
2705 "invalid size %"PRId64" in stsd\n", size);
2706 return AVERROR_INVALIDDATA;
2707 }
2708
2709 if (mov_skip_multiple_stsd(c, pb, st->codecpar->codec_tag, format,
2710 size - (avio_tell(pb) - start_pos))) {
2711 sc->stsd_count++;
2712 continue;
2713 }
2714
2715 sc->pseudo_stream_id = st->codecpar->codec_tag ? -1 : pseudo_stream_id;
2716 sc->dref_id = dref_id;
2717 sc->format = format;
2718
2719 id = mov_codec_id(st, format);
2720
2721 av_log(c->fc, AV_LOG_TRACE,
2722 "size=%"PRId64" 4CC=%s codec_type=%d\n", size,
2723 av_fourcc2str(format), st->codecpar->codec_type);
2724
2725 st->codecpar->codec_id = id;
2726 if (st->codecpar->codec_type==AVMEDIA_TYPE_VIDEO) {
2727 mov_parse_stsd_video(c, pb, st, sc);
2728 } else if (st->codecpar->codec_type==AVMEDIA_TYPE_AUDIO) {
2729 mov_parse_stsd_audio(c, pb, st, sc);
2730 if (st->codecpar->sample_rate < 0) {
2731 av_log(c->fc, AV_LOG_ERROR, "Invalid sample rate %d\n", st->codecpar->sample_rate);
2732 return AVERROR_INVALIDDATA;
2733 }
2734 if (st->codecpar->ch_layout.nb_channels < 0) {
2735 av_log(c->fc, AV_LOG_ERROR, "Invalid channels %d\n", st->codecpar->ch_layout.nb_channels);
2736 return AVERROR_INVALIDDATA;
2737 }
2738 } else if (st->codecpar->codec_type==AVMEDIA_TYPE_SUBTITLE){
2739 mov_parse_stsd_subtitle(c, pb, st, sc,
2740 size - (avio_tell(pb) - start_pos));
2741 } else {
2742 #ifdef OHOS_TIMED_META_TRACK
2743 if (st->codecpar->codec_type != AVMEDIA_TYPE_TIMEDMETA) {
2744 ret = mov_parse_stsd_data(c, pb, st, sc,
2745 size - (avio_tell(pb) - start_pos));
2746 } else {
2747 ret = mov_parse_mebx_data(c, pb, st,
2748 size - (avio_tell(pb) - start_pos));
2749 }
2750 if (ret < 0)
2751 return ret;
2752 #else
2753 ret = mov_parse_stsd_data(c, pb, st, sc,
2754 size - (avio_tell(pb) - start_pos));
2755 if (ret < 0)
2756 return ret;
2757 #endif
2758 }
2759 /* this will read extra atoms at the end (wave, alac, damr, avcC, hvcC, SMI ...) */
2760 a.size = size - (avio_tell(pb) - start_pos);
2761 av_log(c->fc, AV_LOG_INFO, "stsd_entries, a.size:%d\n", a.size);
2762 if (a.size > 8) {
2763 if ((ret = mov_read_default(c, pb, a)) < 0)
2764 return ret;
2765 } else if (a.size > 0)
2766 avio_skip(pb, a.size);
2767
2768 if (sc->extradata && st->codecpar->extradata) {
2769 int extra_size = st->codecpar->extradata_size;
2770
2771 /* Move the current stream extradata to the stream context one. */
2772 sc->extradata_size[pseudo_stream_id] = extra_size;
2773 sc->extradata[pseudo_stream_id] = st->codecpar->extradata;
2774 st->codecpar->extradata = NULL;
2775 st->codecpar->extradata_size = 0;
2776 }
2777 sc->stsd_count++;
2778 }
2779
2780 if (pb->eof_reached) {
2781 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STSD atom\n");
2782 return AVERROR_EOF;
2783 }
2784
2785 return 0;
2786 }
2787
mov_read_stsd(MOVContext * c,AVIOContext * pb,MOVAtom atom)2788 static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2789 {
2790 AVStream *st;
2791 MOVStreamContext *sc;
2792 int ret, entries;
2793
2794 if (c->fc->nb_streams < 1)
2795 return 0;
2796 st = c->fc->streams[c->fc->nb_streams - 1];
2797 sc = st->priv_data;
2798
2799 sc->stsd_version = avio_r8(pb);
2800 avio_rb24(pb); /* flags */
2801 entries = avio_rb32(pb);
2802
2803 /* Each entry contains a size (4 bytes) and format (4 bytes). */
2804 if (entries <= 0 || entries > atom.size / 8 || entries > 1024) {
2805 av_log(c->fc, AV_LOG_ERROR, "invalid STSD entries %d\n", entries);
2806 return AVERROR_INVALIDDATA;
2807 }
2808
2809 if (sc->extradata) {
2810 av_log(c->fc, AV_LOG_ERROR,
2811 "Duplicate stsd found in this track.\n");
2812 return AVERROR_INVALIDDATA;
2813 }
2814
2815 /* Prepare space for hosting multiple extradata. */
2816 sc->extradata = av_calloc(entries, sizeof(*sc->extradata));
2817 if (!sc->extradata)
2818 return AVERROR(ENOMEM);
2819
2820 sc->extradata_size = av_calloc(entries, sizeof(*sc->extradata_size));
2821 if (!sc->extradata_size) {
2822 ret = AVERROR(ENOMEM);
2823 goto fail;
2824 }
2825
2826 ret = ff_mov_read_stsd_entries(c, pb, entries);
2827 if (ret < 0)
2828 goto fail;
2829
2830 /* Restore back the primary extradata. */
2831 av_freep(&st->codecpar->extradata);
2832 st->codecpar->extradata_size = sc->extradata_size[0];
2833 if (sc->extradata_size[0]) {
2834 st->codecpar->extradata = av_mallocz(sc->extradata_size[0] + AV_INPUT_BUFFER_PADDING_SIZE);
2835 if (!st->codecpar->extradata)
2836 return AVERROR(ENOMEM);
2837 memcpy(st->codecpar->extradata, sc->extradata[0], sc->extradata_size[0]);
2838 }
2839
2840 return mov_finalize_stsd_codec(c, pb, st, sc);
2841 fail:
2842 if (sc->extradata) {
2843 int j;
2844 for (j = 0; j < sc->stsd_count; j++)
2845 av_freep(&sc->extradata[j]);
2846 }
2847
2848 av_freep(&sc->extradata);
2849 av_freep(&sc->extradata_size);
2850 return ret;
2851 }
2852
mov_read_stsc(MOVContext * c,AVIOContext * pb,MOVAtom atom)2853 static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2854 {
2855 AVStream *st;
2856 MOVStreamContext *sc;
2857 unsigned int i, entries;
2858
2859 if (c->fc->nb_streams < 1)
2860 return 0;
2861 st = c->fc->streams[c->fc->nb_streams-1];
2862 sc = st->priv_data;
2863
2864 avio_r8(pb); /* version */
2865 avio_rb24(pb); /* flags */
2866
2867 entries = avio_rb32(pb);
2868 if ((uint64_t)entries * 12 + 4 > atom.size)
2869 return AVERROR_INVALIDDATA;
2870
2871 av_log(c->fc, AV_LOG_TRACE, "track[%u].stsc.entries = %u\n", c->fc->nb_streams - 1, entries);
2872
2873 if (!entries)
2874 return 0;
2875 if (sc->stsc_data) {
2876 av_log(c->fc, AV_LOG_WARNING, "Ignoring duplicated STSC atom\n");
2877 return 0;
2878 }
2879 av_free(sc->stsc_data);
2880 sc->stsc_count = 0;
2881 sc->stsc_data = av_malloc_array(entries, sizeof(*sc->stsc_data));
2882 if (!sc->stsc_data)
2883 return AVERROR(ENOMEM);
2884
2885 for (i = 0; i < entries && !pb->eof_reached; i++) {
2886 sc->stsc_data[i].first = avio_rb32(pb);
2887 sc->stsc_data[i].count = avio_rb32(pb);
2888 sc->stsc_data[i].id = avio_rb32(pb);
2889 }
2890
2891 sc->stsc_count = i;
2892 for (i = sc->stsc_count - 1; i < UINT_MAX; i--) {
2893 int64_t first_min = i + 1;
2894 if ((i+1 < sc->stsc_count && sc->stsc_data[i].first >= sc->stsc_data[i+1].first) ||
2895 (i > 0 && sc->stsc_data[i].first <= sc->stsc_data[i-1].first) ||
2896 sc->stsc_data[i].first < first_min ||
2897 sc->stsc_data[i].count < 1 ||
2898 sc->stsc_data[i].id < 1) {
2899 av_log(c->fc, AV_LOG_WARNING, "STSC entry %d is invalid (first=%d count=%d id=%d)\n", i, sc->stsc_data[i].first, sc->stsc_data[i].count, sc->stsc_data[i].id);
2900 if (i+1 >= sc->stsc_count) {
2901 if (sc->stsc_data[i].count == 0 && i > 0) {
2902 sc->stsc_count --;
2903 continue;
2904 }
2905 sc->stsc_data[i].first = FFMAX(sc->stsc_data[i].first, first_min);
2906 if (i > 0 && sc->stsc_data[i].first <= sc->stsc_data[i-1].first)
2907 sc->stsc_data[i].first = FFMIN(sc->stsc_data[i-1].first + 1LL, INT_MAX);
2908 sc->stsc_data[i].count = FFMAX(sc->stsc_data[i].count, 1);
2909 sc->stsc_data[i].id = FFMAX(sc->stsc_data[i].id, 1);
2910 continue;
2911 }
2912 av_assert0(sc->stsc_data[i+1].first >= 2);
2913 // We replace this entry by the next valid
2914 sc->stsc_data[i].first = sc->stsc_data[i+1].first - 1;
2915 sc->stsc_data[i].count = sc->stsc_data[i+1].count;
2916 sc->stsc_data[i].id = sc->stsc_data[i+1].id;
2917 }
2918 }
2919
2920 if (pb->eof_reached) {
2921 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STSC atom\n");
2922 return AVERROR_EOF;
2923 }
2924
2925 return 0;
2926 }
2927
mov_stsc_index_valid(unsigned int index,unsigned int count)2928 static inline int mov_stsc_index_valid(unsigned int index, unsigned int count)
2929 {
2930 return index < count - 1;
2931 }
2932
2933 /* Compute the samples value for the stsc entry at the given index. */
mov_get_stsc_samples(MOVStreamContext * sc,unsigned int index)2934 static inline int64_t mov_get_stsc_samples(MOVStreamContext *sc, unsigned int index)
2935 {
2936 int chunk_count;
2937
2938 if (mov_stsc_index_valid(index, sc->stsc_count))
2939 chunk_count = sc->stsc_data[index + 1].first - sc->stsc_data[index].first;
2940 else {
2941 // Validation for stsc / stco happens earlier in mov_read_stsc + mov_read_trak.
2942 av_assert0(sc->stsc_data[index].first <= sc->chunk_count);
2943 chunk_count = sc->chunk_count - (sc->stsc_data[index].first - 1);
2944 }
2945
2946 return sc->stsc_data[index].count * (int64_t)chunk_count;
2947 }
2948
mov_read_stps(MOVContext * c,AVIOContext * pb,MOVAtom atom)2949 static int mov_read_stps(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2950 {
2951 AVStream *st;
2952 MOVStreamContext *sc;
2953 unsigned i, entries;
2954
2955 if (c->fc->nb_streams < 1)
2956 return 0;
2957 st = c->fc->streams[c->fc->nb_streams-1];
2958 sc = st->priv_data;
2959
2960 avio_rb32(pb); // version + flags
2961
2962 entries = avio_rb32(pb);
2963 if (sc->stps_data)
2964 av_log(c->fc, AV_LOG_WARNING, "Duplicated STPS atom\n");
2965 av_free(sc->stps_data);
2966 sc->stps_count = 0;
2967 sc->stps_data = av_malloc_array(entries, sizeof(*sc->stps_data));
2968 if (!sc->stps_data)
2969 return AVERROR(ENOMEM);
2970
2971 for (i = 0; i < entries && !pb->eof_reached; i++) {
2972 sc->stps_data[i] = avio_rb32(pb);
2973 }
2974
2975 sc->stps_count = i;
2976
2977 if (pb->eof_reached) {
2978 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STPS atom\n");
2979 return AVERROR_EOF;
2980 }
2981
2982 return 0;
2983 }
2984
mov_read_stss(MOVContext * c,AVIOContext * pb,MOVAtom atom)2985 static int mov_read_stss(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2986 {
2987 AVStream *st;
2988 FFStream *sti;
2989 MOVStreamContext *sc;
2990 unsigned int i, entries;
2991
2992 if (c->fc->nb_streams < 1)
2993 return 0;
2994 st = c->fc->streams[c->fc->nb_streams-1];
2995 sti = ffstream(st);
2996 sc = st->priv_data;
2997
2998 avio_r8(pb); /* version */
2999 avio_rb24(pb); /* flags */
3000
3001 entries = avio_rb32(pb);
3002
3003 av_log(c->fc, AV_LOG_TRACE, "keyframe_count = %u\n", entries);
3004
3005 if (!entries) {
3006 sc->keyframe_absent = 1;
3007 if (!sti->need_parsing && st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO)
3008 sti->need_parsing = AVSTREAM_PARSE_HEADERS;
3009 return 0;
3010 }
3011 if (sc->keyframes)
3012 av_log(c->fc, AV_LOG_WARNING, "Duplicated STSS atom\n");
3013 if (entries >= UINT_MAX / sizeof(int))
3014 return AVERROR_INVALIDDATA;
3015 av_freep(&sc->keyframes);
3016 sc->keyframe_count = 0;
3017 sc->keyframes = av_malloc_array(entries, sizeof(*sc->keyframes));
3018 if (!sc->keyframes)
3019 return AVERROR(ENOMEM);
3020
3021 for (i = 0; i < entries && !pb->eof_reached; i++) {
3022 sc->keyframes[i] = avio_rb32(pb);
3023 }
3024
3025 sc->keyframe_count = i;
3026
3027 if (pb->eof_reached) {
3028 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STSS atom\n");
3029 return AVERROR_EOF;
3030 }
3031
3032 return 0;
3033 }
3034
mov_read_stsz(MOVContext * c,AVIOContext * pb,MOVAtom atom)3035 static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3036 {
3037 AVStream *st;
3038 MOVStreamContext *sc;
3039 unsigned int i, entries, sample_size, field_size, num_bytes;
3040 GetBitContext gb;
3041 unsigned char* buf;
3042 int ret;
3043
3044 if (c->fc->nb_streams < 1)
3045 return 0;
3046 st = c->fc->streams[c->fc->nb_streams-1];
3047 sc = st->priv_data;
3048
3049 avio_r8(pb); /* version */
3050 avio_rb24(pb); /* flags */
3051
3052 if (atom.type == MKTAG('s','t','s','z')) {
3053 sample_size = avio_rb32(pb);
3054 if (!sc->sample_size) /* do not overwrite value computed in stsd */
3055 sc->sample_size = sample_size;
3056 sc->stsz_sample_size = sample_size;
3057 field_size = 32;
3058 } else {
3059 sample_size = 0;
3060 avio_rb24(pb); /* reserved */
3061 field_size = avio_r8(pb);
3062 }
3063 entries = avio_rb32(pb);
3064
3065 av_log(c->fc, AV_LOG_TRACE, "sample_size = %u sample_count = %u\n", sc->sample_size, entries);
3066
3067 sc->sample_count = entries;
3068 if (sample_size)
3069 return 0;
3070
3071 if (field_size != 4 && field_size != 8 && field_size != 16 && field_size != 32) {
3072 av_log(c->fc, AV_LOG_ERROR, "Invalid sample field size %u\n", field_size);
3073 return AVERROR_INVALIDDATA;
3074 }
3075
3076 if (!entries)
3077 return 0;
3078 if (entries >= (INT_MAX - 4 - 8 * AV_INPUT_BUFFER_PADDING_SIZE) / field_size)
3079 return AVERROR_INVALIDDATA;
3080 if (sc->sample_sizes)
3081 av_log(c->fc, AV_LOG_WARNING, "Duplicated STSZ atom\n");
3082 av_free(sc->sample_sizes);
3083 sc->sample_count = 0;
3084 sc->sample_sizes = av_malloc_array(entries, sizeof(*sc->sample_sizes));
3085 if (!sc->sample_sizes)
3086 return AVERROR(ENOMEM);
3087
3088 num_bytes = (entries*field_size+4)>>3;
3089
3090 buf = av_malloc(num_bytes+AV_INPUT_BUFFER_PADDING_SIZE);
3091 if (!buf) {
3092 av_freep(&sc->sample_sizes);
3093 return AVERROR(ENOMEM);
3094 }
3095
3096 ret = ffio_read_size(pb, buf, num_bytes);
3097 if (ret < 0) {
3098 av_freep(&sc->sample_sizes);
3099 av_free(buf);
3100 av_log(c->fc, AV_LOG_WARNING, "STSZ atom truncated\n");
3101 return 0;
3102 }
3103
3104 init_get_bits(&gb, buf, 8*num_bytes);
3105
3106 for (i = 0; i < entries; i++) {
3107 sc->sample_sizes[i] = get_bits_long(&gb, field_size);
3108 if (sc->sample_sizes[i] < 0) {
3109 av_free(buf);
3110 av_log(c->fc, AV_LOG_ERROR, "Invalid sample size %d\n", sc->sample_sizes[i]);
3111 return AVERROR_INVALIDDATA;
3112 }
3113 sc->data_size += sc->sample_sizes[i];
3114 }
3115
3116 sc->sample_count = i;
3117
3118 av_free(buf);
3119
3120 return 0;
3121 }
3122
mov_read_stts(MOVContext * c,AVIOContext * pb,MOVAtom atom)3123 static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3124 {
3125 AVStream *st;
3126 MOVStreamContext *sc;
3127 unsigned int i, entries, alloc_size = 0;
3128 int64_t duration = 0;
3129 int64_t total_sample_count = 0;
3130 int64_t current_dts = 0;
3131 int64_t corrected_dts = 0;
3132
3133 if (c->fc->nb_streams < 1)
3134 return 0;
3135 st = c->fc->streams[c->fc->nb_streams-1];
3136 sc = st->priv_data;
3137
3138 avio_r8(pb); /* version */
3139 avio_rb24(pb); /* flags */
3140 entries = avio_rb32(pb);
3141
3142 av_log(c->fc, AV_LOG_TRACE, "track[%u].stts.entries = %u\n",
3143 c->fc->nb_streams-1, entries);
3144
3145 if (sc->stts_data)
3146 av_log(c->fc, AV_LOG_WARNING, "Duplicated STTS atom\n");
3147 av_freep(&sc->stts_data);
3148 sc->stts_count = 0;
3149 if (entries >= INT_MAX / sizeof(*sc->stts_data))
3150 return AVERROR(ENOMEM);
3151
3152 for (i = 0; i < entries && !pb->eof_reached; i++) {
3153 unsigned int sample_duration;
3154 unsigned int sample_count;
3155 unsigned int min_entries = FFMIN(FFMAX(i + 1, 1024 * 1024), entries);
3156 MOVStts *stts_data = av_fast_realloc(sc->stts_data, &alloc_size,
3157 min_entries * sizeof(*sc->stts_data));
3158 if (!stts_data) {
3159 av_freep(&sc->stts_data);
3160 sc->stts_count = 0;
3161 return AVERROR(ENOMEM);
3162 }
3163 sc->stts_count = min_entries;
3164 sc->stts_data = stts_data;
3165
3166 sample_count = avio_rb32(pb);
3167 sample_duration = avio_rb32(pb);
3168
3169 sc->stts_data[i].count= sample_count;
3170 sc->stts_data[i].duration= sample_duration;
3171
3172 av_log(c->fc, AV_LOG_TRACE, "sample_count=%u, sample_duration=%u\n",
3173 sample_count, sample_duration);
3174
3175 /* STTS sample offsets are uint32 but some files store it as int32
3176 * with negative values used to correct DTS delays.
3177 There may be abnormally large values as well. */
3178 if (sample_duration > c->max_stts_delta) {
3179 // assume high delta is a correction if negative when cast as int32
3180 int32_t delta_magnitude = (int32_t)sample_duration;
3181 av_log(c->fc, AV_LOG_WARNING, "Too large sample offset %u in stts entry %u with count %u in st:%d. Clipping to 1.\n",
3182 sample_duration, i, sample_count, st->index);
3183 sc->stts_data[i].duration = 1;
3184 corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude : 1) * sample_count;
3185 } else {
3186 corrected_dts += sample_duration * (int64_t)sample_count;
3187 }
3188
3189 current_dts += sc->stts_data[i].duration * (int64_t)sample_count;
3190
3191 if (current_dts > corrected_dts) {
3192 int64_t drift = (current_dts - corrected_dts)/FFMAX(sample_count, 1);
3193 uint32_t correction = (sc->stts_data[i].duration > drift) ? drift : sc->stts_data[i].duration - 1;
3194 current_dts -= correction * (uint64_t)sample_count;
3195 sc->stts_data[i].duration -= correction;
3196 }
3197
3198 duration+=(int64_t)sc->stts_data[i].duration*(uint64_t)sc->stts_data[i].count;
3199 total_sample_count+=sc->stts_data[i].count;
3200 }
3201
3202 sc->stts_count = i;
3203
3204 #ifdef OHOS_EXPAND_MP4_INFO
3205 if (sc->stts_count > 0) {
3206 st->stts_count = sc->stts_count;
3207 st->stts_data = malloc(st->stts_count * sizeof(AVMOVStts));
3208 if (st->stts_data != NULL) {
3209 memcpy(st->stts_data, sc->stts_data, st->stts_count * sizeof(AVMOVStts));
3210 } else {
3211 av_log(c->fc, AV_LOG_WARNING, "st->stts_data malloc failed\n");
3212 st->stts_count = 0;
3213 }
3214 }
3215 #endif
3216
3217 if (duration > 0 &&
3218 duration <= INT64_MAX - sc->duration_for_fps &&
3219 total_sample_count <= INT_MAX - sc->nb_frames_for_fps) {
3220 sc->duration_for_fps += duration;
3221 sc->nb_frames_for_fps += total_sample_count;
3222 }
3223
3224 if (pb->eof_reached) {
3225 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STTS atom\n");
3226 return AVERROR_EOF;
3227 }
3228
3229 st->nb_frames= total_sample_count;
3230 if (duration)
3231 st->duration= FFMIN(st->duration, duration);
3232 sc->track_end = duration;
3233 return 0;
3234 }
3235
mov_read_sdtp(MOVContext * c,AVIOContext * pb,MOVAtom atom)3236 static int mov_read_sdtp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3237 {
3238 AVStream *st;
3239 MOVStreamContext *sc;
3240 int64_t i, entries;
3241
3242 if (c->fc->nb_streams < 1)
3243 return 0;
3244 st = c->fc->streams[c->fc->nb_streams - 1];
3245 sc = st->priv_data;
3246
3247 avio_r8(pb); /* version */
3248 avio_rb24(pb); /* flags */
3249 entries = atom.size - 4;
3250
3251 av_log(c->fc, AV_LOG_TRACE, "track[%u].sdtp.entries = %" PRId64 "\n",
3252 c->fc->nb_streams - 1, entries);
3253
3254 if (sc->sdtp_data)
3255 av_log(c->fc, AV_LOG_WARNING, "Duplicated SDTP atom\n");
3256 av_freep(&sc->sdtp_data);
3257 sc->sdtp_count = 0;
3258
3259 sc->sdtp_data = av_malloc(entries);
3260 if (!sc->sdtp_data)
3261 return AVERROR(ENOMEM);
3262
3263 for (i = 0; i < entries && !pb->eof_reached; i++)
3264 sc->sdtp_data[i] = avio_r8(pb);
3265 sc->sdtp_count = i;
3266
3267 return 0;
3268 }
3269
mov_update_dts_shift(MOVStreamContext * sc,int duration,void * logctx)3270 static void mov_update_dts_shift(MOVStreamContext *sc, int duration, void *logctx)
3271 {
3272 if (duration < 0) {
3273 if (duration == INT_MIN) {
3274 av_log(logctx, AV_LOG_WARNING, "mov_update_dts_shift(): dts_shift set to %d\n", INT_MAX);
3275 duration++;
3276 }
3277 sc->dts_shift = FFMAX(sc->dts_shift, -duration);
3278 }
3279 }
3280
mov_read_ctts(MOVContext * c,AVIOContext * pb,MOVAtom atom)3281 static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3282 {
3283 AVStream *st;
3284 MOVStreamContext *sc;
3285 unsigned int i, entries, ctts_count = 0;
3286
3287 if (c->fc->nb_streams < 1)
3288 return 0;
3289 st = c->fc->streams[c->fc->nb_streams-1];
3290 sc = st->priv_data;
3291
3292 avio_r8(pb); /* version */
3293 avio_rb24(pb); /* flags */
3294 entries = avio_rb32(pb);
3295
3296 av_log(c->fc, AV_LOG_TRACE, "track[%u].ctts.entries = %u\n", c->fc->nb_streams - 1, entries);
3297
3298 if (!entries)
3299 return 0;
3300 if (entries >= UINT_MAX / sizeof(*sc->ctts_data))
3301 return AVERROR_INVALIDDATA;
3302 av_freep(&sc->ctts_data);
3303 sc->ctts_data = av_fast_realloc(NULL, &sc->ctts_allocated_size, entries * sizeof(*sc->ctts_data));
3304 if (!sc->ctts_data)
3305 return AVERROR(ENOMEM);
3306
3307 for (i = 0; i < entries && !pb->eof_reached; i++) {
3308 int count = avio_rb32(pb);
3309 int duration = avio_rb32(pb);
3310
3311 if (count <= 0) {
3312 av_log(c->fc, AV_LOG_TRACE,
3313 "ignoring CTTS entry with count=%d duration=%d\n",
3314 count, duration);
3315 continue;
3316 }
3317
3318 add_ctts_entry(&sc->ctts_data, &ctts_count, &sc->ctts_allocated_size,
3319 count, duration);
3320
3321 av_log(c->fc, AV_LOG_TRACE, "count=%d, duration=%d\n",
3322 count, duration);
3323
3324 if (FFNABS(duration) < -(1<<28) && i+2<entries) {
3325 av_log(c->fc, AV_LOG_WARNING, "CTTS invalid\n");
3326 av_freep(&sc->ctts_data);
3327 sc->ctts_count = 0;
3328 return 0;
3329 }
3330
3331 if (i+2<entries)
3332 mov_update_dts_shift(sc, duration, c->fc);
3333 }
3334
3335 sc->ctts_count = ctts_count;
3336
3337 #ifdef OHOS_EXPAND_MP4_INFO
3338 if (sc->ctts_count > 0) {
3339 st->ctts_count = sc->ctts_count;
3340 st->ctts_data = malloc(st->ctts_count * sizeof(AVMOVCtts));
3341 if (st->ctts_data != NULL) {
3342 memcpy(st->ctts_data, sc->ctts_data, st->ctts_count * sizeof(AVMOVCtts));
3343 } else {
3344 av_log(c->fc, AV_LOG_WARNING, "st->ctts_data malloc failed\n");
3345 st->ctts_count = 0;
3346 }
3347 }
3348 #endif
3349
3350 if (pb->eof_reached) {
3351 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted CTTS atom\n");
3352 return AVERROR_EOF;
3353 }
3354
3355 av_log(c->fc, AV_LOG_TRACE, "dts shift %d\n", sc->dts_shift);
3356
3357 return 0;
3358 }
3359
mov_read_sgpd(MOVContext * c,AVIOContext * pb,MOVAtom atom)3360 static int mov_read_sgpd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3361 {
3362 AVStream *st;
3363 MOVStreamContext *sc;
3364 uint8_t version;
3365 uint32_t grouping_type;
3366 uint32_t default_length;
3367 av_unused uint32_t default_group_description_index;
3368 uint32_t entry_count;
3369
3370 if (c->fc->nb_streams < 1)
3371 return 0;
3372 st = c->fc->streams[c->fc->nb_streams - 1];
3373 sc = st->priv_data;
3374
3375 version = avio_r8(pb); /* version */
3376 avio_rb24(pb); /* flags */
3377 grouping_type = avio_rl32(pb);
3378
3379 /*
3380 * This function only supports "sync" boxes, but the code is able to parse
3381 * other boxes (such as "tscl", "tsas" and "stsa")
3382 */
3383 if (grouping_type != MKTAG('s','y','n','c'))
3384 return 0;
3385
3386 default_length = version >= 1 ? avio_rb32(pb) : 0;
3387 default_group_description_index = version >= 2 ? avio_rb32(pb) : 0;
3388 entry_count = avio_rb32(pb);
3389
3390 av_freep(&sc->sgpd_sync);
3391 sc->sgpd_sync_count = entry_count;
3392 sc->sgpd_sync = av_calloc(entry_count, sizeof(*sc->sgpd_sync));
3393 if (!sc->sgpd_sync)
3394 return AVERROR(ENOMEM);
3395
3396 for (uint32_t i = 0; i < entry_count && !pb->eof_reached; i++) {
3397 uint32_t description_length = default_length;
3398 if (version >= 1 && default_length == 0)
3399 description_length = avio_rb32(pb);
3400 if (grouping_type == MKTAG('s','y','n','c')) {
3401 const uint8_t nal_unit_type = avio_r8(pb) & 0x3f;
3402 sc->sgpd_sync[i] = nal_unit_type;
3403 description_length -= 1;
3404 }
3405 avio_skip(pb, description_length);
3406 }
3407
3408 if (pb->eof_reached) {
3409 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted SGPD atom\n");
3410 return AVERROR_EOF;
3411 }
3412
3413 return 0;
3414 }
3415
mov_read_sbgp(MOVContext * c,AVIOContext * pb,MOVAtom atom)3416 static int mov_read_sbgp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3417 {
3418 AVStream *st;
3419 MOVStreamContext *sc;
3420 unsigned int i, entries;
3421 uint8_t version;
3422 uint32_t grouping_type;
3423 MOVSbgp *table, **tablep;
3424 int *table_count;
3425
3426 if (c->fc->nb_streams < 1)
3427 return 0;
3428 st = c->fc->streams[c->fc->nb_streams-1];
3429 sc = st->priv_data;
3430
3431 version = avio_r8(pb); /* version */
3432 avio_rb24(pb); /* flags */
3433 grouping_type = avio_rl32(pb);
3434
3435 if (grouping_type == MKTAG('r','a','p',' ')) {
3436 tablep = &sc->rap_group;
3437 table_count = &sc->rap_group_count;
3438 } else if (grouping_type == MKTAG('s','y','n','c')) {
3439 tablep = &sc->sync_group;
3440 table_count = &sc->sync_group_count;
3441 } else {
3442 return 0;
3443 }
3444
3445 if (version == 1)
3446 avio_rb32(pb); /* grouping_type_parameter */
3447
3448 entries = avio_rb32(pb);
3449 if (!entries)
3450 return 0;
3451 if (*tablep)
3452 av_log(c->fc, AV_LOG_WARNING, "Duplicated SBGP %s atom\n", av_fourcc2str(grouping_type));
3453 av_freep(tablep);
3454 table = av_malloc_array(entries, sizeof(*table));
3455 if (!table)
3456 return AVERROR(ENOMEM);
3457 *tablep = table;
3458
3459 for (i = 0; i < entries && !pb->eof_reached; i++) {
3460 table[i].count = avio_rb32(pb); /* sample_count */
3461 table[i].index = avio_rb32(pb); /* group_description_index */
3462 }
3463
3464 *table_count = i;
3465
3466 if (pb->eof_reached) {
3467 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted SBGP atom\n");
3468 return AVERROR_EOF;
3469 }
3470
3471 return 0;
3472 }
3473
3474 /**
3475 * Get ith edit list entry (media time, duration).
3476 */
get_edit_list_entry(MOVContext * mov,const MOVStreamContext * msc,unsigned int edit_list_index,int64_t * edit_list_media_time,int64_t * edit_list_duration,int64_t global_timescale)3477 static int get_edit_list_entry(MOVContext *mov,
3478 const MOVStreamContext *msc,
3479 unsigned int edit_list_index,
3480 int64_t *edit_list_media_time,
3481 int64_t *edit_list_duration,
3482 int64_t global_timescale)
3483 {
3484 if (edit_list_index == msc->elst_count) {
3485 return 0;
3486 }
3487 *edit_list_media_time = msc->elst_data[edit_list_index].time;
3488 *edit_list_duration = msc->elst_data[edit_list_index].duration;
3489
3490 /* duration is in global timescale units;convert to msc timescale */
3491 if (global_timescale == 0) {
3492 avpriv_request_sample(mov->fc, "Support for mvhd.timescale = 0 with editlists");
3493 return 0;
3494 }
3495 *edit_list_duration = av_rescale(*edit_list_duration, msc->time_scale,
3496 global_timescale);
3497
3498 if (*edit_list_duration + (uint64_t)*edit_list_media_time > INT64_MAX)
3499 *edit_list_duration = 0;
3500
3501 return 1;
3502 }
3503
3504 /**
3505 * Find the closest previous frame to the timestamp_pts, in e_old index
3506 * entries. Searching for just any frame / just key frames can be controlled by
3507 * last argument 'flag'.
3508 * Note that if ctts_data is not NULL, we will always search for a key frame
3509 * irrespective of the value of 'flag'. If we don't find any keyframe, we will
3510 * return the first frame of the video.
3511 *
3512 * Here the timestamp_pts is considered to be a presentation timestamp and
3513 * the timestamp of index entries are considered to be decoding timestamps.
3514 *
3515 * Returns 0 if successful in finding a frame, else returns -1.
3516 * Places the found index corresponding output arg.
3517 *
3518 * If ctts_old is not NULL, then refines the searched entry by searching
3519 * backwards from the found timestamp, to find the frame with correct PTS.
3520 *
3521 * Places the found ctts_index and ctts_sample in corresponding output args.
3522 */
find_prev_closest_index(AVStream * st,AVIndexEntry * e_old,int nb_old,MOVCtts * ctts_data,int64_t ctts_count,int64_t timestamp_pts,int flag,int64_t * index,int64_t * ctts_index,int64_t * ctts_sample)3523 static int find_prev_closest_index(AVStream *st,
3524 AVIndexEntry *e_old,
3525 int nb_old,
3526 MOVCtts* ctts_data,
3527 int64_t ctts_count,
3528 int64_t timestamp_pts,
3529 int flag,
3530 int64_t* index,
3531 int64_t* ctts_index,
3532 int64_t* ctts_sample)
3533 {
3534 MOVStreamContext *msc = st->priv_data;
3535 FFStream *const sti = ffstream(st);
3536 AVIndexEntry *e_keep = sti->index_entries;
3537 int nb_keep = sti->nb_index_entries;
3538 int64_t i = 0;
3539 int64_t index_ctts_count;
3540
3541 av_assert0(index);
3542
3543 // If dts_shift > 0, then all the index timestamps will have to be offset by
3544 // at least dts_shift amount to obtain PTS.
3545 // Hence we decrement the searched timestamp_pts by dts_shift to find the closest index element.
3546 if (msc->dts_shift > 0) {
3547 timestamp_pts -= msc->dts_shift;
3548 }
3549
3550 sti->index_entries = e_old;
3551 sti->nb_index_entries = nb_old;
3552 *index = av_index_search_timestamp(st, timestamp_pts, flag | AVSEEK_FLAG_BACKWARD);
3553
3554 // Keep going backwards in the index entries until the timestamp is the same.
3555 if (*index >= 0) {
3556 for (i = *index; i > 0 && e_old[i].timestamp == e_old[i - 1].timestamp;
3557 i--) {
3558 if ((flag & AVSEEK_FLAG_ANY) ||
3559 (e_old[i - 1].flags & AVINDEX_KEYFRAME)) {
3560 *index = i - 1;
3561 }
3562 }
3563 }
3564
3565 // If we have CTTS then refine the search, by searching backwards over PTS
3566 // computed by adding corresponding CTTS durations to index timestamps.
3567 if (ctts_data && *index >= 0) {
3568 av_assert0(ctts_index);
3569 av_assert0(ctts_sample);
3570 // Find out the ctts_index for the found frame.
3571 *ctts_index = 0;
3572 *ctts_sample = 0;
3573 for (index_ctts_count = 0; index_ctts_count < *index; index_ctts_count++) {
3574 if (*ctts_index < ctts_count) {
3575 (*ctts_sample)++;
3576 if (ctts_data[*ctts_index].count == *ctts_sample) {
3577 (*ctts_index)++;
3578 *ctts_sample = 0;
3579 }
3580 }
3581 }
3582
3583 while (*index >= 0 && (*ctts_index) >= 0 && (*ctts_index) < ctts_count) {
3584 // Find a "key frame" with PTS <= timestamp_pts (So that we can decode B-frames correctly).
3585 // No need to add dts_shift to the timestamp here becase timestamp_pts has already been
3586 // compensated by dts_shift above.
3587 if ((e_old[*index].timestamp + ctts_data[*ctts_index].duration) <= timestamp_pts &&
3588 (e_old[*index].flags & AVINDEX_KEYFRAME)) {
3589 break;
3590 }
3591
3592 (*index)--;
3593 if (*ctts_sample == 0) {
3594 (*ctts_index)--;
3595 if (*ctts_index >= 0)
3596 *ctts_sample = ctts_data[*ctts_index].count - 1;
3597 } else {
3598 (*ctts_sample)--;
3599 }
3600 }
3601 }
3602
3603 /* restore AVStream state*/
3604 sti->index_entries = e_keep;
3605 sti->nb_index_entries = nb_keep;
3606 return *index >= 0 ? 0 : -1;
3607 }
3608
3609 /**
3610 * Add index entry with the given values, to the end of ffstream(st)->index_entries.
3611 * Returns the new size ffstream(st)->index_entries if successful, else returns -1.
3612 *
3613 * This function is similar to ff_add_index_entry in libavformat/utils.c
3614 * except that here we are always unconditionally adding an index entry to
3615 * the end, instead of searching the entries list and skipping the add if
3616 * there is an existing entry with the same timestamp.
3617 * This is needed because the mov_fix_index calls this func with the same
3618 * unincremented timestamp for successive discarded frames.
