1 /*
2 * MOV demuxer
3 * Copyright (c) 2001 Fabrice Bellard
4 * Copyright (c) 2009 Baptiste Coudurier <baptiste dot coudurier at gmail dot com>
5 *
6 * first version by Francois Revol <revol@free.fr>
7 * seek function by Gael Chardon <gael.dev@4now.net>
8 *
9 * This file is part of FFmpeg.
10 *
11 * FFmpeg is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU Lesser General Public
13 * License as published by the Free Software Foundation; either
14 * version 2.1 of the License, or (at your option) any later version.
15 *
16 * FFmpeg is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 * Lesser General Public License for more details.
20 *
21 * You should have received a copy of the GNU Lesser General Public
22 * License along with FFmpeg; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
24 */
25
26 #include "config_components.h"
27
28 #include <inttypes.h>
29 #include <limits.h>
30 #include <stdint.h>
31
32 #include "libavutil/attributes.h"
33 #include "libavutil/bprint.h"
34 #include "libavutil/channel_layout.h"
35 #include "libavutil/internal.h"
36 #include "libavutil/intreadwrite.h"
37 #include "libavutil/intfloat.h"
38 #include "libavutil/mathematics.h"
39 #include "libavutil/avassert.h"
40 #include "libavutil/avstring.h"
41 #include "libavutil/dict.h"
42 #include "libavutil/opt.h"
43 #include "libavutil/aes.h"
44 #include "libavutil/aes_ctr.h"
45 #include "libavutil/pixdesc.h"
46 #include "libavutil/sha.h"
47 #include "libavutil/spherical.h"
48 #include "libavutil/stereo3d.h"
49 #include "libavutil/timecode.h"
50 #include "libavutil/uuid.h"
51 #include "libavcodec/ac3tab.h"
52 #include "libavcodec/flac.h"
53 #include "libavcodec/hevc.h"
54 #include "libavcodec/mpegaudiodecheader.h"
55 #include "libavcodec/mlp_parse.h"
56 #include "avformat.h"
57 #include "internal.h"
58 #include "avio_internal.h"
59 #include "demux.h"
60 #include "dovi_isom.h"
61 #include "riff.h"
62 #include "isom.h"
63 #include "libavcodec/get_bits.h"
64 #include "id3v1.h"
65 #include "mov_chan.h"
66 #include "replaygain.h"
67 #include "libavcodec/av3a.h"
68
69 #if CONFIG_ZLIB
70 #include <zlib.h>
71 #endif
72
73 #include "qtpalette.h"
74
75 #ifdef OHOS_DRM
76 #define MOV_DRM_PSSH_TITLE_LEN (8)
77
78 static const uint8_t g_pssh_title_buf[4] = { // 4:bufSize
79 0x70, 0x73, 0x73, 0x68
80 };
81 #endif
82
83 /* those functions parse an atom */
84 /* links atom IDs to parse functions */
85 typedef struct MOVParseTableEntry {
86 uint32_t type;
87 int (*parse)(MOVContext *ctx, AVIOContext *pb, MOVAtom atom);
88 } MOVParseTableEntry;
89
90 static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom);
91 static int mov_read_mfra(MOVContext *c, AVIOContext *f);
92 static int64_t add_ctts_entry(MOVCtts** ctts_data, unsigned int* ctts_count, unsigned int* allocated_size,
93 int count, int duration);
94
mov_metadata_track_or_disc_number(MOVContext * c,AVIOContext * pb,unsigned len,const char * key)95 static int mov_metadata_track_or_disc_number(MOVContext *c, AVIOContext *pb,
96 unsigned len, const char *key)
97 {
98 char buf[16];
99
100 short current, total = 0;
101 avio_rb16(pb); // unknown
102 current = avio_rb16(pb);
103 if (len >= 6)
104 total = avio_rb16(pb);
105 if (!total)
106 snprintf(buf, sizeof(buf), "%d", current);
107 else
108 snprintf(buf, sizeof(buf), "%d/%d", current, total);
109 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
110 av_dict_set(&c->fc->metadata, key, buf, 0);
111
112 return 0;
113 }
114
mov_metadata_int8_bypass_padding(MOVContext * c,AVIOContext * pb,unsigned len,const char * key)115 static int mov_metadata_int8_bypass_padding(MOVContext *c, AVIOContext *pb,
116 unsigned len, const char *key)
117 {
118 /* bypass padding bytes */
119 avio_r8(pb);
120 avio_r8(pb);
121 avio_r8(pb);
122
123 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
124 av_dict_set_int(&c->fc->metadata, key, avio_r8(pb), 0);
125
126 return 0;
127 }
128
mov_metadata_int8_no_padding(MOVContext * c,AVIOContext * pb,unsigned len,const char * key)129 static int mov_metadata_int8_no_padding(MOVContext *c, AVIOContext *pb,
130 unsigned len, const char *key)
131 {
132 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
133 av_dict_set_int(&c->fc->metadata, key, avio_r8(pb), 0);
134
135 return 0;
136 }
137
mov_metadata_gnre(MOVContext * c,AVIOContext * pb,unsigned len,const char * key)138 static int mov_metadata_gnre(MOVContext *c, AVIOContext *pb,
139 unsigned len, const char *key)
140 {
141 short genre;
142
143 avio_r8(pb); // unknown
144
145 genre = avio_r8(pb);
146 if (genre < 1 || genre > ID3v1_GENRE_MAX)
147 return 0;
148 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
149 av_dict_set(&c->fc->metadata, key, ff_id3v1_genre_str[genre-1], 0);
150
151 return 0;
152 }
153
154 static const uint32_t mac_to_unicode[128] = {
155 0x00C4,0x00C5,0x00C7,0x00C9,0x00D1,0x00D6,0x00DC,0x00E1,
156 0x00E0,0x00E2,0x00E4,0x00E3,0x00E5,0x00E7,0x00E9,0x00E8,
157 0x00EA,0x00EB,0x00ED,0x00EC,0x00EE,0x00EF,0x00F1,0x00F3,
158 0x00F2,0x00F4,0x00F6,0x00F5,0x00FA,0x00F9,0x00FB,0x00FC,
159 0x2020,0x00B0,0x00A2,0x00A3,0x00A7,0x2022,0x00B6,0x00DF,
160 0x00AE,0x00A9,0x2122,0x00B4,0x00A8,0x2260,0x00C6,0x00D8,
161 0x221E,0x00B1,0x2264,0x2265,0x00A5,0x00B5,0x2202,0x2211,
162 0x220F,0x03C0,0x222B,0x00AA,0x00BA,0x03A9,0x00E6,0x00F8,
163 0x00BF,0x00A1,0x00AC,0x221A,0x0192,0x2248,0x2206,0x00AB,
164 0x00BB,0x2026,0x00A0,0x00C0,0x00C3,0x00D5,0x0152,0x0153,
165 0x2013,0x2014,0x201C,0x201D,0x2018,0x2019,0x00F7,0x25CA,
166 0x00FF,0x0178,0x2044,0x20AC,0x2039,0x203A,0xFB01,0xFB02,
167 0x2021,0x00B7,0x201A,0x201E,0x2030,0x00C2,0x00CA,0x00C1,
168 0x00CB,0x00C8,0x00CD,0x00CE,0x00CF,0x00CC,0x00D3,0x00D4,
169 0xF8FF,0x00D2,0x00DA,0x00DB,0x00D9,0x0131,0x02C6,0x02DC,
170 0x00AF,0x02D8,0x02D9,0x02DA,0x00B8,0x02DD,0x02DB,0x02C7,
171 };
172
mov_read_mac_string(MOVContext * c,AVIOContext * pb,int len,char * dst,int dstlen)173 static int mov_read_mac_string(MOVContext *c, AVIOContext *pb, int len,
174 char *dst, int dstlen)
175 {
176 char *p = dst;
177 char *end = dst+dstlen-1;
178 int i;
179
180 for (i = 0; i < len; i++) {
181 uint8_t t, c = avio_r8(pb);
182
183 if (p >= end)
184 continue;
185
186 if (c < 0x80)
187 *p++ = c;
188 else if (p < end)
189 PUT_UTF8(mac_to_unicode[c-0x80], t, if (p < end) *p++ = t;);
190 }
191 *p = 0;
192 return p - dst;
193 }
194
mov_read_covr(MOVContext * c,AVIOContext * pb,int type,int len)195 static int mov_read_covr(MOVContext *c, AVIOContext *pb, int type, int len)
196 {
197 AVStream *st;