3619 */
add_index_entry(AVStream * st,int64_t pos,int64_t timestamp,int size,int distance,int flags)3620 static int64_t add_index_entry(AVStream *st, int64_t pos, int64_t timestamp,
3621 int size, int distance, int flags)
3622 {
3623 FFStream *const sti = ffstream(st);
3624 AVIndexEntry *entries, *ie;
3625 int64_t index = -1;
3626 const size_t min_size_needed = (sti->nb_index_entries + 1) * sizeof(AVIndexEntry);
3627
3628 // Double the allocation each time, to lower memory fragmentation.
3629 // Another difference from ff_add_index_entry function.
3630 const size_t requested_size =
3631 min_size_needed > sti->index_entries_allocated_size ?
3632 FFMAX(min_size_needed, 2 * sti->index_entries_allocated_size) :
3633 min_size_needed;
3634
3635 if (sti->nb_index_entries + 1U >= UINT_MAX / sizeof(AVIndexEntry))
3636 return -1;
3637
3638 entries = av_fast_realloc(sti->index_entries,
3639 &sti->index_entries_allocated_size,
3640 requested_size);
3641 if (!entries)
3642 return -1;
3643
3644 sti->index_entries = entries;
3645
3646 index = sti->nb_index_entries++;
3647 ie= &entries[index];
3648
3649 ie->pos = pos;
3650 ie->timestamp = timestamp;
3651 ie->min_distance= distance;
3652 ie->size= size;
3653 ie->flags = flags;
3654 return index;
3655 }
3656
3657 /**
3658 * Rewrite timestamps of index entries in the range [end_index - frame_duration_buffer_size, end_index)
3659 * by subtracting end_ts successively by the amounts given in frame_duration_buffer.
3660 */
fix_index_entry_timestamps(AVStream * st,int end_index,int64_t end_ts,int64_t * frame_duration_buffer,int frame_duration_buffer_size)3661 static void fix_index_entry_timestamps(AVStream* st, int end_index, int64_t end_ts,
3662 int64_t* frame_duration_buffer,
3663 int frame_duration_buffer_size) {
3664 FFStream *const sti = ffstream(st);
3665 int i = 0;
3666 av_assert0(end_index >= 0 && end_index <= sti->nb_index_entries);
3667 for (i = 0; i < frame_duration_buffer_size; i++) {
3668 end_ts -= frame_duration_buffer[frame_duration_buffer_size - 1 - i];
3669 sti->index_entries[end_index - 1 - i].timestamp = end_ts;
3670 }
3671 }
3672
3673 /**
3674 * Append a new ctts entry to ctts_data.
3675 * Returns the new ctts_count if successful, else returns -1.
3676 */
add_ctts_entry(MOVCtts ** ctts_data,unsigned int * ctts_count,unsigned int * allocated_size,int count,int duration)3677 static int64_t add_ctts_entry(MOVCtts** ctts_data, unsigned int* ctts_count, unsigned int* allocated_size,
3678 int count, int duration)
3679 {
3680 MOVCtts *ctts_buf_new;
3681 const size_t min_size_needed = (*ctts_count + 1) * sizeof(MOVCtts);
3682 const size_t requested_size =
3683 min_size_needed > *allocated_size ?
3684 FFMAX(min_size_needed, 2 * (*allocated_size)) :
3685 min_size_needed;
3686
3687 if ((unsigned)(*ctts_count) >= UINT_MAX / sizeof(MOVCtts) - 1)
3688 return -1;
3689
3690 ctts_buf_new = av_fast_realloc(*ctts_data, allocated_size, requested_size);
3691
3692 if (!ctts_buf_new)
3693 return -1;
3694
3695 *ctts_data = ctts_buf_new;
3696
3697 ctts_buf_new[*ctts_count].count = count;
3698 ctts_buf_new[*ctts_count].duration = duration;
3699
3700 *ctts_count = (*ctts_count) + 1;
3701 return *ctts_count;
3702 }
3703
3704 #define MAX_REORDER_DELAY 16
mov_estimate_video_delay(MOVContext * c,AVStream * st)3705 static void mov_estimate_video_delay(MOVContext *c, AVStream* st)
3706 {
3707 MOVStreamContext *msc = st->priv_data;
3708 FFStream *const sti = ffstream(st);
3709 int ctts_ind = 0;
3710 int ctts_sample = 0;
3711 int64_t pts_buf[MAX_REORDER_DELAY + 1]; // Circular buffer to sort pts.
3712 int buf_start = 0;
3713 int j, r, num_swaps;
3714
3715 for (j = 0; j < MAX_REORDER_DELAY + 1; j++)
3716 pts_buf[j] = INT64_MIN;
3717
3718 if (st->codecpar->video_delay <= 0 && msc->ctts_data &&
3719 st->codecpar->codec_id == AV_CODEC_ID_H264) {
3720 st->codecpar->video_delay = 0;
3721 for (int ind = 0; ind < sti->nb_index_entries && ctts_ind < msc->ctts_count; ++ind) {
3722 // Point j to the last elem of the buffer and insert the current pts there.
3723 j = buf_start;
3724 buf_start = (buf_start + 1);
3725 if (buf_start == MAX_REORDER_DELAY + 1)
3726 buf_start = 0;
3727
3728 pts_buf[j] = sti->index_entries[ind].timestamp + msc->ctts_data[ctts_ind].duration;
3729
3730 // The timestamps that are already in the sorted buffer, and are greater than the
3731 // current pts, are exactly the timestamps that need to be buffered to output PTS
3732 // in correct sorted order.
3733 // Hence the video delay (which is the buffer size used to sort DTS and output PTS),
3734 // can be computed as the maximum no. of swaps any particular timestamp needs to
3735 // go through, to keep this buffer in sorted order.
3736 num_swaps = 0;
3737 while (j != buf_start) {
3738 r = j - 1;
3739 if (r < 0) r = MAX_REORDER_DELAY;
3740 if (pts_buf[j] < pts_buf[r]) {
3741 FFSWAP(int64_t, pts_buf[j], pts_buf[r]);
3742 ++num_swaps;
3743 } else {
3744 break;
3745 }
3746 j = r;
3747 }
3748 st->codecpar->video_delay = FFMAX(st->codecpar->video_delay, num_swaps);
3749
3750 ctts_sample++;
3751 if (ctts_sample == msc->ctts_data[ctts_ind].count) {
3752 ctts_ind++;
3753 ctts_sample = 0;
3754 }
3755 }
3756 av_log(c->fc, AV_LOG_DEBUG, "Setting codecpar->delay to %d for stream st: %d\n",
3757 st->codecpar->video_delay, st->index);
3758 }
3759 }
3760
mov_current_sample_inc(MOVStreamContext * sc)3761 static void mov_current_sample_inc(MOVStreamContext *sc)
3762 {
3763 sc->current_sample++;
3764 sc->current_index++;
3765 if (sc->index_ranges &&
3766 sc->current_index >= sc->current_index_range->end &&
3767 sc->current_index_range->end) {
3768 sc->current_index_range++;
3769 sc->current_index = sc->current_index_range->start;
3770 }
3771 }
3772
mov_current_sample_dec(MOVStreamContext * sc)3773 static void mov_current_sample_dec(MOVStreamContext *sc)
3774 {
3775 sc->current_sample--;
3776 sc->current_index--;
3777 if (sc->index_ranges &&
3778 sc->current_index < sc->current_index_range->start &&
3779 sc->current_index_range > sc->index_ranges) {
3780 sc->current_index_range--;
3781 sc->current_index = sc->current_index_range->end - 1;
3782 }
3783 }
3784
mov_current_sample_set(MOVStreamContext * sc,int current_sample)3785 static void mov_current_sample_set(MOVStreamContext *sc, int current_sample)
3786 {
3787 int64_t range_size;
3788
3789 sc->current_sample = current_sample;
3790 sc->current_index = current_sample;
3791 if (!sc->index_ranges) {
3792 return;
3793 }
3794
3795 for (sc->current_index_range = sc->index_ranges;
3796 sc->current_index_range->end;
3797 sc->current_index_range++) {
3798 range_size = sc->current_index_range->end - sc->current_index_range->start;
3799 if (range_size > current_sample) {
3800 sc->current_index = sc->current_index_range->start + current_sample;
3801 break;
3802 }
3803 current_sample -= range_size;
3804 }
3805 }
3806
3807 /**
3808 * Fix ffstream(st)->index_entries, so that it contains only the entries (and the entries
3809 * which are needed to decode them) that fall in the edit list time ranges.
3810 * Also fixes the timestamps of the index entries to match the timeline
3811 * specified the edit lists.
3812 */
mov_fix_index(MOVContext * mov,AVStream * st)3813 static void mov_fix_index(MOVContext *mov, AVStream *st)
3814 {
3815 MOVStreamContext *msc = st->priv_data;
3816 FFStream *const sti = ffstream(st);
3817 AVIndexEntry *e_old = sti->index_entries;
3818 int nb_old = sti->nb_index_entries;
3819 const AVIndexEntry *e_old_end = e_old + nb_old;
3820 const AVIndexEntry *current = NULL;
3821 MOVCtts *ctts_data_old = msc->ctts_data;
3822 int64_t ctts_index_old = 0;
3823 int64_t ctts_sample_old = 0;
3824 int64_t ctts_count_old = msc->ctts_count;
3825 int64_t edit_list_media_time = 0;
3826 int64_t edit_list_duration = 0;
3827 int64_t frame_duration = 0;
3828 int64_t edit_list_dts_counter = 0;
3829 int64_t edit_list_dts_entry_end = 0;
3830 int64_t edit_list_start_ctts_sample = 0;
3831 int64_t curr_cts;
3832 int64_t curr_ctts = 0;
3833 int64_t empty_edits_sum_duration = 0;
3834 int64_t edit_list_index = 0;
3835 int64_t index;
3836 int flags;
3837 int64_t start_dts = 0;
3838 int64_t edit_list_start_encountered = 0;
3839 int64_t search_timestamp = 0;
3840 int64_t* frame_duration_buffer = NULL;
3841 int num_discarded_begin = 0;
3842 int first_non_zero_audio_edit = -1;
3843 int packet_skip_samples = 0;
3844 MOVIndexRange *current_index_range;
3845 int found_keyframe_after_edit = 0;
3846 int found_non_empty_edit = 0;
3847
3848 if (!msc->elst_data || msc->elst_count <= 0 || nb_old <= 0) {
3849 return;
3850 }
3851
3852 // allocate the index ranges array
3853 msc->index_ranges = av_malloc((msc->elst_count + 1) * sizeof(msc->index_ranges[0]));
3854 if (!msc->index_ranges) {
3855 av_log(mov->fc, AV_LOG_ERROR, "Cannot allocate index ranges buffer\n");
3856 return;
3857 }
3858 msc->current_index_range = msc->index_ranges;
3859 current_index_range = msc->index_ranges - 1;
3860
3861 // Clean AVStream from traces of old index
3862 sti->index_entries = NULL;
3863 sti->index_entries_allocated_size = 0;
3864 sti->nb_index_entries = 0;
3865
3866 // Clean ctts fields of MOVStreamContext
3867 msc->ctts_data = NULL;
3868 msc->ctts_count = 0;
3869 msc->ctts_index = 0;
3870 msc->ctts_sample = 0;
3871 msc->ctts_allocated_size = 0;
3872
3873 // Reinitialize min_corrected_pts so that it can be computed again.
3874 msc->min_corrected_pts = -1;
3875
3876 // If the dts_shift is positive (in case of negative ctts values in mov),
3877 // then negate the DTS by dts_shift
3878 if (msc->dts_shift > 0) {
3879 edit_list_dts_entry_end -= msc->dts_shift;
3880 av_log(mov->fc, AV_LOG_DEBUG, "Shifting DTS by %d because of negative CTTS.\n", msc->dts_shift);
3881 }
3882
3883 start_dts = edit_list_dts_entry_end;
3884
3885 while (get_edit_list_entry(mov, msc, edit_list_index, &edit_list_media_time,
3886 &edit_list_duration, mov->time_scale)) {
3887 av_log(mov->fc, AV_LOG_DEBUG, "Processing st: %d, edit list %"PRId64" - media time: %"PRId64", duration: %"PRId64"\n",
3888 st->index, edit_list_index, edit_list_media_time, edit_list_duration);
3889 edit_list_index++;
3890 edit_list_dts_counter = edit_list_dts_entry_end;
3891 edit_list_dts_entry_end += edit_list_duration;
3892 num_discarded_begin = 0;
3893 if (!found_non_empty_edit && edit_list_media_time == -1) {
3894 empty_edits_sum_duration += edit_list_duration;
3895 continue;
3896 }
3897 found_non_empty_edit = 1;
3898
3899 // If we encounter a non-negative edit list reset the skip_samples/start_pad fields and set them
3900 // according to the edit list below.
3901 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO) {
3902 if (first_non_zero_audio_edit < 0) {
3903 first_non_zero_audio_edit = 1;
3904 } else {
3905 first_non_zero_audio_edit = 0;
3906 }
3907
3908 if (first_non_zero_audio_edit > 0)
3909 sti->skip_samples = msc->start_pad = 0;
3910 }
3911
3912 // While reordering frame index according to edit list we must handle properly
3913 // the scenario when edit list entry starts from none key frame.
3914 // We find closest previous key frame and preserve it and consequent frames in index.
3915 // All frames which are outside edit list entry time boundaries will be dropped after decoding.
3916 search_timestamp = edit_list_media_time;
3917 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO) {
3918 // Audio decoders like AAC need need a decoder delay samples previous to the current sample,
3919 // to correctly decode this frame. Hence for audio we seek to a frame 1 sec. before the
3920 // edit_list_media_time to cover the decoder delay.
3921 search_timestamp = FFMAX(search_timestamp - msc->time_scale, e_old[0].timestamp);
3922 }
3923
3924 if (find_prev_closest_index(st, e_old, nb_old, ctts_data_old, ctts_count_old, search_timestamp, 0,
3925 &index, &ctts_index_old, &ctts_sample_old) < 0) {
3926 av_log(mov->fc, AV_LOG_WARNING,
3927 "st: %d edit list: %"PRId64" Missing key frame while searching for timestamp: %"PRId64"\n",
3928 st->index, edit_list_index, search_timestamp);
3929 if (find_prev_closest_index(st, e_old, nb_old, ctts_data_old, ctts_count_old, search_timestamp, AVSEEK_FLAG_ANY,
3930 &index, &ctts_index_old, &ctts_sample_old) < 0) {
3931 av_log(mov->fc, AV_LOG_WARNING,
3932 "st: %d edit list %"PRId64" Cannot find an index entry before timestamp: %"PRId64".\n",
3933 st->index, edit_list_index, search_timestamp);
3934 index = 0;
3935 ctts_index_old = 0;
3936 ctts_sample_old = 0;
3937 }
3938 }
3939 current = e_old + index;
3940 edit_list_start_ctts_sample = ctts_sample_old;
3941
3942 // Iterate over index and arrange it according to edit list
3943 edit_list_start_encountered = 0;
3944 found_keyframe_after_edit = 0;
3945 for (; current < e_old_end; current++, index++) {
3946 // check if frame outside edit list mark it for discard
3947 frame_duration = (current + 1 < e_old_end) ?
3948 ((current + 1)->timestamp - current->timestamp) : edit_list_duration;
3949
3950 flags = current->flags;
3951
3952 // frames (pts) before or after edit list
3953 curr_cts = current->timestamp + msc->dts_shift;
3954 curr_ctts = 0;
3955
3956 if (ctts_data_old && ctts_index_old < ctts_count_old) {
3957 curr_ctts = ctts_data_old[ctts_index_old].duration;
3958 av_log(mov->fc, AV_LOG_TRACE, "stts: %"PRId64" ctts: %"PRId64", ctts_index: %"PRId64", ctts_count: %"PRId64"\n",
3959 curr_cts, curr_ctts, ctts_index_old, ctts_count_old);
3960 curr_cts += curr_ctts;
3961 ctts_sample_old++;
3962 if (ctts_sample_old == ctts_data_old[ctts_index_old].count) {
3963 if (add_ctts_entry(&msc->ctts_data, &msc->ctts_count,
3964 &msc->ctts_allocated_size,
3965 ctts_data_old[ctts_index_old].count - edit_list_start_ctts_sample,
3966 ctts_data_old[ctts_index_old].duration) == -1) {
3967 av_log(mov->fc, AV_LOG_ERROR, "Cannot add CTTS entry %"PRId64" - {%"PRId64", %d}\n",
3968 ctts_index_old,
3969 ctts_data_old[ctts_index_old].count - edit_list_start_ctts_sample,
3970 ctts_data_old[ctts_index_old].duration);
3971 break;
3972 }
3973 ctts_index_old++;
3974 ctts_sample_old = 0;
3975 edit_list_start_ctts_sample = 0;
3976 }
3977 }
3978
3979 if (curr_cts < edit_list_media_time || curr_cts >= (edit_list_duration + edit_list_media_time)) {
3980 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO && st->codecpar->codec_id != AV_CODEC_ID_VORBIS &&
3981 curr_cts < edit_list_media_time && curr_cts + frame_duration > edit_list_media_time &&
3982 first_non_zero_audio_edit > 0) {
3983 packet_skip_samples = edit_list_media_time - curr_cts;
3984 sti->skip_samples += packet_skip_samples;
3985
3986 // Shift the index entry timestamp by packet_skip_samples to be correct.
3987 edit_list_dts_counter -= packet_skip_samples;
3988 if (edit_list_start_encountered == 0) {
3989 edit_list_start_encountered = 1;
3990 // Make timestamps strictly monotonically increasing for audio, by rewriting timestamps for
3991 // discarded packets.
3992 if (frame_duration_buffer) {
3993 fix_index_entry_timestamps(st, sti->nb_index_entries, edit_list_dts_counter,
3994 frame_duration_buffer, num_discarded_begin);
3995 av_freep(&frame_duration_buffer);
3996 }
3997 }
3998
3999 av_log(mov->fc, AV_LOG_DEBUG, "skip %d audio samples from curr_cts: %"PRId64"\n", packet_skip_samples, curr_cts);
4000 } else {
4001 flags |= AVINDEX_DISCARD_FRAME;
4002 av_log(mov->fc, AV_LOG_DEBUG, "drop a frame at curr_cts: %"PRId64" @ %"PRId64"\n", curr_cts, index);
4003
4004 if (edit_list_start_encountered == 0) {
4005 num_discarded_begin++;
4006 frame_duration_buffer = av_realloc(frame_duration_buffer,
4007 num_discarded_begin * sizeof(int64_t));
4008 if (!frame_duration_buffer) {
4009 av_log(mov->fc, AV_LOG_ERROR, "Cannot reallocate frame duration buffer\n");
4010 break;
4011 }
4012 frame_duration_buffer[num_discarded_begin - 1] = frame_duration;
4013
4014 // Increment skip_samples for the first non-zero audio edit list
4015 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO &&
4016 first_non_zero_audio_edit > 0 && st->codecpar->codec_id != AV_CODEC_ID_VORBIS) {
4017 sti->skip_samples += frame_duration;
4018 }
4019 }
4020 }
4021 } else {
4022 if (msc->min_corrected_pts < 0) {
4023 msc->min_corrected_pts = edit_list_dts_counter + curr_ctts + msc->dts_shift;
4024 } else {
4025 msc->min_corrected_pts = FFMIN(msc->min_corrected_pts, edit_list_dts_counter + curr_ctts + msc->dts_shift);
4026 }
4027 if (edit_list_start_encountered == 0) {
4028 edit_list_start_encountered = 1;
4029 // Make timestamps strictly monotonically increasing by rewriting timestamps for
4030 // discarded packets.
4031 if (frame_duration_buffer) {
4032 fix_index_entry_timestamps(st, sti->nb_index_entries, edit_list_dts_counter,
4033 frame_duration_buffer, num_discarded_begin);
4034 av_freep(&frame_duration_buffer);
4035 }
4036 }
4037 }
4038
4039 if (add_index_entry(st, current->pos, edit_list_dts_counter, current->size,
4040 current->min_distance, flags) == -1) {
4041 av_log(mov->fc, AV_LOG_ERROR, "Cannot add index entry\n");
4042 break;
4043 }
4044
4045 // Update the index ranges array
4046 if (current_index_range < msc->index_ranges || index != current_index_range->end) {
4047 current_index_range++;
4048 current_index_range->start = index;
4049 }
4050 current_index_range->end = index + 1;
4051
4052 // Only start incrementing DTS in frame_duration amounts, when we encounter a frame in edit list.
4053 if (edit_list_start_encountered > 0) {
4054 edit_list_dts_counter = edit_list_dts_counter + frame_duration;
4055 }
4056
4057 // Break when found first key frame after edit entry completion
4058 if ((curr_cts + frame_duration >= (edit_list_duration + edit_list_media_time)) &&
4059 ((flags & AVINDEX_KEYFRAME) || ((st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO)))) {
4060 if (ctts_data_old) {
4061 // If we have CTTS and this is the first keyframe after edit elist,
4062 // wait for one more, because there might be trailing B-frames after this I-frame
4063 // that do belong to the edit.
4064 if (st->codecpar->codec_type != AVMEDIA_TYPE_AUDIO && found_keyframe_after_edit == 0) {
4065 found_keyframe_after_edit = 1;
4066 continue;
4067 }
4068 if (ctts_sample_old != 0) {
4069 if (add_ctts_entry(&msc->ctts_data, &msc->ctts_count,
4070 &msc->ctts_allocated_size,
4071 ctts_sample_old - edit_list_start_ctts_sample,
4072 ctts_data_old[ctts_index_old].duration) == -1) {
4073 av_log(mov->fc, AV_LOG_ERROR, "Cannot add CTTS entry %"PRId64" - {%"PRId64", %d}\n",
4074 ctts_index_old, ctts_sample_old - edit_list_start_ctts_sample,
4075 ctts_data_old[ctts_index_old].duration);
4076 break;
4077 }
4078 }
4079 }
4080 break;
4081 }
4082 }
4083 }
4084 // If there are empty edits, then msc->min_corrected_pts might be positive
4085 // intentionally. So we subtract the sum duration of emtpy edits here.
4086 msc->min_corrected_pts -= empty_edits_sum_duration;
4087
4088 // If the minimum pts turns out to be greater than zero after fixing the index, then we subtract the
4089 // dts by that amount to make the first pts zero.
4090 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) {
4091 if (msc->min_corrected_pts > 0) {
4092 av_log(mov->fc, AV_LOG_DEBUG, "Offset DTS by %"PRId64" to make first pts zero.\n", msc->min_corrected_pts);
4093 for (int i = 0; i < sti->nb_index_entries; ++i)
4094 sti->index_entries[i].timestamp -= msc->min_corrected_pts;
4095 }
4096 }
4097 // Start time should be equal to zero or the duration of any empty edits.
4098 st->start_time = empty_edits_sum_duration;
4099
4100 // Update av stream length, if it ends up shorter than the track's media duration
4101 st->duration = FFMIN(st->duration, edit_list_dts_entry_end - start_dts);
4102 msc->start_pad = sti->skip_samples;
4103
4104 // Free the old index and the old CTTS structures
4105 av_free(e_old);
4106 av_free(ctts_data_old);
4107 av_freep(&frame_duration_buffer);
4108
4109 // Null terminate the index ranges array
4110 current_index_range++;
4111 current_index_range->start = 0;
4112 current_index_range->end = 0;
4113 msc->current_index = msc->index_ranges[0].start;
4114 }
4115
get_sgpd_sync_index(const MOVStreamContext * sc,int nal_unit_type)4116 static uint32_t get_sgpd_sync_index(const MOVStreamContext *sc, int nal_unit_type)
4117 {
4118 for (uint32_t i = 0; i < sc->sgpd_sync_count; i++)
4119 if (sc->sgpd_sync[i] == HEVC_NAL_CRA_NUT)
4120 return i + 1;
4121 return 0;
4122 }
4123
build_open_gop_key_points(AVStream * st)4124 static int build_open_gop_key_points(AVStream *st)
4125 {
4126 int k;
4127 int sample_id = 0;
4128 uint32_t cra_index;
4129 MOVStreamContext *sc = st->priv_data;
4130
4131 if (st->codecpar->codec_id != AV_CODEC_ID_HEVC || !sc->sync_group_count)
4132 return 0;
4133
4134 /* Build an unrolled index of the samples */
4135 sc->sample_offsets_count = 0;
4136 for (uint32_t i = 0; i < sc->ctts_count; i++) {
4137 if (sc->ctts_data[i].count > INT_MAX - sc->sample_offsets_count)
4138 return AVERROR(ENOMEM);
4139 sc->sample_offsets_count += sc->ctts_data[i].count;
4140 }
4141 av_freep(&sc->sample_offsets);
4142 sc->sample_offsets = av_calloc(sc->sample_offsets_count, sizeof(*sc->sample_offsets));
4143 if (!sc->sample_offsets)
4144 return AVERROR(ENOMEM);
4145 k = 0;
4146 for (uint32_t i = 0; i < sc->ctts_count; i++)
4147 for (int j = 0; j < sc->ctts_data[i].count; j++)
4148 sc->sample_offsets[k++] = sc->ctts_data[i].duration;
4149
4150 /* The following HEVC NAL type reveal the use of open GOP sync points
4151 * (TODO: BLA types may also be concerned) */
4152 cra_index = get_sgpd_sync_index(sc, HEVC_NAL_CRA_NUT); /* Clean Random Access */
4153 if (!cra_index)
4154 return 0;
4155
4156 /* Build a list of open-GOP key samples */
4157 sc->open_key_samples_count = 0;
4158 for (uint32_t i = 0; i < sc->sync_group_count; i++)
4159 if (sc->sync_group[i].index == cra_index) {
4160 if (sc->sync_group[i].count > INT_MAX - sc->open_key_samples_count)
4161 return AVERROR(ENOMEM);
4162 sc->open_key_samples_count += sc->sync_group[i].count;
4163 }
4164 av_freep(&sc->open_key_samples);
4165 sc->open_key_samples = av_calloc(sc->open_key_samples_count, sizeof(*sc->open_key_samples));
4166 if (!sc->open_key_samples)
4167 return AVERROR(ENOMEM);
4168 k = 0;
4169 for (uint32_t i = 0; i < sc->sync_group_count; i++) {
4170 const MOVSbgp *sg = &sc->sync_group[i];
4171 if (sg->index == cra_index)
4172 for (uint32_t j = 0; j < sg->count; j++)
4173 sc->open_key_samples[k++] = sample_id;
4174 if (sg->count > INT_MAX - sample_id)
4175 return AVERROR_PATCHWELCOME;
4176 sample_id += sg->count;
4177 }
4178
4179 /* Identify the minimal time step between samples */
4180 sc->min_sample_duration = UINT_MAX;
4181 for (uint32_t i = 0; i < sc->stts_count; i++)
4182 sc->min_sample_duration = FFMIN(sc->min_sample_duration, sc->stts_data[i].duration);
4183
4184 return 0;
4185 }
4186
mov_build_index(MOVContext * mov,AVStream * st)4187 static void mov_build_index(MOVContext *mov, AVStream *st)
4188 {
4189 MOVStreamContext *sc = st->priv_data;
4190 FFStream *const sti = ffstream(st);
4191 int64_t current_offset;
4192 int64_t current_dts = 0;
4193 unsigned int stts_index = 0;
4194 unsigned int stsc_index = 0;
4195 unsigned int stss_index = 0;
4196 unsigned int stps_index = 0;
4197 unsigned int i, j;
4198 uint64_t stream_size = 0;
4199 MOVCtts *ctts_data_old = sc->ctts_data;
4200 unsigned int ctts_count_old = sc->ctts_count;
4201
4202 int ret = build_open_gop_key_points(st);
4203 if (ret < 0)
4204 return;
4205
4206 if (sc->elst_count) {
4207 int i, edit_start_index = 0, multiple_edits = 0;
4208 int64_t empty_duration = 0; // empty duration of the first edit list entry
4209 int64_t start_time = 0; // start time of the media
4210
4211 for (i = 0; i < sc->elst_count; i++) {
4212 const MOVElst *e = &sc->elst_data[i];
4213 if (i == 0 && e->time == -1) {
4214 /* if empty, the first entry is the start time of the stream
4215 * relative to the presentation itself */
4216 empty_duration = e->duration;
4217 edit_start_index = 1;
4218 } else if (i == edit_start_index && e->time >= 0) {
4219 start_time = e->time;
4220 } else {
4221 multiple_edits = 1;
4222 }
4223 }
4224
4225 if (multiple_edits && !mov->advanced_editlist)
4226 av_log(mov->fc, AV_LOG_WARNING, "multiple edit list entries, "
4227 "Use -advanced_editlist to correctly decode otherwise "
4228 "a/v desync might occur\n");
4229
4230 /* adjust first dts according to edit list */
4231 if ((empty_duration || start_time) && mov->time_scale > 0) {
4232 if (empty_duration)
4233 empty_duration = av_rescale(empty_duration, sc->time_scale, mov->time_scale);
4234
4235 if (av_sat_sub64(start_time, empty_duration) != start_time - (uint64_t)empty_duration)
4236 av_log(mov->fc, AV_LOG_WARNING, "start_time - empty_duration is not representable\n");
4237
4238 sc->time_offset = start_time - (uint64_t)empty_duration;
4239 sc->min_corrected_pts = start_time;
4240 if (!mov->advanced_editlist)
4241 current_dts = -sc->time_offset;
4242 }
4243
4244 if (!multiple_edits && !mov->advanced_editlist &&
4245 st->codecpar->codec_id == AV_CODEC_ID_AAC && start_time > 0)
4246 sc->start_pad = start_time;
4247 }
4248
4249 /* only use old uncompressed audio chunk demuxing when stts specifies it */
4250 if (!(st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO &&
4251 sc->stts_count == 1 && sc->stts_data[0].duration == 1)) {
4252 unsigned int current_sample = 0;
4253 unsigned int stts_sample = 0;
4254 unsigned int sample_size;
4255 unsigned int distance = 0;
4256 unsigned int rap_group_index = 0;
4257 unsigned int rap_group_sample = 0;
4258 int rap_group_present = sc->rap_group_count && sc->rap_group;
4259 int key_off = (sc->keyframe_count && sc->keyframes[0] > 0) || (sc->stps_count && sc->stps_data[0] > 0);
4260
4261 current_dts -= sc->dts_shift;
4262
4263 if (!sc->sample_count || sti->nb_index_entries)
4264 return;
4265 if (sc->sample_count >= UINT_MAX / sizeof(*sti->index_entries) - sti->nb_index_entries)
4266 return;
4267 if (av_reallocp_array(&sti->index_entries,
4268 sti->nb_index_entries + sc->sample_count,
4269 sizeof(*sti->index_entries)) < 0) {
4270 sti->nb_index_entries = 0;
4271 return;
4272 }
4273 sti->index_entries_allocated_size = (sti->nb_index_entries + sc->sample_count) * sizeof(*sti->index_entries);
4274
4275 if (ctts_data_old) {
4276 // Expand ctts entries such that we have a 1-1 mapping with samples
4277 if (sc->sample_count >= UINT_MAX / sizeof(*sc->ctts_data))
4278 return;
4279 sc->ctts_count = 0;
4280 sc->ctts_allocated_size = 0;
4281 sc->ctts_data = av_fast_realloc(NULL, &sc->ctts_allocated_size,
4282 sc->sample_count * sizeof(*sc->ctts_data));
4283 if (!sc->ctts_data) {
4284 av_free(ctts_data_old);
4285 return;
4286 }
4287
4288 memset((uint8_t*)(sc->ctts_data), 0, sc->ctts_allocated_size);
4289
4290 for (i = 0; i < ctts_count_old &&
4291 sc->ctts_count < sc->sample_count; i++)
4292 for (j = 0; j < ctts_data_old[i].count &&
4293 sc->ctts_count < sc->sample_count; j++)
4294 add_ctts_entry(&sc->ctts_data, &sc->ctts_count,
4295 &sc->ctts_allocated_size, 1,
4296 ctts_data_old[i].duration);
4297 av_free(ctts_data_old);
4298 }
4299
4300 for (i = 0; i < sc->chunk_count; i++) {
4301 int64_t next_offset = i+1 < sc->chunk_count ? sc->chunk_offsets[i+1] : INT64_MAX;
4302 current_offset = sc->chunk_offsets[i];
4303 while (mov_stsc_index_valid(stsc_index, sc->stsc_count) &&
4304 i + 1 == sc->stsc_data[stsc_index + 1].first)
4305 stsc_index++;
4306
4307 if (next_offset > current_offset && sc->sample_size>0 && sc->sample_size < sc->stsz_sample_size &&
4308 sc->stsc_data[stsc_index].count * (int64_t)sc->stsz_sample_size > next_offset - current_offset) {
4309 av_log(mov->fc, AV_LOG_WARNING, "STSZ sample size %d invalid (too large), ignoring\n", sc->stsz_sample_size);
4310 sc->stsz_sample_size = sc->sample_size;
4311 }
4312 if (sc->stsz_sample_size>0 && sc->stsz_sample_size < sc->sample_size) {
4313 av_log(mov->fc, AV_LOG_WARNING, "STSZ sample size %d invalid (too small), ignoring\n", sc->stsz_sample_size);
4314 sc->stsz_sample_size = sc->sample_size;
4315 }
4316
4317 for (j = 0; j < sc->stsc_data[stsc_index].count; j++) {
4318 int keyframe = 0;
4319 if (current_sample >= sc->sample_count) {
4320 av_log(mov->fc, AV_LOG_ERROR, "wrong sample count\n");
4321 return;
4322 }
4323
4324 if (!sc->keyframe_absent && (!sc->keyframe_count || current_sample+key_off == sc->keyframes[stss_index])) {
4325 keyframe = 1;
4326 if (stss_index + 1 < sc->keyframe_count)
4327 stss_index++;
4328 } else if (sc->stps_count && current_sample+key_off == sc->stps_data[stps_index]) {
4329 keyframe = 1;
4330 if (stps_index + 1 < sc->stps_count)
4331 stps_index++;
4332 }
4333 if (rap_group_present && rap_group_index < sc->rap_group_count) {
4334 if (sc->rap_group[rap_group_index].index > 0)
4335 keyframe = 1;
4336 if (++rap_group_sample == sc->rap_group[rap_group_index].count) {
4337 rap_group_sample = 0;
4338 rap_group_index++;
4339 }
4340 }
4341 if (sc->keyframe_absent
4342 && !sc->stps_count
4343 && !rap_group_present
4344 && (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO || (i==0 && j==0)))
4345 keyframe = 1;
4346 if (keyframe)
4347 distance = 0;
4348 sample_size = sc->stsz_sample_size > 0 ? sc->stsz_sample_size : sc->sample_sizes[current_sample];
4349 if (current_offset > INT64_MAX - sample_size) {
4350 av_log(mov->fc, AV_LOG_ERROR, "Current offset %"PRId64" or sample size %u is too large\n",
4351 current_offset,
4352 sample_size);
4353 return;
4354 }
4355
4356 if (sc->pseudo_stream_id == -1 ||
4357 sc->stsc_data[stsc_index].id - 1 == sc->pseudo_stream_id) {
4358 AVIndexEntry *e;
4359 if (sample_size > 0x3FFFFFFF) {
4360 av_log(mov->fc, AV_LOG_ERROR, "Sample size %u is too large\n", sample_size);
4361 return;
4362 }
4363 e = &sti->index_entries[sti->nb_index_entries++];
4364 e->pos = current_offset;
4365 e->timestamp = current_dts;
4366 e->size = sample_size;
4367 e->min_distance = distance;
4368 e->flags = keyframe ? AVINDEX_KEYFRAME : 0;
4369 av_log(mov->fc, AV_LOG_TRACE, "AVIndex stream %d, sample %u, offset %"PRIx64", dts %"PRId64", "
4370 "size %u, distance %u, keyframe %d\n", st->index, current_sample,
4371 current_offset, current_dts, sample_size, distance, keyframe);
4372 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO && sti->nb_index_entries < 100)
4373 ff_rfps_add_frame(mov->fc, st, current_dts);
4374 }
4375
4376 current_offset += sample_size;
4377 stream_size += sample_size;
4378
4379 current_dts += sc->stts_data[stts_index].duration;
4380
4381 distance++;
4382 stts_sample++;
4383 current_sample++;
4384 if (stts_index + 1 < sc->stts_count && stts_sample == sc->stts_data[stts_index].count) {
4385 stts_sample = 0;
4386 stts_index++;
4387 }
4388 }
4389 }
4390 if (st->duration > 0)
4391 st->codecpar->bit_rate = stream_size*8*sc->time_scale/st->duration;
4392 } else {
4393 unsigned chunk_samples, total = 0;
4394
4395 if (!sc->chunk_count)
4396 return;
4397
4398 // compute total chunk count
4399 for (i = 0; i < sc->stsc_count; i++) {
4400 unsigned count, chunk_count;
4401
4402 chunk_samples = sc->stsc_data[i].count;
4403 if (i != sc->stsc_count - 1 &&
4404 sc->samples_per_frame && chunk_samples % sc->samples_per_frame) {
4405 av_log(mov->fc, AV_LOG_ERROR, "error unaligned chunk\n");
4406 return;
4407 }
4408
4409 if (sc->samples_per_frame >= 160) { // gsm
4410 count = chunk_samples / sc->samples_per_frame;
4411 } else if (sc->samples_per_frame > 1) {
4412 unsigned samples = (1024/sc->samples_per_frame)*sc->samples_per_frame;
4413 count = (chunk_samples+samples-1) / samples;
4414 } else {
4415 count = (chunk_samples+1023) / 1024;
4416 }
4417
4418 if (mov_stsc_index_valid(i, sc->stsc_count))
4419 chunk_count = sc->stsc_data[i+1].first - sc->stsc_data[i].first;
4420 else
4421 chunk_count = sc->chunk_count - (sc->stsc_data[i].first - 1);
4422 total += chunk_count * count;
4423 }
4424
4425 av_log(mov->fc, AV_LOG_TRACE, "chunk count %u\n", total);
4426 if (total >= UINT_MAX / sizeof(*sti->index_entries) - sti->nb_index_entries)
4427 return;
4428 if (av_reallocp_array(&sti->index_entries,
4429 sti->nb_index_entries + total,
4430 sizeof(*sti->index_entries)) < 0) {
4431 sti->nb_index_entries = 0;
4432 return;
4433 }
4434 sti->index_entries_allocated_size = (sti->nb_index_entries + total) * sizeof(*sti->index_entries);
4435
4436 // populate index
4437 for (i = 0; i < sc->chunk_count; i++) {
4438 current_offset = sc->chunk_offsets[i];
4439 if (mov_stsc_index_valid(stsc_index, sc->stsc_count) &&
4440 i + 1 == sc->stsc_data[stsc_index + 1].first)
4441 stsc_index++;
4442 chunk_samples = sc->stsc_data[stsc_index].count;
4443
4444 while (chunk_samples > 0) {
4445 AVIndexEntry *e;
4446 unsigned size, samples;
4447
4448 if (sc->samples_per_frame > 1 && !sc->bytes_per_frame) {
4449 avpriv_request_sample(mov->fc,
4450 "Zero bytes per frame, but %d samples per frame",
4451 sc->samples_per_frame);
4452 return;
4453 }
4454
4455 if (sc->samples_per_frame >= 160) { // gsm
4456 samples = sc->samples_per_frame;
4457 size = sc->bytes_per_frame;
4458 } else {
4459 if (sc->samples_per_frame > 1) {
4460 samples = FFMIN((1024 / sc->samples_per_frame)*
4461 sc->samples_per_frame, chunk_samples);
4462 size = (samples / sc->samples_per_frame) * sc->bytes_per_frame;
4463 } else {
4464 samples = FFMIN(1024, chunk_samples);
4465 size = samples * sc->sample_size;
4466 }
4467 }
4468
4469 if (sti->nb_index_entries >= total) {
4470 av_log(mov->fc, AV_LOG_ERROR, "wrong chunk count %u\n", total);
4471 return;
4472 }
4473 if (size > 0x3FFFFFFF) {
4474 av_log(mov->fc, AV_LOG_ERROR, "Sample size %u is too large\n", size);
4475 return;
4476 }
4477 e = &sti->index_entries[sti->nb_index_entries++];
4478 e->pos = current_offset;
4479 e->timestamp = current_dts;
4480 e->size = size;
4481 e->min_distance = 0;
4482 e->flags = AVINDEX_KEYFRAME;
4483 av_log(mov->fc, AV_LOG_TRACE, "AVIndex stream %d, chunk %u, offset %"PRIx64", dts %"PRId64", "
4484 "size %u, duration %u\n", st->index, i, current_offset, current_dts,
4485 size, samples);
4486
4487 current_offset += size;
4488 current_dts += samples;
4489 chunk_samples -= samples;
4490 }
4491 }
4492 }
4493
4494 if (!mov->ignore_editlist && mov->advanced_editlist) {
4495 // Fix index according to edit lists.
4496 mov_fix_index(mov, st);
4497 }
4498
4499 // Update start time of the stream.
4500 if (st->start_time == AV_NOPTS_VALUE && st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO && sti->nb_index_entries > 0) {
4501 st->start_time = sti->index_entries[0].timestamp + sc->dts_shift;
4502 if (sc->ctts_data) {
4503 st->start_time += sc->ctts_data[0].duration;
4504 }
4505 }
4506
4507 mov_estimate_video_delay(mov, st);
4508 }
4509
test_same_origin(const char * src,const char * ref)4510 static int test_same_origin(const char *src, const char *ref) {
4511 char src_proto[64];
4512 char ref_proto[64];
4513 char src_auth[256];
4514 char ref_auth[256];
4515 char src_host[256];
4516 char ref_host[256];
4517 int src_port=-1;
4518 int ref_port=-1;
4519
4520 av_url_split(src_proto, sizeof(src_proto), src_auth, sizeof(src_auth), src_host, sizeof(src_host), &src_port, NULL, 0, src);
4521 av_url_split(ref_proto, sizeof(ref_proto), ref_auth, sizeof(ref_auth), ref_host, sizeof(ref_host), &ref_port, NULL, 0, ref);
4522
4523 if (strlen(src) == 0) {
4524 return -1;
4525 } else if (strlen(src_auth) + 1 >= sizeof(src_auth) ||
4526 strlen(ref_auth) + 1 >= sizeof(ref_auth) ||
4527 strlen(src_host) + 1 >= sizeof(src_host) ||
4528 strlen(ref_host) + 1 >= sizeof(ref_host)) {
4529 return 0;
4530 } else if (strcmp(src_proto, ref_proto) ||
4531 strcmp(src_auth, ref_auth) ||
4532 strcmp(src_host, ref_host) ||
4533 src_port != ref_port) {
4534 return 0;
4535 } else
4536 return 1;
4537 }
4538
mov_open_dref(MOVContext * c,AVIOContext ** pb,const char * src,MOVDref * ref)4539 static int mov_open_dref(MOVContext *c, AVIOContext **pb, const char *src, MOVDref *ref)
4540 {
4541 /* try relative path, we do not try the absolute because it can leak information about our
4542 system to an attacker */
4543 if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
4544 char filename[1025];
4545 const char *src_path;
4546 int i, l;
4547
4548 /* find a source dir */
4549 src_path = strrchr(src, '/');
4550 if (src_path)
4551 src_path++;
4552 else
4553 src_path = src;
4554
4555 /* find a next level down to target */
4556 for (i = 0, l = strlen(ref->path) - 1; l >= 0; l--)
4557 if (ref->path[l] == '/') {
4558 if (i == ref->nlvl_to - 1)
4559 break;
4560 else
4561 i++;
4562 }
4563
4564 /* compose filename if next level down to target was found */
4565 if (i == ref->nlvl_to - 1 && src_path - src < sizeof(filename)) {
4566 memcpy(filename, src, src_path - src);
4567 filename[src_path - src] = 0;
4568
4569 for (i = 1; i < ref->nlvl_from; i++)
4570 av_strlcat(filename, "../", sizeof(filename));
4571
4572 av_strlcat(filename, ref->path + l + 1, sizeof(filename));
4573 if (!c->use_absolute_path) {
4574 int same_origin = test_same_origin(src, filename);
4575
4576 if (!same_origin) {
4577 av_log(c->fc, AV_LOG_ERROR,
4578 "Reference with mismatching origin, %s not tried for security reasons, "
4579 "set demuxer option use_absolute_path to allow it anyway\n",
4580 ref->path);
4581 return AVERROR(ENOENT);
4582 }
4583
4584 if (strstr(ref->path + l + 1, "..") ||
4585 strstr(ref->path + l + 1, ":") ||
4586 (ref->nlvl_from > 1 && same_origin < 0) ||
4587 (filename[0] == '/' && src_path == src))
4588 return AVERROR(ENOENT);
4589 }
4590
4591 if (strlen(filename) + 1 == sizeof(filename))
4592 return AVERROR(ENOENT);
4593 if (!c->fc->io_open(c->fc, pb, filename, AVIO_FLAG_READ, NULL))
4594 return 0;
4595 }
4596 } else if (c->use_absolute_path) {
4597 av_log(c->fc, AV_LOG_WARNING, "Using absolute path on user request, "
4598 "this is a possible security issue\n");
4599 if (!c->fc->io_open(c->fc, pb, ref->path, AVIO_FLAG_READ, NULL))
4600 return 0;
4601 } else {
4602 av_log(c->fc, AV_LOG_ERROR,
4603 "Absolute path %s not tried for security reasons, "
4604 "set demuxer option use_absolute_path to allow absolute paths\n",
4605 ref->path);
4606 }
4607
4608 return AVERROR(ENOENT);
4609 }
4610
fix_timescale(MOVContext * c,MOVStreamContext * sc)4611 static void fix_timescale(MOVContext *c, MOVStreamContext *sc)
4612 {
4613 if (sc->time_scale <= 0) {
4614 av_log(c->fc, AV_LOG_WARNING, "stream %d, timescale not set\n", sc->ffindex);
4615 sc->time_scale = c->time_scale;
4616 if (sc->time_scale <= 0)
4617 sc->time_scale = 1;
4618 }
4619 }
4620
mov_read_trak(MOVContext * c,AVIOContext * pb,MOVAtom atom)4621 static int mov_read_trak(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4622 {
4623 AVStream *st;
4624 MOVStreamContext *sc;
4625 int ret;
4626
4627 if (c->is_still_picture_avif) {
4628 return AVERROR_INVALIDDATA;
4629 }
4630
4631 st = avformat_new_stream(c->fc, NULL);
4632 if (!st) return AVERROR(ENOMEM);
4633 st->id = -1;
4634 sc = av_mallocz(sizeof(MOVStreamContext));
4635 if (!sc) return AVERROR(ENOMEM);
4636
4637 st->priv_data = sc;
4638 st->codecpar->codec_type = AVMEDIA_TYPE_DATA;
4639 sc->ffindex = st->index;
4640 c->trak_index = st->index;
4641
4642 if ((ret = mov_read_default(c, pb, atom)) < 0)
4643 return ret;
4644
4645 c->trak_index = -1;
4646
4647 // Here stsc refers to a chunk not described in stco. This is technically invalid,
4648 // but we can overlook it (clearing stsc) whenever stts_count == 0 (indicating no samples).
4649 if (!sc->chunk_count && !sc->stts_count && sc->stsc_count) {
4650 sc->stsc_count = 0;
4651 av_freep(&sc->stsc_data);
4652 }
4653
4654 /* sanity checks */
4655 if ((sc->chunk_count && (!sc->stts_count || !sc->stsc_count ||
4656 (!sc->sample_size && !sc->sample_count))) ||
4657 (!sc->chunk_count && sc->sample_count)) {
4658 av_log(c->fc, AV_LOG_ERROR, "stream %d, missing mandatory atoms, broken header\n",
4659 st->index);
4660 return 0;
4661 }
4662 if (sc->stsc_count && sc->stsc_data[ sc->stsc_count - 1 ].first > sc->chunk_count) {
4663 av_log(c->fc, AV_LOG_ERROR, "stream %d, contradictionary STSC and STCO\n",
4664 st->index);
4665 return AVERROR_INVALIDDATA;
4666 }
4667
4668 fix_timescale(c, sc);
4669
4670 avpriv_set_pts_info(st, 64, 1, sc->time_scale);
4671
4672 mov_build_index(c, st);
4673
4674 if (sc->dref_id-1 < sc->drefs_count && sc->drefs[sc->dref_id-1].path) {
4675 MOVDref *dref = &sc->drefs[sc->dref_id - 1];
4676 if (c->enable_drefs) {
4677 if (mov_open_dref(c, &sc->pb, c->fc->url, dref) < 0)
4678 av_log(c->fc, AV_LOG_ERROR,
4679 "stream %d, error opening alias: path='%s', dir='%s', "
4680 "filename='%s', volume='%s', nlvl_from=%d, nlvl_to=%d\n",
4681 st->index, dref->path, dref->dir, dref->filename,
4682 dref->volume, dref->nlvl_from, dref->nlvl_to);
4683 } else {
4684 av_log(c->fc, AV_LOG_WARNING,
4685 "Skipped opening external track: "
4686 "stream %d, alias: path='%s', dir='%s', "
4687 "filename='%s', volume='%s', nlvl_from=%d, nlvl_to=%d."
4688 "Set enable_drefs to allow this.\n",
4689 st->index, dref->path, dref->dir, dref->filename,
4690 dref->volume, dref->nlvl_from, dref->nlvl_to);
4691 }
4692 } else {
4693 sc->pb = c->fc->pb;
4694 sc->pb_is_copied = 1;
4695 }
4696
4697 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) {
4698 if (!st->sample_aspect_ratio.num && st->codecpar->width && st->codecpar->height &&
4699 sc->height && sc->width &&
4700 (st->codecpar->width != sc->width || st->codecpar->height != sc->height)) {
4701 st->sample_aspect_ratio = av_d2q(((double)st->codecpar->height * sc->width) /
4702 ((double)st->codecpar->width * sc->height), INT_MAX);
4703 }
4704
4705 #if FF_API_R_FRAME_RATE
4706 if (sc->stts_count == 1 || (sc->stts_count == 2 && sc->stts_data[1].count == 1))
4707 av_reduce(&st->r_frame_rate.num, &st->r_frame_rate.den,
4708 sc->time_scale, sc->stts_data[0].duration, INT_MAX);
4709 #endif
4710 }
4711
4712 // done for ai5q, ai52, ai55, ai1q, ai12 and ai15.
4713 if (!st->codecpar->extradata_size && st->codecpar->codec_id == AV_CODEC_ID_H264 &&
4714 TAG_IS_AVCI(st->codecpar->codec_tag)) {
4715 ret = ff_generate_avci_extradata(st);
4716 if (ret < 0)
4717 return ret;
4718 }
4719
4720 switch (st->codecpar->codec_id) {
4721 #if CONFIG_H261_DECODER
4722 case AV_CODEC_ID_H261:
4723 #endif
4724 #if CONFIG_H263_DECODER
4725 case AV_CODEC_ID_H263:
4726 #endif
4727 #if CONFIG_MPEG4_DECODER
4728 case AV_CODEC_ID_MPEG4:
4729 #endif
4730 st->codecpar->width = 0; /* let decoder init width/height */
4731 st->codecpar->height= 0;
4732 break;
4733 }
4734
4735 // If the duration of the mp3 packets is not constant, then they could need a parser
4736 if (st->codecpar->codec_id == AV_CODEC_ID_MP3
4737 && sc->stts_count > 3
4738 && sc->stts_count*10 > st->nb_frames
4739 && sc->time_scale == st->codecpar->sample_rate) {
4740 ffstream(st)->need_parsing = AVSTREAM_PARSE_FULL;
4741 }
4742 /* Do not need those anymore. */
4743 av_freep(&sc->chunk_offsets);
4744 av_freep(&sc->sample_sizes);
4745 av_freep(&sc->keyframes);
4746 av_freep(&sc->stts_data);
4747 av_freep(&sc->stps_data);
4748 av_freep(&sc->elst_data);
4749 av_freep(&sc->rap_group);
4750 av_freep(&sc->sync_group);
4751 av_freep(&sc->sgpd_sync);
4752
4753 return 0;
4754 }
4755
mov_read_ilst(MOVContext * c,AVIOContext * pb,MOVAtom atom)4756 static int mov_read_ilst(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4757 {
4758 int ret;
4759 c->itunes_metadata = 1;
4760 ret = mov_read_default(c, pb, atom);
4761 c->itunes_metadata = 0;
4762 return ret;
4763 }
4764
mov_read_keys(MOVContext * c,AVIOContext * pb,MOVAtom atom)4765 static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4766 {
4767 uint32_t count;
4768 uint32_t i;
4769
4770 if (atom.size < 8)
4771 return 0;
4772
4773 avio_skip(pb, 4);
4774 count = avio_rb32(pb);
4775 if (count > UINT_MAX / sizeof(*c->meta_keys) - 1) {
4776 av_log(c->fc, AV_LOG_ERROR,
4777 "The 'keys' atom with the invalid key count: %"PRIu32"\n", count);
4778 return AVERROR_INVALIDDATA;
4779 }
4780
4781 c->meta_keys_count = count + 1;
4782 c->meta_keys = av_mallocz(c->meta_keys_count * sizeof(*c->meta_keys));
4783 if (!c->meta_keys)
4784 return AVERROR(ENOMEM);
4785
4786 for (i = 1; i <= count; ++i) {
4787 uint32_t key_size = avio_rb32(pb);
4788 uint32_t type = avio_rl32(pb);
4789 if (key_size < 8) {
4790 av_log(c->fc, AV_LOG_ERROR,
4791 "The key# %"PRIu32" in meta has invalid size:"
4792 "%"PRIu32"\n", i, key_size);
4793 return AVERROR_INVALIDDATA;
4794 }
4795 key_size -= 8;
4796 if (type != MKTAG('m','d','t','a')) {
4797 avio_skip(pb, key_size);
4798 }
4799 #ifdef OHOS_MOOV_LEVEL_META
4800 char* tempKey = av_mallocz(key_size + 1);
4801 if (!tempKey) {
4802 return AVERROR(ENOMEM);
4803 }
4804 avio_read(pb, tempKey, key_size);
4805 c->meta_keys[i] = av_asprintf("%s%s", "moov_level_meta_key_", tempKey);
4806 av_freep(&tempKey);
4807 #else
4808 c->meta_keys[i] = av_mallocz(key_size + 1);
4809 if (!c->meta_keys[i])
4810 return AVERROR(ENOMEM);
4811 avio_read(pb, c->meta_keys[i], key_size);
4812 #endif
4813 }
4814
4815 return 0;
4816 }
4817
mov_read_custom(MOVContext * c,AVIOContext * pb,MOVAtom atom)4818 static int mov_read_custom(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4819 {
4820 int64_t end = av_sat_add64(avio_tell(pb), atom.size);
4821 uint8_t *key = NULL, *val = NULL, *mean = NULL;
4822 int i;
4823 int ret = 0;
4824 AVStream *st;
4825 MOVStreamContext *sc;
4826
4827 if (c->fc->nb_streams < 1)
4828 return 0;
4829 st = c->fc->streams[c->fc->nb_streams-1];
4830 sc = st->priv_data;
4831
4832 for (i = 0; i < 3; i++) {
4833 uint8_t **p;
4834 uint32_t len, tag;
4835
4836 if (end - avio_tell(pb) <= 12)
4837 break;
4838
4839 len = avio_rb32(pb);
4840 tag = avio_rl32(pb);
4841 avio_skip(pb, 4); // flags
4842
4843 if (len < 12 || len - 12 > end - avio_tell(pb))
4844 break;
4845 len -= 12;
4846
4847 if (tag == MKTAG('m', 'e', 'a', 'n'))
4848 p = &mean;
4849 else if (tag == MKTAG('n', 'a', 'm', 'e'))
4850 p = &key;
4851 else if (tag == MKTAG('d', 'a', 't', 'a') && len > 4) {
4852 avio_skip(pb, 4);
4853 len -= 4;
4854 p = &val;
4855 } else
4856 break;
4857
4858 if (*p)
4859 break;
4860
4861 *p = av_malloc(len + 1);
4862 if (!*p) {
4863 ret = AVERROR(ENOMEM);
4864 break;
4865 }
4866 ret = ffio_read_size(pb, *p, len);
4867 if (ret < 0) {
4868 av_freep(p);
4869 break;
4870 }
4871 (*p)[len] = 0;
4872 }
4873
4874 if (mean && key && val) {
4875 if (strcmp(key, "iTunSMPB") == 0) {
4876 int priming, remainder, samples;
4877 if(sscanf(val, "%*X %X %X %X", &priming, &remainder, &samples) == 3){
4878 if(priming>0 && priming<16384)
4879 sc->start_pad = priming;
4880 }
4881 }
4882 if (strcmp(key, "cdec") != 0) {
4883 av_dict_set(&c->fc->metadata, key, val,
4884 AV_DICT_DONT_STRDUP_KEY | AV_DICT_DONT_STRDUP_VAL);
4885 key = val = NULL;
4886 }
4887 } else {
4888 av_log(c->fc, AV_LOG_VERBOSE,
4889 "Unhandled or malformed custom metadata of size %"PRId64"\n", atom.size);
4890 }
4891
4892 avio_seek(pb, end, SEEK_SET);
4893 av_freep(&key);
4894 av_freep(&val);
4895 av_freep(&mean);
4896 return ret;
4897 }
4898
mov_read_meta(MOVContext * c,AVIOContext * pb,MOVAtom atom)4899 static int mov_read_meta(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4900 {
4901 while (atom.size > 8) {
4902 uint32_t tag;
4903 if (avio_feof(pb))
4904 return AVERROR_EOF;
4905 tag = avio_rl32(pb);
4906 atom.size -= 4;
4907 if (tag == MKTAG('h','d','l','r')) {
4908 avio_seek(pb, -8, SEEK_CUR);
4909 atom.size += 8;
4910 return mov_read_default(c, pb, atom);
4911 }
4912 }
4913 return 0;
4914 }
4915
4916 // return 1 when matrix is identity, 0 otherwise
4917 #define IS_MATRIX_IDENT(matrix) \
4918 ( (matrix)[0][0] == (1 << 16) && \
4919 (matrix)[1][1] == (1 << 16) && \
4920 (matrix)[2][2] == (1 << 30) && \
4921 !(matrix)[0][1] && !(matrix)[0][2] && \
4922 !(matrix)[1][0] && !(matrix)[1][2] && \
4923 !(matrix)[2][0] && !(matrix)[2][1])
4924
mov_read_tkhd(MOVContext * c,AVIOContext * pb,MOVAtom atom)4925 static int mov_read_tkhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4926 {
4927 int i, j, e;
4928 int width;
4929 int height;
4930 int display_matrix[3][3];
4931 int res_display_matrix[3][3] = { { 0 } };
4932 AVStream *st;
4933 MOVStreamContext *sc;
4934 int version;
4935 int flags;
4936
4937 if (c->fc->nb_streams < 1)
4938 return 0;
4939 st = c->fc->streams[c->fc->nb_streams-1];
4940 sc = st->priv_data;
4941
4942 // Each stream (trak) should have exactly 1 tkhd. This catches bad files and
4943 // avoids corrupting AVStreams mapped to an earlier tkhd.
4944 if (st->id != -1)
4945 return AVERROR_INVALIDDATA;
4946
4947 version = avio_r8(pb);
4948 flags = avio_rb24(pb);
4949 st->disposition |= (flags & MOV_TKHD_FLAG_ENABLED) ? AV_DISPOSITION_DEFAULT : 0;
4950
4951 if (version == 1) {
4952 avio_rb64(pb);
4953 avio_rb64(pb);
4954 } else {
4955 avio_rb32(pb); /* creation time */
4956 avio_rb32(pb); /* modification time */
4957 }
4958 st->id = (int)avio_rb32(pb); /* track id (NOT 0 !)*/
4959 avio_rb32(pb); /* reserved */
4960
4961 /* highlevel (considering edits) duration in movie timebase */
4962 (version == 1) ? avio_rb64(pb) : avio_rb32(pb);
4963 avio_rb32(pb); /* reserved */
4964 avio_rb32(pb); /* reserved */
4965
4966 avio_rb16(pb); /* layer */
4967 avio_rb16(pb); /* alternate group */
4968 avio_rb16(pb); /* volume */
4969 avio_rb16(pb); /* reserved */
4970
4971 //read in the display matrix (outlined in ISO 14496-12, Section 6.2.2)
4972 // they're kept in fixed point format through all calculations
4973 // save u,v,z to store the whole matrix in the AV_PKT_DATA_DISPLAYMATRIX
4974 // side data, but the scale factor is not needed to calculate aspect ratio
4975 for (i = 0; i < 3; i++) {
4976 display_matrix[i][0] = avio_rb32(pb); // 16.16 fixed point
4977 display_matrix[i][1] = avio_rb32(pb); // 16.16 fixed point
4978 display_matrix[i][2] = avio_rb32(pb); // 2.30 fixed point
4979 }
4980
4981 width = avio_rb32(pb); // 16.16 fixed point track width
4982 height = avio_rb32(pb); // 16.16 fixed point track height
4983 sc->width = width >> 16;
4984 sc->height = height >> 16;
4985
4986 // apply the moov display matrix (after the tkhd one)
4987 for (i = 0; i < 3; i++) {
4988 const int sh[3] = { 16, 16, 30 };
4989 for (j = 0; j < 3; j++) {
4990 for (e = 0; e < 3; e++) {
4991 res_display_matrix[i][j] +=
4992 ((int64_t) display_matrix[i][e] *
4993 c->movie_display_matrix[e][j]) >> sh[e];
4994 }
4995 }
4996 }
4997
4998 // save the matrix when it is not the default identity
4999 if (!IS_MATRIX_IDENT(res_display_matrix)) {
5000 av_freep(&sc->display_matrix);
5001 sc->display_matrix = av_malloc(sizeof(int32_t) * 9);
5002 if (!sc->display_matrix)
5003 return AVERROR(ENOMEM);
5004
5005 for (i = 0; i < 3; i++)
5006 for (j = 0; j < 3; j++)
5007 sc->display_matrix[i * 3 + j] = res_display_matrix[i][j];
5008 }
5009
5010 // transform the display width/height according to the matrix
5011 // to keep the same scale, use [width height 1<<16]
5012 if (width && height && sc->display_matrix) {
5013 double disp_transform[2];
5014
5015 for (i = 0; i < 2; i++)
5016 disp_transform[i] = hypot(sc->display_matrix[0 + i],
5017 sc->display_matrix[3 + i]);
5018
5019 if (disp_transform[0] > 1 && disp_transform[1] > 1 &&
5020 disp_transform[0] < (1<<24) && disp_transform[1] < (1<<24) &&
5021 fabs((disp_transform[0] / disp_transform[1]) - 1.0) > 0.01)
5022 st->sample_aspect_ratio = av_d2q(
5023 disp_transform[0] / disp_transform[1],
5024 INT_MAX);
5025 }
5026 return 0;
5027 }
5028
mov_read_tfhd(MOVContext * c,AVIOContext * pb,MOVAtom atom)5029 static int mov_read_tfhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5030 {
5031 MOVFragment *frag = &c->fragment;
5032 MOVTrackExt *trex = NULL;
5033 int flags, track_id, i;
5034 MOVFragmentStreamInfo * frag_stream_info;
5035
5036 avio_r8(pb); /* version */
5037 flags = avio_rb24(pb);
5038
5039 track_id = avio_rb32(pb);
5040 if (!track_id)
5041 return AVERROR_INVALIDDATA;
5042 for (i = 0; i < c->trex_count; i++)
5043 if (c->trex_data[i].track_id == track_id) {
5044 trex = &c->trex_data[i];
5045 break;
5046 }
5047 if (!trex) {
5048 av_log(c->fc, AV_LOG_WARNING, "could not find corresponding trex (id %u)\n", track_id);
5049 return 0;
5050 }
5051 c->fragment.found_tfhd = 1;
5052 frag->track_id = track_id;
5053 set_frag_stream(&c->frag_index, track_id);
5054
5055 frag->base_data_offset = flags & MOV_TFHD_BASE_DATA_OFFSET ?
5056 avio_rb64(pb) : flags & MOV_TFHD_DEFAULT_BASE_IS_MOOF ?
5057 frag->moof_offset : frag->implicit_offset;
5058 frag->stsd_id = flags & MOV_TFHD_STSD_ID ? avio_rb32(pb) : trex->stsd_id;
5059
5060 frag->duration = flags & MOV_TFHD_DEFAULT_DURATION ?
5061 avio_rb32(pb) : trex->duration;
5062 frag->size = flags & MOV_TFHD_DEFAULT_SIZE ?
5063 avio_rb32(pb) : trex->size;
5064 frag->flags = flags & MOV_TFHD_DEFAULT_FLAGS ?
5065 avio_rb32(pb) : trex->flags;
5066 av_log(c->fc, AV_LOG_TRACE, "frag flags 0x%x\n", frag->flags);
5067
5068 frag_stream_info = get_current_frag_stream_info(&c->frag_index);
5069 if (frag_stream_info)
5070 frag_stream_info->next_trun_dts = AV_NOPTS_VALUE;
5071
5072 return 0;
5073 }
5074
mov_read_chap(MOVContext * c,AVIOContext * pb,MOVAtom atom)5075 static int mov_read_chap(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5076 {
5077 unsigned i, num;
5078 void *new_tracks;
5079
5080 num = atom.size / 4;
5081 if (!(new_tracks = av_malloc_array(num, sizeof(int))))
5082 return AVERROR(ENOMEM);
5083
5084 av_free(c->chapter_tracks);
5085 c->chapter_tracks = new_tracks;
5086 c->nb_chapter_tracks = num;
5087
5088 for (i = 0; i < num && !pb->eof_reached; i++)
5089 c->chapter_tracks[i] = avio_rb32(pb);
5090
5091 c->nb_chapter_tracks = i;
5092
5093 return 0;
5094 }
5095
mov_read_trex(MOVContext * c,AVIOContext * pb,MOVAtom atom)5096 static int mov_read_trex(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5097 {
5098 MOVTrackExt *trex;
5099 int err;
5100
5101 if ((uint64_t)c->trex_count+1 >= UINT_MAX / sizeof(*c->trex_data))
5102 return AVERROR_INVALIDDATA;
5103 if ((err = av_reallocp_array(&c->trex_data, c->trex_count + 1,
5104 sizeof(*c->trex_data))) < 0) {
5105 c->trex_count = 0;
5106 return err;
5107 }
5108
5109 c->fc->duration = AV_NOPTS_VALUE; // the duration from mvhd is not representing the whole file when fragments are used.
5110
5111 trex = &c->trex_data[c->trex_count++];
5112 avio_r8(pb); /* version */
5113 avio_rb24(pb); /* flags */
5114 trex->track_id = avio_rb32(pb);
5115 trex->stsd_id = avio_rb32(pb);
5116 trex->duration = avio_rb32(pb);
5117 trex->size = avio_rb32(pb);
5118 trex->flags = avio_rb32(pb);
5119 return 0;
5120 }
5121
mov_read_tfdt(MOVContext * c,AVIOContext * pb,MOVAtom atom)5122 static int mov_read_tfdt(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5123 {
5124 MOVFragment *frag = &c->fragment;
5125 AVStream *st = NULL;
5126 MOVStreamContext *sc;
5127 int version, i;
5128 MOVFragmentStreamInfo * frag_stream_info;
5129 int64_t base_media_decode_time;
5130
5131 for (i = 0; i < c->fc->nb_streams; i++) {
5132 if (c->fc->streams[i]->id == frag->track_id) {
5133 st = c->fc->streams[i];
5134 break;
5135 }
5136 }
5137 if (!st) {
5138 av_log(c->fc, AV_LOG_WARNING, "could not find corresponding track id %u\n", frag->track_id);
5139 return 0;
5140 }
5141 sc = st->priv_data;
5142 if (sc->pseudo_stream_id + 1 != frag->stsd_id && sc->pseudo_stream_id != -1)
5143 return 0;
5144 version = avio_r8(pb);
5145 avio_rb24(pb); /* flags */
5146 if (version) {
5147 base_media_decode_time = avio_rb64(pb);
5148 } else {
5149 base_media_decode_time = avio_rb32(pb);
5150 }
5151
5152 frag_stream_info = get_current_frag_stream_info(&c->frag_index);
5153 if (frag_stream_info)
5154 frag_stream_info->tfdt_dts = base_media_decode_time;
5155 sc->track_end = base_media_decode_time;
5156
5157 return 0;
5158 }
5159
mov_read_trun(MOVContext * c,AVIOContext * pb,MOVAtom atom)5160 static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5161 {
5162 MOVFragment *frag = &c->fragment;
5163 AVStream *st = NULL;
5164 FFStream *sti = NULL;
5165 MOVStreamContext *sc;
5166 MOVCtts *ctts_data;
5167 uint64_t offset;
5168 int64_t dts, pts = AV_NOPTS_VALUE;
5169 int data_offset = 0;
5170 unsigned entries, first_sample_flags = frag->flags;
5171 int flags, distance, i;
5172 int64_t prev_dts = AV_NOPTS_VALUE;
5173 int next_frag_index = -1, index_entry_pos;
5174 size_t requested_size;
5175 size_t old_ctts_allocated_size;
5176 AVIndexEntry *new_entries;
5177 MOVFragmentStreamInfo * frag_stream_info;
5178
5179 if (!frag->found_tfhd) {
5180 av_log(c->fc, AV_LOG_ERROR, "trun track id unknown, no tfhd was found\n");
5181 return AVERROR_INVALIDDATA;
5182 }
5183
5184 for (i = 0; i < c->fc->nb_streams; i++) {
5185 if (c->fc->streams[i]->id == frag->track_id) {
5186 st = c->fc->streams[i];
5187 sti = ffstream(st);
5188 break;
5189 }
5190 }
5191 if (!st) {
5192 av_log(c->fc, AV_LOG_WARNING, "could not find corresponding track id %u\n", frag->track_id);
5193 return 0;
5194 }
5195 sc = st->priv_data;
5196 if (sc->pseudo_stream_id+1 != frag->stsd_id && sc->pseudo_stream_id != -1)
5197 return 0;
5198
5199 // Find the next frag_index index that has a valid index_entry for
5200 // the current track_id.
5201 //
5202 // A valid index_entry means the trun for the fragment was read
5203 // and it's samples are in index_entries at the given position.
5204 // New index entries will be inserted before the index_entry found.
5205 index_entry_pos = sti->nb_index_entries;
5206 for (i = c->frag_index.current + 1; i < c->frag_index.nb_items; i++) {
5207 frag_stream_info = get_frag_stream_info(&c->frag_index, i, frag->track_id);
5208 if (frag_stream_info && frag_stream_info->index_entry >= 0) {
5209 next_frag_index = i;
5210 index_entry_pos = frag_stream_info->index_entry;
5211 break;
5212 }
5213 }
5214 av_assert0(index_entry_pos <= sti->nb_index_entries);
5215
5216 avio_r8(pb); /* version */
5217 flags = avio_rb24(pb);
5218 entries = avio_rb32(pb);
5219 av_log(c->fc, AV_LOG_TRACE, "flags 0x%x entries %u\n", flags, entries);
5220
5221 if ((uint64_t)entries+sc->ctts_count >= UINT_MAX/sizeof(*sc->ctts_data))
5222 return AVERROR_INVALIDDATA;
5223 if (flags & MOV_TRUN_DATA_OFFSET) data_offset = avio_rb32(pb);
5224 if (flags & MOV_TRUN_FIRST_SAMPLE_FLAGS) first_sample_flags = avio_rb32(pb);
5225
5226 frag_stream_info = get_current_frag_stream_info(&c->frag_index);
5227 if (frag_stream_info) {
5228 if (frag_stream_info->next_trun_dts != AV_NOPTS_VALUE) {
5229 dts = frag_stream_info->next_trun_dts - sc->time_offset;
5230 } else if (frag_stream_info->first_tfra_pts != AV_NOPTS_VALUE &&
5231 c->use_mfra_for == FF_MOV_FLAG_MFRA_PTS) {
5232 pts = frag_stream_info->first_tfra_pts;
5233 av_log(c->fc, AV_LOG_DEBUG, "found mfra time %"PRId64
5234 ", using it for pts\n", pts);
5235 } else if (frag_stream_info->first_tfra_pts != AV_NOPTS_VALUE &&
5236 c->use_mfra_for == FF_MOV_FLAG_MFRA_DTS) {
5237 dts = frag_stream_info->first_tfra_pts;
5238 av_log(c->fc, AV_LOG_DEBUG, "found mfra time %"PRId64
5239 ", using it for dts\n", pts);
5240 } else {
5241 int has_tfdt = frag_stream_info->tfdt_dts != AV_NOPTS_VALUE;
5242 int has_sidx = frag_stream_info->sidx_pts != AV_NOPTS_VALUE;
5243 int fallback_tfdt = !c->use_tfdt && !has_sidx && has_tfdt;
5244 int fallback_sidx = c->use_tfdt && !has_tfdt && has_sidx;
5245
5246 if (fallback_sidx) {
5247 av_log(c->fc, AV_LOG_DEBUG, "use_tfdt set but no tfdt found, using sidx instead\n");
5248 }
5249 if (fallback_tfdt) {
5250 av_log(c->fc, AV_LOG_DEBUG, "use_tfdt not set but no sidx found, using tfdt instead\n");
5251 }
5252
5253 if (has_tfdt && c->use_tfdt || fallback_tfdt) {
5254 dts = frag_stream_info->tfdt_dts - sc->time_offset;
5255 av_log(c->fc, AV_LOG_DEBUG, "found tfdt time %"PRId64
5256 ", using it for dts\n", dts);
5257 } else if (has_sidx && !c->use_tfdt || fallback_sidx) {
5258 // FIXME: sidx earliest_presentation_time is *PTS*, s.b.
5259 // pts = frag_stream_info->sidx_pts;
5260 dts = frag_stream_info->sidx_pts - sc->time_offset;
5261 av_log(c->fc, AV_LOG_DEBUG, "found sidx time %"PRId64
5262 ", using it for dts\n", frag_stream_info->sidx_pts);
5263 } else {
5264 dts = sc->track_end - sc->time_offset;
5265 av_log(c->fc, AV_LOG_DEBUG, "found track end time %"PRId64
5266 ", using it for dts\n", dts);
5267 }
5268 }
5269 } else {
5270 dts = sc->track_end - sc->time_offset;
5271 av_log(c->fc, AV_LOG_DEBUG, "found track end time %"PRId64
5272 ", using it for dts\n", dts);
5273 }
5274 offset = frag->base_data_offset + data_offset;
5275 distance = 0;
5276 av_log(c->fc, AV_LOG_TRACE, "first sample flags 0x%x\n", first_sample_flags);
5277
5278 // realloc space for new index entries
5279 if ((uint64_t)sti->nb_index_entries + entries >= UINT_MAX / sizeof(AVIndexEntry)) {
5280 entries = UINT_MAX / sizeof(AVIndexEntry) - sti->nb_index_entries;
5281 av_log(c->fc, AV_LOG_ERROR, "Failed to add index entry\n");
5282 }
5283 if (entries == 0)
5284 return 0;
5285
5286 requested_size = (sti->nb_index_entries + entries) * sizeof(AVIndexEntry);
5287 new_entries = av_fast_realloc(sti->index_entries,
5288 &sti->index_entries_allocated_size,
5289 requested_size);
5290 if (!new_entries)
5291 return AVERROR(ENOMEM);
5292 sti->index_entries= new_entries;
5293
5294 requested_size = (sti->nb_index_entries + entries) * sizeof(*sc->ctts_data);
5295 old_ctts_allocated_size = sc->ctts_allocated_size;
5296 ctts_data = av_fast_realloc(sc->ctts_data, &sc->ctts_allocated_size,
5297 requested_size);
5298 if (!ctts_data)
5299 return AVERROR(ENOMEM);
5300 sc->ctts_data = ctts_data;
5301
5302 // In case there were samples without ctts entries, ensure they get
5303 // zero valued entries. This ensures clips which mix boxes with and
5304 // without ctts entries don't pickup uninitialized data.