198 MOVStreamContext *sc;
199 enum AVCodecID id;
200 int ret;
201
202 switch (type) {
203 case 0xd: id = AV_CODEC_ID_MJPEG; break;
204 case 0xe: id = AV_CODEC_ID_PNG; break;
205 case 0x1b: id = AV_CODEC_ID_BMP; break;
206 default:
207 av_log(c->fc, AV_LOG_WARNING, "Unknown cover type: 0x%x.\n", type);
208 avio_skip(pb, len);
209 return 0;
210 }
211
212 sc = av_mallocz(sizeof(*sc));
213 if (!sc)
214 return AVERROR(ENOMEM);
215 ret = ff_add_attached_pic(c->fc, NULL, pb, NULL, len);
216 if (ret < 0) {
217 av_free(sc);
218 return ret;
219 }
220 st = c->fc->streams[c->fc->nb_streams - 1];
221 st->priv_data = sc;
222
223 if (st->attached_pic.size >= 8 && id != AV_CODEC_ID_BMP) {
224 if (AV_RB64(st->attached_pic.data) == 0x89504e470d0a1a0a) {
225 id = AV_CODEC_ID_PNG;
226 } else {
227 id = AV_CODEC_ID_MJPEG;
228 }
229 }
230 st->codecpar->codec_id = id;
231
232 return 0;
233 }
234
235 // 3GPP TS 26.244
mov_metadata_loci(MOVContext * c,AVIOContext * pb,unsigned len)236 static int mov_metadata_loci(MOVContext *c, AVIOContext *pb, unsigned len)
237 {
238 char language[4] = { 0 };
239 char buf[200], place[100];
240 uint16_t langcode = 0;
241 double longitude, latitude, altitude;
242 const char *key = "location";
243
244 if (len < 4 + 2 + 1 + 1 + 4 + 4 + 4) {
245 av_log(c->fc, AV_LOG_ERROR, "loci too short\n");
246 return AVERROR_INVALIDDATA;
247 }
248
249 avio_skip(pb, 4); // version+flags
250 langcode = avio_rb16(pb);
251 ff_mov_lang_to_iso639(langcode, language);
252 len -= 6;
253
254 len -= avio_get_str(pb, len, place, sizeof(place));
255 if (len < 1) {
256 av_log(c->fc, AV_LOG_ERROR, "place name too long\n");
257 return AVERROR_INVALIDDATA;
258 }
259 avio_skip(pb, 1); // role
260 len -= 1;
261
262 if (len < 12) {
263 av_log(c->fc, AV_LOG_ERROR,
264 "loci too short (%u bytes left, need at least %d)\n", len, 12);
265 return AVERROR_INVALIDDATA;
266 }
267 longitude = ((int32_t) avio_rb32(pb)) / (float) (1 << 16);
268 latitude = ((int32_t) avio_rb32(pb)) / (float) (1 << 16);
269 altitude = ((int32_t) avio_rb32(pb)) / (float) (1 << 16);
270
271 // Try to output in the same format as the ?xyz field
272 snprintf(buf, sizeof(buf), "%+08.4f%+09.4f", latitude, longitude);
273 if (altitude)
274 av_strlcatf(buf, sizeof(buf), "%+f", altitude);
275 av_strlcatf(buf, sizeof(buf), "/%s", place);
276
277 if (*language && strcmp(language, "und")) {
278 char key2[16];
279 snprintf(key2, sizeof(key2), "%s-%s", key, language);
280 av_dict_set(&c->fc->metadata, key2, buf, 0);
281 }
282 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
283 return av_dict_set(&c->fc->metadata, key, buf, 0);
284 }
285
mov_metadata_hmmt(MOVContext * c,AVIOContext * pb,unsigned len)286 static int mov_metadata_hmmt(MOVContext *c, AVIOContext *pb, unsigned len)
287 {
288 int i, n_hmmt;
289
290 if (len < 2)
291 return 0;
292 if (c->ignore_chapters)
293 return 0;
294
295 n_hmmt = avio_rb32(pb);
296 if (n_hmmt > len / 4)
297 return AVERROR_INVALIDDATA;
298 for (i = 0; i < n_hmmt && !pb->eof_reached; i++) {
299 int moment_time = avio_rb32(pb);
300 avpriv_new_chapter(c->fc, i, av_make_q(1, 1000), moment_time, AV_NOPTS_VALUE, NULL);
301 }
302 if (avio_feof(pb))
303 return AVERROR_INVALIDDATA;
304 return 0;
305 }
306
mov_read_udta_string(MOVContext * c,AVIOContext * pb,MOVAtom atom)307 static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
308 {
309 char tmp_key[AV_FOURCC_MAX_STRING_SIZE] = {0};
310 char key2[32], language[4] = {0};
311 char *str = NULL;
312 const char *key = NULL;
313 uint16_t langcode = 0;
314 uint32_t data_type = 0, str_size, str_size_alloc;
315 int (*parse)(MOVContext*, AVIOContext*, unsigned, const char*) = NULL;
316 int raw = 0;
317 int num = 0;
318
319 switch (atom.type) {
320 case MKTAG( '@','P','R','M'): key = "premiere_version"; raw = 1; break;
321 case MKTAG( '@','P','R','Q'): key = "quicktime_version"; raw = 1; break;
322 case MKTAG( 'X','M','P','_'):
323 if (c->export_xmp) { key = "xmp"; raw = 1; } break;
324 case MKTAG( 'a','A','R','T'): key = "album_artist"; break;
325 case MKTAG( 'a','k','I','D'): key = "account_type";
326 parse = mov_metadata_int8_no_padding; break;
327 case MKTAG( 'a','p','I','D'): key = "account_id"; break;
328 case MKTAG( 'c','a','t','g'): key = "category"; break;
329 case MKTAG( 'c','p','i','l'): key = "compilation";
330 parse = mov_metadata_int8_no_padding; break;
331 case MKTAG( 'c','p','r','t'): key = "copyright"; break;
332 case MKTAG( 'd','e','s','c'): key = "description"; break;
333 case MKTAG( 'd','i','s','k'): key = "disc";
334 parse = mov_metadata_track_or_disc_number; break;
335 case MKTAG( 'e','g','i','d'): key = "episode_uid";
336 parse = mov_metadata_int8_no_padding; break;
337 case MKTAG( 'F','I','R','M'): key = "firmware"; raw = 1; break;
338 case MKTAG( 'g','n','r','e'): key = "genre";
339 parse = mov_metadata_gnre; break;
340 case MKTAG( 'h','d','v','d'): key = "hd_video";
341 parse = mov_metadata_int8_no_padding; break;
342 case MKTAG( 'H','M','M','T'):
343 return mov_metadata_hmmt(c, pb, atom.size);
344 case MKTAG( 'k','e','y','w'): key = "keywords"; break;
345 case MKTAG( 'l','d','e','s'): key = "synopsis"; break;
346 case MKTAG( 'l','o','c','i'):
347 return mov_metadata_loci(c, pb, atom.size);
348 case MKTAG( 'm','a','n','u'): key = "make"; break;
349 case MKTAG( 'm','o','d','l'): key = "model"; break;
350 case MKTAG( 'p','c','s','t'): key = "podcast";
351 parse = mov_metadata_int8_no_padding; break;
352 case MKTAG( 'p','g','a','p'): key = "gapless_playback";
353 parse = mov_metadata_int8_no_padding; break;
354 case MKTAG( 'p','u','r','d'): key = "purchase_date"; break;
355 case MKTAG( 'r','t','n','g'): key = "rating";
356 parse = mov_metadata_int8_no_padding; break;
357 case MKTAG( 's','o','a','a'): key = "sort_album_artist"; break;
358 case MKTAG( 's','o','a','l'): key = "sort_album"; break;
359 case MKTAG( 's','o','a','r'): key = "sort_artist"; break;
360 case MKTAG( 's','o','c','o'): key = "sort_composer"; break;
361 case MKTAG( 's','o','n','m'): key = "sort_name"; break;
362 case MKTAG( 's','o','s','n'): key = "sort_show"; break;
363 case MKTAG( 's','t','i','k'): key = "media_type";
364 parse = mov_metadata_int8_no_padding; break;
365 case MKTAG( 't','r','k','n'): key = "track";
366 parse = mov_metadata_track_or_disc_number; break;
367 case MKTAG( 't','v','e','n'): key = "episode_id"; break;
368 case MKTAG( 't','v','e','s'): key = "episode_sort";
369 parse = mov_metadata_int8_bypass_padding; break;