5305 memset((uint8_t*)(sc->ctts_data) + old_ctts_allocated_size, 0,
5306 sc->ctts_allocated_size - old_ctts_allocated_size);
5307
5308 if (index_entry_pos < sti->nb_index_entries) {
5309 // Make hole in index_entries and ctts_data for new samples
5310 memmove(sti->index_entries + index_entry_pos + entries,
5311 sti->index_entries + index_entry_pos,
5312 sizeof(*sti->index_entries) *
5313 (sti->nb_index_entries - index_entry_pos));
5314 memmove(sc->ctts_data + index_entry_pos + entries,
5315 sc->ctts_data + index_entry_pos,
5316 sizeof(*sc->ctts_data) * (sc->ctts_count - index_entry_pos));
5317 if (index_entry_pos < sc->current_sample) {
5318 sc->current_sample += entries;
5319 }
5320 }
5321
5322 sti->nb_index_entries += entries;
5323 sc->ctts_count = sti->nb_index_entries;
5324
5325 // Record the index_entry position in frag_index of this fragment
5326 if (frag_stream_info)
5327 frag_stream_info->index_entry = index_entry_pos;
5328
5329 if (index_entry_pos > 0)
5330 prev_dts = sti->index_entries[index_entry_pos-1].timestamp;
5331
5332 for (i = 0; i < entries && !pb->eof_reached; i++) {
5333 unsigned sample_size = frag->size;
5334 int sample_flags = i ? frag->flags : first_sample_flags;
5335 unsigned sample_duration = frag->duration;
5336 unsigned ctts_duration = 0;
5337 int keyframe = 0;
5338 int index_entry_flags = 0;
5339
5340 if (flags & MOV_TRUN_SAMPLE_DURATION) sample_duration = avio_rb32(pb);
5341 if (flags & MOV_TRUN_SAMPLE_SIZE) sample_size = avio_rb32(pb);
5342 if (flags & MOV_TRUN_SAMPLE_FLAGS) sample_flags = avio_rb32(pb);
5343 if (flags & MOV_TRUN_SAMPLE_CTS) ctts_duration = avio_rb32(pb);
5344
5345 mov_update_dts_shift(sc, ctts_duration, c->fc);
5346 if (pts != AV_NOPTS_VALUE) {
5347 dts = pts - sc->dts_shift;
5348 if (flags & MOV_TRUN_SAMPLE_CTS) {
5349 dts -= ctts_duration;
5350 } else {
5351 dts -= sc->time_offset;
5352 }
5353 av_log(c->fc, AV_LOG_DEBUG,
5354 "pts %"PRId64" calculated dts %"PRId64
5355 " sc->dts_shift %d ctts.duration %d"
5356 " sc->time_offset %"PRId64
5357 " flags & MOV_TRUN_SAMPLE_CTS %d\n",
5358 pts, dts,
5359 sc->dts_shift, ctts_duration,
5360 sc->time_offset, flags & MOV_TRUN_SAMPLE_CTS);
5361 pts = AV_NOPTS_VALUE;
5362 }
5363
5364 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO)
5365 keyframe = 1;
5366 else
5367 keyframe =
5368 !(sample_flags & (MOV_FRAG_SAMPLE_FLAG_IS_NON_SYNC |
5369 MOV_FRAG_SAMPLE_FLAG_DEPENDS_YES));
5370 if (keyframe) {
5371 distance = 0;
5372 index_entry_flags |= AVINDEX_KEYFRAME;
5373 }
5374 // Fragments can overlap in time. Discard overlapping frames after
5375 // decoding.
5376 if (prev_dts >= dts)
5377 index_entry_flags |= AVINDEX_DISCARD_FRAME;
5378
5379 sti->index_entries[index_entry_pos].pos = offset;
5380 sti->index_entries[index_entry_pos].timestamp = dts;
5381 sti->index_entries[index_entry_pos].size = sample_size;
5382 sti->index_entries[index_entry_pos].min_distance = distance;
5383 sti->index_entries[index_entry_pos].flags = index_entry_flags;
5384
5385 sc->ctts_data[index_entry_pos].count = 1;
5386 sc->ctts_data[index_entry_pos].duration = ctts_duration;
5387 index_entry_pos++;
5388
5389 av_log(c->fc, AV_LOG_TRACE, "AVIndex stream %d, sample %d, offset %"PRIx64", dts %"PRId64", "
5390 "size %u, distance %d, keyframe %d\n", st->index,
5391 index_entry_pos, offset, dts, sample_size, distance, keyframe);
5392 distance++;
5393 if (av_sat_add64(dts, sample_duration) != dts + (uint64_t)sample_duration)
5394 return AVERROR_INVALIDDATA;
5395 if (!sample_size)
5396 return AVERROR_INVALIDDATA;
5397 dts += sample_duration;
5398 offset += sample_size;
5399 sc->data_size += sample_size;
5400
5401 if (sample_duration <= INT64_MAX - sc->duration_for_fps &&
5402 1 <= INT_MAX - sc->nb_frames_for_fps
5403 ) {
5404 sc->duration_for_fps += sample_duration;
5405 sc->nb_frames_for_fps ++;
5406 }
5407 }
5408 if (frag_stream_info)
5409 frag_stream_info->next_trun_dts = dts + sc->time_offset;
5410 if (i < entries) {
5411 // EOF found before reading all entries. Fix the hole this would
5412 // leave in index_entries and ctts_data
5413 int gap = entries - i;
5414 memmove(sti->index_entries + index_entry_pos,
5415 sti->index_entries + index_entry_pos + gap,
5416 sizeof(*sti->index_entries) *
5417 (sti->nb_index_entries - (index_entry_pos + gap)));
5418 memmove(sc->ctts_data + index_entry_pos,
5419 sc->ctts_data + index_entry_pos + gap,
5420 sizeof(*sc->ctts_data) *
5421 (sc->ctts_count - (index_entry_pos + gap)));
5422
5423 sti->nb_index_entries -= gap;
5424 sc->ctts_count -= gap;
5425 if (index_entry_pos < sc->current_sample) {
5426 sc->current_sample -= gap;
5427 }
5428 entries = i;
5429 }
5430
5431 // The end of this new fragment may overlap in time with the start
5432 // of the next fragment in index_entries. Mark the samples in the next
5433 // fragment that overlap with AVINDEX_DISCARD_FRAME
5434 prev_dts = AV_NOPTS_VALUE;
5435 if (index_entry_pos > 0)
5436 prev_dts = sti->index_entries[index_entry_pos-1].timestamp;
5437 for (int i = index_entry_pos; i < sti->nb_index_entries; i++) {
5438 if (prev_dts < sti->index_entries[i].timestamp)
5439 break;
5440 sti->index_entries[i].flags |= AVINDEX_DISCARD_FRAME;
5441 }
5442
5443 // If a hole was created to insert the new index_entries into,
5444 // the index_entry recorded for all subsequent moof must
5445 // be incremented by the number of entries inserted.
5446 fix_frag_index_entries(&c->frag_index, next_frag_index,
5447 frag->track_id, entries);
5448
5449 if (pb->eof_reached) {
5450 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted TRUN atom\n");
5451 return AVERROR_EOF;
5452 }
5453
5454 frag->implicit_offset = offset;
5455
5456 sc->track_end = dts + sc->time_offset;
5457 if (st->duration < sc->track_end)
5458 st->duration = sc->track_end;
5459
5460 return 0;
5461 }
5462
mov_read_sidx(MOVContext * c,AVIOContext * pb,MOVAtom atom)5463 static int mov_read_sidx(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5464 {
5465 int64_t stream_size = avio_size(pb);
5466 int64_t offset = av_sat_add64(avio_tell(pb), atom.size), pts, timestamp;
5467 uint8_t version, is_complete;
5468 int64_t offadd;
5469 unsigned i, j, track_id, item_count;
5470 AVStream *st = NULL;
5471 AVStream *ref_st = NULL;
5472 MOVStreamContext *sc, *ref_sc = NULL;
5473 AVRational timescale;
5474
5475 version = avio_r8(pb);
5476 if (version > 1) {
5477 avpriv_request_sample(c->fc, "sidx version %u", version);
5478 return 0;
5479 }
5480
5481 avio_rb24(pb); // flags
5482
5483 track_id = avio_rb32(pb); // Reference ID
5484 for (i = 0; i < c->fc->nb_streams; i++) {
5485 if (c->fc->streams[i]->id == track_id) {
5486 st = c->fc->streams[i];
5487 break;
5488 }
5489 }
5490 if (!st) {
5491 av_log(c->fc, AV_LOG_WARNING, "could not find corresponding track id %d\n", track_id);
5492 return 0;
5493 }
5494
5495 sc = st->priv_data;
5496
5497 timescale = av_make_q(1, avio_rb32(pb));
5498
5499 if (timescale.den <= 0) {
5500 av_log(c->fc, AV_LOG_ERROR, "Invalid sidx timescale 1/%d\n", timescale.den);
5501 return AVERROR_INVALIDDATA;
5502 }
5503
5504 if (version == 0) {
5505 pts = avio_rb32(pb);
5506 offadd= avio_rb32(pb);
5507 } else {
5508 pts = avio_rb64(pb);
5509 offadd= avio_rb64(pb);
5510 }
5511 if (av_sat_add64(offset, offadd) != offset + (uint64_t)offadd)
5512 return AVERROR_INVALIDDATA;
5513
5514 offset += (uint64_t)offadd;
5515
5516 avio_rb16(pb); // reserved
5517
5518 item_count = avio_rb16(pb);
5519 if (item_count == 0)
5520 return AVERROR_INVALIDDATA;
5521 #ifdef OHOS_CAL_DASH_BITRATE
5522 sc->referenced_size = 0;
5523 #endif
5524 for (i = 0; i < item_count; i++) {
5525 int index;
5526 MOVFragmentStreamInfo * frag_stream_info;
5527 uint32_t size = avio_rb32(pb);
5528 uint32_t duration = avio_rb32(pb);
5529 if (size & 0x80000000) {
5530 avpriv_request_sample(c->fc, "sidx reference_type 1");
5531 return AVERROR_PATCHWELCOME;
5532 }
5533 avio_rb32(pb); // sap_flags
5534 timestamp = av_rescale_q(pts, timescale, st->time_base);
5535
5536 index = update_frag_index(c, offset);
5537 frag_stream_info = get_frag_stream_info(&c->frag_index, index, track_id);
5538 if (frag_stream_info)
5539 frag_stream_info->sidx_pts = timestamp;
5540
5541 if (av_sat_add64(offset, size) != offset + (uint64_t)size ||
5542 av_sat_add64(pts, duration) != pts + (uint64_t)duration
5543 )
5544 return AVERROR_INVALIDDATA;
5545 offset += size;
5546 pts += duration;
5547 #ifdef OHOS_CAL_DASH_BITRATE
5548 sc->referenced_size += size;
5549 #endif
5550 }
5551
5552 st->duration = sc->track_end = pts;
5553
5554 sc->has_sidx = 1;
5555
5556 // See if the remaining bytes are just an mfra which we can ignore.
5557 is_complete = offset == stream_size;
5558 if (!is_complete && (pb->seekable & AVIO_SEEKABLE_NORMAL) && stream_size > 0 ) {
5559 int64_t ret;
5560 int64_t original_pos = avio_tell(pb);
5561 if (!c->have_read_mfra_size) {
5562 if ((ret = avio_seek(pb, stream_size - 4, SEEK_SET)) < 0)
5563 return ret;
5564 c->mfra_size = avio_rb32(pb);
5565 c->have_read_mfra_size = 1;
5566 if ((ret = avio_seek(pb, original_pos, SEEK_SET)) < 0)
5567 return ret;
5568 }
5569 if (offset == stream_size - c->mfra_size)
5570 is_complete = 1;
5571 }
5572
5573 if (is_complete) {
5574 // Find first entry in fragment index that came from an sidx.
5575 // This will pretty much always be the first entry.
5576 for (i = 0; i < c->frag_index.nb_items; i++) {
5577 MOVFragmentIndexItem * item = &c->frag_index.item[i];
5578 for (j = 0; ref_st == NULL && j < item->nb_stream_info; j++) {
5579 MOVFragmentStreamInfo * si;
5580 si = &item->stream_info[j];
5581 if (si->sidx_pts != AV_NOPTS_VALUE) {
5582 ref_st = c->fc->streams[j];
5583 ref_sc = ref_st->priv_data;
5584 break;
5585 }
5586 }
5587 }
5588 if (ref_st) for (i = 0; i < c->fc->nb_streams; i++) {
5589 st = c->fc->streams[i];
5590 sc = st->priv_data;
5591 if (!sc->has_sidx) {
5592 st->duration = sc->track_end = av_rescale(ref_st->duration, sc->time_scale, ref_sc->time_scale);
5593 }
5594 }
5595
5596 c->frag_index.complete = 1;
5597 }
5598
5599 return 0;
5600 }
5601
5602 /* this atom should be null (from specs), but some buggy files put the 'moov' atom inside it... */
5603 /* like the files created with Adobe Premiere 5.0, for samples see */
5604 /* http://graphics.tudelft.nl/~wouter/publications/soundtests/ */
mov_read_wide(MOVContext * c,AVIOContext * pb,MOVAtom atom)5605 static int mov_read_wide(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5606 {
5607 int err;
5608
5609 if (atom.size < 8)
5610 return 0; /* continue */
5611 if (avio_rb32(pb) != 0) { /* 0 sized mdat atom... use the 'wide' atom size */
5612 avio_skip(pb, atom.size - 4);
5613 return 0;
5614 }
5615 atom.type = avio_rl32(pb);
5616 atom.size -= 8;
5617 if (atom.type != MKTAG('m','d','a','t')) {
5618 avio_skip(pb, atom.size);
5619 return 0;
5620 }
5621 err = mov_read_mdat(c, pb, atom);
5622 return err;
5623 }
5624
mov_read_cmov(MOVContext * c,AVIOContext * pb,MOVAtom atom)5625 static int mov_read_cmov(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5626 {
5627 #if CONFIG_ZLIB
5628 FFIOContext ctx;
5629 uint8_t *cmov_data;
5630 uint8_t *moov_data; /* uncompressed data */
5631 long cmov_len, moov_len;
5632 int ret = -1;
5633
5634 avio_rb32(pb); /* dcom atom */
5635 if (avio_rl32(pb) != MKTAG('d','c','o','m'))
5636 return AVERROR_INVALIDDATA;
5637 if (avio_rl32(pb) != MKTAG('z','l','i','b')) {
5638 av_log(c->fc, AV_LOG_ERROR, "unknown compression for cmov atom !\n");
5639 return AVERROR_INVALIDDATA;
5640 }
5641 avio_rb32(pb); /* cmvd atom */
5642 if (avio_rl32(pb) != MKTAG('c','m','v','d'))
5643 return AVERROR_INVALIDDATA;
5644 moov_len = avio_rb32(pb); /* uncompressed size */
5645 cmov_len = atom.size - 6 * 4;
5646
5647 cmov_data = av_malloc(cmov_len);
5648 if (!cmov_data)
5649 return AVERROR(ENOMEM);
5650 moov_data = av_malloc(moov_len);
5651 if (!moov_data) {
5652 av_free(cmov_data);
5653 return AVERROR(ENOMEM);
5654 }
5655 ret = ffio_read_size(pb, cmov_data, cmov_len);
5656 if (ret < 0)
5657 goto free_and_return;
5658
5659 ret = AVERROR_INVALIDDATA;
5660 if (uncompress (moov_data, (uLongf *) &moov_len, (const Bytef *)cmov_data, cmov_len) != Z_OK)
5661 goto free_and_return;
5662 ffio_init_context(&ctx, moov_data, moov_len, 0, NULL, NULL, NULL, NULL);
5663 ctx.pub.seekable = AVIO_SEEKABLE_NORMAL;
5664 atom.type = MKTAG('m','o','o','v');
5665 atom.size = moov_len;
5666 ret = mov_read_default(c, &ctx.pub, atom);
5667 free_and_return:
5668 av_free(moov_data);
5669 av_free(cmov_data);
5670 return ret;
5671 #else
5672 av_log(c->fc, AV_LOG_ERROR, "this file requires zlib support compiled in\n");
5673 return AVERROR(ENOSYS);
5674 #endif
5675 }
5676
5677 /* edit list atom */
mov_read_elst(MOVContext * c,AVIOContext * pb,MOVAtom atom)5678 static int mov_read_elst(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5679 {
5680 MOVStreamContext *sc;
5681 int i, edit_count, version;
5682 int64_t elst_entry_size;
5683
5684 if (c->fc->nb_streams < 1 || c->ignore_editlist)
5685 return 0;
5686 sc = c->fc->streams[c->fc->nb_streams-1]->priv_data;
5687
5688 version = avio_r8(pb); /* version */
5689 avio_rb24(pb); /* flags */
5690 edit_count = avio_rb32(pb); /* entries */
5691 atom.size -= 8;
5692
5693 elst_entry_size = version == 1 ? 20 : 12;
5694 if (atom.size != edit_count * elst_entry_size) {
5695 if (c->fc->strict_std_compliance >= FF_COMPLIANCE_STRICT) {
5696 av_log(c->fc, AV_LOG_ERROR, "Invalid edit list entry_count: %d for elst atom of size: %"PRId64" bytes.\n",
5697 edit_count, atom.size + 8);
5698 return AVERROR_INVALIDDATA;
5699 } else {
5700 edit_count = atom.size / elst_entry_size;
5701 if (edit_count * elst_entry_size != atom.size) {
5702 av_log(c->fc, AV_LOG_WARNING, "ELST atom of %"PRId64" bytes, bigger than %d entries.\n", atom.size, edit_count);
5703 }
5704 }
5705 }
5706
5707 if (!edit_count)
5708 return 0;
5709 if (sc->elst_data)
5710 av_log(c->fc, AV_LOG_WARNING, "Duplicated ELST atom\n");
5711 av_free(sc->elst_data);
5712 sc->elst_count = 0;
5713 sc->elst_data = av_malloc_array(edit_count, sizeof(*sc->elst_data));
5714 if (!sc->elst_data)
5715 return AVERROR(ENOMEM);
5716
5717 av_log(c->fc, AV_LOG_TRACE, "track[%u].edit_count = %i\n", c->fc->nb_streams - 1, edit_count);
5718 for (i = 0; i < edit_count && atom.size > 0 && !pb->eof_reached; i++) {
5719 MOVElst *e = &sc->elst_data[i];
5720
5721 if (version == 1) {
5722 e->duration = avio_rb64(pb);
5723 e->time = avio_rb64(pb);
5724 atom.size -= 16;
5725 } else {
5726 e->duration = avio_rb32(pb); /* segment duration */
5727 e->time = (int32_t)avio_rb32(pb); /* media time */
5728 atom.size -= 8;
5729 }
5730 e->rate = avio_rb32(pb) / 65536.0;
5731 atom.size -= 4;
5732 av_log(c->fc, AV_LOG_TRACE, "duration=%"PRId64" time=%"PRId64" rate=%f\n",
5733 e->duration, e->time, e->rate);
5734
5735 if (e->time < 0 && e->time != -1 &&
5736 c->fc->strict_std_compliance >= FF_COMPLIANCE_STRICT) {
5737 av_log(c->fc, AV_LOG_ERROR, "Track %d, edit %d: Invalid edit list media time=%"PRId64"\n",
5738 c->fc->nb_streams-1, i, e->time);
5739 return AVERROR_INVALIDDATA;
5740 }
5741 }
5742 sc->elst_count = i;
5743
5744 return 0;
5745 }
5746
mov_read_tmcd(MOVContext * c,AVIOContext * pb,MOVAtom atom)5747 static int mov_read_tmcd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5748 {
5749 MOVStreamContext *sc;
5750
5751 if (c->fc->nb_streams < 1)
5752 return AVERROR_INVALIDDATA;
5753 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5754 sc->timecode_track = avio_rb32(pb);
5755 return 0;
5756 }
5757
mov_read_vpcc(MOVContext * c,AVIOContext * pb,MOVAtom atom)5758 static int mov_read_vpcc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5759 {
5760 AVStream *st;
5761 int version, color_range, color_primaries, color_trc, color_space;
5762
5763 if (c->fc->nb_streams < 1)
5764 return 0;
5765 st = c->fc->streams[c->fc->nb_streams - 1];
5766
5767 if (atom.size < 5) {
5768 av_log(c->fc, AV_LOG_ERROR, "Empty VP Codec Configuration box\n");
5769 return AVERROR_INVALIDDATA;
5770 }
5771
5772 version = avio_r8(pb);
5773 if (version != 1) {
5774 av_log(c->fc, AV_LOG_WARNING, "Unsupported VP Codec Configuration box version %d\n", version);
5775 return 0;
5776 }
5777 avio_skip(pb, 3); /* flags */
5778
5779 avio_skip(pb, 2); /* profile + level */
5780 color_range = avio_r8(pb); /* bitDepth, chromaSubsampling, videoFullRangeFlag */
5781 color_primaries = avio_r8(pb);
5782 color_trc = avio_r8(pb);
5783 color_space = avio_r8(pb);
5784 if (avio_rb16(pb)) /* codecIntializationDataSize */
5785 return AVERROR_INVALIDDATA;
5786
5787 if (!av_color_primaries_name(color_primaries))
5788 color_primaries = AVCOL_PRI_UNSPECIFIED;
5789 if (!av_color_transfer_name(color_trc))
5790 color_trc = AVCOL_TRC_UNSPECIFIED;
5791 if (!av_color_space_name(color_space))
5792 color_space = AVCOL_SPC_UNSPECIFIED;
5793
5794 st->codecpar->color_range = (color_range & 1) ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG;
5795 st->codecpar->color_primaries = color_primaries;
5796 st->codecpar->color_trc = color_trc;
5797 st->codecpar->color_space = color_space;
5798
5799 return 0;
5800 }
5801
mov_read_smdm(MOVContext * c,AVIOContext * pb,MOVAtom atom)5802 static int mov_read_smdm(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5803 {
5804 MOVStreamContext *sc;
5805 int i, version;
5806
5807 if (c->fc->nb_streams < 1)
5808 return AVERROR_INVALIDDATA;
5809
5810 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5811
5812 if (atom.size < 5) {
5813 av_log(c->fc, AV_LOG_ERROR, "Empty Mastering Display Metadata box\n");
5814 return AVERROR_INVALIDDATA;
5815 }
5816
5817 version = avio_r8(pb);
5818 if (version) {
5819 av_log(c->fc, AV_LOG_WARNING, "Unsupported Mastering Display Metadata box version %d\n", version);
5820 return 0;
5821 }
5822 if (sc->mastering)
5823 return AVERROR_INVALIDDATA;
5824
5825 avio_skip(pb, 3); /* flags */
5826
5827 sc->mastering = av_mastering_display_metadata_alloc();
5828 if (!sc->mastering)
5829 return AVERROR(ENOMEM);
5830
5831 for (i = 0; i < 3; i++) {
5832 sc->mastering->display_primaries[i][0] = av_make_q(avio_rb16(pb), 1 << 16);
5833 sc->mastering->display_primaries[i][1] = av_make_q(avio_rb16(pb), 1 << 16);
5834 }
5835 sc->mastering->white_point[0] = av_make_q(avio_rb16(pb), 1 << 16);
5836 sc->mastering->white_point[1] = av_make_q(avio_rb16(pb), 1 << 16);
5837
5838 sc->mastering->max_luminance = av_make_q(avio_rb32(pb), 1 << 8);
5839 sc->mastering->min_luminance = av_make_q(avio_rb32(pb), 1 << 14);
5840
5841 sc->mastering->has_primaries = 1;
5842 sc->mastering->has_luminance = 1;
5843
5844 return 0;
5845 }
5846
mov_read_mdcv(MOVContext * c,AVIOContext * pb,MOVAtom atom)5847 static int mov_read_mdcv(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5848 {
5849 MOVStreamContext *sc;
5850 const int mapping[3] = {1, 2, 0};
5851 const int chroma_den = 50000;
5852 const int luma_den = 10000;
5853 int i;
5854
5855 if (c->fc->nb_streams < 1)
5856 return AVERROR_INVALIDDATA;
5857
5858 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5859
5860 if (atom.size < 24 || sc->mastering) {
5861 av_log(c->fc, AV_LOG_ERROR, "Invalid Mastering Display Color Volume box\n");
5862 return AVERROR_INVALIDDATA;
5863 }
5864
5865 sc->mastering = av_mastering_display_metadata_alloc();
5866 if (!sc->mastering)
5867 return AVERROR(ENOMEM);
5868
5869 for (i = 0; i < 3; i++) {
5870 const int j = mapping[i];
5871 sc->mastering->display_primaries[j][0] = av_make_q(avio_rb16(pb), chroma_den);
5872 sc->mastering->display_primaries[j][1] = av_make_q(avio_rb16(pb), chroma_den);
5873 }
5874 sc->mastering->white_point[0] = av_make_q(avio_rb16(pb), chroma_den);
5875 sc->mastering->white_point[1] = av_make_q(avio_rb16(pb), chroma_den);
5876
5877 sc->mastering->max_luminance = av_make_q(avio_rb32(pb), luma_den);
5878 sc->mastering->min_luminance = av_make_q(avio_rb32(pb), luma_den);
5879
5880 sc->mastering->has_luminance = 1;
5881 sc->mastering->has_primaries = 1;
5882
5883 return 0;
5884 }
5885
mov_read_coll(MOVContext * c,AVIOContext * pb,MOVAtom atom)5886 static int mov_read_coll(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5887 {
5888 MOVStreamContext *sc;
5889 int version;
5890
5891 if (c->fc->nb_streams < 1)
5892 return AVERROR_INVALIDDATA;
5893
5894 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5895
5896 if (atom.size < 5) {
5897 av_log(c->fc, AV_LOG_ERROR, "Empty Content Light Level box\n");
5898 return AVERROR_INVALIDDATA;
5899 }
5900
5901 version = avio_r8(pb);
5902 if (version) {
5903 av_log(c->fc, AV_LOG_WARNING, "Unsupported Content Light Level box version %d\n", version);
5904 return 0;
5905 }
5906 avio_skip(pb, 3); /* flags */
5907
5908 if (sc->coll){
5909 av_log(c->fc, AV_LOG_WARNING, "Ignoring duplicate COLL\n");
5910 return 0;
5911 }
5912
5913 sc->coll = av_content_light_metadata_alloc(&sc->coll_size);
5914 if (!sc->coll)
5915 return AVERROR(ENOMEM);
5916
5917 sc->coll->MaxCLL = avio_rb16(pb);
5918 sc->coll->MaxFALL = avio_rb16(pb);
5919
5920 return 0;
5921 }
5922
mov_read_clli(MOVContext * c,AVIOContext * pb,MOVAtom atom)5923 static int mov_read_clli(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5924 {
5925 MOVStreamContext *sc;
5926
5927 if (c->fc->nb_streams < 1)
5928 return AVERROR_INVALIDDATA;
5929
5930 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5931
5932 if (atom.size < 4) {
5933 av_log(c->fc, AV_LOG_ERROR, "Empty Content Light Level Info box\n");
5934 return AVERROR_INVALIDDATA;
5935 }
5936
5937 if (sc->coll){
5938 av_log(c->fc, AV_LOG_WARNING, "Ignoring duplicate CLLI/COLL\n");
5939 return 0;
5940 }
5941
5942 sc->coll = av_content_light_metadata_alloc(&sc->coll_size);
5943 if (!sc->coll)
5944 return AVERROR(ENOMEM);
5945
5946 sc->coll->MaxCLL = avio_rb16(pb);
5947 sc->coll->MaxFALL = avio_rb16(pb);
5948
5949 return 0;
5950 }
5951
mov_read_st3d(MOVContext * c,AVIOContext * pb,MOVAtom atom)5952 static int mov_read_st3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5953 {
5954 AVStream *st;
5955 MOVStreamContext *sc;
5956 enum AVStereo3DType type;
5957 int mode;
5958
5959 if (c->fc->nb_streams < 1)
5960 return 0;
5961
5962 st = c->fc->streams[c->fc->nb_streams - 1];
5963 sc = st->priv_data;
5964
5965 if (atom.size < 5) {
5966 av_log(c->fc, AV_LOG_ERROR, "Empty stereoscopic video box\n");
5967 return AVERROR_INVALIDDATA;
5968 }
5969
5970 if (sc->stereo3d)
5971 return AVERROR_INVALIDDATA;
5972
5973 avio_skip(pb, 4); /* version + flags */
5974
5975 mode = avio_r8(pb);
5976 switch (mode) {
5977 case 0:
5978 type = AV_STEREO3D_2D;
5979 break;
5980 case 1:
5981 type = AV_STEREO3D_TOPBOTTOM;
5982 break;
5983 case 2:
5984 type = AV_STEREO3D_SIDEBYSIDE;
5985 break;
5986 default:
5987 av_log(c->fc, AV_LOG_WARNING, "Unknown st3d mode value %d\n", mode);
5988 return 0;
5989 }
5990
5991 sc->stereo3d = av_stereo3d_alloc();
5992 if (!sc->stereo3d)
5993 return AVERROR(ENOMEM);
5994
5995 sc->stereo3d->type = type;
5996 return 0;
5997 }
5998
mov_read_sv3d(MOVContext * c,AVIOContext * pb,MOVAtom atom)5999 static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6000 {
6001 AVStream *st;
6002 MOVStreamContext *sc;
6003 int size, version, layout;
6004 int32_t yaw, pitch, roll;
6005 uint32_t l = 0, t = 0, r = 0, b = 0;
6006 uint32_t tag, padding = 0;
6007 enum AVSphericalProjection projection;
6008
6009 if (c->fc->nb_streams < 1)
6010 return 0;
6011
6012 st = c->fc->streams[c->fc->nb_streams - 1];
6013 sc = st->priv_data;
6014
6015 if (atom.size < 8) {
6016 av_log(c->fc, AV_LOG_ERROR, "Empty spherical video box\n");
6017 return AVERROR_INVALIDDATA;
6018 }
6019
6020 size = avio_rb32(pb);
6021 if (size <= 12 || size > atom.size)
6022 return AVERROR_INVALIDDATA;
6023
6024 tag = avio_rl32(pb);
6025 if (tag != MKTAG('s','v','h','d')) {
6026 av_log(c->fc, AV_LOG_ERROR, "Missing spherical video header\n");
6027 return 0;
6028 }
6029 version = avio_r8(pb);
6030 if (version != 0) {
6031 av_log(c->fc, AV_LOG_WARNING, "Unknown spherical version %d\n",
6032 version);
6033 return 0;
6034 }
6035 avio_skip(pb, 3); /* flags */
6036 avio_skip(pb, size - 12); /* metadata_source */
6037
6038 size = avio_rb32(pb);
6039 if (size > atom.size)
6040 return AVERROR_INVALIDDATA;
6041
6042 tag = avio_rl32(pb);
6043 if (tag != MKTAG('p','r','o','j')) {
6044 av_log(c->fc, AV_LOG_ERROR, "Missing projection box\n");
6045 return 0;
6046 }
6047
6048 size = avio_rb32(pb);
6049 if (size > atom.size)
6050 return AVERROR_INVALIDDATA;
6051
6052 tag = avio_rl32(pb);
6053 if (tag != MKTAG('p','r','h','d')) {
6054 av_log(c->fc, AV_LOG_ERROR, "Missing projection header box\n");
6055 return 0;
6056 }
6057 version = avio_r8(pb);
6058 if (version != 0) {
6059 av_log(c->fc, AV_LOG_WARNING, "Unknown spherical version %d\n",
6060 version);
6061 return 0;
6062 }
6063 avio_skip(pb, 3); /* flags */
6064
6065 /* 16.16 fixed point */
6066 yaw = avio_rb32(pb);
6067 pitch = avio_rb32(pb);
6068 roll = avio_rb32(pb);
6069
6070 size = avio_rb32(pb);
6071 if (size > atom.size)
6072 return AVERROR_INVALIDDATA;
6073
6074 tag = avio_rl32(pb);
6075 version = avio_r8(pb);
6076 if (version != 0) {
6077 av_log(c->fc, AV_LOG_WARNING, "Unknown spherical version %d\n",
6078 version);
6079 return 0;
6080 }
6081 avio_skip(pb, 3); /* flags */
6082 switch (tag) {
6083 case MKTAG('c','b','m','p'):
6084 layout = avio_rb32(pb);
6085 if (layout) {
6086 av_log(c->fc, AV_LOG_WARNING,
6087 "Unsupported cubemap layout %d\n", layout);
6088 return 0;
6089 }
6090 projection = AV_SPHERICAL_CUBEMAP;
6091 padding = avio_rb32(pb);
6092 break;
6093 case MKTAG('e','q','u','i'):
6094 t = avio_rb32(pb);
6095 b = avio_rb32(pb);
6096 l = avio_rb32(pb);
6097 r = avio_rb32(pb);
6098
6099 if (b >= UINT_MAX - t || r >= UINT_MAX - l) {
6100 av_log(c->fc, AV_LOG_ERROR,
6101 "Invalid bounding rectangle coordinates "
6102 "%"PRIu32",%"PRIu32",%"PRIu32",%"PRIu32"\n", l, t, r, b);
6103 return AVERROR_INVALIDDATA;
6104 }
6105
6106 if (l || t || r || b)
6107 projection = AV_SPHERICAL_EQUIRECTANGULAR_TILE;
6108 else
6109 projection = AV_SPHERICAL_EQUIRECTANGULAR;
6110 break;
6111 default:
6112 av_log(c->fc, AV_LOG_ERROR, "Unknown projection type: %s\n", av_fourcc2str(tag));
6113 return 0;
6114 }
6115
6116 sc->spherical = av_spherical_alloc(&sc->spherical_size);
6117 if (!sc->spherical)
6118 return AVERROR(ENOMEM);
6119
6120 sc->spherical->projection = projection;
6121
6122 sc->spherical->yaw = yaw;
6123 sc->spherical->pitch = pitch;
6124 sc->spherical->roll = roll;
6125
6126 sc->spherical->padding = padding;
6127
6128 sc->spherical->bound_left = l;
6129 sc->spherical->bound_top = t;
6130 sc->spherical->bound_right = r;
6131 sc->spherical->bound_bottom = b;
6132
6133 return 0;
6134 }
6135
mov_parse_uuid_spherical(MOVStreamContext * sc,AVIOContext * pb,size_t len)6136 static int mov_parse_uuid_spherical(MOVStreamContext *sc, AVIOContext *pb, size_t len)
6137 {
6138 int ret = 0;
6139 uint8_t *buffer = av_malloc(len + 1);
6140 const char *val;
6141
6142 if (!buffer)
6143 return AVERROR(ENOMEM);
6144 buffer[len] = '\0';
6145
6146 ret = ffio_read_size(pb, buffer, len);
6147 if (ret < 0)
6148 goto out;
6149
6150 /* Check for mandatory keys and values, try to support XML as best-effort */
6151 if (!sc->spherical &&
6152 av_stristr(buffer, "<GSpherical:StitchingSoftware>") &&
6153 (val = av_stristr(buffer, "<GSpherical:Spherical>")) &&
6154 av_stristr(val, "true") &&
6155 (val = av_stristr(buffer, "<GSpherical:Stitched>")) &&
6156 av_stristr(val, "true") &&
6157 (val = av_stristr(buffer, "<GSpherical:ProjectionType>")) &&
6158 av_stristr(val, "equirectangular")) {
6159 sc->spherical = av_spherical_alloc(&sc->spherical_size);
6160 if (!sc->spherical)
6161 goto out;
6162
6163 sc->spherical->projection = AV_SPHERICAL_EQUIRECTANGULAR;
6164
6165 if (av_stristr(buffer, "<GSpherical:StereoMode>") && !sc->stereo3d) {
6166 enum AVStereo3DType mode;
6167
6168 if (av_stristr(buffer, "left-right"))
6169 mode = AV_STEREO3D_SIDEBYSIDE;
6170 else if (av_stristr(buffer, "top-bottom"))
6171 mode = AV_STEREO3D_TOPBOTTOM;
6172 else
6173 mode = AV_STEREO3D_2D;
6174
6175 sc->stereo3d = av_stereo3d_alloc();
6176 if (!sc->stereo3d)
6177 goto out;
6178
6179 sc->stereo3d->type = mode;
6180 }
6181
6182 /* orientation */
6183 val = av_stristr(buffer, "<GSpherical:InitialViewHeadingDegrees>");
6184 if (val)
6185 sc->spherical->yaw = strtol(val, NULL, 10) * (1 << 16);
6186 val = av_stristr(buffer, "<GSpherical:InitialViewPitchDegrees>");
6187 if (val)
6188 sc->spherical->pitch = strtol(val, NULL, 10) * (1 << 16);
6189 val = av_stristr(buffer, "<GSpherical:InitialViewRollDegrees>");
6190 if (val)
6191 sc->spherical->roll = strtol(val, NULL, 10) * (1 << 16);
6192 }
6193
6194 out:
6195 av_free(buffer);
6196 return ret;
6197 }
6198
mov_read_uuid(MOVContext * c,AVIOContext * pb,MOVAtom atom)6199 static int mov_read_uuid(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6200 {
6201 AVStream *st;
6202 MOVStreamContext *sc;
6203 int64_t ret;
6204 AVUUID uuid;
6205 static const AVUUID uuid_isml_manifest = {
6206 0xa5, 0xd4, 0x0b, 0x30, 0xe8, 0x14, 0x11, 0xdd,
6207 0xba, 0x2f, 0x08, 0x00, 0x20, 0x0c, 0x9a, 0x66
6208 };
6209 static const AVUUID uuid_xmp = {
6210 0xbe, 0x7a, 0xcf, 0xcb, 0x97, 0xa9, 0x42, 0xe8,
6211 0x9c, 0x71, 0x99, 0x94, 0x91, 0xe3, 0xaf, 0xac
6212 };
6213 static const AVUUID uuid_spherical = {
6214 0xff, 0xcc, 0x82, 0x63, 0xf8, 0x55, 0x4a, 0x93,
6215 0x88, 0x14, 0x58, 0x7a, 0x02, 0x52, 0x1f, 0xdd,
6216 };
6217
6218 if (atom.size < AV_UUID_LEN || atom.size >= FFMIN(INT_MAX, SIZE_MAX))
6219 return AVERROR_INVALIDDATA;
6220
6221 if (c->fc->nb_streams < 1)
6222 return 0;
6223 st = c->fc->streams[c->fc->nb_streams - 1];
6224 sc = st->priv_data;
6225
6226 ret = ffio_read_size(pb, uuid, AV_UUID_LEN);
6227 if (ret < 0)
6228 return ret;
6229 if (av_uuid_equal(uuid, uuid_isml_manifest)) {
6230 uint8_t *buffer, *ptr;
6231 char *endptr;
6232 size_t len = atom.size - AV_UUID_LEN;
6233
6234 if (len < 4) {
6235 return AVERROR_INVALIDDATA;
6236 }
6237 ret = avio_skip(pb, 4); // zeroes
6238 len -= 4;
6239
6240 buffer = av_mallocz(len + 1);
6241 if (!buffer) {
6242 return AVERROR(ENOMEM);
6243 }
6244 ret = ffio_read_size(pb, buffer, len);
6245 if (ret < 0) {
6246 av_free(buffer);
6247 return ret;
6248 }
6249
6250 ptr = buffer;
6251 while ((ptr = av_stristr(ptr, "systemBitrate=\""))) {
6252 ptr += sizeof("systemBitrate=\"") - 1;
6253 c->bitrates_count++;
6254 c->bitrates = av_realloc_f(c->bitrates, c->bitrates_count, sizeof(*c->bitrates));
6255 if (!c->bitrates) {
6256 c->bitrates_count = 0;
6257 av_free(buffer);
6258 return AVERROR(ENOMEM);
6259 }
6260 errno = 0;
6261 ret = strtol(ptr, &endptr, 10);
6262 if (ret < 0 || errno || *endptr != '"') {
6263 c->bitrates[c->bitrates_count - 1] = 0;
6264 } else {
6265 c->bitrates[c->bitrates_count - 1] = ret;
6266 }
6267 }
6268
6269 av_free(buffer);
6270 } else if (av_uuid_equal(uuid, uuid_xmp)) {
6271 uint8_t *buffer;
6272 size_t len = atom.size - AV_UUID_LEN;
6273 if (c->export_xmp) {
6274 buffer = av_mallocz(len + 1);
6275 if (!buffer) {
6276 return AVERROR(ENOMEM);
6277 }
6278 ret = ffio_read_size(pb, buffer, len);
6279 if (ret < 0) {
6280 av_free(buffer);
6281 return ret;
6282 }
6283 buffer[len] = '\0';
6284 av_dict_set(&c->fc->metadata, "xmp",
6285 buffer, AV_DICT_DONT_STRDUP_VAL);
6286 } else {
6287 // skip all uuid atom, which makes it fast for long uuid-xmp file
6288 ret = avio_skip(pb, len);
6289 if (ret < 0)
6290 return ret;
6291 }
6292 } else if (av_uuid_equal(uuid, uuid_spherical)) {
6293 size_t len = atom.size - AV_UUID_LEN;
6294 ret = mov_parse_uuid_spherical(sc, pb, len);
6295 if (ret < 0)
6296 return ret;
6297 if (!sc->spherical)
6298 av_log(c->fc, AV_LOG_WARNING, "Invalid spherical metadata found\n");
6299 }
6300
6301 return 0;
6302 }
6303
mov_read_free(MOVContext * c,AVIOContext * pb,MOVAtom atom)6304 static int mov_read_free(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6305 {
6306 int ret;
6307 uint8_t content[16];
6308
6309 if (atom.size < 8)
6310 return 0;
6311
6312 ret = ffio_read_size(pb, content, FFMIN(sizeof(content), atom.size));
6313 if (ret < 0)
6314 return ret;
6315
6316 if ( !c->found_moov
6317 && !c->found_mdat
6318 && !memcmp(content, "Anevia\x1A\x1A", 8)
6319 && c->use_mfra_for == FF_MOV_FLAG_MFRA_AUTO) {
6320 c->use_mfra_for = FF_MOV_FLAG_MFRA_PTS;
6321 }
6322
6323 return 0;
6324 }
6325
mov_read_frma(MOVContext * c,AVIOContext * pb,MOVAtom atom)6326 static int mov_read_frma(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6327 {
6328 uint32_t format = avio_rl32(pb);
6329 MOVStreamContext *sc;
6330 enum AVCodecID id;
6331 AVStream *st;
6332
6333 if (c->fc->nb_streams < 1)
6334 return 0;
6335 st = c->fc->streams[c->fc->nb_streams - 1];
6336 sc = st->priv_data;
6337
6338 switch (sc->format)
6339 {
6340 case MKTAG('e','n','c','v'): // encrypted video
6341 case MKTAG('e','n','c','a'): // encrypted audio
6342 id = mov_codec_id(st, format);
6343 if (st->codecpar->codec_id != AV_CODEC_ID_NONE &&
6344 st->codecpar->codec_id != id) {
6345 av_log(c->fc, AV_LOG_WARNING,
6346 "ignoring 'frma' atom of '%.4s', stream has codec id %d\n",
6347 (char*)&format, st->codecpar->codec_id);
6348 break;
6349 }
6350
6351 st->codecpar->codec_id = id;
6352 sc->format = format;
6353 break;
6354
6355 default:
6356 if (format != sc->format) {
6357 av_log(c->fc, AV_LOG_WARNING,
6358 "ignoring 'frma' atom of '%.4s', stream format is '%.4s'\n",
6359 (char*)&format, (char*)&sc->format);
6360 }
6361 break;
6362 }
6363
6364 return 0;
6365 }
6366
6367 /**
6368 * Gets the current encryption info and associated current stream context. If
6369 * we are parsing a track fragment, this will return the specific encryption
6370 * info for this fragment; otherwise this will return the global encryption
6371 * info for the current stream.