370 case MKTAG( 't','v','n','n'): key = "network"; break;
371 case MKTAG( 't','v','s','h'): key = "show"; break;
372 case MKTAG( 't','v','s','n'): key = "season_number";
373 parse = mov_metadata_int8_bypass_padding; break;
374 case MKTAG(0xa9,'A','R','T'): key = "artist"; break;
375 case MKTAG(0xa9,'P','R','D'): key = "producer"; break;
376 case MKTAG(0xa9,'a','l','b'): key = "album"; break;
377 case MKTAG(0xa9,'a','u','t'): key = "artist"; break;
378 case MKTAG(0xa9,'c','h','p'): key = "chapter"; break;
379 case MKTAG(0xa9,'c','m','t'): key = "comment"; break;
380 case MKTAG(0xa9,'c','o','m'): key = "composer"; break;
381 case MKTAG(0xa9,'c','p','y'): key = "copyright"; break;
382 case MKTAG(0xa9,'d','a','y'): key = "date"; break;
383 case MKTAG(0xa9,'d','i','r'): key = "director"; break;
384 case MKTAG(0xa9,'d','i','s'): key = "disclaimer"; break;
385 case MKTAG(0xa9,'e','d','1'): key = "edit_date"; break;
386 case MKTAG(0xa9,'e','n','c'): key = "encoder"; break;
387 case MKTAG(0xa9,'f','m','t'): key = "original_format"; break;
388 case MKTAG(0xa9,'g','e','n'): key = "genre"; break;
389 case MKTAG(0xa9,'g','r','p'): key = "grouping"; break;
390 case MKTAG(0xa9,'h','s','t'): key = "host_computer"; break;
391 case MKTAG(0xa9,'i','n','f'): key = "comment"; break;
392 case MKTAG(0xa9,'l','y','r'): key = "lyrics"; break;
393 case MKTAG(0xa9,'m','a','k'): key = "make"; break;
394 case MKTAG(0xa9,'m','o','d'): key = "model"; break;
395 case MKTAG(0xa9,'n','a','m'): key = "title"; break;
396 case MKTAG(0xa9,'o','p','e'): key = "original_artist"; break;
397 case MKTAG(0xa9,'p','r','d'): key = "producer"; break;
398 case MKTAG(0xa9,'p','r','f'): key = "performers"; break;
399 case MKTAG(0xa9,'r','e','q'): key = "playback_requirements"; break;
400 case MKTAG(0xa9,'s','r','c'): key = "original_source"; break;
401 case MKTAG(0xa9,'s','t','3'): key = "subtitle"; break;
402 case MKTAG(0xa9,'s','w','r'): key = "encoder"; break;
403 case MKTAG(0xa9,'t','o','o'): key = "encoder"; break;
404 case MKTAG(0xa9,'t','r','k'): key = "track"; break;
405 case MKTAG(0xa9,'u','r','l'): key = "URL"; break;
406 case MKTAG(0xa9,'w','r','n'): key = "warning"; break;
407 case MKTAG(0xa9,'w','r','t'): key = "composer"; break;
408 case MKTAG(0xa9,'x','y','z'): key = "location"; break;
409 }
410 retry:
411 if (c->itunes_metadata && atom.size > 8) {
412 int data_size = avio_rb32(pb);
413 int tag = avio_rl32(pb);
414 if (tag == MKTAG('d','a','t','a') && data_size <= atom.size && data_size >= 16) {
415 data_type = avio_rb32(pb); // type
416 avio_rb32(pb); // unknown
417 str_size = data_size - 16;
418 atom.size -= 16;
419
420 if (!key && c->found_hdlr_mdta && c->meta_keys) {
421 uint32_t index = av_bswap32(atom.type); // BE number has been read as LE
422 if (index < c->meta_keys_count && index > 0) {
423 key = c->meta_keys[index];
424 } else if (atom.type != MKTAG('c', 'o', 'v', 'r')) {
425 av_log(c->fc, AV_LOG_WARNING,
426 "The index of 'data' is out of range: %"PRId32" < 1 or >= %d.\n",
427 index, c->meta_keys_count);
428 }
429 }
430 if (atom.type == MKTAG('c', 'o', 'v', 'r') ||
431 (key && !strcmp(key, "com.apple.quicktime.artwork"))) {
432 int ret = mov_read_covr(c, pb, data_type, str_size);
433 if (ret < 0) {
434 av_log(c->fc, AV_LOG_ERROR, "Error parsing cover art.\n");
435 return ret;
436 }
437 atom.size -= str_size;
438 if (atom.size > 8)
439 goto retry;
440 return ret;
441 }
442 } else return 0;
443 } else if (atom.size > 4 && key && !c->itunes_metadata && !raw) {
444 str_size = avio_rb16(pb); // string length
445 if (str_size > atom.size) {
446 raw = 1;
447 avio_seek(pb, -2, SEEK_CUR);
448 av_log(c->fc, AV_LOG_WARNING, "UDTA parsing failed retrying raw\n");
449 goto retry;
450 }
451 langcode = avio_rb16(pb);
452 ff_mov_lang_to_iso639(langcode, language);
453 atom.size -= 4;
454 } else
455 str_size = atom.size;
456
457 if (c->export_all && !key) {
458 key = av_fourcc_make_string(tmp_key, atom.type);
459 }
460
461 if (!key)
462 return 0;
463 if (atom.size < 0 || str_size >= INT_MAX/2)
464 return AVERROR_INVALIDDATA;
465
466 // Allocates enough space if data_type is a int32 or float32 number, otherwise
467 // worst-case requirement for output string in case of utf8 coded input
468 num = (data_type >= 21 && data_type <= 23);
469 str_size_alloc = (num ? 512 : (raw ? str_size : str_size * 2)) + 1;
470 str = av_mallocz(str_size_alloc);
471 if (!str)
472 return AVERROR(ENOMEM);
473
474 if (parse)
475 parse(c, pb, str_size, key);
476 else {
477 if (!raw && (data_type == 3 || (data_type == 0 && (langcode < 0x400 || langcode == 0x7fff)))) { // MAC Encoded
478 mov_read_mac_string(c, pb, str_size, str, str_size_alloc);
479 #ifdef OHOS_MOOV_LEVEL_META
480 } else if (data_type == 21 || data_type == 67) { // BE signed integer, variable size
481 #else
482 } else if (data_type == 21) { // BE signed integer, variable size
483 #endif
484 int val = 0;
485 if (str_size == 1)
486 val = (int8_t)avio_r8(pb);
487 else if (str_size == 2)
488 val = (int16_t)avio_rb16(pb);
489 else if (str_size == 3)
490 val = ((int32_t)(avio_rb24(pb)<<8))>>8;
491 else if (str_size == 4)
492 val = (int32_t)avio_rb32(pb);
493 if (snprintf(str, str_size_alloc, "%d", val) >= str_size_alloc) {
494 av_log(c->fc, AV_LOG_ERROR,
495 "Failed to store the number (%d) in string.\n", val);
496 av_free(str);
497 return AVERROR_INVALIDDATA;
498 }
499 } else if (data_type == 22) { // BE unsigned integer, variable size
500 unsigned int val = 0;
501 if (str_size == 1)
502 val = avio_r8(pb);
503 else if (str_size == 2)
504 val = avio_rb16(pb);
505 else if (str_size == 3)
506 val = avio_rb24(pb);
507 else if (str_size == 4)
508 val = avio_rb32(pb);
509 if (snprintf(str, str_size_alloc, "%u", val) >= str_size_alloc) {
510 av_log(c->fc, AV_LOG_ERROR,
511 "Failed to store the number (%u) in string.\n", val);
512 av_free(str);
513 return AVERROR_INVALIDDATA;
514 }
515 } else if (data_type == 23 && str_size >= 4) { // BE float32
516 float val = av_int2float(avio_rb32(pb));
517 if (snprintf(str, str_size_alloc, "%f", val) >= str_size_alloc) {
518 av_log(c->fc, AV_LOG_ERROR,
519 "Failed to store the float32 number (%f) in string.\n", val);
520 av_free(str);
521 return AVERROR_INVALIDDATA;
522 }
523 } else if (data_type > 1 && data_type != 4) {
524 // data_type can be 0 if not set at all above. data_type 1 means
525 // UTF8 and 4 means "UTF8 sort". For any other type (UTF16 or e.g.
526 // a picture), don't return it blindly in a string that is supposed
527 // to be UTF8 text.