6372 */
get_current_encryption_info(MOVContext * c,MOVEncryptionIndex ** encryption_index,MOVStreamContext ** sc)6373 static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encryption_index, MOVStreamContext **sc)
6374 {
6375 MOVFragmentStreamInfo *frag_stream_info;
6376 AVStream *st;
6377 int i;
6378
6379 frag_stream_info = get_current_frag_stream_info(&c->frag_index);
6380 if (frag_stream_info) {
6381 for (i = 0; i < c->fc->nb_streams; i++) {
6382 if (c->fc->streams[i]->id == frag_stream_info->id) {
6383 st = c->fc->streams[i];
6384 break;
6385 }
6386 }
6387 if (i == c->fc->nb_streams)
6388 return 0;
6389 *sc = st->priv_data;
6390
6391 if (!frag_stream_info->encryption_index) {
6392 // If this stream isn't encrypted, don't create the index.
6393 if (!(*sc)->cenc.default_encrypted_sample)
6394 return 0;
6395 frag_stream_info->encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
6396 if (!frag_stream_info->encryption_index)
6397 return AVERROR(ENOMEM);
6398 }
6399 *encryption_index = frag_stream_info->encryption_index;
6400 return 1;
6401 } else {
6402 // No current track fragment, using stream level encryption info.
6403
6404 if (c->fc->nb_streams < 1)
6405 return 0;
6406 st = c->fc->streams[c->fc->nb_streams - 1];
6407 *sc = st->priv_data;
6408
6409 if (!(*sc)->cenc.encryption_index) {
6410 // If this stream isn't encrypted, don't create the index.
6411 if (!(*sc)->cenc.default_encrypted_sample)
6412 return 0;
6413 (*sc)->cenc.encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
6414 if (!(*sc)->cenc.encryption_index)
6415 return AVERROR(ENOMEM);
6416 }
6417
6418 *encryption_index = (*sc)->cenc.encryption_index;
6419 return 1;
6420 }
6421 }
6422
mov_read_sample_encryption_info(MOVContext * c,AVIOContext * pb,MOVStreamContext * sc,AVEncryptionInfo ** sample,int use_subsamples)6423 static int mov_read_sample_encryption_info(MOVContext *c, AVIOContext *pb, MOVStreamContext *sc, AVEncryptionInfo **sample, int use_subsamples)
6424 {
6425 int i, ret;
6426 unsigned int subsample_count;
6427 AVSubsampleEncryptionInfo *subsamples;
6428
6429 if (!sc->cenc.default_encrypted_sample) {
6430 av_log(c->fc, AV_LOG_ERROR, "Missing schm or tenc\n");
6431 return AVERROR_INVALIDDATA;
6432 }
6433
6434 *sample = av_encryption_info_clone(sc->cenc.default_encrypted_sample);
6435 if (!*sample)
6436 return AVERROR(ENOMEM);
6437
6438 if (sc->cenc.per_sample_iv_size != 0) {
6439 if ((ret = ffio_read_size(pb, (*sample)->iv, sc->cenc.per_sample_iv_size)) < 0) {
6440 av_log(c->fc, AV_LOG_ERROR, "failed to read the initialization vector\n");
6441 av_encryption_info_free(*sample);
6442 *sample = NULL;
6443 return ret;
6444 }
6445 }
6446
6447 if (use_subsamples) {
6448 subsample_count = avio_rb16(pb);
6449 av_free((*sample)->subsamples);
6450 (*sample)->subsamples = av_calloc(subsample_count, sizeof(*subsamples));
6451 if (!(*sample)->subsamples) {
6452 av_encryption_info_free(*sample);
6453 *sample = NULL;
6454 return AVERROR(ENOMEM);
6455 }
6456
6457 for (i = 0; i < subsample_count && !pb->eof_reached; i++) {
6458 (*sample)->subsamples[i].bytes_of_clear_data = avio_rb16(pb);
6459 (*sample)->subsamples[i].bytes_of_protected_data = avio_rb32(pb);
6460 }
6461
6462 if (pb->eof_reached) {
6463 av_log(c->fc, AV_LOG_ERROR, "hit EOF while reading sub-sample encryption info\n");
6464 av_encryption_info_free(*sample);
6465 *sample = NULL;
6466 return AVERROR_INVALIDDATA;
6467 }
6468 (*sample)->subsample_count = subsample_count;
6469 }
6470
6471 return 0;
6472 }
6473
mov_read_senc(MOVContext * c,AVIOContext * pb,MOVAtom atom)6474 static int mov_read_senc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6475 {
6476 AVEncryptionInfo **encrypted_samples;
6477 MOVEncryptionIndex *encryption_index;
6478 MOVStreamContext *sc;
6479 int use_subsamples, ret;
6480 unsigned int sample_count, i, alloc_size = 0;
6481
6482 ret = get_current_encryption_info(c, &encryption_index, &sc);
6483 if (ret != 1)
6484 return ret;
6485
6486 if (encryption_index->nb_encrypted_samples) {
6487 // This can happen if we have both saio/saiz and senc atoms.
6488 av_log(c->fc, AV_LOG_DEBUG, "Ignoring duplicate encryption info in senc\n");
6489 return 0;
6490 }
6491
6492 avio_r8(pb); /* version */
6493 use_subsamples = avio_rb24(pb) & 0x02; /* flags */
6494
6495 sample_count = avio_rb32(pb);
6496 if (sample_count >= INT_MAX / sizeof(*encrypted_samples))
6497 return AVERROR(ENOMEM);
6498
6499 for (i = 0; i < sample_count; i++) {
6500 unsigned int min_samples = FFMIN(FFMAX(i + 1, 1024 * 1024), sample_count);
6501 encrypted_samples = av_fast_realloc(encryption_index->encrypted_samples, &alloc_size,
6502 min_samples * sizeof(*encrypted_samples));
6503 if (encrypted_samples) {
6504 encryption_index->encrypted_samples = encrypted_samples;
6505
6506 ret = mov_read_sample_encryption_info(
6507 c, pb, sc, &encryption_index->encrypted_samples[i], use_subsamples);
6508 } else {
6509 ret = AVERROR(ENOMEM);
6510 }
6511 if (pb->eof_reached) {
6512 av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading senc\n");
6513 if (ret >= 0)
6514 av_encryption_info_free(encryption_index->encrypted_samples[i]);
6515 ret = AVERROR_INVALIDDATA;
6516 }
6517
6518 if (ret < 0) {
6519 for (; i > 0; i--)
6520 av_encryption_info_free(encryption_index->encrypted_samples[i - 1]);
6521 av_freep(&encryption_index->encrypted_samples);
6522 return ret;
6523 }
6524 }
6525 encryption_index->nb_encrypted_samples = sample_count;
6526
6527 return 0;
6528 }
6529
mov_parse_auxiliary_info(MOVContext * c,MOVStreamContext * sc,AVIOContext * pb,MOVEncryptionIndex * encryption_index)6530 static int mov_parse_auxiliary_info(MOVContext *c, MOVStreamContext *sc, AVIOContext *pb, MOVEncryptionIndex *encryption_index)
6531 {
6532 AVEncryptionInfo **sample, **encrypted_samples;
6533 int64_t prev_pos;
6534 size_t sample_count, sample_info_size, i;
6535 int ret = 0;
6536 unsigned int alloc_size = 0;
6537
6538 if (encryption_index->nb_encrypted_samples)
6539 return 0;
6540 sample_count = encryption_index->auxiliary_info_sample_count;
6541 if (encryption_index->auxiliary_offsets_count != 1) {
6542 av_log(c->fc, AV_LOG_ERROR, "Multiple auxiliary info chunks are not supported\n");
6543 return AVERROR_PATCHWELCOME;
6544 }
6545 if (sample_count >= INT_MAX / sizeof(*encrypted_samples))
6546 return AVERROR(ENOMEM);
6547
6548 prev_pos = avio_tell(pb);
6549 if (!(pb->seekable & AVIO_SEEKABLE_NORMAL) ||
6550 avio_seek(pb, encryption_index->auxiliary_offsets[0], SEEK_SET) != encryption_index->auxiliary_offsets[0]) {
6551 av_log(c->fc, AV_LOG_INFO, "Failed to seek for auxiliary info, will only parse senc atoms for encryption info\n");
6552 goto finish;
6553 }
6554
6555 for (i = 0; i < sample_count && !pb->eof_reached; i++) {
6556 unsigned int min_samples = FFMIN(FFMAX(i + 1, 1024 * 1024), sample_count);
6557 encrypted_samples = av_fast_realloc(encryption_index->encrypted_samples, &alloc_size,
6558 min_samples * sizeof(*encrypted_samples));
6559 if (!encrypted_samples) {
6560 ret = AVERROR(ENOMEM);
6561 goto finish;
6562 }
6563 encryption_index->encrypted_samples = encrypted_samples;
6564
6565 sample = &encryption_index->encrypted_samples[i];
6566 sample_info_size = encryption_index->auxiliary_info_default_size
6567 ? encryption_index->auxiliary_info_default_size
6568 : encryption_index->auxiliary_info_sizes[i];
6569
6570 ret = mov_read_sample_encryption_info(c, pb, sc, sample, sample_info_size > sc->cenc.per_sample_iv_size);
6571 if (ret < 0)
6572 goto finish;
6573 }
6574 if (pb->eof_reached) {
6575 av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading auxiliary info\n");
6576 ret = AVERROR_INVALIDDATA;
6577 } else {
6578 encryption_index->nb_encrypted_samples = sample_count;
6579 }
6580
6581 finish:
6582 avio_seek(pb, prev_pos, SEEK_SET);
6583 if (ret < 0) {
6584 for (; i > 0; i--) {
6585 av_encryption_info_free(encryption_index->encrypted_samples[i - 1]);
6586 }
6587 av_freep(&encryption_index->encrypted_samples);
6588 }
6589 return ret;
6590 }
6591
6592 /**
6593 * Tries to read the given number of bytes from the stream and puts it in a
6594 * newly allocated buffer. This reads in small chunks to avoid allocating large
6595 * memory if the file contains an invalid/malicious size value.
6596 */
mov_try_read_block(AVIOContext * pb,size_t size,uint8_t ** data)6597 static int mov_try_read_block(AVIOContext *pb, size_t size, uint8_t **data)
6598 {
6599 const unsigned int block_size = 1024 * 1024;
6600 uint8_t *buffer = NULL;
6601 unsigned int alloc_size = 0, offset = 0;
6602 while (offset < size) {
6603 unsigned int new_size =
6604 alloc_size >= INT_MAX - block_size ? INT_MAX : alloc_size + block_size;
6605 uint8_t *new_buffer = av_fast_realloc(buffer, &alloc_size, new_size);
6606 unsigned int to_read = FFMIN(size, alloc_size) - offset;
6607 if (!new_buffer) {
6608 av_free(buffer);
6609 return AVERROR(ENOMEM);
6610 }
6611 buffer = new_buffer;
6612
6613 if (avio_read(pb, buffer + offset, to_read) != to_read) {
6614 av_free(buffer);
6615 return AVERROR_INVALIDDATA;
6616 }
6617 offset += to_read;
6618 }
6619
6620 *data = buffer;
6621 return 0;
6622 }
6623
mov_read_saiz(MOVContext * c,AVIOContext * pb,MOVAtom atom)6624 static int mov_read_saiz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6625 {
6626 MOVEncryptionIndex *encryption_index;
6627 MOVStreamContext *sc;
6628 int ret;
6629 unsigned int sample_count, aux_info_type, aux_info_param;
6630
6631 ret = get_current_encryption_info(c, &encryption_index, &sc);
6632 if (ret != 1)
6633 return ret;
6634
6635 if (encryption_index->nb_encrypted_samples) {
6636 // This can happen if we have both saio/saiz and senc atoms.
6637 av_log(c->fc, AV_LOG_DEBUG, "Ignoring duplicate encryption info in saiz\n");
6638 return 0;
6639 }
6640
6641 if (encryption_index->auxiliary_info_sample_count) {
6642 av_log(c->fc, AV_LOG_ERROR, "Duplicate saiz atom\n");
6643 return AVERROR_INVALIDDATA;
6644 }
6645
6646 avio_r8(pb); /* version */
6647 if (avio_rb24(pb) & 0x01) { /* flags */
6648 aux_info_type = avio_rb32(pb);
6649 aux_info_param = avio_rb32(pb);
6650 if (sc->cenc.default_encrypted_sample) {
6651 if (aux_info_type != sc->cenc.default_encrypted_sample->scheme) {
6652 av_log(c->fc, AV_LOG_DEBUG, "Ignoring saiz box with non-zero aux_info_type\n");
6653 return 0;
6654 }
6655 if (aux_info_param != 0) {
6656 av_log(c->fc, AV_LOG_DEBUG, "Ignoring saiz box with non-zero aux_info_type_parameter\n");
6657 return 0;
6658 }
6659 } else {
6660 // Didn't see 'schm' or 'tenc', so this isn't encrypted.
6661 if ((aux_info_type == MKBETAG('c','e','n','c') ||
6662 aux_info_type == MKBETAG('c','e','n','s') ||
6663 aux_info_type == MKBETAG('c','b','c','1') ||
6664 aux_info_type == MKBETAG('c','b','c','s')) &&
6665 aux_info_param == 0) {
6666 av_log(c->fc, AV_LOG_ERROR, "Saw encrypted saiz without schm/tenc\n");
6667 return AVERROR_INVALIDDATA;
6668 } else {
6669 return 0;
6670 }
6671 }
6672 } else if (!sc->cenc.default_encrypted_sample) {
6673 // Didn't see 'schm' or 'tenc', so this isn't encrypted.
6674 return 0;
6675 }
6676
6677 encryption_index->auxiliary_info_default_size = avio_r8(pb);
6678 sample_count = avio_rb32(pb);
6679 encryption_index->auxiliary_info_sample_count = sample_count;
6680
6681 if (encryption_index->auxiliary_info_default_size == 0) {
6682 ret = mov_try_read_block(pb, sample_count, &encryption_index->auxiliary_info_sizes);
6683 if (ret < 0) {
6684 av_log(c->fc, AV_LOG_ERROR, "Failed to read the auxiliary info\n");
6685 return ret;
6686 }
6687 }
6688
6689 if (encryption_index->auxiliary_offsets_count) {
6690 return mov_parse_auxiliary_info(c, sc, pb, encryption_index);
6691 }
6692
6693 return 0;
6694 }
6695
mov_read_saio(MOVContext * c,AVIOContext * pb,MOVAtom atom)6696 static int mov_read_saio(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6697 {
6698 uint64_t *auxiliary_offsets;
6699 MOVEncryptionIndex *encryption_index;
6700 MOVStreamContext *sc;
6701 int i, ret;
6702 unsigned int version, entry_count, aux_info_type, aux_info_param;
6703 unsigned int alloc_size = 0;
6704
6705 ret = get_current_encryption_info(c, &encryption_index, &sc);
6706 if (ret != 1)
6707 return ret;
6708
6709 if (encryption_index->nb_encrypted_samples) {
6710 // This can happen if we have both saio/saiz and senc atoms.
6711 av_log(c->fc, AV_LOG_DEBUG, "Ignoring duplicate encryption info in saio\n");
6712 return 0;
6713 }
6714
6715 if (encryption_index->auxiliary_offsets_count) {
6716 av_log(c->fc, AV_LOG_ERROR, "Duplicate saio atom\n");
6717 return AVERROR_INVALIDDATA;
6718 }
6719
6720 version = avio_r8(pb); /* version */
6721 if (avio_rb24(pb) & 0x01) { /* flags */
6722 aux_info_type = avio_rb32(pb);
6723 aux_info_param = avio_rb32(pb);
6724 if (sc->cenc.default_encrypted_sample) {
6725 if (aux_info_type != sc->cenc.default_encrypted_sample->scheme) {
6726 av_log(c->fc, AV_LOG_DEBUG, "Ignoring saio box with non-zero aux_info_type\n");
6727 return 0;
6728 }
6729 if (aux_info_param != 0) {
6730 av_log(c->fc, AV_LOG_DEBUG, "Ignoring saio box with non-zero aux_info_type_parameter\n");
6731 return 0;
6732 }
6733 } else {
6734 // Didn't see 'schm' or 'tenc', so this isn't encrypted.
6735 if ((aux_info_type == MKBETAG('c','e','n','c') ||
6736 aux_info_type == MKBETAG('c','e','n','s') ||
6737 aux_info_type == MKBETAG('c','b','c','1') ||
6738 aux_info_type == MKBETAG('c','b','c','s')) &&
6739 aux_info_param == 0) {
6740 av_log(c->fc, AV_LOG_ERROR, "Saw encrypted saio without schm/tenc\n");
6741 return AVERROR_INVALIDDATA;
6742 } else {
6743 return 0;
6744 }
6745 }
6746 } else if (!sc->cenc.default_encrypted_sample) {
6747 // Didn't see 'schm' or 'tenc', so this isn't encrypted.
6748 return 0;
6749 }
6750
6751 entry_count = avio_rb32(pb);
6752 if (entry_count >= INT_MAX / sizeof(*auxiliary_offsets))
6753 return AVERROR(ENOMEM);
6754
6755 for (i = 0; i < entry_count && !pb->eof_reached; i++) {
6756 unsigned int min_offsets = FFMIN(FFMAX(i + 1, 1024), entry_count);
6757 auxiliary_offsets = av_fast_realloc(
6758 encryption_index->auxiliary_offsets, &alloc_size,
6759 min_offsets * sizeof(*auxiliary_offsets));
6760 if (!auxiliary_offsets) {
6761 av_freep(&encryption_index->auxiliary_offsets);
6762 return AVERROR(ENOMEM);
6763 }
6764 encryption_index->auxiliary_offsets = auxiliary_offsets;
6765
6766 if (version == 0) {
6767 encryption_index->auxiliary_offsets[i] = avio_rb32(pb);
6768 } else {
6769 encryption_index->auxiliary_offsets[i] = avio_rb64(pb);
6770 }
6771 if (c->frag_index.current >= 0) {
6772 encryption_index->auxiliary_offsets[i] += c->fragment.base_data_offset;
6773 }
6774 }
6775
6776 if (pb->eof_reached) {
6777 av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading saio\n");
6778 av_freep(&encryption_index->auxiliary_offsets);
6779 return AVERROR_INVALIDDATA;
6780 }
6781
6782 encryption_index->auxiliary_offsets_count = entry_count;
6783
6784 if (encryption_index->auxiliary_info_sample_count) {
6785 return mov_parse_auxiliary_info(c, sc, pb, encryption_index);
6786 }
6787
6788 return 0;
6789 }
6790
6791 #ifdef OHOS_DRM
mov_set_drm_info(const uint8_t * pssh_buf,uint32_t pssh_buf_size,AV_DrmInfo * side_data)6792 static int mov_set_drm_info(const uint8_t *pssh_buf, uint32_t pssh_buf_size, AV_DrmInfo *side_data)
6793 {
6794 if (pssh_buf_size < (AV_DRM_UUID_OFFSET + AV_DRM_MAX_DRM_UUID_LEN)) {
6795 return AVERROR_INVALIDDATA;
6796 }
6797 side_data->uuid_len = AV_DRM_MAX_DRM_UUID_LEN;
6798 memcpy(side_data->uuid, pssh_buf + AV_DRM_UUID_OFFSET, AV_DRM_MAX_DRM_UUID_LEN);
6799 side_data->pssh_len = pssh_buf_size;
6800 memcpy(side_data->pssh, pssh_buf, pssh_buf_size);
6801 return 0;
6802 }
6803
mov_is_exist_pssh(const AV_DrmInfo * old_side_data,uint32_t count,AV_DrmInfo side_data_node)6804 static int mov_is_exist_pssh(const AV_DrmInfo *old_side_data, uint32_t count, AV_DrmInfo side_data_node)
6805 {
6806 uint32_t i = 0;
6807 if (count == 0) {
6808 return 0;
6809 }
6810 for (; i < count; i++) {
6811 if ((old_side_data[i].pssh_len == side_data_node.pssh_len) &&
6812 (old_side_data[i].uuid_len == side_data_node.uuid_len)) {
6813 if ((memcmp(old_side_data[i].pssh, side_data_node.pssh, old_side_data[i].pssh_len) == 0) &&
6814 (memcmp(old_side_data[i].uuid, side_data_node.uuid, old_side_data[i].uuid_len) == 0)) {
6815 return 1;
6816 }
6817 }
6818 }
6819 return 0;
6820 }
6821
mov_copy_drm_info(AV_DrmInfo * new_side_data,const AV_DrmInfo * old_side_data,uint32_t old_side_data_count,AV_DrmInfo side_data_node)6822 static void mov_copy_drm_info(AV_DrmInfo *new_side_data, const AV_DrmInfo *old_side_data,
6823 uint32_t old_side_data_count, AV_DrmInfo side_data_node)
6824 {
6825 uint32_t i = 0;
6826 for (; i < old_side_data_count; i++) {
6827 new_side_data[i].uuid_len = old_side_data[i].uuid_len;
6828 memcpy(new_side_data[i].uuid, old_side_data[i].uuid, old_side_data[i].uuid_len);
6829 new_side_data[i].pssh_len = old_side_data[i].pssh_len;
6830 memcpy(new_side_data[i].pssh, old_side_data[i].pssh, old_side_data[i].pssh_len);
6831 }
6832 new_side_data[i].uuid_len = side_data_node.uuid_len;
6833 memcpy(new_side_data[i].uuid, side_data_node.uuid, side_data_node.uuid_len);
6834 new_side_data[i].pssh_len = side_data_node.pssh_len;
6835 memcpy(new_side_data[i].pssh, side_data_node.pssh, side_data_node.pssh_len);
6836 return;
6837 }
6838
mov_read_pssh_ex(MOVContext * c,AVIOContext * pb,MOVAtom atom)6839 static int mov_read_pssh_ex(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6840 {
6841 int ret = 0;
6842 AVStream *st;
6843 AV_DrmInfo side_data_node;
6844 AV_DrmInfo *old_side_data = NULL;
6845 AV_DrmInfo *new_side_data = NULL;
6846 uint8_t pssh_buf[AV_DRM_MAX_DRM_PSSH_LEN];
6847 size_t old_side_data_size = 0;
6848 uint32_t old_side_data_count = 0;
6849 int pssh_exist_flag = 0;
6850 if ((c == NULL) || (c->fc == NULL) || (c->fc->nb_streams < 1) || (c->fc->streams == NULL) || (pb == NULL) ||
6851 (atom.size > (AV_DRM_MAX_DRM_PSSH_LEN - MOV_DRM_PSSH_TITLE_LEN)) || (atom.size <= 0)) {
6852 return 0;
6853 }
6854 st = c->fc->streams[c->fc->nb_streams-1];
6855 if (st == NULL) {
6856 return 0;
6857 }
6858
6859 memset(pssh_buf, 0, sizeof(pssh_buf));
6860 AV_WB32(pssh_buf, (atom.size + MOV_DRM_PSSH_TITLE_LEN));
6861 memcpy(pssh_buf + sizeof(uint32_t), g_pssh_title_buf, sizeof(g_pssh_title_buf));
6862
6863 if ((ret = ffio_read_size(pb, pssh_buf + MOV_DRM_PSSH_TITLE_LEN, atom.size)) < 0) {
6864 av_log(c->fc, AV_LOG_ERROR, "Failed to read the pssh data\n");
6865 return 0;
6866 }
6867 if ((ret = mov_set_drm_info(pssh_buf, (uint32_t)(atom.size + MOV_DRM_PSSH_TITLE_LEN), &side_data_node)) != 0) {
6868 av_log(c->fc, AV_LOG_ERROR, "Failed to set drm info\n");
6869 return 0;
6870 }
6871
6872 old_side_data = (AV_DrmInfo *)av_stream_get_side_data(st, AV_PKT_DATA_ENCRYPTION_INIT_INFO, &old_side_data_size);
6873 if ((old_side_data != NULL) && (old_side_data_size != 0)) {
6874 old_side_data_count = old_side_data_size / sizeof(AV_DrmInfo);
6875 pssh_exist_flag = mov_is_exist_pssh(old_side_data, old_side_data_count, side_data_node);
6876 }
6877 if (pssh_exist_flag == 0) {
6878 new_side_data = (AV_DrmInfo *)av_mallocz(sizeof(AV_DrmInfo) * (old_side_data_count + 1));
6879 if (new_side_data != NULL) {
6880 mov_copy_drm_info(new_side_data, old_side_data, old_side_data_count, side_data_node);
6881 ret = av_stream_add_side_data(st, AV_PKT_DATA_ENCRYPTION_INIT_INFO, (uint8_t *)new_side_data,
6882 (size_t)(sizeof(AV_DrmInfo) * (old_side_data_count + 1)));
6883 if (ret < 0)
6884 av_free(new_side_data);
6885 }
6886 }
6887 return 0;
6888 }
6889 #endif
6890
mov_read_pssh(MOVContext * c,AVIOContext * pb,MOVAtom atom)6891 static int mov_read_pssh(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6892 {
6893 AVEncryptionInitInfo *info, *old_init_info;
6894 uint8_t **key_ids;
6895 AVStream *st;
6896 uint8_t *side_data, *extra_data, *old_side_data;
6897 size_t side_data_size, old_side_data_size;
6898 int ret = 0;
6899 unsigned int version, kid_count, extra_data_size, alloc_size = 0;
6900
6901 if (c->fc->nb_streams < 1)
6902 return 0;
6903 st = c->fc->streams[c->fc->nb_streams-1];
6904
6905 version = avio_r8(pb); /* version */
6906 avio_rb24(pb); /* flags */
6907
6908 info = av_encryption_init_info_alloc(/* system_id_size */ 16, /* num_key_ids */ 0,
6909 /* key_id_size */ 16, /* data_size */ 0);
6910 if (!info)
6911 return AVERROR(ENOMEM);
6912
6913 if ((ret = ffio_read_size(pb, info->system_id, 16)) < 0) {
6914 av_log(c->fc, AV_LOG_ERROR, "Failed to read the system id\n");
6915 goto finish;
6916 }
6917
6918 if (version > 0) {
6919 kid_count = avio_rb32(pb);
6920 if (kid_count >= INT_MAX / sizeof(*key_ids)) {
6921 ret = AVERROR(ENOMEM);
6922 goto finish;
6923 }
6924
6925 for (unsigned int i = 0; i < kid_count && !pb->eof_reached; i++) {
6926 unsigned int min_kid_count = FFMIN(FFMAX(i + 1, 1024), kid_count);
6927 key_ids = av_fast_realloc(info->key_ids, &alloc_size,
6928 min_kid_count * sizeof(*key_ids));
6929 if (!key_ids) {
6930 ret = AVERROR(ENOMEM);
6931 goto finish;
6932 }
6933 info->key_ids = key_ids;
6934
6935 info->key_ids[i] = av_mallocz(16);
6936 if (!info->key_ids[i]) {
6937 ret = AVERROR(ENOMEM);
6938 goto finish;
6939 }
6940 info->num_key_ids = i + 1;
6941
6942 if ((ret = ffio_read_size(pb, info->key_ids[i], 16)) < 0) {
6943 av_log(c->fc, AV_LOG_ERROR, "Failed to read the key id\n");
6944 goto finish;
6945 }
6946 }
6947
6948 if (pb->eof_reached) {
6949 av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading pssh\n");
6950 ret = AVERROR_INVALIDDATA;
6951 goto finish;
6952 }
6953 }
6954
6955 extra_data_size = avio_rb32(pb);
6956 ret = mov_try_read_block(pb, extra_data_size, &extra_data);
6957 if (ret < 0)
6958 goto finish;
6959
6960 av_freep(&info->data); // malloc(0) may still allocate something.
6961 info->data = extra_data;
6962 info->data_size = extra_data_size;
6963
6964 // If there is existing initialization data, append to the list.
6965 old_side_data = av_stream_get_side_data(st, AV_PKT_DATA_ENCRYPTION_INIT_INFO, &old_side_data_size);
6966 if (old_side_data) {
6967 old_init_info = av_encryption_init_info_get_side_data(old_side_data, old_side_data_size);
6968 if (old_init_info) {
6969 // Append to the end of the list.
6970 for (AVEncryptionInitInfo *cur = old_init_info;; cur = cur->next) {
6971 if (!cur->next) {
6972 cur->next = info;
6973 break;
6974 }
6975 }
6976 info = old_init_info;
6977 } else {
6978 // Assume existing side-data will be valid, so the only error we could get is OOM.
6979 ret = AVERROR(ENOMEM);
6980 goto finish;
6981 }
6982 }
6983
6984 side_data = av_encryption_init_info_add_side_data(info, &side_data_size);
6985 if (!side_data) {
6986 ret = AVERROR(ENOMEM);
6987 goto finish;
6988 }
6989 ret = av_stream_add_side_data(st, AV_PKT_DATA_ENCRYPTION_INIT_INFO,
6990 side_data, side_data_size);
6991 if (ret < 0)
6992 av_free(side_data);
6993
6994 finish:
6995 av_encryption_init_info_free(info);
6996 return ret;
6997 }
6998
mov_read_schm(MOVContext * c,AVIOContext * pb,MOVAtom atom)6999 static int mov_read_schm(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7000 {
7001 AVStream *st;
7002 MOVStreamContext *sc;
7003
7004 if (c->fc->nb_streams < 1)
7005 return 0;
7006 st = c->fc->streams[c->fc->nb_streams-1];
7007 sc = st->priv_data;
7008
7009 if (sc->pseudo_stream_id != 0) {
7010 av_log(c->fc, AV_LOG_ERROR, "schm boxes are only supported in first sample descriptor\n");
7011 return AVERROR_PATCHWELCOME;
7012 }
7013
7014 if (atom.size < 8)
7015 return AVERROR_INVALIDDATA;
7016
7017 avio_rb32(pb); /* version and flags */
7018
7019 if (!sc->cenc.default_encrypted_sample) {
7020 sc->cenc.default_encrypted_sample = av_encryption_info_alloc(0, 16, 16);
7021 if (!sc->cenc.default_encrypted_sample) {
7022 return AVERROR(ENOMEM);
7023 }
7024 }
7025
7026 sc->cenc.default_encrypted_sample->scheme = avio_rb32(pb);
7027 return 0;
7028 }
7029
mov_read_tenc(MOVContext * c,AVIOContext * pb,MOVAtom atom)7030 static int mov_read_tenc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7031 {
7032 AVStream *st;
7033 MOVStreamContext *sc;
7034 unsigned int version, pattern, is_protected, iv_size;
7035
7036 if (c->fc->nb_streams < 1)
7037 return 0;
7038 st = c->fc->streams[c->fc->nb_streams-1];
7039 sc = st->priv_data;
7040
7041 if (sc->pseudo_stream_id != 0) {
7042 av_log(c->fc, AV_LOG_ERROR, "tenc atom are only supported in first sample descriptor\n");
7043 return AVERROR_PATCHWELCOME;
7044 }
7045
7046 if (!sc->cenc.default_encrypted_sample) {
7047 sc->cenc.default_encrypted_sample = av_encryption_info_alloc(0, 16, 16);
7048 if (!sc->cenc.default_encrypted_sample) {
7049 return AVERROR(ENOMEM);
7050 }
7051 }
7052
7053 if (atom.size < 20)
7054 return AVERROR_INVALIDDATA;
7055
7056 version = avio_r8(pb); /* version */
7057 avio_rb24(pb); /* flags */
7058
7059 avio_r8(pb); /* reserved */
7060 pattern = avio_r8(pb);
7061
7062 if (version > 0) {
7063 sc->cenc.default_encrypted_sample->crypt_byte_block = pattern >> 4;
7064 sc->cenc.default_encrypted_sample->skip_byte_block = pattern & 0xf;
7065 }
7066
7067 is_protected = avio_r8(pb);
7068 if (is_protected && !sc->cenc.encryption_index) {
7069 // The whole stream should be by-default encrypted.
7070 sc->cenc.encryption_index = av_mallocz(sizeof(MOVEncryptionIndex));
7071 if (!sc->cenc.encryption_index)
7072 return AVERROR(ENOMEM);
7073 }
7074 sc->cenc.per_sample_iv_size = avio_r8(pb);
7075 if (sc->cenc.per_sample_iv_size != 0 && sc->cenc.per_sample_iv_size != 8 &&
7076 sc->cenc.per_sample_iv_size != 16) {
7077 av_log(c->fc, AV_LOG_ERROR, "invalid per-sample IV size value\n");
7078 return AVERROR_INVALIDDATA;
7079 }
7080 if (avio_read(pb, sc->cenc.default_encrypted_sample->key_id, 16) != 16) {
7081 av_log(c->fc, AV_LOG_ERROR, "failed to read the default key ID\n");
7082 return AVERROR_INVALIDDATA;
7083 }
7084
7085 if (is_protected && !sc->cenc.per_sample_iv_size) {
7086 iv_size = avio_r8(pb);
7087 if (iv_size != 8 && iv_size != 16) {
7088 av_log(c->fc, AV_LOG_ERROR, "invalid default_constant_IV_size in tenc atom\n");
7089 return AVERROR_INVALIDDATA;
7090 }
7091
7092 if (avio_read(pb, sc->cenc.default_encrypted_sample->iv, iv_size) != iv_size) {
7093 av_log(c->fc, AV_LOG_ERROR, "failed to read the default IV\n");
7094 return AVERROR_INVALIDDATA;
7095 }
7096 }
7097
7098 return 0;
7099 }
7100
mov_read_dfla(MOVContext * c,AVIOContext * pb,MOVAtom atom)7101 static int mov_read_dfla(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7102 {
7103 AVStream *st;
7104 int last, type, size, ret;
7105 uint8_t buf[4];
7106
7107 if (c->fc->nb_streams < 1)
7108 return 0;
7109 st = c->fc->streams[c->fc->nb_streams-1];
7110
7111 if ((uint64_t)atom.size > (1<<30) || atom.size < 42)
7112 return AVERROR_INVALIDDATA;
7113
7114 /* Check FlacSpecificBox version. */
7115 if (avio_r8(pb) != 0)
7116 return AVERROR_INVALIDDATA;
7117
7118 avio_rb24(pb); /* Flags */
7119
7120 if (avio_read(pb, buf, sizeof(buf)) != sizeof(buf)) {
7121 av_log(c->fc, AV_LOG_ERROR, "failed to read FLAC metadata block header\n");
7122 return pb->error < 0 ? pb->error : AVERROR_INVALIDDATA;
7123 }
7124 flac_parse_block_header(buf, &last, &type, &size);
7125
7126 if (type != FLAC_METADATA_TYPE_STREAMINFO || size != FLAC_STREAMINFO_SIZE) {
7127 av_log(c->fc, AV_LOG_ERROR, "STREAMINFO must be first FLACMetadataBlock\n");
7128 return AVERROR_INVALIDDATA;
7129 }
7130
7131 ret = ff_get_extradata(c->fc, st->codecpar, pb, size);
7132 if (ret < 0)
7133 return ret;
7134
7135 if (!last)
7136 av_log(c->fc, AV_LOG_WARNING, "non-STREAMINFO FLACMetadataBlock(s) ignored\n");
7137
7138 return 0;
7139 }
7140
cenc_scheme_decrypt(MOVContext * c,MOVStreamContext * sc,AVEncryptionInfo * sample,uint8_t * input,int size)7141 static int cenc_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *sample, uint8_t *input, int size)
7142 {
7143 int i, ret;
7144 int bytes_of_protected_data;
7145
7146 if (!sc->cenc.aes_ctr) {
7147 /* initialize the cipher */
7148 sc->cenc.aes_ctr = av_aes_ctr_alloc();
7149 if (!sc->cenc.aes_ctr) {
7150 return AVERROR(ENOMEM);
7151 }
7152
7153 ret = av_aes_ctr_init(sc->cenc.aes_ctr, c->decryption_key);
7154 if (ret < 0) {
7155 return ret;
7156 }
7157 }
7158
7159 av_aes_ctr_set_full_iv(sc->cenc.aes_ctr, sample->iv);
7160
7161 if (!sample->subsample_count) {
7162 /* decrypt the whole packet */
7163 av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, size);
7164 return 0;
7165 }
7166
7167 for (i = 0; i < sample->subsample_count; i++) {
7168 if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) {
7169 av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n");
7170 return AVERROR_INVALIDDATA;
7171 }
7172
7173 /* skip the clear bytes */
7174 input += sample->subsamples[i].bytes_of_clear_data;
7175 size -= sample->subsamples[i].bytes_of_clear_data;
7176
7177 /* decrypt the encrypted bytes */
7178
7179 bytes_of_protected_data = sample->subsamples[i].bytes_of_protected_data;
7180 av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, bytes_of_protected_data);
7181
7182 input += bytes_of_protected_data;
7183 size -= bytes_of_protected_data;
7184 }
7185
7186 if (size > 0) {
7187 av_log(c->fc, AV_LOG_ERROR, "leftover packet bytes after subsample processing\n");
7188 return AVERROR_INVALIDDATA;
7189 }
7190
7191 return 0;
7192 }
7193
cbc1_scheme_decrypt(MOVContext * c,MOVStreamContext * sc,AVEncryptionInfo * sample,uint8_t * input,int size)7194 static int cbc1_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *sample, uint8_t *input, int size)
7195 {
7196 int i, ret;
7197 int num_of_encrypted_blocks;
7198 uint8_t iv[16];
7199
7200 if (!sc->cenc.aes_ctx) {
7201 /* initialize the cipher */
7202 sc->cenc.aes_ctx = av_aes_alloc();
7203 if (!sc->cenc.aes_ctx) {
7204 return AVERROR(ENOMEM);
7205 }
7206
7207 ret = av_aes_init(sc->cenc.aes_ctx, c->decryption_key, 16 * 8, 1);
7208 if (ret < 0) {
7209 return ret;
7210 }
7211 }
7212
7213 memcpy(iv, sample->iv, 16);
7214
7215 /* whole-block full sample encryption */
7216 if (!sample->subsample_count) {
7217 /* decrypt the whole packet */
7218 av_aes_crypt(sc->cenc.aes_ctx, input, input, size/16, iv, 1);
7219 return 0;
7220 }
7221
7222 for (i = 0; i < sample->subsample_count; i++) {
7223 if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) {
7224 av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n");
7225 return AVERROR_INVALIDDATA;
7226 }
7227
7228 if (sample->subsamples[i].bytes_of_protected_data % 16) {
7229 av_log(c->fc, AV_LOG_ERROR, "subsample BytesOfProtectedData is not a multiple of 16\n");
7230 return AVERROR_INVALIDDATA;
7231 }
7232
7233 /* skip the clear bytes */
7234 input += sample->subsamples[i].bytes_of_clear_data;
7235 size -= sample->subsamples[i].bytes_of_clear_data;
7236
7237 /* decrypt the encrypted bytes */
7238 num_of_encrypted_blocks = sample->subsamples[i].bytes_of_protected_data/16;
7239 if (num_of_encrypted_blocks > 0) {
7240 av_aes_crypt(sc->cenc.aes_ctx, input, input, num_of_encrypted_blocks, iv, 1);
7241 }
7242 input += sample->subsamples[i].bytes_of_protected_data;
7243 size -= sample->subsamples[i].bytes_of_protected_data;
7244 }
7245
7246 if (size > 0) {
7247 av_log(c->fc, AV_LOG_ERROR, "leftover packet bytes after subsample processing\n");
7248 return AVERROR_INVALIDDATA;
7249 }
7250
7251 return 0;
7252 }
7253
cens_scheme_decrypt(MOVContext * c,MOVStreamContext * sc,AVEncryptionInfo * sample,uint8_t * input,int size)7254 static int cens_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *sample, uint8_t *input, int size)
7255 {
7256 int i, ret, rem_bytes;
7257 uint8_t *data;
7258
7259 if (!sc->cenc.aes_ctr) {
7260 /* initialize the cipher */
7261 sc->cenc.aes_ctr = av_aes_ctr_alloc();
7262 if (!sc->cenc.aes_ctr) {
7263 return AVERROR(ENOMEM);
7264 }
7265
7266 ret = av_aes_ctr_init(sc->cenc.aes_ctr, c->decryption_key);
7267 if (ret < 0) {
7268 return ret;
7269 }
7270 }
7271
7272 av_aes_ctr_set_full_iv(sc->cenc.aes_ctr, sample->iv);
7273
7274 /* whole-block full sample encryption */
7275 if (!sample->subsample_count) {
7276 /* decrypt the whole packet */
7277 av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, size);
7278 return 0;
7279 } else if (!sample->crypt_byte_block && !sample->skip_byte_block) {
7280 av_log(c->fc, AV_LOG_ERROR, "pattern encryption is not present in 'cens' scheme\n");
7281 return AVERROR_INVALIDDATA;
7282 }
7283
7284 for (i = 0; i < sample->subsample_count; i++) {
7285 if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) {
7286 av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n");
7287 return AVERROR_INVALIDDATA;
7288 }
7289
7290 /* skip the clear bytes */
7291 input += sample->subsamples[i].bytes_of_clear_data;
7292 size -= sample->subsamples[i].bytes_of_clear_data;
7293
7294 /* decrypt the encrypted bytes */
7295 data = input;
7296 rem_bytes = sample->subsamples[i].bytes_of_protected_data;
7297 while (rem_bytes > 0) {
7298 if (rem_bytes < 16*sample->crypt_byte_block) {
7299 break;
7300 }
7301 av_aes_ctr_crypt(sc->cenc.aes_ctr, data, data, 16*sample->crypt_byte_block);
7302 data += 16*sample->crypt_byte_block;
7303 rem_bytes -= 16*sample->crypt_byte_block;
7304 data += FFMIN(16*sample->skip_byte_block, rem_bytes);
7305 rem_bytes -= FFMIN(16*sample->skip_byte_block, rem_bytes);
7306 }
7307 input += sample->subsamples[i].bytes_of_protected_data;
7308 size -= sample->subsamples[i].bytes_of_protected_data;
7309 }
7310
7311 if (size > 0) {
7312 av_log(c->fc, AV_LOG_ERROR, "leftover packet bytes after subsample processing\n");
7313 return AVERROR_INVALIDDATA;
7314 }
7315
7316 return 0;
7317 }
7318
cbcs_scheme_decrypt(MOVContext * c,MOVStreamContext * sc,AVEncryptionInfo * sample,uint8_t * input,int size)7319 static int cbcs_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *sample, uint8_t *input, int size)
7320 {
7321 int i, ret, rem_bytes;
7322 uint8_t iv[16];
7323 uint8_t *data;
7324
7325 if (!sc->cenc.aes_ctx) {
7326 /* initialize the cipher */
7327 sc->cenc.aes_ctx = av_aes_alloc();
7328 if (!sc->cenc.aes_ctx) {
7329 return AVERROR(ENOMEM);
7330 }
7331
7332 ret = av_aes_init(sc->cenc.aes_ctx, c->decryption_key, 16 * 8, 1);
7333 if (ret < 0) {
7334 return ret;
7335 }
7336 }
7337
7338 /* whole-block full sample encryption */
7339 if (!sample->subsample_count) {
7340 /* decrypt the whole packet */
7341 memcpy(iv, sample->iv, 16);
7342 av_aes_crypt(sc->cenc.aes_ctx, input, input, size/16, iv, 1);
7343 return 0;
7344 } else if (!sample->crypt_byte_block && !sample->skip_byte_block) {
7345 av_log(c->fc, AV_LOG_ERROR, "pattern encryption is not present in 'cbcs' scheme\n");
7346 return AVERROR_INVALIDDATA;
7347 }
7348
7349 for (i = 0; i < sample->subsample_count; i++) {
7350 if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) {
7351 av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n");
7352 return AVERROR_INVALIDDATA;
7353 }
7354
7355 /* skip the clear bytes */
7356 input += sample->subsamples[i].bytes_of_clear_data;
7357 size -= sample->subsamples[i].bytes_of_clear_data;
7358
7359 /* decrypt the encrypted bytes */
7360 memcpy(iv, sample->iv, 16);
7361 data = input;
7362 rem_bytes = sample->subsamples[i].bytes_of_protected_data;
7363 while (rem_bytes > 0) {
7364 if (rem_bytes < 16*sample->crypt_byte_block) {
7365 break;
7366 }
7367 av_aes_crypt(sc->cenc.aes_ctx, data, data, sample->crypt_byte_block, iv, 1);
7368 data += 16*sample->crypt_byte_block;
7369 rem_bytes -= 16*sample->crypt_byte_block;
7370 data += FFMIN(16*sample->skip_byte_block, rem_bytes);
7371 rem_bytes -= FFMIN(16*sample->skip_byte_block, rem_bytes);
7372 }
7373 input += sample->subsamples[i].bytes_of_protected_data;
7374 size -= sample->subsamples[i].bytes_of_protected_data;
7375 }
7376
7377 if (size > 0) {
7378 av_log(c->fc, AV_LOG_ERROR, "leftover packet bytes after subsample processing\n");
7379 return AVERROR_INVALIDDATA;
7380 }
7381
7382 return 0;
7383 }
7384
cenc_decrypt(MOVContext * c,MOVStreamContext * sc,AVEncryptionInfo * sample,uint8_t * input,int size)7385 static int cenc_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *sample, uint8_t *input, int size)
7386 {
7387 if (sample->scheme == MKBETAG('c','e','n','c') && !sample->crypt_byte_block && !sample->skip_byte_block) {
7388 return cenc_scheme_decrypt(c, sc, sample, input, size);
7389 } else if (sample->scheme == MKBETAG('c','b','c','1') && !sample->crypt_byte_block && !sample->skip_byte_block) {
7390 return cbc1_scheme_decrypt(c, sc, sample, input, size);
7391 } else if (sample->scheme == MKBETAG('c','e','n','s')) {
7392 return cens_scheme_decrypt(c, sc, sample, input, size);
7393 } else if (sample->scheme == MKBETAG('c','b','c','s')) {
7394 return cbcs_scheme_decrypt(c, sc, sample, input, size);
7395 } else {
7396 av_log(c->fc, AV_LOG_ERROR, "invalid encryption scheme\n");
7397 return AVERROR_INVALIDDATA;
7398 }
7399 }
7400
cenc_filter(MOVContext * mov,AVStream * st,MOVStreamContext * sc,AVPacket * pkt,int current_index)7401 static int cenc_filter(MOVContext *mov, AVStream* st, MOVStreamContext *sc, AVPacket *pkt, int current_index)
7402 {
7403 MOVFragmentStreamInfo *frag_stream_info;
7404 MOVEncryptionIndex *encryption_index;
7405 AVEncryptionInfo *encrypted_sample;
7406 int encrypted_index, ret;
7407
7408 frag_stream_info = get_frag_stream_info(&mov->frag_index, mov->frag_index.current, st->id);
7409 encrypted_index = current_index;
7410 encryption_index = NULL;
7411 if (frag_stream_info) {
7412 // Note this only supports encryption info in the first sample descriptor.
7413 if (mov->fragment.stsd_id == 1) {
7414 if (frag_stream_info->encryption_index) {
7415 if (!current_index && frag_stream_info->index_entry)
7416 sc->cenc.frag_index_entry_base = frag_stream_info->index_entry;
7417 encrypted_index = current_index - (frag_stream_info->index_entry - sc->cenc.frag_index_entry_base);
7418 encryption_index = frag_stream_info->encryption_index;
7419 } else {
7420 encryption_index = sc->cenc.encryption_index;
7421 }
7422 }
7423 } else {
7424 encryption_index = sc->cenc.encryption_index;
7425 }
7426
7427 if (encryption_index) {
7428 if (encryption_index->auxiliary_info_sample_count &&
7429 !encryption_index->nb_encrypted_samples) {
7430 av_log(mov->fc, AV_LOG_ERROR, "saiz atom found without saio\n");
7431 return AVERROR_INVALIDDATA;
7432 }
7433 if (encryption_index->auxiliary_offsets_count &&
7434 !encryption_index->nb_encrypted_samples) {
7435 av_log(mov->fc, AV_LOG_ERROR, "saio atom found without saiz\n");
7436 return AVERROR_INVALIDDATA;
7437 }
7438
7439 if (!encryption_index->nb_encrypted_samples) {
7440 // Full-sample encryption with default settings.
7441 encrypted_sample = sc->cenc.default_encrypted_sample;
7442 } else if (encrypted_index >= 0 && encrypted_index < encryption_index->nb_encrypted_samples) {
7443 // Per-sample setting override.
7444 encrypted_sample = encryption_index->encrypted_samples[encrypted_index];
7445 } else {
7446 av_log(mov->fc, AV_LOG_ERROR, "Incorrect number of samples in encryption info\n");
7447 return AVERROR_INVALIDDATA;
7448 }
7449
7450 if (mov->decryption_key) {
7451 return cenc_decrypt(mov, sc, encrypted_sample, pkt->data, pkt->size);
7452 } else {
7453 size_t size;
7454 #ifdef OHOS_DRM
7455 AV_DrmCencInfo *side_data = NULL;
7456 side_data = av_encryption_info_add_side_data_ex(encrypted_sample, &size, side_data, pkt->size);
7457 #else
7458 uint8_t *side_data = av_encryption_info_add_side_data(encrypted_sample, &size);
7459 #endif
7460 if (!side_data)
7461 return AVERROR(ENOMEM);
7462 #ifdef OHOS_DRM
7463 ret = av_packet_add_side_data(pkt, AV_PKT_DATA_ENCRYPTION_INFO, (uint8_t *)side_data, size);
7464 #else
7465 ret = av_packet_add_side_data(pkt, AV_PKT_DATA_ENCRYPTION_INFO, side_data, size);
7466 #endif
7467 if (ret < 0)
7468 av_free(side_data);
7469 return ret;
7470 }
7471 }
7472
7473 return 0;
7474 }
7475
mov_read_dops(MOVContext * c,AVIOContext * pb,MOVAtom atom)7476 static int mov_read_dops(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7477 {
7478 const int OPUS_SEEK_PREROLL_MS = 80;
7479 int ret;
7480 AVStream *st;
7481 size_t size;
7482 uint16_t pre_skip;
7483
7484 if (c->fc->nb_streams < 1)
7485 return 0;
7486 st = c->fc->streams[c->fc->nb_streams-1];
7487
7488 if ((uint64_t)atom.size > (1<<30) || atom.size < 11)
7489 return AVERROR_INVALIDDATA;
7490
7491 /* Check OpusSpecificBox version. */
7492 if (avio_r8(pb) != 0) {
7493 av_log(c->fc, AV_LOG_ERROR, "unsupported OpusSpecificBox version\n");
7494 return AVERROR_INVALIDDATA;
7495 }
7496
7497 /* OpusSpecificBox size plus magic for Ogg OpusHead header. */
7498 size = atom.size + 8;
7499
7500 if ((ret = ff_alloc_extradata(st->codecpar, size)) < 0)
7501 return ret;
7502
7503 AV_WL32(st->codecpar->extradata, MKTAG('O','p','u','s'));
7504 AV_WL32(st->codecpar->extradata + 4, MKTAG('H','e','a','d'));
7505 AV_WB8(st->codecpar->extradata + 8, 1); /* OpusHead version */
7506 avio_read(pb, st->codecpar->extradata + 9, size - 9);
7507
7508 /* OpusSpecificBox is stored in big-endian, but OpusHead is
7509 little-endian; aside from the preceeding magic and version they're
7510 otherwise currently identical. Data after output gain at offset 16
7511 doesn't need to be bytewapped. */
7512 pre_skip = AV_RB16(st->codecpar->extradata + 10);
7513 AV_WL16(st->codecpar->extradata + 10, pre_skip);
7514 AV_WL32(st->codecpar->extradata + 12, AV_RB32(st->codecpar->extradata + 12));
7515 AV_WL16(st->codecpar->extradata + 16, AV_RB16(st->codecpar->extradata + 16));
7516
7517 st->codecpar->initial_padding = pre_skip;
7518 st->codecpar->seek_preroll = av_rescale_q(OPUS_SEEK_PREROLL_MS,
7519 (AVRational){1, 1000},
7520 (AVRational){1, 48000});
7521
7522 return 0;
7523 }
7524
mov_read_dmlp(MOVContext * c,AVIOContext * pb,MOVAtom atom)7525 static int mov_read_dmlp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7526 {
7527 AVStream *st;
7528 unsigned format_info;
7529 int channel_assignment, channel_assignment1, channel_assignment2;
7530 int ratebits;
7531 uint64_t chmask;
7532
7533 if (c->fc->nb_streams < 1)
7534 return 0;
7535 st = c->fc->streams[c->fc->nb_streams-1];
7536
7537 if (atom.size < 10)
7538 return AVERROR_INVALIDDATA;
7539
7540 format_info = avio_rb32(pb);
7541
7542 ratebits = (format_info >> 28) & 0xF;
7543 channel_assignment1 = (format_info >> 15) & 0x1F;
7544 channel_assignment2 = format_info & 0x1FFF;
7545 if (channel_assignment2)
7546 channel_assignment = channel_assignment2;
7547 else
7548 channel_assignment = channel_assignment1;
7549
7550 st->codecpar->frame_size = 40 << (ratebits & 0x7);
7551 st->codecpar->sample_rate = mlp_samplerate(ratebits);
7552
7553 av_channel_layout_uninit(&st->codecpar->ch_layout);
7554 chmask = truehd_layout(channel_assignment);
7555 av_channel_layout_from_mask(&st->codecpar->ch_layout, chmask);
7556
7557 return 0;
7558 }
7559
mov_read_dvcc_dvvc(MOVContext * c,AVIOContext * pb,MOVAtom atom)7560 static int mov_read_dvcc_dvvc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7561 {
7562 AVStream *st;
7563 uint8_t buf[ISOM_DVCC_DVVC_SIZE];
7564 int ret;
7565 int64_t read_size = atom.size;
7566
7567 if (c->fc->nb_streams < 1)
7568 return 0;
7569 st = c->fc->streams[c->fc->nb_streams-1];
7570
7571 // At most 24 bytes
7572 read_size = FFMIN(read_size, ISOM_DVCC_DVVC_SIZE);
7573
7574 if ((ret = ffio_read_size(pb, buf, read_size)) < 0)
7575 return ret;
7576
7577 return ff_isom_parse_dvcc_dvvc(c->fc, st, buf, read_size);
7578 }
7579
mov_read_kind(MOVContext * c,AVIOContext * pb,MOVAtom atom)7580 static int mov_read_kind(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7581 {
7582 AVFormatContext *ctx = c->fc;
7583 AVStream *st = NULL;
7584 AVBPrint scheme_buf, value_buf;
7585 int64_t scheme_str_len = 0, value_str_len = 0;
7586 int version, flags, ret = AVERROR_BUG;
7587 int64_t size = atom.size;
7588
7589 if (atom.size < 6)
7590 // 4 bytes for version + flags, 2x 1 byte for null
7591 return AVERROR_INVALIDDATA;
7592
7593 if (c->fc->nb_streams < 1)
7594 return 0;
7595 st = c->fc->streams[c->fc->nb_streams-1];
7596
7597 version = avio_r8(pb);
7598 flags = avio_rb24(pb);
7599 size -= 4;
7600
7601 if (version != 0 || flags != 0) {
7602 av_log(ctx, AV_LOG_ERROR,
7603 "Unsupported 'kind' box with version %d, flags: %x",
7604 version, flags);
7605 return AVERROR_INVALIDDATA;
7606 }
7607
7608 av_bprint_init(&scheme_buf, 0, AV_BPRINT_SIZE_UNLIMITED);
7609 av_bprint_init(&value_buf, 0, AV_BPRINT_SIZE_UNLIMITED);
7610
7611 if ((scheme_str_len = ff_read_string_to_bprint_overwrite(pb, &scheme_buf,
7612 size)) < 0) {
7613 ret = scheme_str_len;
7614 goto cleanup;
7615 }
7616
7617 if (scheme_str_len + 1 >= size) {
7618 // we need to have another string, even if nullptr.
7619 // we check with + 1 since we expect that if size was not hit,
7620 // an additional null was read.
7621 ret = AVERROR_INVALIDDATA;
7622 goto cleanup;
7623 }
7624
7625 size -= scheme_str_len + 1;
7626
7627 if ((value_str_len = ff_read_string_to_bprint_overwrite(pb, &value_buf,
7628 size)) < 0) {
7629 ret = value_str_len;
7630 goto cleanup;
7631 }
7632
7633 if (value_str_len == size) {
7634 // in case of no trailing null, box is not valid.
7635 ret = AVERROR_INVALIDDATA;
7636 goto cleanup;
7637 }
7638
7639 av_log(ctx, AV_LOG_TRACE,
7640 "%s stream %d KindBox(scheme: %s, value: %s)\n",
7641 av_get_media_type_string(st->codecpar->codec_type),
7642 st->index,
7643 scheme_buf.str, value_buf.str);
7644
7645 for (int i = 0; ff_mov_track_kind_table[i].scheme_uri; i++) {
7646 const struct MP4TrackKindMapping map = ff_mov_track_kind_table[i];
7647 if (!av_strstart(scheme_buf.str, map.scheme_uri, NULL))
7648 continue;
7649
7650 for (int j = 0; map.value_maps[j].disposition; j++) {
7651 const struct MP4TrackKindValueMapping value_map = map.value_maps[j];
7652 if (!av_strstart(value_buf.str, value_map.value, NULL))
7653 continue;
7654
7655 st->disposition |= value_map.disposition;
7656 }
7657 }
7658
7659 ret = 0;
7660
7661 cleanup:
7662
7663 av_bprint_finalize(&scheme_buf, NULL);
7664 av_bprint_finalize(&value_buf, NULL);
7665
7666 return ret;
7667 }
7668
mov_read_SA3D(MOVContext * c,AVIOContext * pb,MOVAtom atom)7669 static int mov_read_SA3D(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7670 {
7671 AVStream *st;
7672 int i, version, type;
7673 int ambisonic_order, channel_order, normalization, channel_count;
7674
7675 if (c->fc->nb_streams < 1)
7676 return 0;
7677
7678 st = c->fc->streams[c->fc->nb_streams - 1];
7679
7680 if (atom.size < 16) {
7681 av_log(c->fc, AV_LOG_ERROR, "SA3D audio box too small\n");
7682 return AVERROR_INVALIDDATA;
7683 }
7684
7685 version = avio_r8(pb);
7686 if (version) {
7687 av_log(c->fc, AV_LOG_WARNING, "Unsupported SA3D box version %d\n", version);
7688 return 0;
7689 }
7690
7691 type = avio_r8(pb);
7692 if (type) {
7693 av_log(c->fc, AV_LOG_WARNING,
7694 "Unsupported ambisonic type %d\n", type);
7695 return 0;
7696 }
7697
7698 ambisonic_order = avio_rb32(pb);
7699
7700 channel_order = avio_r8(pb);
7701 if (channel_order) {
7702 av_log(c->fc, AV_LOG_WARNING,
7703 "Unsupported channel_order %d\n", channel_order);
7704 return 0;
7705 }
7706
7707 normalization = avio_r8(pb);
7708 if (normalization) {
7709 av_log(c->fc, AV_LOG_WARNING,
7710 "Unsupported normalization %d\n", normalization);
7711 return 0;
7712 }
7713
7714 channel_count = avio_rb32(pb);
7715 if (ambisonic_order < 0 || channel_count != (ambisonic_order + 1LL) * (ambisonic_order + 1LL)) {
7716 av_log(c->fc, AV_LOG_ERROR,
7717 "Invalid number of channels (%d / %d)\n",
7718 channel_count, ambisonic_order);
7719 return 0;
7720 }
7721
7722 for (i = 0; i < channel_count; i++) {
7723 if (i != avio_rb32(pb)) {
7724 av_log(c->fc, AV_LOG_WARNING,
7725 "Ambisonic channel reordering is not supported\n");
7726 return 0;
7727 }
7728 }
7729
7730 av_channel_layout_uninit(&st->codecpar->ch_layout);
7731 st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_AMBISONIC;
7732 st->codecpar->ch_layout.nb_channels = channel_count;
7733
7734 return 0;
7735 }
7736
mov_read_SAND(MOVContext * c,AVIOContext * pb,MOVAtom atom)7737 static int mov_read_SAND(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7738 {
7739 AVStream *st;
7740 int version;
7741
7742 if (c->fc->nb_streams < 1)
7743 return 0;
7744
7745 st = c->fc->streams[c->fc->nb_streams - 1];
7746
7747 if (atom.size < 5) {
7748 av_log(c->fc, AV_LOG_ERROR, "Empty SAND audio box\n");
7749 return AVERROR_INVALIDDATA;
7750 }
7751
7752 version = avio_r8(pb);
7753 if (version) {
7754 av_log(c->fc, AV_LOG_WARNING, "Unsupported SAND box version %d\n", version);
7755 return 0;
7756 }
7757
7758 st->disposition |= AV_DISPOSITION_NON_DIEGETIC;
7759
7760 return 0;
7761 }
7762
rb_size(AVIOContext * pb,uint64_t * value,int size)7763 static int rb_size(AVIOContext *pb, uint64_t* value, int size)
7764 {
7765 if (size == 0)
7766 *value = 0;
7767 else if (size == 1)
7768 *value = avio_r8(pb);
7769 else if (size == 2)
7770 *value = avio_rb16(pb);
7771 else if (size == 4)
7772 *value = avio_rb32(pb);
7773 else if (size == 8)
7774 *value = avio_rb64(pb);
7775 else
7776 return -1;
7777 return size;
7778 }
7779
mov_read_pitm(MOVContext * c,AVIOContext * pb,MOVAtom atom)7780 static int mov_read_pitm(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7781 {
7782 avio_rb32(pb); // version & flags.
7783 c->primary_item_id = avio_rb16(pb);
7784 return atom.size;
7785 }
7786
mov_read_iloc(MOVContext * c,AVIOContext * pb,MOVAtom atom)7787 static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7788 {
7789 int version, offset_size, length_size, base_offset_size, index_size;
7790 int item_count, extent_count;
7791 uint64_t base_offset, extent_offset, extent_length;
7792 uint8_t value;
7793 AVStream *st;
7794 MOVStreamContext *sc;
7795
7796 if (!c->is_still_picture_avif) {
7797 // * For non-avif, we simply ignore the iloc box.
7798 // * For animated avif, we don't care about the iloc box as all the
7799 // necessary information can be found in the moov box.
7800 return 0;
7801 }
7802
7803 if (c->fc->nb_streams) {
7804 av_log(c->fc, AV_LOG_INFO, "Duplicate iloc box found\n");
7805 return 0;
7806 }
7807
7808 st = avformat_new_stream(c->fc, NULL);
7809 if (!st)
7810 return AVERROR(ENOMEM);
7811 st->id = c->fc->nb_streams;
7812 sc = av_mallocz(sizeof(MOVStreamContext));
7813 if (!sc)
7814 return AVERROR(ENOMEM);
7815
7816 st->priv_data = sc;
7817 st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO;
7818 st->codecpar->codec_id = AV_CODEC_ID_AV1;
7819 sc->ffindex = st->index;
7820 c->trak_index = st->index;
7821 st->avg_frame_rate.num = st->avg_frame_rate.den = 1;
7822 st->time_base.num = st->time_base.den = 1;
7823 st->nb_frames = 1;
7824 sc->time_scale = 1;
7825 sc = st->priv_data;
7826 sc->pb = c->fc->pb;
7827 sc->pb_is_copied = 1;
7828
7829 version = avio_r8(pb);
7830 avio_rb24(pb); // flags.
7831
7832 value = avio_r8(pb);
7833 offset_size = (value >> 4) & 0xF;
7834 length_size = value & 0xF;
7835 value = avio_r8(pb);
7836 base_offset_size = (value >> 4) & 0xF;
7837 index_size = !version ? 0 : (value & 0xF);
7838 if (index_size) {
7839 av_log(c->fc, AV_LOG_ERROR, "iloc: index_size != 0 not supported.\n");
7840 return AVERROR_PATCHWELCOME;
7841 }
7842 item_count = (version < 2) ? avio_rb16(pb) : avio_rb32(pb);
7843
7844 // Populate the necessary fields used by mov_build_index.
7845 sc->stsc_count = 1;
7846 sc->stsc_data = av_malloc_array(1, sizeof(*sc->stsc_data));
7847 if (!sc->stsc_data)
7848 return AVERROR(ENOMEM);
7849 sc->stsc_data[0].first = 1;
7850 sc->stsc_data[0].count = 1;
7851 sc->stsc_data[0].id = 1;
7852 sc->chunk_count = 1;
7853 sc->chunk_offsets = av_malloc_array(1, sizeof(*sc->chunk_offsets));
7854 if (!sc->chunk_offsets)
7855 return AVERROR(ENOMEM);
7856 sc->sample_count = 1;
7857 sc->sample_sizes = av_malloc_array(1, sizeof(*sc->sample_sizes));
7858 if (!sc->sample_sizes)
7859 return AVERROR(ENOMEM);
7860 sc->stts_count = 1;
7861 sc->stts_data = av_malloc_array(1, sizeof(*sc->stts_data));
7862 if (!sc->stts_data)
7863 return AVERROR(ENOMEM);
7864 sc->stts_data[0].count = 1;
7865 // Not used for still images. But needed by mov_build_index.
7866 sc->stts_data[0].duration = 0;
7867
7868 for (int i = 0; i < item_count; i++) {
7869 int item_id = (version < 2) ? avio_rb16(pb) : avio_rb32(pb);
7870 if (avio_feof(pb))
7871 return AVERROR_INVALIDDATA;
7872 if (version > 0)
7873 avio_rb16(pb); // construction_method.
7874 avio_rb16(pb); // data_reference_index.
7875 if (rb_size(pb, &base_offset, base_offset_size) < 0)
7876 return AVERROR_INVALIDDATA;
7877 extent_count = avio_rb16(pb);
7878 if (extent_count > 1) {
7879 // For still AVIF images, we only support one extent item.
7880 av_log(c->fc, AV_LOG_ERROR, "iloc: extent_count > 1 not supported.\n");
7881 return AVERROR_PATCHWELCOME;
7882 }
7883 for (int j = 0; j < extent_count; j++) {
7884 if (rb_size(pb, &extent_offset, offset_size) < 0 ||
7885 rb_size(pb, &extent_length, length_size) < 0 ||
7886 base_offset > INT64_MAX - extent_offset)
7887 return AVERROR_INVALIDDATA;
7888 if (item_id == c->primary_item_id) {
7889 sc->sample_sizes[0] = extent_length;
7890 sc->chunk_offsets[0] = base_offset + extent_offset;
7891 }
7892 }
7893 }
7894
7895 mov_build_index(c, st);
7896
7897 // For still AVIF images, the iloc box contains all the necessary
7898 // information that would generally be provided by the moov box. So simply
7899 // mark that we have found the moov box so that parsing can continue.