528 av_log(c->fc, AV_LOG_WARNING, "Skipping unhandled metadata %s of type %d\n", key, data_type);
529 av_free(str);
530 return 0;
531 } else {
532 int ret = ffio_read_size(pb, str, str_size);
533 if (ret < 0) {
534 av_free(str);
535 return ret;
536 }
537 str[str_size] = 0;
538 }
539 c->fc->event_flags |= AVFMT_EVENT_FLAG_METADATA_UPDATED;
540 #ifdef OHOS_MOOV_LEVEL_META
541 if (!strncmp(key, "moov_level_meta_key_", 20)) {
542 char* typeStr;
543 switch(data_type) {
544 case 1:
545 typeStr = av_asprintf("%s%s", "00000001", str); // string
546 break;
547 case 21:
548 typeStr = av_asprintf("%s%s", "00000015", str); // int
549 break;
550 case 23:
551 typeStr = av_asprintf("%s%s", "00000017", str); // float
552 break;
553 case 67:
554 typeStr = av_asprintf("%s%s", "00000043", str); // int
555 break;
556 default:
557 typeStr = av_asprintf("%s%s", "0000004d", str); // unknow
558 break;
559 }
560 if (!typeStr) {
561 av_dict_set(&c->fc->metadata, key, str, 0);
562 } else {
563 av_dict_set(&c->fc->metadata, key, typeStr, 0);
564 av_freep(&typeStr);
565 }
566 } else {
567 av_dict_set(&c->fc->metadata, key, str, 0);
568 }
569 #else
570 av_dict_set(&c->fc->metadata, key, str, 0);
571 #endif
572 if (*language && strcmp(language, "und")) {
573 snprintf(key2, sizeof(key2), "%s-%s", key, language);
574 av_dict_set(&c->fc->metadata, key2, str, 0);
575 }
576 if (!strcmp(key, "encoder")) {
577 int major, minor, micro;
578 if (sscanf(str, "HandBrake %d.%d.%d", &major, &minor, µ) == 3) {
579 c->handbrake_version = 1000000*major + 1000*minor + micro;
580 }
581 }
582 }
583
584 av_freep(&str);
585 return 0;
586 }
587
mov_read_chpl(MOVContext * c,AVIOContext * pb,MOVAtom atom)588 static int mov_read_chpl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
589 {
590 int64_t start;
591 int i, nb_chapters, str_len, version;
592 char str[256+1];
593 int ret;
594
595 if (c->ignore_chapters)
596 return 0;
597
598 if ((atom.size -= 5) < 0)
599 return 0;
600
601 version = avio_r8(pb);
602 avio_rb24(pb);
603 if (version)
604 avio_rb32(pb); // ???
605 nb_chapters = avio_r8(pb);
606
607 for (i = 0; i < nb_chapters; i++) {
608 if (atom.size < 9)
609 return 0;
610
611 start = avio_rb64(pb);
612 str_len = avio_r8(pb);
613
614 if ((atom.size -= 9+str_len) < 0)
615 return 0;
616
617 ret = ffio_read_size(pb, str, str_len);
618 if (ret < 0)
619 return ret;
620 str[str_len] = 0;
621 avpriv_new_chapter(c->fc, i, (AVRational){1,10000000}, start, AV_NOPTS_VALUE, str);
622 }
623 return 0;
624 }
625
626 #define MIN_DATA_ENTRY_BOX_SIZE 12
mov_read_dref(MOVContext * c,AVIOContext * pb,MOVAtom atom)627 static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
628 {
629 AVStream *st;
630 MOVStreamContext *sc;
631 int entries, i, j;
632
633 if (c->fc->nb_streams < 1)
634 return 0;
635 st = c->fc->streams[c->fc->nb_streams-1];
636 sc = st->priv_data;
637
638 avio_rb32(pb); // version + flags
639 entries = avio_rb32(pb);
640 if (!entries ||
641 entries > (atom.size - 1) / MIN_DATA_ENTRY_BOX_SIZE + 1 ||
642 entries >= UINT_MAX / sizeof(*sc->drefs))
643 return AVERROR_INVALIDDATA;
644
645 for (i = 0; i < sc->drefs_count; i++) {
646 MOVDref *dref = &sc->drefs[i];
647 av_freep(&dref->path);
648 av_freep(&dref->dir);
649 }
650 av_free(sc->drefs);
651 sc->drefs_count = 0;
652 sc->drefs = av_mallocz(entries * sizeof(*sc->drefs));
653 if (!sc->drefs)
654 return AVERROR(ENOMEM);
655 sc->drefs_count = entries;
656
657 for (i = 0; i < entries; i++) {
658 MOVDref *dref = &sc->drefs[i];
659 uint32_t size = avio_rb32(pb);
660 int64_t next = avio_tell(pb);
661
662 if (size < 12 || next < 0 || next > INT64_MAX - size)
663 return AVERROR_INVALIDDATA;
664
665 next += size - 4;
666
667 dref->type = avio_rl32(pb);
668 avio_rb32(pb); // version + flags
669
670 if (dref->type == MKTAG('a','l','i','s') && size > 150) {
671 /* macintosh alias record */
672 uint16_t volume_len, len;
673 int16_t type;
674 int ret;
675
676 avio_skip(pb, 10);
677
678 volume_len = avio_r8(pb);
679 volume_len = FFMIN(volume_len, 27);
680 ret = ffio_read_size(pb, dref->volume, 27);
681 if (ret < 0)
682 return ret;
683 dref->volume[volume_len] = 0;
684 av_log(c->fc, AV_LOG_DEBUG, "volume %s, len %d\n", dref->volume, volume_len);
685
686 avio_skip(pb, 12);
687
688 len = avio_r8(pb);
689 len = FFMIN(len, 63);
690 ret = ffio_read_size(pb, dref->filename, 63);
691 if (ret < 0)
692 return ret;
693 dref->filename[len] = 0;
694 av_log(c->fc, AV_LOG_DEBUG, "filename %s, len %d\n", dref->filename, len);
695
696 avio_skip(pb, 16);
697
698 /* read next level up_from_alias/down_to_target */
699 dref->nlvl_from = avio_rb16(pb);
700 dref->nlvl_to = avio_rb16(pb);
701 av_log(c->fc, AV_LOG_DEBUG, "nlvl from %d, nlvl to %d\n",
702 dref->nlvl_from, dref->nlvl_to);
703
704 avio_skip(pb, 16);
705
706 for (type = 0; type != -1 && avio_tell(pb) < next; ) {
707 if (avio_feof(pb))
708 return AVERROR_EOF;
709 type = avio_rb16(pb);
710 len = avio_rb16(pb);
711 av_log(c->fc, AV_LOG_DEBUG, "type %d, len %d\n", type, len);
712 if (len&1)
713 len += 1;
714 if (type == 2) { // absolute path
715 av_free(dref->path);
716 dref->path = av_mallocz(len+1);
717 if (!dref->path)
718 return AVERROR(ENOMEM);
719
720 ret = ffio_read_size(pb, dref->path, len);
721 if (ret < 0) {
722 av_freep(&dref->path);
723 return ret;
724 }
725 if (len > volume_len && !strncmp(dref->path, dref->volume, volume_len)) {
726 len -= volume_len;
727 memmove(dref->path, dref->path+volume_len, len);
728 dref->path[len] = 0;
729 }
730 // trim string of any ending zeros
731 for (j = len - 1; j >= 0; j--) {
732 if (dref->path[j] == 0)
733 len--;
734 else
735 break;
736 }
737 for (j = 0; j < len; j++)
738 if (dref->path[j] == ':' || dref->path[j] == 0)
739 dref->path[j] = '/';
740 av_log(c->fc, AV_LOG_DEBUG, "path %s\n", dref->path);
741 } else if (type == 0) { // directory name
742 av_free(dref->dir);
743 dref->dir = av_malloc(len+1);
744 if (!dref->dir)
745 return AVERROR(ENOMEM);
746
747 ret = ffio_read_size(pb, dref->dir, len);
748 if (ret < 0) {
749 av_freep(&dref->dir);
750 return ret;
751 }
752 dref->dir[len] = 0;
753 for (j = 0; j < len; j++)
754 if (dref->dir[j] == ':')
755 dref->dir[j] = '/';
756 av_log(c->fc, AV_LOG_DEBUG, "dir %s\n", dref->dir);
757 } else
758 avio_skip(pb, len);
759 }
760 } else {
761 av_log(c->fc, AV_LOG_DEBUG, "Unknown dref type 0x%08"PRIx32" size %"PRIu32"\n",
762 dref->type, size);
763 entries--;
764 i--;
765 }
766 avio_seek(pb, next, SEEK_SET);
767 }
768 return 0;
769 }
770
mov_read_hdlr(MOVContext * c,AVIOContext * pb,MOVAtom atom)771 static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