7900 c->found_moov = 1;
7901
7902 return atom.size;
7903 }
7904
7905
7906 #ifdef OHOS_MOOV_LEVEL_META
mov_read_gnre(MOVContext * c,AVIOContext * pb,MOVAtom atom)7907 static int mov_read_gnre(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7908 {
7909 int32_t i = 0;
7910 if (atom.size > 0) {
7911 if (atom.size > FFMIN(INT_MAX, SIZE_MAX - 1))
7912 return AVERROR_INVALIDDATA;
7913 char* genre = av_mallocz(atom.size + 1); /* Add null terminator */
7914 if (!genre)
7915 return AVERROR(ENOMEM);
7916
7917 int ret = ffio_read_size(pb, genre, atom.size);
7918 if (ret < 0) {
7919 av_freep(&genre);
7920 return ret;
7921 }
7922 /* skip zero at head of genre from dual frame video */
7923 for (i = 0; i < atom.size; ++i) {
7924 if (genre[i] != 0) {
7925 break;
7926 }
7927 }
7928 av_dict_set(&c->fc->metadata, "genre", genre + i, AV_DICT_DONT_OVERWRITE);
7929 av_freep(&genre);
7930 }
7931 return 0;
7932 }
7933 #endif
7934
7935 #ifdef OHOS_AV3A_DEMUXER
mov_read_dca3(MOVContext * c,AVIOContext * pb,MOVAtom atom)7936 static int mov_read_dca3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7937 {
7938 int ret = 0;
7939 int i = 0;
7940 int nb_channels = 0;
7941 int nb_objects = 0;
7942 int buff_size = 0;
7943 AVStream *st = NULL;
7944 GetBitContext gb;
7945 uint8_t buffer[(AV3A_DCA3_BOX_MAX_SIZE + 1) + AV_INPUT_BUFFER_PADDING_SIZE];
7946 int audio_codec_id, sampling_frequency_index;
7947 int nn_type, content_type, channel_number_index, number_objects;
7948 int hoa_order, resolution_index, reserved;
7949 int bitrate_kbps;
7950
7951 if ((atom.size < AV3A_DCA3_BOX_MIN_SIZE) || (atom.size > AV3A_DCA3_BOX_MAX_SIZE)) {
7952 return AVERROR_INVALIDDATA;
7953 }
7954 buff_size = (int)(atom.size);
7955
7956 if ((ret = init_get_bits8(&gb, buffer, (AV3A_DCA3_BOX_MAX_SIZE + 1))) < 0) {
7957 return ret;
7958 }
7959
7960 if (c->fc->nb_streams < 1) {
7961 return 0;
7962 }
7963 st = c->fc->streams[c->fc->nb_streams - 1];
7964
7965 if ((ret = avio_read(pb, buffer, buff_size)) < 0) {
7966 return ret;
7967 }
7968
7969 audio_codec_id = get_bits(&gb, 4);
7970 if (audio_codec_id != AV3A_LOSSY_CODEC_ID) {
7971 return AVERROR_INVALIDDATA;
7972 }
7973
7974 st->codecpar->frame_size = AV3A_AUDIO_FRAME_SIZE;
7975 sampling_frequency_index = get_bits(&gb, 4);
7976 if ((sampling_frequency_index >= AV3A_FS_TABLE_SIZE) || (sampling_frequency_index < 0)) {
7977 return AVERROR_INVALIDDATA;
7978 }
7979 st->codecpar->sample_rate = ff_av3a_sampling_rate_table[sampling_frequency_index];
7980
7981 nn_type = get_bits(&gb, 3);
7982 if ((nn_type > AV3A_LC_NN_TYPE) || (nn_type < AV3A_BASELINE_NN_TYPE)) {
7983 return AVERROR_INVALIDDATA;
7984 }
7985
7986 reserved = get_bits(&gb, 1);
7987 content_type = get_bits(&gb, 4);
7988 if (content_type == AV3A_CHANNEL_BASED_TYPE) {
7989 channel_number_index = get_bits(&gb, 7);
7990 reserved = get_bits(&gb, 1);
7991 if ((channel_number_index > CHANNEL_CONFIG_MC_7_1_4) ||
7992 (channel_number_index == CHANNEL_CONFIG_MC_10_2) ||
7993 (channel_number_index == CHANNEL_CONFIG_MC_22_2) ||
7994 (channel_number_index < CHANNEL_CONFIG_MONO)) {
7995 return AVERROR_INVALIDDATA;
7996 }
7997 nb_channels = ff_av3a_channels_map_table[channel_number_index].channels;
7998 } else if (content_type == AV3A_OBJECT_BASED_TYPE) {
7999 number_objects = get_bits(&gb, 7);
8000 reserved = get_bits(&gb, 1);
8001 nb_objects = number_objects;
8002 if (nb_objects < 1) {
8003 return AVERROR_INVALIDDATA;
8004 }
8005 } else if (content_type == AV3A_CHANNEL_OBJECT_TYPE) {
8006 channel_number_index = get_bits(&gb, 7);
8007 reserved = get_bits(&gb, 1);
8008 if ((channel_number_index > CHANNEL_CONFIG_MC_7_1_4) ||
8009 (channel_number_index == CHANNEL_CONFIG_MC_10_2) ||
8010 (channel_number_index == CHANNEL_CONFIG_MC_22_2) ||
8011 (channel_number_index < CHANNEL_CONFIG_STEREO)) {
8012 return AVERROR_INVALIDDATA;
8013 }
8014 number_objects = get_bits(&gb, 7);
8015 reserved = get_bits(&gb, 1);
8016 nb_channels = ff_av3a_channels_map_table[channel_number_index].channels;
8017 nb_objects = number_objects;
8018 if (nb_objects < 1) {
8019 return AVERROR_INVALIDDATA;
8020 }
8021 } else if (content_type == AV3A_AMBISONIC_TYPE) {
8022 hoa_order = get_bits(&gb, 4);
8023 if ((hoa_order < AV3A_AMBISONIC_FIRST_ORDER) || (hoa_order > AV3A_AMBISONIC_THIRD_ORDER)) {
8024 return AVERROR_INVALIDDATA;
8025 }
8026 nb_channels = (hoa_order + 1) * (hoa_order + 1);
8027 } else {
8028 return AVERROR_INVALIDDATA;
8029 }
8030
8031 bitrate_kbps = get_bits(&gb, 16);
8032 if (bitrate_kbps <= 0) {
8033 return AVERROR_INVALIDDATA;
8034 }
8035 st->codecpar->bit_rate = (int64_t)(bitrate_kbps * 1000);
8036
8037 resolution_index = get_bits(&gb, 2);
8038 if ((resolution_index >= AV3A_RESOLUTION_TABLE_SIZE) || (resolution_index < 0)) {
8039 return AVERROR_INVALIDDATA;
8040 }
8041 st->codecpar->format = ff_av3a_sample_format_map_table[resolution_index].sample_format;
8042 st->codecpar->bits_per_raw_sample = ff_av3a_sample_format_map_table[resolution_index].resolution;
8043
8044 av_channel_layout_uninit(&st->codecpar->ch_layout);
8045 if (content_type != AV3A_AMBISONIC_TYPE) {
8046 st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_CUSTOM;
8047 st->codecpar->ch_layout.nb_channels = (nb_channels + nb_objects);
8048 st->codecpar->ch_layout.u.map = av_calloc(st->codecpar->ch_layout.nb_channels, sizeof(AVChannelCustom));
8049 if (!st->codecpar->ch_layout.u.map) {
8050 return AVERROR(ENOMEM);
8051 }
8052
8053 if (content_type != AV3A_OBJECT_BASED_TYPE) {
8054 for (i = 0; i < nb_channels; i ++) {
8055 st->codecpar->ch_layout.u.map[i].id = ff_av3a_channels_map_table[channel_number_index].channel_layout[i];
8056 }
8057 }
8058
8059 for (i = nb_channels; i < st->codecpar->ch_layout.nb_channels; i++) {
8060 st->codecpar->ch_layout.u.map[i].id = AV3A_CH_AUDIO_OBJECT;
8061 }
8062 } else {
8063 st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_AMBISONIC;
8064 st->codecpar->ch_layout.nb_channels = nb_channels;
8065 }
8066
8067 return 0;
8068 }
8069 #endif
8070
8071 static const MOVParseTableEntry mov_default_parse_table[] = {
8072 { MKTAG('A','C','L','R'), mov_read_aclr },
8073 { MKTAG('A','P','R','G'), mov_read_avid },
8074 { MKTAG('A','A','L','P'), mov_read_avid },
8075 { MKTAG('A','R','E','S'), mov_read_ares },
8076 { MKTAG('a','v','s','s'), mov_read_avss },
8077 { MKTAG('a','v','1','C'), mov_read_glbl },
8078 { MKTAG('c','h','p','l'), mov_read_chpl },
8079 { MKTAG('c','o','6','4'), mov_read_stco },
8080 { MKTAG('c','o','l','r'), mov_read_colr },
8081 { MKTAG('c','t','t','s'), mov_read_ctts }, /* composition time to sample */
8082 { MKTAG('d','i','n','f'), mov_read_default },
8083 { MKTAG('D','p','x','E'), mov_read_dpxe },
8084 { MKTAG('d','r','e','f'), mov_read_dref },
8085 { MKTAG('e','d','t','s'), mov_read_default },
8086 { MKTAG('e','l','s','t'), mov_read_elst },
8087 { MKTAG('e','n','d','a'), mov_read_enda },
8088 { MKTAG('f','i','e','l'), mov_read_fiel },
8089 { MKTAG('a','d','r','m'), mov_read_adrm },
8090 { MKTAG('f','t','y','p'), mov_read_ftyp },
8091 { MKTAG('g','l','b','l'), mov_read_glbl },
8092 { MKTAG('h','d','l','r'), mov_read_hdlr },
8093 { MKTAG('i','l','s','t'), mov_read_ilst },
8094 { MKTAG('j','p','2','h'), mov_read_jp2h },
8095 { MKTAG('m','d','a','t'), mov_read_mdat },
8096 { MKTAG('m','d','h','d'), mov_read_mdhd },
8097 { MKTAG('m','d','i','a'), mov_read_default },
8098 { MKTAG('m','e','t','a'), mov_read_meta },
8099 { MKTAG('m','i','n','f'), mov_read_default },
8100 { MKTAG('m','o','o','f'), mov_read_moof },
8101 { MKTAG('m','o','o','v'), mov_read_moov },
8102 { MKTAG('m','v','e','x'), mov_read_default },
8103 { MKTAG('m','v','h','d'), mov_read_mvhd },
8104 { MKTAG('S','M','I',' '), mov_read_svq3 },
8105 { MKTAG('a','l','a','c'), mov_read_alac }, /* alac specific atom */
8106 { MKTAG('a','v','c','C'), mov_read_glbl },
8107 { MKTAG('p','a','s','p'), mov_read_pasp },
8108 { MKTAG('s','i','d','x'), mov_read_sidx },
8109 { MKTAG('s','t','b','l'), mov_read_default },
8110 { MKTAG('s','t','c','o'), mov_read_stco },
8111 { MKTAG('s','t','p','s'), mov_read_stps },
8112 { MKTAG('s','t','r','f'), mov_read_strf },
8113 { MKTAG('s','t','s','c'), mov_read_stsc },
8114 { MKTAG('s','t','s','d'), mov_read_stsd }, /* sample description */
8115 { MKTAG('s','t','s','s'), mov_read_stss }, /* sync sample */
8116 { MKTAG('s','t','s','z'), mov_read_stsz }, /* sample size */
8117 { MKTAG('s','t','t','s'), mov_read_stts },
8118 { MKTAG('s','t','z','2'), mov_read_stsz }, /* compact sample size */
8119 { MKTAG('s','d','t','p'), mov_read_sdtp }, /* independent and disposable samples */
8120 { MKTAG('t','k','h','d'), mov_read_tkhd }, /* track header */
8121 { MKTAG('t','f','d','t'), mov_read_tfdt },
8122 { MKTAG('t','f','h','d'), mov_read_tfhd }, /* track fragment header */
8123 { MKTAG('t','r','a','k'), mov_read_trak },
8124 { MKTAG('t','r','a','f'), mov_read_default },
8125 { MKTAG('t','r','e','f'), mov_read_default },
8126 { MKTAG('t','m','c','d'), mov_read_tmcd },
8127 { MKTAG('c','h','a','p'), mov_read_chap },
8128 { MKTAG('t','r','e','x'), mov_read_trex },
8129 { MKTAG('t','r','u','n'), mov_read_trun },
8130 { MKTAG('u','d','t','a'), mov_read_default },
8131 { MKTAG('w','a','v','e'), mov_read_wave },
8132 { MKTAG('e','s','d','s'), mov_read_esds },
8133 { MKTAG('d','a','c','3'), mov_read_dac3 }, /* AC-3 info */
8134 { MKTAG('d','e','c','3'), mov_read_dec3 }, /* EAC-3 info */
8135 { MKTAG('d','d','t','s'), mov_read_ddts }, /* DTS audio descriptor */
8136 { MKTAG('w','i','d','e'), mov_read_wide }, /* place holder */
8137 { MKTAG('w','f','e','x'), mov_read_wfex },
8138 { MKTAG('c','m','o','v'), mov_read_cmov },
8139 { MKTAG('c','h','a','n'), mov_read_chan }, /* channel layout */
8140 { MKTAG('d','v','c','1'), mov_read_dvc1 },
8141 { MKTAG('s','g','p','d'), mov_read_sgpd },
8142 { MKTAG('s','b','g','p'), mov_read_sbgp },
8143 { MKTAG('h','v','c','C'), mov_read_glbl },
8144 #ifdef OHOS_OPT_COMPAT
8145 { MKTAG('v','v','c','C'), mov_read_glbl },
8146 #endif
8147 { MKTAG('u','u','i','d'), mov_read_uuid },
8148 { MKTAG('C','i','n', 0x8e), mov_read_targa_y216 },
8149 { MKTAG('f','r','e','e'), mov_read_free },
8150 { MKTAG('-','-','-','-'), mov_read_custom },
8151 { MKTAG('s','i','n','f'), mov_read_default },
8152 { MKTAG('f','r','m','a'), mov_read_frma },
8153 { MKTAG('s','e','n','c'), mov_read_senc },
8154 { MKTAG('s','a','i','z'), mov_read_saiz },
8155 { MKTAG('s','a','i','o'), mov_read_saio },
8156 #ifdef OHOS_DRM
8157 { MKTAG('p','s','s','h'), mov_read_pssh_ex },
8158 #else
8159 { MKTAG('p','s','s','h'), mov_read_pssh },
8160 #endif
8161 { MKTAG('s','c','h','m'), mov_read_schm },
8162 { MKTAG('s','c','h','i'), mov_read_default },
8163 { MKTAG('t','e','n','c'), mov_read_tenc },
8164 { MKTAG('d','f','L','a'), mov_read_dfla },
8165 { MKTAG('s','t','3','d'), mov_read_st3d }, /* stereoscopic 3D video box */
8166 { MKTAG('s','v','3','d'), mov_read_sv3d }, /* spherical video box */
8167 { MKTAG('d','O','p','s'), mov_read_dops },
8168 { MKTAG('d','m','l','p'), mov_read_dmlp },
8169 { MKTAG('S','m','D','m'), mov_read_smdm },
8170 { MKTAG('C','o','L','L'), mov_read_coll },
8171 { MKTAG('v','p','c','C'), mov_read_vpcc },
8172 { MKTAG('m','d','c','v'), mov_read_mdcv },
8173 { MKTAG('c','l','l','i'), mov_read_clli },
8174 { MKTAG('d','v','c','C'), mov_read_dvcc_dvvc },
8175 { MKTAG('d','v','v','C'), mov_read_dvcc_dvvc },
8176 { MKTAG('d','v','w','C'), mov_read_dvcc_dvvc },
8177 { MKTAG('k','i','n','d'), mov_read_kind },
8178 { MKTAG('S','A','3','D'), mov_read_SA3D }, /* ambisonic audio box */
8179 { MKTAG('S','A','N','D'), mov_read_SAND }, /* non diegetic audio box */
8180 { MKTAG('i','l','o','c'), mov_read_iloc },
8181 { MKTAG('p','c','m','C'), mov_read_pcmc }, /* PCM configuration box */
8182 { MKTAG('p','i','t','m'), mov_read_pitm },
8183 #ifdef OHOS_TIMED_META_TRACK
8184 { MKTAG('c','d','s','c'), mov_read_cdsc },
8185 #endif
8186 #ifdef OHOS_AV3A_DEMUXER
8187 { MKTAG('d','c','a','3'), mov_read_dca3 },
8188 #endif
8189 { 0, NULL }
8190 };
8191
mov_read_default(MOVContext * c,AVIOContext * pb,MOVAtom atom)8192 static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom)
8193 {
8194 int64_t total_size = 0;
8195 MOVAtom a;
8196 int i;
8197
8198 if (c->atom_depth > 10) {
8199 av_log(c->fc, AV_LOG_ERROR, "Atoms too deeply nested\n");
8200 return AVERROR_INVALIDDATA;
8201 }
8202 c->atom_depth ++;
8203
8204 if (atom.size < 0)
8205 atom.size = INT64_MAX;
8206 while (total_size <= atom.size - 8) {
8207 int (*parse)(MOVContext*, AVIOContext*, MOVAtom) = NULL;
8208 a.size = avio_rb32(pb);
8209 a.type = avio_rl32(pb);
8210 if (avio_feof(pb))
8211 break;
8212 if (((a.type == MKTAG('f','r','e','e') && c->moov_retry) ||
8213 a.type == MKTAG('h','o','o','v')) &&
8214 a.size >= 8 &&
8215 c->fc->strict_std_compliance < FF_COMPLIANCE_STRICT) {
8216 uint32_t type;
8217 avio_skip(pb, 4);
8218 type = avio_rl32(pb);
8219 if (avio_feof(pb))
8220 break;
8221 avio_seek(pb, -8, SEEK_CUR);
8222 if (type == MKTAG('m','v','h','d') ||
8223 type == MKTAG('c','m','o','v')) {
8224 av_log(c->fc, AV_LOG_ERROR, "Detected moov in a free or hoov atom.\n");
8225 a.type = MKTAG('m','o','o','v');
8226 }
8227 }
8228 if (atom.type != MKTAG('r','o','o','t') &&
8229 atom.type != MKTAG('m','o','o','v')) {
8230 if (a.type == MKTAG('t','r','a','k') ||
8231 a.type == MKTAG('m','d','a','t')) {
8232 av_log(c->fc, AV_LOG_ERROR, "Broken file, trak/mdat not at top-level\n");
8233 avio_skip(pb, -8);
8234 c->atom_depth --;
8235 return 0;
8236 }
8237 }
8238 total_size += 8;
8239 if (a.size == 1 && total_size + 8 <= atom.size) { /* 64 bit extended size */
8240 a.size = avio_rb64(pb) - 8;
8241 total_size += 8;
8242 }
8243 av_log(c->fc, AV_LOG_TRACE, "type:'%s' parent:'%s' sz: %"PRId64" %"PRId64" %"PRId64"\n",
8244 av_fourcc2str(a.type), av_fourcc2str(atom.type), a.size, total_size, atom.size);
8245 if (a.size == 0) {
8246 a.size = atom.size - total_size + 8;
8247 }
8248 if (a.size < 0)
8249 break;
8250 a.size -= 8;
8251 if (a.size < 0)
8252 break;
8253 a.size = FFMIN(a.size, atom.size - total_size);
8254
8255 for (i = 0; mov_default_parse_table[i].type; i++)
8256 if (mov_default_parse_table[i].type == a.type) {
8257 parse = mov_default_parse_table[i].parse;
8258 break;
8259 }
8260
8261 // container is user data
8262 if (!parse && (atom.type == MKTAG('u','d','t','a') ||
8263 atom.type == MKTAG('i','l','s','t')))
8264 parse = mov_read_udta_string;
8265
8266 #ifdef OHOS_MOOV_LEVEL_META
8267 // support moov gnre info
8268 if (!parse && a.type == MKTAG('g','n','r','e')) {
8269 parse = mov_read_gnre;
8270 }
8271 #endif
8272
8273 // Supports parsing the QuickTime Metadata Keys.
8274 // https://developer.apple.com/library/mac/documentation/QuickTime/QTFF/Metadata/Metadata.html
8275 if (!parse && c->found_hdlr_mdta &&
8276 atom.type == MKTAG('m','e','t','a') &&
8277 a.type == MKTAG('k','e','y','s') &&
8278 c->meta_keys_count == 0) {
8279 parse = mov_read_keys;
8280 }
8281
8282 if (!parse) { /* skip leaf atoms data */
8283 avio_skip(pb, a.size);
8284 } else {
8285 int64_t start_pos = avio_tell(pb);
8286 int64_t left;
8287 int err = parse(c, pb, a);
8288 if (err < 0) {
8289 c->atom_depth --;
8290 return err;
8291 }
8292 if (c->found_moov && c->found_mdat && a.size <= INT64_MAX - start_pos &&
8293 ((!(pb->seekable & AVIO_SEEKABLE_NORMAL) || c->fc->flags & AVFMT_FLAG_IGNIDX || c->frag_index.complete) ||
8294 start_pos + a.size == avio_size(pb))) {
8295 if (!(pb->seekable & AVIO_SEEKABLE_NORMAL) || c->fc->flags & AVFMT_FLAG_IGNIDX || c->frag_index.complete)
8296 c->next_root_atom = start_pos + a.size;
8297 c->atom_depth --;
8298 return 0;
8299 }
8300 left = a.size - avio_tell(pb) + start_pos;
8301 if (left > 0) /* skip garbage at atom end */
8302 avio_skip(pb, left);
8303 else if (left < 0) {
8304 av_log(c->fc, AV_LOG_WARNING,
8305 "overread end of atom '%s' by %"PRId64" bytes\n",
8306 av_fourcc2str(a.type), -left);
8307 avio_seek(pb, left, SEEK_CUR);
8308 }
8309 }
8310
8311 total_size += a.size;
8312 }
8313
8314 if (total_size < atom.size && atom.size < 0x7ffff)
8315 avio_skip(pb, atom.size - total_size);
8316
8317 c->atom_depth --;
8318 return 0;
8319 }
8320
mov_probe(const AVProbeData * p)8321 static int mov_probe(const AVProbeData *p)
8322 {
8323 int64_t offset;
8324 uint32_t tag;
8325 int score = 0;
8326 int moov_offset = -1;
8327
8328 /* check file header */
8329 offset = 0;
8330 for (;;) {
8331 int64_t size;
8332 int minsize = 8;
8333 /* ignore invalid offset */
8334 if ((offset + 8ULL) > (unsigned int)p->buf_size)
8335 break;
8336 size = AV_RB32(p->buf + offset);
8337 if (size == 1 && offset + 16 <= (unsigned int)p->buf_size) {
8338 size = AV_RB64(p->buf+offset + 8);
8339 minsize = 16;
8340 } else if (size == 0) {
8341 size = p->buf_size - offset;
8342 }
8343 if (size < minsize) {
8344 offset += 4;
8345 continue;
8346 }
8347 tag = AV_RL32(p->buf + offset + 4);
8348 switch(tag) {
8349 /* check for obvious tags */
8350 case MKTAG('m','o','o','v'):
8351 moov_offset = offset + 4;
8352 case MKTAG('m','d','a','t'):
8353 case MKTAG('p','n','o','t'): /* detect movs with preview pics like ew.mov and april.mov */
8354 case MKTAG('u','d','t','a'): /* Packet Video PVAuthor adds this and a lot of more junk */
8355 case MKTAG('f','t','y','p'):
8356 if (tag == MKTAG('f','t','y','p') &&
8357 ( AV_RL32(p->buf + offset + 8) == MKTAG('j','p','2',' ')
8358 || AV_RL32(p->buf + offset + 8) == MKTAG('j','p','x',' ')
8359 || AV_RL32(p->buf + offset + 8) == MKTAG('j','x','l',' ')
8360 )) {
8361 score = FFMAX(score, 5);
8362 } else {
8363 score = AVPROBE_SCORE_MAX;
8364 }
8365 break;
8366 /* those are more common words, so rate then a bit less */
8367 case MKTAG('e','d','i','w'): /* xdcam files have reverted first tags */
8368 case MKTAG('w','i','d','e'):
8369 case MKTAG('f','r','e','e'):
8370 case MKTAG('j','u','n','k'):
8371 case MKTAG('p','i','c','t'):
8372 score = FFMAX(score, AVPROBE_SCORE_MAX - 5);
8373 break;
8374 case MKTAG(0x82,0x82,0x7f,0x7d):
8375 case MKTAG('s','k','i','p'):
8376 case MKTAG('u','u','i','d'):
8377 case MKTAG('p','r','f','l'):
8378 /* if we only find those cause probedata is too small at least rate them */
8379 score = FFMAX(score, AVPROBE_SCORE_EXTENSION);
8380 break;
8381 }
8382 if (size > INT64_MAX - offset)
8383 break;
8384 offset += size;
8385 }
8386 if (score > AVPROBE_SCORE_MAX - 50 && moov_offset != -1) {
8387 /* moov atom in the header - we should make sure that this is not a
8388 * MOV-packed MPEG-PS */
8389 offset = moov_offset;
8390
8391 while (offset < (p->buf_size - 16)) { /* Sufficient space */
8392 /* We found an actual hdlr atom */
8393 if (AV_RL32(p->buf + offset ) == MKTAG('h','d','l','r') &&
8394 AV_RL32(p->buf + offset + 8) == MKTAG('m','h','l','r') &&
8395 AV_RL32(p->buf + offset + 12) == MKTAG('M','P','E','G')) {
8396 av_log(NULL, AV_LOG_WARNING, "Found media data tag MPEG indicating this is a MOV-packed MPEG-PS.\n");
8397 /* We found a media handler reference atom describing an
8398 * MPEG-PS-in-MOV, return a
8399 * low score to force expanding the probe window until
8400 * mpegps_probe finds what it needs */
8401 return 5;
8402 } else {
8403 /* Keep looking */
8404 offset += 2;
8405 }
8406 }
8407 }
8408
8409 return score;
8410 }
8411
8412 // must be done after parsing all trak because there's no order requirement
mov_read_chapters(AVFormatContext * s)8413 static void mov_read_chapters(AVFormatContext *s)
8414 {
8415 MOVContext *mov = s->priv_data;
8416 MOVStreamContext *sc;
8417 int64_t cur_pos;
8418 int i, j;
8419 int chapter_track;
8420
8421 for (j = 0; j < mov->nb_chapter_tracks; j++) {
8422 AVStream *st = NULL;
8423 FFStream *sti = NULL;
8424 chapter_track = mov->chapter_tracks[j];
8425 for (i = 0; i < s->nb_streams; i++)
8426 if (s->streams[i]->id == chapter_track) {
8427 st = s->streams[i];
8428 break;
8429 }
8430 if (!st) {
8431 av_log(s, AV_LOG_ERROR, "Referenced QT chapter track not found\n");
8432 continue;
8433 }
8434 sti = ffstream(st);
8435
8436 sc = st->priv_data;
8437 cur_pos = avio_tell(sc->pb);
8438
8439 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) {
8440 st->disposition |= AV_DISPOSITION_ATTACHED_PIC | AV_DISPOSITION_TIMED_THUMBNAILS;
8441 if (sti->nb_index_entries) {
8442 // Retrieve the first frame, if possible
8443 AVIndexEntry *sample = &sti->index_entries[0];
8444 if (avio_seek(sc->pb, sample->pos, SEEK_SET) != sample->pos) {
8445 av_log(s, AV_LOG_ERROR, "Failed to retrieve first frame\n");
8446 goto finish;
8447 }
8448
8449 if (ff_add_attached_pic(s, st, sc->pb, NULL, sample->size) < 0)
8450 goto finish;
8451 }
8452 } else {
8453 st->codecpar->codec_type = AVMEDIA_TYPE_DATA;
8454 st->codecpar->codec_id = AV_CODEC_ID_BIN_DATA;
8455 st->discard = AVDISCARD_ALL;
8456 for (int i = 0; i < sti->nb_index_entries; i++) {
8457 AVIndexEntry *sample = &sti->index_entries[i];
8458 int64_t end = i+1 < sti->nb_index_entries ? sti->index_entries[i+1].timestamp : st->duration;
8459 uint8_t *title;
8460 uint16_t ch;
8461 int len, title_len;
8462
8463 if (end < sample->timestamp) {
8464 av_log(s, AV_LOG_WARNING, "ignoring stream duration which is shorter than chapters\n");
8465 end = AV_NOPTS_VALUE;
8466 }
8467
8468 if (avio_seek(sc->pb, sample->pos, SEEK_SET) != sample->pos) {
8469 av_log(s, AV_LOG_ERROR, "Chapter %d not found in file\n", i);
8470 goto finish;
8471 }
8472
8473 // the first two bytes are the length of the title
8474 len = avio_rb16(sc->pb);
8475 if (len > sample->size-2)
8476 continue;
8477 title_len = 2*len + 1;
8478 if (!(title = av_mallocz(title_len)))
8479 goto finish;
8480
8481 // The samples could theoretically be in any encoding if there's an encd
8482 // atom following, but in practice are only utf-8 or utf-16, distinguished
8483 // instead by the presence of a BOM
8484 if (!len) {
8485 title[0] = 0;
8486 } else {
8487 ch = avio_rb16(sc->pb);
8488 if (ch == 0xfeff)
8489 avio_get_str16be(sc->pb, len, title, title_len);
8490 else if (ch == 0xfffe)
8491 avio_get_str16le(sc->pb, len, title, title_len);
8492 else {
8493 AV_WB16(title, ch);
8494 if (len == 1 || len == 2)
8495 title[len] = 0;
8496 else
8497 avio_get_str(sc->pb, INT_MAX, title + 2, len - 1);
8498 }
8499 }
8500
8501 avpriv_new_chapter(s, i, st->time_base, sample->timestamp, end, title);
8502 av_freep(&title);
8503 }
8504 }
8505 finish:
8506 avio_seek(sc->pb, cur_pos, SEEK_SET);
8507 }
8508 }
8509
parse_timecode_in_framenum_format(AVFormatContext * s,AVStream * st,int64_t value,int flags)8510 static int parse_timecode_in_framenum_format(AVFormatContext *s, AVStream *st,
8511 int64_t value, int flags)
8512 {
8513 AVTimecode tc;
8514 char buf[AV_TIMECODE_STR_SIZE];
8515 AVRational rate = st->avg_frame_rate;
8516 int ret = av_timecode_init(&tc, rate, flags, 0, s);
8517 if (ret < 0)
8518 return ret;
8519 av_dict_set(&st->metadata, "timecode",
8520 av_timecode_make_string(&tc, buf, value), 0);
8521 return 0;
8522 }
8523
mov_read_rtmd_track(AVFormatContext * s,AVStream * st)8524 static int mov_read_rtmd_track(AVFormatContext *s, AVStream *st)
8525 {
8526 MOVStreamContext *sc = st->priv_data;
8527 FFStream *const sti = ffstream(st);
8528 char buf[AV_TIMECODE_STR_SIZE];
8529 int64_t cur_pos = avio_tell(sc->pb);
8530 int hh, mm, ss, ff, drop;
8531
8532 if (!sti->nb_index_entries)
8533 return -1;
8534
8535 avio_seek(sc->pb, sti->index_entries->pos, SEEK_SET);
8536 avio_skip(s->pb, 13);
8537 hh = avio_r8(s->pb);
8538 mm = avio_r8(s->pb);
8539 ss = avio_r8(s->pb);
8540 drop = avio_r8(s->pb);
8541 ff = avio_r8(s->pb);
8542 snprintf(buf, AV_TIMECODE_STR_SIZE, "%02d:%02d:%02d%c%02d",
8543 hh, mm, ss, drop ? ';' : ':', ff);
8544 av_dict_set(&st->metadata, "timecode", buf, 0);
8545
8546 avio_seek(sc->pb, cur_pos, SEEK_SET);
8547 return 0;
8548 }
8549
mov_read_timecode_track(AVFormatContext * s,AVStream * st)8550 static int mov_read_timecode_track(AVFormatContext *s, AVStream *st)
8551 {
8552 MOVStreamContext *sc = st->priv_data;
8553 FFStream *const sti = ffstream(st);
8554 int flags = 0;
8555 int64_t cur_pos = avio_tell(sc->pb);
8556 int64_t value;
8557 AVRational tc_rate = st->avg_frame_rate;
8558 int tmcd_nb_frames = sc->tmcd_nb_frames;
8559 int rounded_tc_rate;
8560
8561 if (!sti->nb_index_entries)
8562 return -1;
8563
8564 if (!tc_rate.num || !tc_rate.den || !tmcd_nb_frames)
8565 return -1;
8566
8567 avio_seek(sc->pb, sti->index_entries->pos, SEEK_SET);
8568 value = avio_rb32(s->pb);
8569
8570 if (sc->tmcd_flags & 0x0001) flags |= AV_TIMECODE_FLAG_DROPFRAME;
8571 if (sc->tmcd_flags & 0x0002) flags |= AV_TIMECODE_FLAG_24HOURSMAX;
8572 if (sc->tmcd_flags & 0x0004) flags |= AV_TIMECODE_FLAG_ALLOWNEGATIVE;
8573
8574 /* Assume Counter flag is set to 1 in tmcd track (even though it is likely
8575 * not the case) and thus assume "frame number format" instead of QT one.
8576 * No sample with tmcd track can be found with a QT timecode at the moment,
8577 * despite what the tmcd track "suggests" (Counter flag set to 0 means QT
8578 * format). */
8579
8580 /* 60 fps content have tmcd_nb_frames set to 30 but tc_rate set to 60, so
8581 * we multiply the frame number with the quotient.
8582 * See tickets #9492, #9710. */
8583 rounded_tc_rate = (tc_rate.num + tc_rate.den / 2) / tc_rate.den;
8584 /* Work around files where tmcd_nb_frames is rounded down from frame rate
8585 * instead of up. See ticket #5978. */
8586 if (tmcd_nb_frames == tc_rate.num / tc_rate.den &&
8587 s->strict_std_compliance < FF_COMPLIANCE_STRICT)
8588 tmcd_nb_frames = rounded_tc_rate;
8589 value = av_rescale(value, rounded_tc_rate, tmcd_nb_frames);
8590
8591 parse_timecode_in_framenum_format(s, st, value, flags);
8592
8593 avio_seek(sc->pb, cur_pos, SEEK_SET);
8594 return 0;
8595 }
8596
mov_free_encryption_index(MOVEncryptionIndex ** index)8597 static void mov_free_encryption_index(MOVEncryptionIndex **index) {
8598 int i;
8599 if (!index || !*index) return;
8600 for (i = 0; i < (*index)->nb_encrypted_samples; i++) {
8601 av_encryption_info_free((*index)->encrypted_samples[i]);
8602 }
8603 av_freep(&(*index)->encrypted_samples);
8604 av_freep(&(*index)->auxiliary_info_sizes);
8605 av_freep(&(*index)->auxiliary_offsets);
8606 av_freep(index);
8607 }
8608
mov_read_close(AVFormatContext * s)8609 static int mov_read_close(AVFormatContext *s)
8610 {
8611 MOVContext *mov = s->priv_data;
8612 int i, j;
8613
8614 for (i = 0; i < s->nb_streams; i++) {
8615 AVStream *st = s->streams[i];
8616 MOVStreamContext *sc = st->priv_data;
8617
8618 #ifdef OHOS_EXPAND_MP4_INFO
8619 if (st->stts_data != NULL) {
8620 free(st->stts_data);
8621 st->stts_data = NULL;
8622 }
8623
8624 if (st->ctts_data != NULL) {
8625 free(st->ctts_data);
8626 st->ctts_data = NULL;
8627 }
8628 #endif
8629
8630 if (!sc)
8631 continue;
8632
8633 av_freep(&sc->ctts_data);
8634 for (j = 0; j < sc->drefs_count; j++) {
8635 av_freep(&sc->drefs[j].path);
8636 av_freep(&sc->drefs[j].dir);
8637 }
8638 av_freep(&sc->drefs);
8639
8640 sc->drefs_count = 0;
8641
8642 if (!sc->pb_is_copied)
8643 ff_format_io_close(s, &sc->pb);
8644
8645 sc->pb = NULL;
8646 av_freep(&sc->chunk_offsets);
8647 av_freep(&sc->stsc_data);
8648 av_freep(&sc->sample_sizes);
8649 av_freep(&sc->keyframes);
8650 av_freep(&sc->stts_data);
8651 av_freep(&sc->sdtp_data);
8652 av_freep(&sc->stps_data);
8653 av_freep(&sc->elst_data);
8654 av_freep(&sc->rap_group);
8655 av_freep(&sc->sync_group);
8656 av_freep(&sc->sgpd_sync);
8657 av_freep(&sc->sample_offsets);
8658 av_freep(&sc->open_key_samples);
8659 av_freep(&sc->display_matrix);
8660 av_freep(&sc->index_ranges);
8661
8662 if (sc->extradata)
8663 for (j = 0; j < sc->stsd_count; j++)
8664 av_free(sc->extradata[j]);
8665 av_freep(&sc->extradata);
8666 av_freep(&sc->extradata_size);
8667
8668 mov_free_encryption_index(&sc->cenc.encryption_index);
8669 av_encryption_info_free(sc->cenc.default_encrypted_sample);
8670 av_aes_ctr_free(sc->cenc.aes_ctr);
8671
8672 av_freep(&sc->stereo3d);
8673 av_freep(&sc->spherical);
8674 av_freep(&sc->mastering);
8675 av_freep(&sc->coll);
8676 }
8677
8678 av_freep(&mov->dv_demux);
8679 avformat_free_context(mov->dv_fctx);
8680 mov->dv_fctx = NULL;
8681
8682 if (mov->meta_keys) {
8683 for (i = 1; i < mov->meta_keys_count; i++) {
8684 av_freep(&mov->meta_keys[i]);
8685 }
8686 av_freep(&mov->meta_keys);
8687 }
8688
8689 av_freep(&mov->trex_data);
8690 av_freep(&mov->bitrates);
8691
8692 for (i = 0; i < mov->frag_index.nb_items; i++) {
8693 MOVFragmentStreamInfo *frag = mov->frag_index.item[i].stream_info;
8694 for (j = 0; j < mov->frag_index.item[i].nb_stream_info; j++) {
8695 mov_free_encryption_index(&frag[j].encryption_index);
8696 }
8697 av_freep(&mov->frag_index.item[i].stream_info);
8698 }
8699 av_freep(&mov->frag_index.item);
8700
8701 av_freep(&mov->aes_decrypt);
8702 av_freep(&mov->chapter_tracks);
8703
8704 return 0;
8705 }
8706
tmcd_is_referenced(AVFormatContext * s,int tmcd_id)8707 static int tmcd_is_referenced(AVFormatContext *s, int tmcd_id)
8708 {
8709 int i;
8710
8711 for (i = 0; i < s->nb_streams; i++) {
8712 AVStream *st = s->streams[i];
8713 MOVStreamContext *sc = st->priv_data;
8714
8715 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO &&
8716 sc->timecode_track == tmcd_id)
8717 return 1;
8718 }
8719 return 0;
8720 }
8721
8722 /* look for a tmcd track not referenced by any video track, and export it globally */
export_orphan_timecode(AVFormatContext * s)8723 static void export_orphan_timecode(AVFormatContext *s)
8724 {
8725 int i;
8726
8727 for (i = 0; i < s->nb_streams; i++) {
8728 AVStream *st = s->streams[i];
8729
8730 if (st->codecpar->codec_tag == MKTAG('t','m','c','d') &&
8731 !tmcd_is_referenced(s, i + 1)) {
8732 AVDictionaryEntry *tcr = av_dict_get(st->metadata, "timecode", NULL, 0);
8733 if (tcr) {
8734 av_dict_set(&s->metadata, "timecode", tcr->value, 0);
8735 break;
8736 }
8737 }
8738 }
8739 }
8740
read_tfra(MOVContext * mov,AVIOContext * f)8741 static int read_tfra(MOVContext *mov, AVIOContext *f)
8742 {
8743 int version, fieldlength, i, j;
8744 int64_t pos = avio_tell(f);
8745 uint32_t size = avio_rb32(f);
8746 unsigned track_id, item_count;
8747
8748 if (avio_rb32(f) != MKBETAG('t', 'f', 'r', 'a')) {
8749 return 1;
8750 }
8751 av_log(mov->fc, AV_LOG_VERBOSE, "found tfra\n");
8752
8753 version = avio_r8(f);
8754 avio_rb24(f);
8755 track_id = avio_rb32(f);
8756 fieldlength = avio_rb32(f);
8757 item_count = avio_rb32(f);
8758 for (i = 0; i < item_count; i++) {
8759 int64_t time, offset;
8760 int index;
8761 MOVFragmentStreamInfo * frag_stream_info;
8762
8763 if (avio_feof(f)) {
8764 return AVERROR_INVALIDDATA;
8765 }
8766
8767 if (version == 1) {
8768 time = avio_rb64(f);
8769 offset = avio_rb64(f);
8770 } else {
8771 time = avio_rb32(f);
8772 offset = avio_rb32(f);
8773 }
8774
8775 // The first sample of each stream in a fragment is always a random
8776 // access sample. So it's entry in the tfra can be used as the
8777 // initial PTS of the fragment.
8778 index = update_frag_index(mov, offset);
8779 frag_stream_info = get_frag_stream_info(&mov->frag_index, index, track_id);
8780 if (frag_stream_info &&
8781 frag_stream_info->first_tfra_pts == AV_NOPTS_VALUE)
8782 frag_stream_info->first_tfra_pts = time;
8783
8784 for (j = 0; j < ((fieldlength >> 4) & 3) + 1; j++)
8785 avio_r8(f);
8786 for (j = 0; j < ((fieldlength >> 2) & 3) + 1; j++)
8787 avio_r8(f);
8788 for (j = 0; j < ((fieldlength >> 0) & 3) + 1; j++)
8789 avio_r8(f);
8790 }
8791
8792 avio_seek(f, pos + size, SEEK_SET);
8793 return 0;
8794 }
8795
mov_read_mfra(MOVContext * c,AVIOContext * f)8796 static int mov_read_mfra(MOVContext *c, AVIOContext *f)
8797 {
8798 int64_t stream_size = avio_size(f);
8799 int64_t original_pos = avio_tell(f);
8800 int64_t seek_ret;
8801 int ret = -1;
8802 if ((seek_ret = avio_seek(f, stream_size - 4, SEEK_SET)) < 0) {
8803 ret = seek_ret;
8804 goto fail;
8805 }
8806 c->mfra_size = avio_rb32(f);
8807 c->have_read_mfra_size = 1;
8808 if (!c->mfra_size || c->mfra_size > stream_size) {
8809 av_log(c->fc, AV_LOG_DEBUG, "doesn't look like mfra (unreasonable size)\n");
8810 goto fail;
8811 }
8812 if ((seek_ret = avio_seek(f, -((int64_t) c->mfra_size), SEEK_CUR)) < 0) {
8813 ret = seek_ret;
8814 goto fail;
8815 }
8816 if (avio_rb32(f) != c->mfra_size) {
8817 av_log(c->fc, AV_LOG_DEBUG, "doesn't look like mfra (size mismatch)\n");
8818 goto fail;
8819 }
8820 if (avio_rb32(f) != MKBETAG('m', 'f', 'r', 'a')) {
8821 av_log(c->fc, AV_LOG_DEBUG, "doesn't look like mfra (tag mismatch)\n");
8822 goto fail;
8823 }
8824 av_log(c->fc, AV_LOG_VERBOSE, "stream has mfra\n");
8825 do {
8826 ret = read_tfra(c, f);
8827 if (ret < 0)
8828 goto fail;
8829 } while (!ret);
8830 ret = 0;
8831 c->frag_index.complete = 1;
8832 fail:
8833 seek_ret = avio_seek(f, original_pos, SEEK_SET);
8834 if (seek_ret < 0) {
8835 av_log(c->fc, AV_LOG_ERROR,
8836 "failed to seek back after looking for mfra\n");
8837 ret = seek_ret;
8838 }
8839 return ret;
8840 }
8841
mov_read_header(AVFormatContext * s)8842 static int mov_read_header(AVFormatContext *s)
8843 {
8844 MOVContext *mov = s->priv_data;
8845 AVIOContext *pb = s->pb;
8846 int j, err;
8847 MOVAtom atom = { AV_RL32("root") };
8848 int i;
8849
8850 if (mov->decryption_key_len != 0 && mov->decryption_key_len != AES_CTR_KEY_SIZE) {
8851 av_log(s, AV_LOG_ERROR, "Invalid decryption key len %d expected %d\n",
8852 mov->decryption_key_len, AES_CTR_KEY_SIZE);
8853 return AVERROR(EINVAL);
8854 }
8855
8856 mov->fc = s;
8857 mov->trak_index = -1;
8858 /* .mov and .mp4 aren't streamable anyway (only progressive download if moov is before mdat) */
8859 if (pb->seekable & AVIO_SEEKABLE_NORMAL)
8860 atom.size = avio_size(pb);
8861 else
8862 atom.size = INT64_MAX;
8863
8864 /* check MOV header */
8865 do {
8866 if (mov->moov_retry)
8867 avio_seek(pb, 0, SEEK_SET);
8868 if ((err = mov_read_default(mov, pb, atom)) < 0) {
8869 av_log(s, AV_LOG_ERROR, "error reading header\n");
8870 return err;
8871 }
8872 } while ((pb->seekable & AVIO_SEEKABLE_NORMAL) && !mov->found_moov && !mov->moov_retry++);
8873 if (!mov->found_moov) {
8874 av_log(s, AV_LOG_ERROR, "moov atom not found\n");
8875 return AVERROR_INVALIDDATA;
8876 }
8877 av_log(mov->fc, AV_LOG_TRACE, "on_parse_exit_offset=%"PRId64"\n", avio_tell(pb));
8878
8879 if (pb->seekable & AVIO_SEEKABLE_NORMAL) {
8880 if (mov->nb_chapter_tracks > 0 && !mov->ignore_chapters)
8881 mov_read_chapters(s);
8882 for (i = 0; i < s->nb_streams; i++)
8883 if (s->streams[i]->codecpar->codec_tag == AV_RL32("tmcd")) {
8884 mov_read_timecode_track(s, s->streams[i]);
8885 } else if (s->streams[i]->codecpar->codec_tag == AV_RL32("rtmd")) {
8886 mov_read_rtmd_track(s, s->streams[i]);
8887 }
8888 }
8889
8890 /* copy timecode metadata from tmcd tracks to the related video streams */
8891 for (i = 0; i < s->nb_streams; i++) {
8892 AVStream *st = s->streams[i];
8893 MOVStreamContext *sc = st->priv_data;
8894 if (sc->timecode_track > 0) {
8895 AVDictionaryEntry *tcr;
8896 int tmcd_st_id = -1;
8897
8898 for (j = 0; j < s->nb_streams; j++)
8899 if (s->streams[j]->id == sc->timecode_track)
8900 tmcd_st_id = j;
8901
8902 if (tmcd_st_id < 0 || tmcd_st_id == i)
8903 continue;
8904 tcr = av_dict_get(s->streams[tmcd_st_id]->metadata, "timecode", NULL, 0);
8905 if (tcr)
8906 av_dict_set(&st->metadata, "timecode", tcr->value, 0);
8907 }
8908 }
8909 export_orphan_timecode(s);
8910
8911 for (i = 0; i < s->nb_streams; i++) {
8912 AVStream *st = s->streams[i];
8913 FFStream *const sti = ffstream(st);
8914 MOVStreamContext *sc = st->priv_data;
8915 fix_timescale(mov, sc);
8916 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO &&
8917 st->codecpar->codec_id == AV_CODEC_ID_AAC) {
8918 sti->skip_samples = sc->start_pad;
8919 }
8920 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO && sc->nb_frames_for_fps > 0 && sc->duration_for_fps > 0)
8921 av_reduce(&st->avg_frame_rate.num, &st->avg_frame_rate.den,
8922 sc->time_scale*(int64_t)sc->nb_frames_for_fps, sc->duration_for_fps, INT_MAX);
8923 if (st->codecpar->codec_type == AVMEDIA_TYPE_SUBTITLE) {
8924 if (st->codecpar->width <= 0 || st->codecpar->height <= 0) {
8925 st->codecpar->width = sc->width;
8926 st->codecpar->height = sc->height;
8927 }
8928 if (st->codecpar->codec_id == AV_CODEC_ID_DVD_SUBTITLE) {
8929 if ((err = mov_rewrite_dvd_sub_extradata(st)) < 0)
8930 return err;
8931 }
8932 }
8933 if (mov->handbrake_version &&
8934 mov->handbrake_version <= 1000000*0 + 1000*10 + 2 && // 0.10.2
8935 st->codecpar->codec_id == AV_CODEC_ID_MP3) {
8936 av_log(s, AV_LOG_VERBOSE, "Forcing full parsing for mp3 stream\n");
8937 sti->need_parsing = AVSTREAM_PARSE_FULL;
8938 }
8939 }
8940
8941 if (mov->trex_data) {
8942 for (i = 0; i < s->nb_streams; i++) {
8943 AVStream *st = s->streams[i];
8944 MOVStreamContext *sc = st->priv_data;
8945 if (st->duration > 0) {
8946 /* Akin to sc->data_size * 8 * sc->time_scale / st->duration but accounting for overflows. */
8947 st->codecpar->bit_rate = av_rescale(sc->data_size, ((int64_t) sc->time_scale) * 8, st->duration);
8948 #ifdef OHOS_CAL_DASH_BITRATE
8949 if (sc->has_sidx == 1) {
8950 st->codecpar->bit_rate = av_rescale(sc->referenced_size, ((int64_t) sc->time_scale) * 8, st->duration);
8951 }
8952 #endif
8953 if (st->codecpar->bit_rate == INT64_MIN) {
8954 av_log(s, AV_LOG_WARNING, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n",
8955 sc->data_size, sc->time_scale);
8956 st->codecpar->bit_rate = 0;
8957 if (s->error_recognition & AV_EF_EXPLODE)
8958 return AVERROR_INVALIDDATA;
8959 }
8960 }
8961 }
8962 }
8963
8964 if (mov->use_mfra_for > 0) {
8965 for (i = 0; i < s->nb_streams; i++) {
8966 AVStream *st = s->streams[i];
8967 MOVStreamContext *sc = st->priv_data;
8968 if (sc->duration_for_fps > 0) {
8969 /* Akin to sc->data_size * 8 * sc->time_scale / sc->duration_for_fps but accounting for overflows. */
8970 st->codecpar->bit_rate = av_rescale(sc->data_size, ((int64_t) sc->time_scale) * 8, sc->duration_for_fps);
8971 if (st->codecpar->bit_rate == INT64_MIN) {
8972 av_log(s, AV_LOG_WARNING, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n",
8973 sc->data_size, sc->time_scale);
8974 st->codecpar->bit_rate = 0;
8975 if (s->error_recognition & AV_EF_EXPLODE)
8976 return AVERROR_INVALIDDATA;
8977 }
8978 }
8979 }
8980 }
8981
8982 for (i = 0; i < mov->bitrates_count && i < s->nb_streams; i++) {
8983 if (mov->bitrates[i]) {
8984 s->streams[i]->codecpar->bit_rate = mov->bitrates[i];
8985 }
8986 }
8987
8988 ff_rfps_calculate(s);
8989
8990 for (i = 0; i < s->nb_streams; i++) {
8991 AVStream *st = s->streams[i];
8992 MOVStreamContext *sc = st->priv_data;
8993
8994 switch (st->codecpar->codec_type) {
8995 case AVMEDIA_TYPE_AUDIO:
8996 err = ff_replaygain_export(st, s->metadata);
8997 if (err < 0)
8998 return err;
8999 break;
9000 case AVMEDIA_TYPE_VIDEO:
9001 if (sc->display_matrix) {
9002 err = av_stream_add_side_data(st, AV_PKT_DATA_DISPLAYMATRIX, (uint8_t*)sc->display_matrix,
9003 sizeof(int32_t) * 9);
9004 if (err < 0)
9005 return err;
9006
9007 sc->display_matrix = NULL;
9008 }
9009 if (sc->stereo3d) {
9010 err = av_stream_add_side_data(st, AV_PKT_DATA_STEREO3D,
9011 (uint8_t *)sc->stereo3d,
9012 sizeof(*sc->stereo3d));
9013 if (err < 0)
9014 return err;
9015
9016 sc->stereo3d = NULL;
9017 }
9018 if (sc->spherical) {
9019 err = av_stream_add_side_data(st, AV_PKT_DATA_SPHERICAL,
9020 (uint8_t *)sc->spherical,
9021 sc->spherical_size);
9022 if (err < 0)
9023 return err;
9024
9025 sc->spherical = NULL;
9026 }
9027 if (sc->mastering) {
9028 err = av_stream_add_side_data(st, AV_PKT_DATA_MASTERING_DISPLAY_METADATA,
9029 (uint8_t *)sc->mastering,
9030 sizeof(*sc->mastering));
9031 if (err < 0)
9032 return err;
9033
9034 sc->mastering = NULL;
9035 }
9036 if (sc->coll) {
9037 err = av_stream_add_side_data(st, AV_PKT_DATA_CONTENT_LIGHT_LEVEL,
9038 (uint8_t *)sc->coll,
9039 sc->coll_size);
9040 if (err < 0)
9041 return err;
9042
9043 sc->coll = NULL;
9044 }
9045 break;
9046 }
9047 }
9048 ff_configure_buffers_for_index(s, AV_TIME_BASE);
9049
9050 for (i = 0; i < mov->frag_index.nb_items; i++)
9051 if (mov->frag_index.item[i].moof_offset <= mov->fragment.moof_offset)
9052 mov->frag_index.item[i].headers_read = 1;
9053
9054 return 0;
9055 }
9056
mov_find_next_sample(AVFormatContext * s,AVStream ** st)9057 static AVIndexEntry *mov_find_next_sample(AVFormatContext *s, AVStream **st)
9058 {
9059 AVIndexEntry *sample = NULL;
9060 int64_t best_dts = INT64_MAX;
9061 int i;
9062 for (i = 0; i < s->nb_streams; i++) {
9063 AVStream *avst = s->streams[i];
9064 FFStream *const avsti = ffstream(avst);
9065 MOVStreamContext *msc = avst->priv_data;
9066 if (msc->pb && msc->current_sample < avsti->nb_index_entries) {
9067 AVIndexEntry *current_sample = &avsti->index_entries[msc->current_sample];
9068 int64_t dts = av_rescale(current_sample->timestamp, AV_TIME_BASE, msc->time_scale);
9069 uint64_t dtsdiff = best_dts > dts ? best_dts - (uint64_t)dts : ((uint64_t)dts - best_dts);
9070 av_log(s, AV_LOG_TRACE, "stream %d, sample %d, dts %"PRId64"\n", i, msc->current_sample, dts);
9071 if (!sample || (!(s->pb->seekable & AVIO_SEEKABLE_NORMAL) && current_sample->pos < sample->pos) ||
9072 ((s->pb->seekable & AVIO_SEEKABLE_NORMAL) &&
9073 ((msc->pb != s->pb && dts < best_dts) || (msc->pb == s->pb && dts != AV_NOPTS_VALUE &&
9074 ((dtsdiff <= AV_TIME_BASE && current_sample->pos < sample->pos) ||
9075 (dtsdiff > AV_TIME_BASE && dts < best_dts)))))) {
9076 sample = current_sample;
9077 best_dts = dts;
9078 *st = avst;
9079 }
9080 }
9081 }
9082 return sample;
9083 }
9084
should_retry(AVIOContext * pb,int error_code)9085 static int should_retry(AVIOContext *pb, int error_code) {
9086 if (error_code == AVERROR_EOF || avio_feof(pb))
9087 return 0;
9088
9089 return 1;
9090 }
9091
mov_switch_root(AVFormatContext * s,int64_t target,int index)9092 static int mov_switch_root(AVFormatContext *s, int64_t target, int index)
9093 {
9094 int ret;
9095 MOVContext *mov = s->priv_data;
9096
9097 if (index >= 0 && index < mov->frag_index.nb_items)
9098 target = mov->frag_index.item[index].moof_offset;
9099 if (avio_seek(s->pb, target, SEEK_SET) != target) {
9100 av_log(mov->fc, AV_LOG_ERROR, "root atom offset 0x%"PRIx64": partial file\n", target);
9101 return AVERROR_INVALIDDATA;
9102 }
9103
9104 mov->next_root_atom = 0;
9105 if (index < 0 || index >= mov->frag_index.nb_items)
9106 index = search_frag_moof_offset(&mov->frag_index, target);
9107 if (index < mov->frag_index.nb_items &&
9108 mov->frag_index.item[index].moof_offset == target) {
9109 if (index + 1 < mov->frag_index.nb_items)
9110 mov->next_root_atom = mov->frag_index.item[index + 1].moof_offset;
9111 if (mov->frag_index.item[index].headers_read)
9112 return 0;
9113 mov->frag_index.item[index].headers_read = 1;
9114 }
9115
9116 mov->found_mdat = 0;
9117
9118 ret = mov_read_default(mov, s->pb, (MOVAtom){ AV_RL32("root"), INT64_MAX });
9119 if (ret < 0)
9120 return ret;
9121 if (avio_feof(s->pb))
9122 return AVERROR_EOF;
9123 av_log(s, AV_LOG_TRACE, "read fragments, offset 0x%"PRIx64"\n", avio_tell(s->pb));
9124
9125 return 1;
9126 }
9127
mov_change_extradata(MOVStreamContext * sc,AVPacket * pkt)9128 static int mov_change_extradata(MOVStreamContext *sc, AVPacket *pkt)
9129 {
9130 uint8_t *side, *extradata;
9131 int extradata_size;
9132
9133 /* Save the current index. */
9134 sc->last_stsd_index = sc->stsc_data[sc->stsc_index].id - 1;
9135
9136 /* Notify the decoder that extradata changed. */
9137 extradata_size = sc->extradata_size[sc->last_stsd_index];
9138 extradata = sc->extradata[sc->last_stsd_index];
9139 if (extradata_size > 0 && extradata) {
9140 side = av_packet_new_side_data(pkt,
9141 AV_PKT_DATA_NEW_EXTRADATA,
9142 extradata_size);
9143 if (!side)
9144 return AVERROR(ENOMEM);
9145 memcpy(side, extradata, extradata_size);
9146 }
9147
9148 return 0;
9149 }
9150
get_eia608_packet(AVIOContext * pb,AVPacket * pkt,int size)9151 static int get_eia608_packet(AVIOContext *pb, AVPacket *pkt, int size)
9152 {
9153 int new_size, ret;
9154
9155 if (size <= 8)
9156 return AVERROR_INVALIDDATA;
9157 new_size = ((size - 8) / 2) * 3;
9158 ret = av_new_packet(pkt, new_size);
9159 if (ret < 0)
9160 return ret;
9161
9162 avio_skip(pb, 8);
9163 for (int j = 0; j < new_size; j += 3) {
9164 pkt->data[j] = 0xFC;
9165 pkt->data[j+1] = avio_r8(pb);
9166 pkt->data[j+2] = avio_r8(pb);
9167 }
9168
9169 return 0;
9170 }
9171
mov_read_packet(AVFormatContext * s,AVPacket * pkt)9172 static int mov_read_packet(AVFormatContext *s, AVPacket *pkt)
9173 {
9174 MOVContext *mov = s->priv_data;
9175 MOVStreamContext *sc;
9176 AVIndexEntry *sample;
9177 AVStream *st = NULL;
9178 int64_t current_index;
9179 int ret;
9180 mov->fc = s;
9181 retry:
9182 sample = mov_find_next_sample(s, &st);
9183 if (!sample || (mov->next_root_atom && sample->pos > mov->next_root_atom)) {
9184 if (!mov->next_root_atom)
9185 return AVERROR_EOF;
9186 if ((ret = mov_switch_root(s, mov->next_root_atom, -1)) < 0)
9187 return ret;
9188 goto retry;
9189 }
9190 sc = st->priv_data;
9191 /* must be done just before reading, to avoid infinite loop on sample */
9192 current_index = sc->current_index;
9193 mov_current_sample_inc(sc);
9194
9195 if (mov->next_root_atom) {
9196 sample->pos = FFMIN(sample->pos, mov->next_root_atom);
9197 sample->size = FFMIN(sample->size, (mov->next_root_atom - sample->pos));
9198 }
9199
9200 if (st->discard != AVDISCARD_ALL) {
9201 int64_t ret64 = avio_seek(sc->pb, sample->pos, SEEK_SET);
9202 if (ret64 != sample->pos) {
9203 av_log(mov->fc, AV_LOG_ERROR, "stream %d, offset 0x%"PRIx64": partial file\n",
9204 sc->ffindex, sample->pos);
9205 if (should_retry(sc->pb, ret64)) {
9206 mov_current_sample_dec(sc);
9207 } else if (ret64 < 0) {
9208 return (int)ret64;
9209 }
9210 return AVERROR_INVALIDDATA;
9211 }
9212
9213 if (st->discard == AVDISCARD_NONKEY && !(sample->flags & AVINDEX_KEYFRAME)) {
9214 av_log(mov->fc, AV_LOG_DEBUG, "Nonkey frame from stream %d discarded due to AVDISCARD_NONKEY\n", sc->ffindex);
9215 goto retry;
9216 }
9217
9218 if (st->codecpar->codec_id == AV_CODEC_ID_EIA_608 && sample->size > 8)
9219 ret = get_eia608_packet(sc->pb, pkt, sample->size);
9220 else
9221 ret = av_get_packet(sc->pb, pkt, sample->size);
9222 if (ret < 0) {
9223 if (should_retry(sc->pb, ret)) {
9224 mov_current_sample_dec(sc);
9225 }
9226 return ret;
9227 }
9228 #ifdef OHOS_SUBTITLE_DEMUXER
9229 if (st->codecpar->codec_id == AV_CODEC_ID_WEBVTT) {
9230 if (pkt->size >= 8) {
9231 uint32_t type = AV_RL32(pkt->data + 4);
9232 int payload_size = pkt->size - 8;
9233 if (type == MKTAG('v', 't', 't', 'e')) {
9234 pkt->size = 0;
9235 } else if (type == MKTAG('v', 't', 't', 'c')) {
9236 uint8_t *payload_data = pkt->data + 8;
9237 while (payload_size >= 8) {
9238 int64_t temp_size = AV_RB32(payload_data);
9239 uint32_t temp_type = AV_RL32(payload_data + 4);
9240 if (temp_type == MKTAG('p', 'a', 'y', 'l')) {
9241 payload_data += 8;
9242 payload_size -= 8;
9243 int move_size = payload_size;
9244 if (pkt->size < move_size) {
9245 move_size = pkt->size;
9246 }
9247 memmove(pkt->data, payload_data, move_size);
9248 pkt->size = payload_size;
9249 pkt->data[pkt->size] = '\0';
9250 break;
9251 } else {
9252 if (temp_size > payload_size) {
9253 break;
9254 }
9255 payload_data += temp_size;
9256 payload_size -= temp_size;
9257 }
9258 }
9259 }
9260 }
9261 }
9262 #endif
9263 #if CONFIG_DV_DEMUXER
9264 if (mov->dv_demux && sc->dv_audio_container) {
9265 ret = avpriv_dv_produce_packet(mov->dv_demux, pkt, pkt->data, pkt->size, pkt->pos);
9266 av_packet_unref(pkt);
9267 if (ret < 0)
9268 return ret;
9269 ret = avpriv_dv_get_packet(mov->dv_demux, pkt);
9270 if (ret < 0)
9271 return ret;
9272 }
9273 #endif
9274 if (sc->has_palette) {
9275 uint8_t *pal;
9276
9277 pal = av_packet_new_side_data(pkt, AV_PKT_DATA_PALETTE, AVPALETTE_SIZE);
9278 if (!pal) {
9279 av_log(mov->fc, AV_LOG_ERROR, "Cannot append palette to packet\n");
9280 } else {
9281 memcpy(pal, sc->palette, AVPALETTE_SIZE);
9282 sc->has_palette = 0;
9283 }
9284 }
9285 if (st->codecpar->codec_id == AV_CODEC_ID_MP3 && !ffstream(st)->need_parsing && pkt->size > 4) {
9286 if (ff_mpa_check_header(AV_RB32(pkt->data)) < 0)
9287 ffstream(st)->need_parsing = AVSTREAM_PARSE_FULL;
9288 }
9289 }
9290
9291 pkt->stream_index = sc->ffindex;
9292 pkt->dts = sample->timestamp;
9293 if (sample->flags & AVINDEX_DISCARD_FRAME) {
9294 pkt->flags |= AV_PKT_FLAG_DISCARD;
9295 }
9296 if (sc->ctts_data && sc->ctts_index < sc->ctts_count) {
9297 pkt->pts = pkt->dts + sc->dts_shift + sc->ctts_data[sc->ctts_index].duration;
9298 /* update ctts context */
9299 sc->ctts_sample++;
9300 if (sc->ctts_index < sc->ctts_count &&
9301 sc->ctts_data[sc->ctts_index].count == sc->ctts_sample) {
9302 sc->ctts_index++;
9303 sc->ctts_sample = 0;
9304 }
9305 } else {
9306 int64_t next_dts = (sc->current_sample < ffstream(st)->nb_index_entries) ?
9307 ffstream(st)->index_entries[sc->current_sample].timestamp : st->duration;
9308
9309 if (next_dts >= pkt->dts)
9310 pkt->duration = next_dts - pkt->dts;
9311 pkt->pts = pkt->dts;
9312 }
9313 if (st->discard == AVDISCARD_ALL)
9314 goto retry;
9315 if (sc->sdtp_data && sc->current_sample <= sc->sdtp_count) {
9316 uint8_t sample_flags = sc->sdtp_data[sc->current_sample - 1];
9317 uint8_t sample_is_depended_on = (sample_flags >> 2) & 0x3;
9318 pkt->flags |= sample_is_depended_on == MOV_SAMPLE_DEPENDENCY_NO ? AV_PKT_FLAG_DISPOSABLE : 0;
9319 }
9320 pkt->flags |= sample->flags & AVINDEX_KEYFRAME ? AV_PKT_FLAG_KEY : 0;
9321 pkt->pos = sample->pos;
9322
9323 /* Multiple stsd handling. */
9324 if (sc->stsc_data) {
9325 if (sc->stsc_data[sc->stsc_index].id > 0 &&
9326 sc->stsc_data[sc->stsc_index].id - 1 < sc->stsd_count &&
9327 sc->stsc_data[sc->stsc_index].id - 1 != sc->last_stsd_index) {
9328 ret = mov_change_extradata(sc, pkt);
9329 if (ret < 0)
9330 return ret;
9331 }
9332
9333 /* Update the stsc index for the next sample */
9334 sc->stsc_sample++;
9335 if (mov_stsc_index_valid(sc->stsc_index, sc->stsc_count) &&
9336 mov_get_stsc_samples(sc, sc->stsc_index) == sc->stsc_sample) {
9337 sc->stsc_index++;
9338 sc->stsc_sample = 0;
9339 }
9340 }
9341
9342 if (mov->aax_mode)
9343 aax_filter(pkt->data, pkt->size, mov);
9344
9345 ret = cenc_filter(mov, st, sc, pkt, current_index);
9346 if (ret < 0) {
9347 return ret;
9348 }
9349
9350 return 0;
9351 }
9352
mov_seek_fragment(AVFormatContext * s,AVStream * st,int64_t timestamp)9353 static int mov_seek_fragment(AVFormatContext *s, AVStream *st, int64_t timestamp)
9354 {
9355 MOVContext *mov = s->priv_data;
9356 int index;
9357
9358 if (!mov->frag_index.complete)
9359 return 0;
9360
9361 index = search_frag_timestamp(&mov->frag_index, st, timestamp);
9362 if (index < 0)
9363 index = 0;
9364 if (!mov->frag_index.item[index].headers_read)
9365 return mov_switch_root(s, -1, index);
9366 if (index + 1 < mov->frag_index.nb_items)
9367 mov->next_root_atom = mov->frag_index.item[index + 1].moof_offset;
9368
9369 return 0;
9370 }
9371
is_open_key_sample(const MOVStreamContext * sc,int sample)9372 static int is_open_key_sample(const MOVStreamContext *sc, int sample)
9373 {
9374 // TODO: a bisect search would scale much better
9375 for (int i = 0; i < sc->open_key_samples_count; i++) {
9376 const int oks = sc->open_key_samples[i];
9377 if (oks == sample)
9378 return 1;
9379 if (oks > sample) /* list is monotically increasing so we can stop early */
9380 break;
9381 }
9382 return 0;
9383 }
9384
9385 /*
9386 * Some key sample may be key frames but not IDR frames, so a random access to
9387 * them may not be allowed.
9388 */
can_seek_to_key_sample(AVStream * st,int sample,int64_t requested_pts)9389 static int can_seek_to_key_sample(AVStream *st, int sample, int64_t requested_pts)
9390 {
9391 MOVStreamContext *sc = st->priv_data;
9392 FFStream *const sti = ffstream(st);
9393 int64_t key_sample_dts, key_sample_pts;
9394
9395 if (st->codecpar->codec_id != AV_CODEC_ID_HEVC)
9396 return 1;
9397
9398 if (sample >= sc->sample_offsets_count)
9399 return 1;
9400
9401 key_sample_dts = sti->index_entries[sample].timestamp;
9402 key_sample_pts = key_sample_dts + sc->sample_offsets[sample] + sc->dts_shift;
9403
9404 /*
9405 * If the sample needs to be presented before an open key sample, they may
9406 * not be decodable properly, even though they come after in decoding
9407 * order.
9408 */
9409 if (is_open_key_sample(sc, sample) && key_sample_pts > requested_pts)
9410 return 0;
9411
9412 return 1;
9413 }
9414
mov_seek_stream(AVFormatContext * s,AVStream * st,int64_t timestamp,int flags)9415 static int mov_seek_stream(AVFormatContext *s, AVStream *st, int64_t timestamp, int flags)
9416 {
9417 MOVStreamContext *sc = st->priv_data;
9418 FFStream *const sti = ffstream(st);
9419 int sample, time_sample, ret;
9420 unsigned int i;
9421
9422 // Here we consider timestamp to be PTS, hence try to offset it so that we
9423 // can search over the DTS timeline.
9424 timestamp -= (sc->min_corrected_pts + sc->dts_shift);
9425
9426 ret = mov_seek_fragment(s, st, timestamp);
9427 if (ret < 0)
9428 return ret;
9429
9430 for (;;) {
9431 sample = av_index_search_timestamp(st, timestamp, flags);
9432 av_log(s, AV_LOG_TRACE, "stream %d, timestamp %"PRId64", sample %d\n", st->index, timestamp, sample);
9433 if (sample < 0 && sti->nb_index_entries && timestamp < sti->index_entries[0].timestamp)
9434 sample = 0;
9435 if (sample < 0) /* not sure what to do */
9436 return AVERROR_INVALIDDATA;
9437
9438 if (!sample || can_seek_to_key_sample(st, sample, timestamp))
9439 break;
9440 timestamp -= FFMAX(sc->min_sample_duration, 1);
9441 }
9442
9443 mov_current_sample_set(sc, sample);
9444 av_log(s, AV_LOG_TRACE, "stream %d, found sample %d\n", st->index, sc->current_sample);
9445 /* adjust ctts index */
9446 if (sc->ctts_data) {
9447 time_sample = 0;
9448 for (i = 0; i < sc->ctts_count; i++) {
9449 int next = time_sample + sc->ctts_data[i].count;
9450 if (next > sc->current_sample) {
9451 sc->ctts_index = i;
9452 sc->ctts_sample = sc->current_sample - time_sample;
9453 break;
9454 }
9455 time_sample = next;
9456 }
9457 }
9458
9459 /* adjust stsd index */
9460 if (sc->chunk_count) {
9461 time_sample = 0;
9462 for (i = 0; i < sc->stsc_count; i++) {
9463 int64_t next = time_sample + mov_get_stsc_samples(sc, i);
9464 if (next > sc->current_sample) {
9465 sc->stsc_index = i;
9466 sc->stsc_sample = sc->current_sample - time_sample;
9467 break;
9468 }
9469 av_assert0(next == (int)next);
9470 time_sample = next;
9471 }
9472 }
9473
9474 return sample;
9475 }
9476
mov_get_skip_samples(AVStream * st,int sample)9477 static int64_t mov_get_skip_samples(AVStream *st, int sample)
9478 {
9479 MOVStreamContext *sc = st->priv_data;
9480 FFStream *const sti = ffstream(st);
9481 int64_t first_ts = sti->index_entries[0].timestamp;
9482 int64_t ts = sti->index_entries[sample].timestamp;
9483 int64_t off;
9484
9485 if (st->codecpar->codec_type != AVMEDIA_TYPE_AUDIO)
9486 return 0;
9487
9488 /* compute skip samples according to stream start_pad, seek ts and first ts */
9489 off = av_rescale_q(ts - first_ts, st->time_base,
9490 (AVRational){1, st->codecpar->sample_rate});
9491 return FFMAX(sc->start_pad - off, 0);
9492 }
9493
mov_read_seek(AVFormatContext * s,int stream_index,int64_t sample_time,int flags)9494 static int mov_read_seek(AVFormatContext *s, int stream_index, int64_t sample_time, int flags)
9495 {
9496 MOVContext *mc = s->priv_data;
9497 AVStream *st;
9498 FFStream *sti;
9499 int sample;
9500 int i;
9501
9502 if (stream_index >= s->nb_streams)
9503 return AVERROR_INVALIDDATA;
9504
9505 st = s->streams[stream_index];
9506 sti = ffstream(st);
9507 sample = mov_seek_stream(s, st, sample_time, flags);
9508 if (sample < 0)
9509 return sample;
9510
9511 if (mc->seek_individually) {
9512 /* adjust seek timestamp to found sample timestamp */
9513 int64_t seek_timestamp = sti->index_entries[sample].timestamp;
9514 sti->skip_samples = mov_get_skip_samples(st, sample);
9515
9516 for (i = 0; i < s->nb_streams; i++) {
9517 AVStream *const st = s->streams[i];
9518 FFStream *const sti = ffstream(st);
9519 int64_t timestamp;
9520
9521 if (stream_index == i)
9522 continue;
9523
9524 timestamp = av_rescale_q(seek_timestamp, s->streams[stream_index]->time_base, st->time_base);
9525 sample = mov_seek_stream(s, st, timestamp, flags);
9526 if (sample >= 0)
9527 sti->skip_samples = mov_get_skip_samples(st, sample);
9528 }
9529 } else {
9530 for (i = 0; i < s->nb_streams; i++) {
9531 MOVStreamContext *sc;
9532 st = s->streams[i];
9533 sc = st->priv_data;
9534 mov_current_sample_set(sc, 0);
9535 }
9536 while (1) {
9537 MOVStreamContext *sc;
9538 AVIndexEntry *entry = mov_find_next_sample(s, &st);
9539 if (!entry)
9540 return AVERROR_INVALIDDATA;
9541 sc = st->priv_data;
9542 if (sc->ffindex == stream_index && sc->current_sample == sample)
9543 break;
9544 mov_current_sample_inc(sc);
9545 }
9546 }
9547 return 0;
9548 }
9549
9550 #define OFFSET(x) offsetof(MOVContext, x)
9551 #define FLAGS AV_OPT_FLAG_VIDEO_PARAM | AV_OPT_FLAG_DECODING_PARAM
9552 static const AVOption mov_options[] = {
9553 {"use_absolute_path",
9554 "allow using absolute path when opening alias, this is a possible security issue",
9555 OFFSET(use_absolute_path), AV_OPT_TYPE_BOOL, {.i64 = 0},
9556 0, 1, FLAGS},
9557 {"seek_streams_individually",
9558 "Seek each stream individually to the closest point",
9559 OFFSET(seek_individually), AV_OPT_TYPE_BOOL, { .i64 = 1 },
9560 0, 1, FLAGS},
9561 {"ignore_editlist", "Ignore the edit list atom.", OFFSET(ignore_editlist), AV_OPT_TYPE_BOOL, {.i64 = 0},
9562 0, 1, FLAGS},
9563 {"advanced_editlist",
9564 "Modify the AVIndex according to the editlists. Use this option to decode in the order specified by the edits.",
9565 OFFSET(advanced_editlist), AV_OPT_TYPE_BOOL, {.i64 = 1},
9566 0, 1, FLAGS},
9567 {"ignore_chapters", "", OFFSET(ignore_chapters), AV_OPT_TYPE_BOOL, {.i64 = 0},
9568 0, 1, FLAGS},
9569 {"use_mfra_for",
9570 "use mfra for fragment timestamps",
9571 OFFSET(use_mfra_for), AV_OPT_TYPE_INT, {.i64 = FF_MOV_FLAG_MFRA_AUTO},
9572 -1, FF_MOV_FLAG_MFRA_PTS, FLAGS,
9573 "use_mfra_for"},
9574 {"auto", "auto", 0, AV_OPT_TYPE_CONST, {.i64 = FF_MOV_FLAG_MFRA_AUTO}, 0, 0,
9575 FLAGS, "use_mfra_for" },
9576 {"dts", "dts", 0, AV_OPT_TYPE_CONST, {.i64 = FF_MOV_FLAG_MFRA_DTS}, 0, 0,
9577 FLAGS, "use_mfra_for" },
9578 {"pts", "pts", 0, AV_OPT_TYPE_CONST, {.i64 = FF_MOV_FLAG_MFRA_PTS}, 0, 0,
9579 FLAGS, "use_mfra_for" },
9580 {"use_tfdt", "use tfdt for fragment timestamps", OFFSET(use_tfdt), AV_OPT_TYPE_BOOL, {.i64 = 1},
9581 0, 1, FLAGS},
9582 { "export_all", "Export unrecognized metadata entries", OFFSET(export_all),
9583 AV_OPT_TYPE_BOOL, { .i64 = 0 }, 0, 1, .flags = FLAGS },
9584 { "export_xmp", "Export full XMP metadata", OFFSET(export_xmp),
9585 AV_OPT_TYPE_BOOL, { .i64 = 0 }, 0, 1, .flags = FLAGS },
9586 { "activation_bytes", "Secret bytes for Audible AAX files", OFFSET(activation_bytes),
9587 AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_DECODING_PARAM },
9588 { "audible_key", "AES-128 Key for Audible AAXC files", OFFSET(audible_key),
9589 AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_DECODING_PARAM },
9590 { "audible_iv", "AES-128 IV for Audible AAXC files", OFFSET(audible_iv),
9591 AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_DECODING_PARAM },
9592 { "audible_fixed_key", // extracted from libAAX_SDK.so and AAXSDKWin.dll files!
9593 "Fixed key used for handling Audible AAX files", OFFSET(audible_fixed_key),
9594 AV_OPT_TYPE_BINARY, {.str="77214d4b196a87cd520045fd20a51d67"},
9595 .flags = AV_OPT_FLAG_DECODING_PARAM },
9596 { "decryption_key", "The media decryption key (hex)", OFFSET(decryption_key), AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_DECODING_PARAM },
9597 { "enable_drefs", "Enable external track support.", OFFSET(enable_drefs), AV_OPT_TYPE_BOOL,
9598 {.i64 = 0}, 0, 1, FLAGS },
9599 { "max_stts_delta", "treat offsets above this value as invalid", OFFSET(max_stts_delta), AV_OPT_TYPE_INT, {.i64 = UINT_MAX-48000*10 }, 0, UINT_MAX, .flags = AV_OPT_FLAG_DECODING_PARAM },
9600
9601 { NULL },
9602 };
9603
9604 static const AVClass mov_class = {
9605 .class_name = "mov,mp4,m4a,3gp,3g2,mj2",
9606 .item_name = av_default_item_name,
9607 .option = mov_options,
9608 .version = LIBAVUTIL_VERSION_INT,
9609 };
9610
9611 const AVInputFormat ff_mov_demuxer = {
9612 .name = "mov,mp4,m4a,3gp,3g2,mj2",
9613 .long_name = NULL_IF_CONFIG_SMALL("QuickTime / MOV"),
9614 .priv_class = &mov_class,
9615 .priv_data_size = sizeof(MOVContext),
9616 .extensions = "mov,mp4,m4a,3gp,3g2,mj2,psp,m4b,ism,ismv,isma,f4v,avif",
9617 .flags_internal = FF_FMT_INIT_CLEANUP,
9618 .read_probe = mov_probe,
9619 .read_header = mov_read_header,
9620 .read_packet = mov_read_packet,
9621 .read_close = mov_read_close,
9622 .read_seek = mov_read_seek,
9623 .flags = AVFMT_NO_BYTE_SEEK | AVFMT_SEEK_TO_PTS | AVFMT_SHOW_IDS,
9624 };