772 {
773 AVStream *st;
774 uint32_t type;
775 uint32_t ctype;
776 int64_t title_size;
777 char *title_str;
778 int ret;
779
780 avio_r8(pb); /* version */
781 avio_rb24(pb); /* flags */
782
783 /* component type */
784 ctype = avio_rl32(pb);
785 type = avio_rl32(pb); /* component subtype */
786
787 av_log(c->fc, AV_LOG_TRACE, "ctype=%s\n", av_fourcc2str(ctype));
788 av_log(c->fc, AV_LOG_TRACE, "stype=%s\n", av_fourcc2str(type));
789
790 if (c->trak_index < 0) { // meta not inside a trak
791 if (type == MKTAG('m','d','t','a')) {
792 c->found_hdlr_mdta = 1;
793 }
794 return 0;
795 }
796
797 st = c->fc->streams[c->fc->nb_streams-1];
798
799 if (type == MKTAG('v','i','d','e'))
800 st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO;
801 else if (type == MKTAG('s','o','u','n'))
802 st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
803 else if (type == MKTAG('m','1','a',' '))
804 st->codecpar->codec_id = AV_CODEC_ID_MP2;
805 #ifdef OHOS_SUBTITLE_DEMUXER
806 else if ((type == MKTAG('s','u','b','p')) || (type == MKTAG('c','l','c','p')) || (type == MKTAG('t','e','x','t')))
807 #else
808 else if ((type == MKTAG('s','u','b','p')) || (type == MKTAG('c','l','c','p')))
809 #endif
810 st->codecpar->codec_type = AVMEDIA_TYPE_SUBTITLE;
811 avio_rb32(pb); /* component manufacture */
812 avio_rb32(pb); /* component flags */
813 avio_rb32(pb); /* component flags mask */
814
815 title_size = atom.size - 24;
816 if (title_size > 0) {
817 if (title_size > FFMIN(INT_MAX, SIZE_MAX-1))
818 return AVERROR_INVALIDDATA;
819 title_str = av_malloc(title_size + 1); /* Add null terminator */
820 if (!title_str)
821 return AVERROR(ENOMEM);
822
823 ret = ffio_read_size(pb, title_str, title_size);
824 if (ret < 0) {
825 av_freep(&title_str);
826 return ret;
827 }
828 title_str[title_size] = 0;
829 if (title_str[0]) {
830 int off = (!c->isom && title_str[0] == title_size - 1);
831 // flag added so as to not set stream handler name if already set from mdia->hdlr
832 av_dict_set(&st->metadata, "handler_name", title_str + off, AV_DICT_DONT_OVERWRITE);
833 #ifdef OHOS_TIMED_META_TRACK
834 if (!strncmp(title_str + off, "timed_metadata", 14) && type == MKTAG('m', 'e', 't' ,'a')) {
835 st->codecpar->codec_type = AVMEDIA_TYPE_TIMEDMETA;
836 }
837 #endif
838 }
839 av_freep(&title_str);
840 }
841
842 return 0;
843 }
844
mov_read_esds(MOVContext * c,AVIOContext * pb,MOVAtom atom)845 static int mov_read_esds(MOVContext *c, AVIOContext *pb, MOVAtom atom)
846 {
847 return ff_mov_read_esds(c->fc, pb);
848 }
849
mov_read_dac3(MOVContext * c,AVIOContext * pb,MOVAtom atom)850 static int mov_read_dac3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
851 {
852 AVStream *st;
853 enum AVAudioServiceType *ast;
854 int ac3info, acmod, lfeon, bsmod;
855 uint64_t mask;
856
857 if (c->fc->nb_streams < 1)
858 return 0;
859 st = c->fc->streams[c->fc->nb_streams-1];
860
861 ast = (enum AVAudioServiceType*)av_stream_new_side_data(st, AV_PKT_DATA_AUDIO_SERVICE_TYPE,
862 sizeof(*ast));
863 if (!ast)
864 return AVERROR(ENOMEM);
865
866 ac3info = avio_rb24(pb);
867 bsmod = (ac3info >> 14) & 0x7;
868 acmod = (ac3info >> 11) & 0x7;
869 lfeon = (ac3info >> 10) & 0x1;
870
871 mask = ff_ac3_channel_layout_tab[acmod];
872 if (lfeon)
873 mask |= AV_CH_LOW_FREQUENCY;
874 av_channel_layout_uninit(&st->codecpar->ch_layout);
875 av_channel_layout_from_mask(&st->codecpar->ch_layout, mask);
876
877 *ast = bsmod;
878 if (st->codecpar->ch_layout.nb_channels > 1 && bsmod == 0x7)
879 *ast = AV_AUDIO_SERVICE_TYPE_KARAOKE;
880
881 return 0;
882 }
883
mov_read_dec3(MOVContext * c,AVIOContext * pb,MOVAtom atom)884 static int mov_read_dec3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
885 {
886 AVStream *st;
887 enum AVAudioServiceType *ast;
888 int eac3info, acmod, lfeon, bsmod;
889 uint64_t mask;
890
891 if (c->fc->nb_streams < 1)
892 return 0;
893 st = c->fc->streams[c->fc->nb_streams-1];
894
895 ast = (enum AVAudioServiceType*)av_stream_new_side_data(st, AV_PKT_DATA_AUDIO_SERVICE_TYPE,
896 sizeof(*ast));
897 if (!ast)
898 return AVERROR(ENOMEM);
899
900 /* No need to parse fields for additional independent substreams and its
901 * associated dependent substreams since libavcodec's E-AC-3 decoder
902 * does not support them yet. */
903 avio_rb16(pb); /* data_rate and num_ind_sub */
904 eac3info = avio_rb24(pb);
905 bsmod = (eac3info >> 12) & 0x1f;
906 acmod = (eac3info >> 9) & 0x7;
907 lfeon = (eac3info >> 8) & 0x1;
908
909 mask = ff_ac3_channel_layout_tab[acmod];
910 if (lfeon)
911 mask |= AV_CH_LOW_FREQUENCY;
912 av_channel_layout_uninit(&st->codecpar->ch_layout);
913 av_channel_layout_from_mask(&st->codecpar->ch_layout, mask);
914
915 *ast = bsmod;
916 if (st->codecpar->ch_layout.nb_channels > 1 && bsmod == 0x7)
917 *ast = AV_AUDIO_SERVICE_TYPE_KARAOKE;
918
919 return 0;
920 }
921
mov_read_ddts(MOVContext * c,AVIOContext * pb,MOVAtom atom)922 static int mov_read_ddts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
923 {
924 #define DDTS_SIZE 20
925 uint8_t buf[DDTS_SIZE + AV_INPUT_BUFFER_PADDING_SIZE];
926 AVStream *st = NULL;
927 uint32_t frame_duration_code = 0;
928 uint32_t channel_layout_code = 0;
929 GetBitContext gb;
930 int ret;
931
932 if ((ret = ffio_read_size(pb, buf, DDTS_SIZE)) < 0)
933 return ret;
934
935 init_get_bits(&gb, buf, 8 * DDTS_SIZE);
936
937 if (c->fc->nb_streams < 1) {
938 return 0;
939 }
940 st = c->fc->streams[c->fc->nb_streams-1];
941
942 st->codecpar->sample_rate = get_bits_long(&gb, 32);
943 if (st->codecpar->sample_rate <= 0) {
944 av_log(c->fc, AV_LOG_ERROR, "Invalid sample rate %d\n", st->codecpar->sample_rate);
945 return AVERROR_INVALIDDATA;
946 }
947 skip_bits_long(&gb, 32); /* max bitrate */
948 st->codecpar->bit_rate = get_bits_long(&gb, 32);
949 st->codecpar->bits_per_coded_sample = get_bits(&gb, 8);
950 frame_duration_code = get_bits(&gb, 2);
951 skip_bits(&gb, 30); /* various fields */
952 channel_layout_code = get_bits(&gb, 16);
953
954 st->codecpar->frame_size =
955 (frame_duration_code == 0) ? 512 :
956 (frame_duration_code == 1) ? 1024 :
957 (frame_duration_code == 2) ? 2048 :
958 (frame_duration_code == 3) ? 4096 : 0;
959
960 if (channel_layout_code > 0xff) {
961 av_log(c->fc, AV_LOG_WARNING, "Unsupported DTS audio channel layout\n");
962 }
963 av_channel_layout_uninit(&st->codecpar->ch_layout);
964 av_channel_layout_from_mask(&st->codecpar->ch_layout,
965 ((channel_layout_code & 0x1) ? AV_CH_FRONT_CENTER : 0) |
966 ((channel_layout_code & 0x2) ? AV_CH_FRONT_LEFT : 0) |
967 ((channel_layout_code & 0x2) ? AV_CH_FRONT_RIGHT : 0) |
968 ((channel_layout_code & 0x4) ? AV_CH_SIDE_LEFT : 0) |
969 ((channel_layout_code & 0x4) ? AV_CH_SIDE_RIGHT : 0) |
970 ((channel_layout_code & 0x8) ? AV_CH_LOW_FREQUENCY : 0));
971
972 return 0;
973 }
974
mov_read_chan(MOVContext * c,AVIOContext * pb,MOVAtom atom)975 static int mov_read_chan(MOVContext *c, AVIOContext *pb, MOVAtom atom)
976 {
977 AVStream *st;
978
979 if (c->fc->nb_streams < 1)
980 return 0;
981 st = c->fc->streams[c->fc->nb_streams-1];
982
983 if (atom.size < 16)
984 return 0;
985
986 /* skip version and flags */
987 avio_skip(pb, 4);
988
989 ff_mov_read_chan(c->fc, pb, st, atom.size - 4);
990
991 return 0;
992 }
993
mov_read_wfex(MOVContext * c,AVIOContext * pb,MOVAtom atom)994 static int mov_read_wfex(MOVContext *c, AVIOContext *pb, MOVAtom atom)
995 {
996 AVStream *st;
997 int ret;
998
999 if (c->fc->nb_streams < 1)
1000 return 0;
1001 st = c->fc->streams[c->fc->nb_streams-1];
1002
1003 if ((ret = ff_get_wav_header(c->fc, pb, st->codecpar, atom.size, 0)) < 0)
1004 av_log(c->fc, AV_LOG_WARNING, "get_wav_header failed\n");
1005
1006 return ret;
1007 }
1008
1009 /* This atom overrides any previously set aspect ratio */
mov_read_pasp(MOVContext * c,AVIOContext * pb,MOVAtom atom)1010 static int mov_read_pasp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1011 {
1012 const int num = avio_rb32(pb);
1013 const int den = avio_rb32(pb);
1014 AVStream *st;
1015
1016 if (c->fc->nb_streams < 1)
1017 return 0;
1018 st = c->fc->streams[c->fc->nb_streams-1];
1019
1020 if (den != 0) {
1021 av_reduce(&st->sample_aspect_ratio.num, &st->sample_aspect_ratio.den,
1022 num, den, 32767);
1023 }
1024 return 0;
1025 }
1026
1027 /* this atom contains actual media data */
mov_read_mdat(MOVContext * c,AVIOContext * pb,MOVAtom atom)1028 static int mov_read_mdat(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1029 {
1030 if (atom.size == 0) /* wrong one (MP4) */
1031 return 0;
1032 c->found_mdat=1;
1033 return 0; /* now go for moov */
1034 }
1035
1036 #define DRM_BLOB_SIZE 56
1037
mov_read_adrm(MOVContext * c,AVIOContext * pb,MOVAtom atom)1038 static int mov_read_adrm(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1039 {
1040 uint8_t intermediate_key[20];
1041 uint8_t intermediate_iv[20];
1042 uint8_t input[64];
1043 uint8_t output[64];
1044 uint8_t file_checksum[20];
1045 uint8_t calculated_checksum[20];
1046 char checksum_string[2 * sizeof(file_checksum) + 1];
1047 struct AVSHA *sha;
1048 int i;
1049 int ret = 0;
1050 uint8_t *activation_bytes = c->activation_bytes;
1051 uint8_t *fixed_key = c->audible_fixed_key;
1052
1053 c->aax_mode = 1;
1054
1055 sha = av_sha_alloc();
1056 if (!sha)
1057 return AVERROR(ENOMEM);
1058 av_free(c->aes_decrypt);
1059 c->aes_decrypt = av_aes_alloc();
1060 if (!c->aes_decrypt) {
1061 ret = AVERROR(ENOMEM);
1062 goto fail;
1063 }
1064
1065 /* drm blob processing */
1066 avio_read(pb, output, 8); // go to offset 8, absolute position 0x251
1067 avio_read(pb, input, DRM_BLOB_SIZE);
1068 avio_read(pb, output, 4); // go to offset 4, absolute position 0x28d
1069 avio_read(pb, file_checksum, 20);
1070
1071 // required by external tools
1072 ff_data_to_hex(checksum_string, file_checksum, sizeof(file_checksum), 1);
1073 av_log(c->fc, AV_LOG_INFO, "[aax] file checksum == %s\n", checksum_string);
1074
1075 /* verify activation data */
1076 if (!activation_bytes) {
1077 av_log(c->fc, AV_LOG_WARNING, "[aax] activation_bytes option is missing!\n");
1078 ret = 0; /* allow ffprobe to continue working on .aax files */
1079 goto fail;
1080 }
1081 if (c->activation_bytes_size != 4) {
1082 av_log(c->fc, AV_LOG_FATAL, "[aax] activation_bytes value needs to be 4 bytes!\n");
1083 ret = AVERROR(EINVAL);
1084 goto fail;
1085 }
1086
1087 /* verify fixed key */
1088 if (c->audible_fixed_key_size != 16) {
1089 av_log(c->fc, AV_LOG_FATAL, "[aax] audible_fixed_key value needs to be 16 bytes!\n");
1090 ret = AVERROR(EINVAL);
1091 goto fail;
1092 }
1093
1094 /* AAX (and AAX+) key derivation */
1095 av_sha_init(sha, 160);
1096 av_sha_update(sha, fixed_key, 16);
1097 av_sha_update(sha, activation_bytes, 4);
1098 av_sha_final(sha, intermediate_key);
1099 av_sha_init(sha, 160);
1100 av_sha_update(sha, fixed_key, 16);
1101 av_sha_update(sha, intermediate_key, 20);
1102 av_sha_update(sha, activation_bytes, 4);
1103 av_sha_final(sha, intermediate_iv);
1104 av_sha_init(sha, 160);
1105 av_sha_update(sha, intermediate_key, 16);
1106 av_sha_update(sha, intermediate_iv, 16);
1107 av_sha_final(sha, calculated_checksum);
1108 if (memcmp(calculated_checksum, file_checksum, 20)) { // critical error
1109 av_log(c->fc, AV_LOG_ERROR, "[aax] mismatch in checksums!\n");
1110 ret = AVERROR_INVALIDDATA;
1111 goto fail;
1112 }
1113 av_aes_init(c->aes_decrypt, intermediate_key, 128, 1);
1114 av_aes_crypt(c->aes_decrypt, output, input, DRM_BLOB_SIZE >> 4, intermediate_iv, 1);
1115 for (i = 0; i < 4; i++) {
1116 // file data (in output) is stored in big-endian mode
1117 if (activation_bytes[i] != output[3 - i]) { // critical error
1118 av_log(c->fc, AV_LOG_ERROR, "[aax] error in drm blob decryption!\n");
1119 ret = AVERROR_INVALIDDATA;
1120 goto fail;
1121 }
1122 }
1123 memcpy(c->file_key, output + 8, 16);
1124 memcpy(input, output + 26, 16);
1125 av_sha_init(sha, 160);
1126 av_sha_update(sha, input, 16);
1127 av_sha_update(sha, c->file_key, 16);
1128 av_sha_update(sha, fixed_key, 16);
1129 av_sha_final(sha, c->file_iv);
1130
1131 fail:
1132 av_free(sha);
1133
1134 return ret;
1135 }
1136
mov_aaxc_crypto(MOVContext * c)1137 static int mov_aaxc_crypto(MOVContext *c)
1138 {
1139 if (c->audible_key_size != 16) {
1140 av_log(c->fc, AV_LOG_FATAL, "[aaxc] audible_key value needs to be 16 bytes!\n");
1141 return AVERROR(EINVAL);
1142 }
1143
1144 if (c->audible_iv_size != 16) {
1145 av_log(c->fc, AV_LOG_FATAL, "[aaxc] audible_iv value needs to be 16 bytes!\n");
1146 return AVERROR(EINVAL);
1147 }
1148
1149 c->aes_decrypt = av_aes_alloc();
1150 if (!c->aes_decrypt) {
1151 return AVERROR(ENOMEM);
1152 }
1153
1154 memcpy(c->file_key, c->audible_key, 16);
1155 memcpy(c->file_iv, c->audible_iv, 16);
1156 c->aax_mode = 1;
1157
1158 return 0;
1159 }
1160
1161 // Audible AAX (and AAX+) bytestream decryption
aax_filter(uint8_t * input,int size,MOVContext * c)1162 static int aax_filter(uint8_t *input, int size, MOVContext *c)
1163 {
1164 int blocks = 0;
1165 unsigned char iv[16];
1166
1167 memcpy(iv, c->file_iv, 16); // iv is overwritten
1168 blocks = size >> 4; // trailing bytes are not encrypted!
1169 av_aes_init(c->aes_decrypt, c->file_key, 128, 1);
1170 av_aes_crypt(c->aes_decrypt, input, input, blocks, iv, 1);
1171
1172 return 0;
1173 }
1174
1175 /* read major brand, minor version and compatible brands and store them as metadata */
mov_read_ftyp(MOVContext * c,AVIOContext * pb,MOVAtom atom)1176 static int mov_read_ftyp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1177 {
1178 uint32_t minor_ver;
1179 int comp_brand_size;
1180 char* comp_brands_str;
1181 uint8_t type[5] = {0};
1182 int ret = ffio_read_size(pb, type, 4);
1183 if (ret < 0)
1184 return ret;
1185 if (c->fc->nb_streams)
1186 return AVERROR_INVALIDDATA;
1187
1188 if (strcmp(type, "qt "))
1189 c->isom = 1;
1190 av_log(c->fc, AV_LOG_DEBUG, "ISO: File Type Major Brand: %.4s\n",(char *)&type);
1191 av_dict_set(&c->fc->metadata, "major_brand", type, 0);
1192 c->is_still_picture_avif = !strncmp(type, "avif", 4);
1193 minor_ver = avio_rb32(pb); /* minor version */
1194 av_dict_set_int(&c->fc->metadata, "minor_version", minor_ver, 0);
1195
1196 comp_brand_size = atom.size - 8;
1197 if (comp_brand_size < 0 || comp_brand_size == INT_MAX)
1198 return AVERROR_INVALIDDATA;
1199 comp_brands_str = av_malloc(comp_brand_size + 1); /* Add null terminator */
1200 if (!comp_brands_str)
1201 return AVERROR(ENOMEM);
1202
1203 ret = ffio_read_size(pb, comp_brands_str, comp_brand_size);
1204 if (ret < 0) {
1205 av_freep(&comp_brands_str);
1206 return ret;
1207 }
1208 comp_brands_str[comp_brand_size] = 0;
1209 av_dict_set(&c->fc->metadata, "compatible_brands",
1210 comp_brands_str, AV_DICT_DONT_STRDUP_VAL);
1211
1212 // Logic for handling Audible's .aaxc files
1213 if (!strcmp(type, "aaxc")) {
1214 mov_aaxc_crypto(c);
1215 }
1216
1217 return 0;
1218 }
1219
1220 /* this atom should contain all header atoms */
mov_read_moov(MOVContext * c,AVIOContext * pb,MOVAtom atom)1221 static int mov_read_moov(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1222 {
1223 int ret;
1224
1225 if (c->found_moov) {
1226 av_log(c->fc, AV_LOG_WARNING, "Found duplicated MOOV Atom. Skipped it\n");
1227 avio_skip(pb, atom.size);
1228 return 0;
1229 }
1230
1231 if ((ret = mov_read_default(c, pb, atom)) < 0)
1232 return ret;
1233 /* we parsed the 'moov' atom, we can terminate the parsing as soon as we find the 'mdat' */
1234 /* so we don't parse the whole file if over a network */
1235 c->found_moov=1;
1236 return 0; /* now go for mdat */
1237 }
1238
get_frag_stream_info(MOVFragmentIndex * frag_index,int index,int id)1239 static MOVFragmentStreamInfo * get_frag_stream_info(
1240 MOVFragmentIndex *frag_index,
1241 int index,
1242 int id)
1243 {
1244 int i;
1245 MOVFragmentIndexItem * item;
1246
1247 if (index < 0 || index >= frag_index->nb_items)
1248 return NULL;
1249 item = &frag_index->item[index];
1250 for (i = 0; i < item->nb_stream_info; i++)
1251 if (item->stream_info[i].id == id)
1252 return &item->stream_info[i];
1253
1254 // This shouldn't happen
1255 return NULL;
1256 }
1257
set_frag_stream(MOVFragmentIndex * frag_index,int id)1258 static void set_frag_stream(MOVFragmentIndex *frag_index, int id)
1259 {
1260 int i;
1261 MOVFragmentIndexItem * item;
1262
1263 if (frag_index->current < 0 ||
1264 frag_index->current >= frag_index->nb_items)
1265 return;
1266
1267 item = &frag_index->item[frag_index->current];
1268 for (i = 0; i < item->nb_stream_info; i++)
1269 if (item->stream_info[i].id == id) {
1270 item->current = i;
1271 return;
1272 }
1273
1274 // id not found. This shouldn't happen.
1275 item->current = -1;
1276 }
1277
get_current_frag_stream_info(MOVFragmentIndex * frag_index)1278 static MOVFragmentStreamInfo * get_current_frag_stream_info(
1279 MOVFragmentIndex *frag_index)
1280 {
1281 MOVFragmentIndexItem *item;
1282 if (frag_index->current < 0 ||
1283 frag_index->current >= frag_index->nb_items)
1284 return NULL;
1285
1286 item = &frag_index->item[frag_index->current];
1287 if (item->current >= 0 && item->current < item->nb_stream_info)
1288 return &item->stream_info[item->current];
1289
1290 // This shouldn't happen
1291 return NULL;
1292 }
1293
search_frag_moof_offset(MOVFragmentIndex * frag_index,int64_t offset)1294 static int search_frag_moof_offset(MOVFragmentIndex *frag_index, int64_t offset)
1295 {
1296 int a, b, m;
1297 int64_t moof_offset;
1298
1299 // Optimize for appending new entries
1300 if (!frag_index->nb_items ||
1301 frag_index->item[frag_index->nb_items - 1].moof_offset < offset)
1302 return frag_index->nb_items;
1303
1304 a = -1;
1305 b = frag_index->nb_items;
1306
1307 while (b - a > 1) {
1308 m = (a + b) >> 1;
1309 moof_offset = frag_index->item[m].moof_offset;
1310 if (moof_offset >= offset)
1311 b = m;
1312 if (moof_offset <= offset)
1313 a = m;
1314 }
1315 return b;
1316 }
1317
get_stream_info_time(MOVFragmentStreamInfo * frag_stream_info)1318 static int64_t get_stream_info_time(MOVFragmentStreamInfo * frag_stream_info)
1319 {
1320 av_assert0(frag_stream_info);
1321 if (frag_stream_info->sidx_pts != AV_NOPTS_VALUE)
1322 return frag_stream_info->sidx_pts;
1323 if (frag_stream_info->first_tfra_pts != AV_NOPTS_VALUE)
1324 return frag_stream_info->first_tfra_pts;
1325 return frag_stream_info->tfdt_dts;
1326 }
1327
get_frag_time(MOVFragmentIndex * frag_index,int index,int track_id)1328 static int64_t get_frag_time(MOVFragmentIndex *frag_index,
1329 int index, int track_id)
1330 {
1331 MOVFragmentStreamInfo * frag_stream_info;
1332 int64_t timestamp;
1333 int i;
1334
1335 if (track_id >= 0) {
1336 frag_stream_info = get_frag_stream_info(frag_index, index, track_id);
1337 if (frag_stream_info->sidx_pts != AV_NOPTS_VALUE)
1338 return frag_stream_info->sidx_pts;
1339 if (frag_stream_info->first_tfra_pts != AV_NOPTS_VALUE)
1340 return frag_stream_info->first_tfra_pts;
1341 return frag_stream_info->sidx_pts;
1342 }
1343
1344 for (i = 0; i < frag_index->item[index].nb_stream_info; i++) {
1345 frag_stream_info = &frag_index->item[index].stream_info[i];
1346 timestamp = get_stream_info_time(frag_stream_info);
1347 if (timestamp != AV_NOPTS_VALUE)
1348 return timestamp;
1349 }
1350 return AV_NOPTS_VALUE;
1351 }
1352
search_frag_timestamp(MOVFragmentIndex * frag_index,AVStream * st,int64_t timestamp)1353 static int search_frag_timestamp(MOVFragmentIndex *frag_index,
1354 AVStream *st, int64_t timestamp)
1355 {
1356 int a, b, m, m0;
1357 int64_t frag_time;
1358 int id = -1;
1359
1360 if (st) {
1361 // If the stream is referenced by any sidx, limit the search
1362 // to fragments that referenced this stream in the sidx
1363 MOVStreamContext *sc = st->priv_data;
1364 if (sc->has_sidx)
1365 id = st->id;
1366 }
1367
1368 a = -1;
1369 b = frag_index->nb_items;
1370
1371 while (b - a > 1) {
1372 m0 = m = (a + b) >> 1;
1373
1374 while (m < b &&
1375 (frag_time = get_frag_time(frag_index, m, id)) == AV_NOPTS_VALUE)
1376 m++;
1377
1378 if (m < b && frag_time <= timestamp)
1379 a = m;
1380 else
1381 b = m0;
1382 }
1383
1384 return a;
1385 }
1386
update_frag_index(MOVContext * c,int64_t offset)1387 static int update_frag_index(MOVContext *c, int64_t offset)
1388 {
1389 int index, i;
1390 MOVFragmentIndexItem * item;
1391 MOVFragmentStreamInfo * frag_stream_info;
1392
1393 // If moof_offset already exists in frag_index, return index to it
1394 index = search_frag_moof_offset(&c->frag_index, offset);
1395 if (index < c->frag_index.nb_items &&
1396 c->frag_index.item[index].moof_offset == offset)
1397 return index;
1398
1399 // offset is not yet in frag index.
1400 // Insert new item at index (sorted by moof offset)
1401 item = av_fast_realloc(c->frag_index.item,
1402 &c->frag_index.allocated_size,
1403 (c->frag_index.nb_items + 1) *
1404 sizeof(*c->frag_index.item));
1405 if (!item)
1406 return -1;
1407 c->frag_index.item = item;
1408
1409 frag_stream_info = av_realloc_array(NULL, c->fc->nb_streams,
1410 sizeof(*item->stream_info));
1411 if (!frag_stream_info)
1412 return -1;
1413
1414 for (i = 0; i < c->fc->nb_streams; i++) {
1415 // Avoid building frag index if streams lack track id.
1416 if (c->fc->streams[i]->id < 0) {
1417 av_free(frag_stream_info);
1418 return AVERROR_INVALIDDATA;
1419 }
1420
1421 frag_stream_info[i].id = c->fc->streams[i]->id;
1422 frag_stream_info[i].sidx_pts = AV_NOPTS_VALUE;
1423 frag_stream_info[i].tfdt_dts = AV_NOPTS_VALUE;
1424 frag_stream_info[i].next_trun_dts = AV_NOPTS_VALUE;
1425 frag_stream_info[i].first_tfra_pts = AV_NOPTS_VALUE;
1426 frag_stream_info[i].index_entry = -1;
1427 frag_stream_info[i].encryption_index = NULL;
1428 }
1429
1430 if (index < c->frag_index.nb_items)
1431 memmove(c->frag_index.item + index + 1, c->frag_index.item + index,
1432 (c->frag_index.nb_items - index) * sizeof(*c->frag_index.item));
1433
1434 item = &c->frag_index.item[index];
1435 item->headers_read = 0;
1436 item->current = 0;
1437 item->nb_stream_info = c->fc->nb_streams;
1438 item->moof_offset = offset;
1439 item->stream_info = frag_stream_info;
1440 c->frag_index.nb_items++;
1441
1442 return index;
1443 }
1444
fix_frag_index_entries(MOVFragmentIndex * frag_index,int index,int id,int entries)1445 static void fix_frag_index_entries(MOVFragmentIndex *frag_index, int index,
1446 int id, int entries)
1447 {
1448 int i;
1449 MOVFragmentStreamInfo * frag_stream_info;
1450
1451 if (index < 0)
1452 return;
1453 for (i = index; i < frag_index->nb_items; i++) {
1454 frag_stream_info = get_frag_stream_info(frag_index, i, id);
1455 if (frag_stream_info && frag_stream_info->index_entry >= 0)
1456 frag_stream_info->index_entry += entries;
1457 }
1458 }
1459
mov_read_moof(MOVContext * c,AVIOContext * pb,MOVAtom atom)1460 static int mov_read_moof(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1461 {
1462 // Set by mov_read_tfhd(). mov_read_trun() will reject files missing tfhd.
1463 c->fragment.found_tfhd = 0;
1464
1465 if (!c->has_looked_for_mfra && c->use_mfra_for > 0) {
1466 c->has_looked_for_mfra = 1;
1467 if (pb->seekable & AVIO_SEEKABLE_NORMAL) {
1468 int ret;
1469 av_log(c->fc, AV_LOG_VERBOSE, "stream has moof boxes, will look "
1470 "for a mfra\n");
1471 if ((ret = mov_read_mfra(c, pb)) < 0) {
1472 av_log(c->fc, AV_LOG_VERBOSE, "found a moof box but failed to "
1473 "read the mfra (may be a live ismv)\n");
1474 }
1475 } else {
1476 av_log(c->fc, AV_LOG_VERBOSE, "found a moof box but stream is not "
1477 "seekable, can not look for mfra\n");
1478 }
1479 }
1480 c->fragment.moof_offset = c->fragment.implicit_offset = avio_tell(pb) - 8;
1481 av_log(c->fc, AV_LOG_TRACE, "moof offset %"PRIx64"\n", c->fragment.moof_offset);
1482 c->frag_index.current = update_frag_index(c, c->fragment.moof_offset);
1483 return mov_read_default(c, pb, atom);
1484 }
1485
mov_metadata_creation_time(AVDictionary ** metadata,int64_t time,void * logctx)1486 static void mov_metadata_creation_time(AVDictionary **metadata, int64_t time, void *logctx)
1487 {
1488 if (time) {
1489 if (time >= 2082844800)
1490 time -= 2082844800; /* seconds between 1904-01-01 and Epoch */
1491
1492 if ((int64_t)(time * 1000000ULL) / 1000000 != time) {
1493 av_log(logctx, AV_LOG_DEBUG, "creation_time is not representable\n");
1494 return;
1495 }
1496
1497 avpriv_dict_set_timestamp(metadata, "creation_time", time * 1000000);
1498 }
1499 }
1500
mov_read_mdhd(MOVContext * c,AVIOContext * pb,MOVAtom atom)1501 static int mov_read_mdhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1502 {
1503 AVStream *st;
1504 MOVStreamContext *sc;
1505 int version;
1506 char language[4] = {0};
1507 unsigned lang;
1508 int64_t creation_time;
1509
1510 if (c->fc->nb_streams < 1)
1511 return 0;
1512 st = c->fc->streams[c->fc->nb_streams-1];
1513 sc = st->priv_data;
1514
1515 if (sc->time_scale) {
1516 av_log(c->fc, AV_LOG_ERROR, "Multiple mdhd?\n");
1517 return AVERROR_INVALIDDATA;
1518 }
1519
1520 version = avio_r8(pb);
1521 if (version > 1) {
1522 avpriv_request_sample(c->fc, "Version %d", version);
1523 return AVERROR_PATCHWELCOME;
1524 }
1525 avio_rb24(pb); /* flags */
1526 if (version == 1) {
1527 creation_time = avio_rb64(pb);
1528 avio_rb64(pb);
1529 } else {
1530 creation_time = avio_rb32(pb);
1531 avio_rb32(pb); /* modification time */
1532 }
1533 mov_metadata_creation_time(&st->metadata, creation_time, c->fc);
1534
1535 sc->time_scale = avio_rb32(pb);
1536 if (sc->time_scale <= 0) {
1537 av_log(c->fc, AV_LOG_ERROR, "Invalid mdhd time scale %d, defaulting to 1\n", sc->time_scale);
1538 sc->time_scale = 1;
1539 }
1540 st->duration = (version == 1) ? avio_rb64(pb) : avio_rb32(pb); /* duration */
1541
1542 lang = avio_rb16(pb); /* language */
1543 if (ff_mov_lang_to_iso639(lang, language))
1544 av_dict_set(&st->metadata, "language", language, 0);
1545 avio_rb16(pb); /* quality */
1546
1547 #ifdef OHOS_EXPAND_MP4_INFO
1548 st->time_scale = sc->time_scale;
1549 #endif
1550
1551 return 0;
1552 }
1553
mov_read_mvhd(MOVContext * c,AVIOContext * pb,MOVAtom atom)1554 static int mov_read_mvhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1555 {
1556 int i;
1557 int64_t creation_time;
1558 int version = avio_r8(pb); /* version */
1559 avio_rb24(pb); /* flags */
1560
1561 if (version == 1) {
1562 creation_time = avio_rb64(pb);
1563 avio_rb64(pb);
1564 } else {
1565 creation_time = avio_rb32(pb);
1566 avio_rb32(pb); /* modification time */
1567 }
1568 mov_metadata_creation_time(&c->fc->metadata, creation_time, c->fc);
1569 c->time_scale = avio_rb32(pb); /* time scale */
1570 if (c->time_scale <= 0) {
1571 av_log(c->fc, AV_LOG_ERROR, "Invalid mvhd time scale %d, defaulting to 1\n", c->time_scale);
1572 c->time_scale = 1;
1573 }
1574 av_log(c->fc, AV_LOG_TRACE, "time scale = %i\n", c->time_scale);
1575
1576 c->duration = (version == 1) ? avio_rb64(pb) : avio_rb32(pb); /* duration */
1577 // set the AVFormatContext duration because the duration of individual tracks
1578 // may be inaccurate
1579 if (!c->trex_data)
1580 c->fc->duration = av_rescale(c->duration, AV_TIME_BASE, c->time_scale);
1581 avio_rb32(pb); /* preferred scale */
1582
1583 avio_rb16(pb); /* preferred volume */
1584
1585 avio_skip(pb, 10); /* reserved */
1586
1587 /* movie display matrix, store it in main context and use it later on */
1588 for (i = 0; i < 3; i++) {
1589 c->movie_display_matrix[i][0] = avio_rb32(pb); // 16.16 fixed point
1590 c->movie_display_matrix[i][1] = avio_rb32(pb); // 16.16 fixed point
1591 c->movie_display_matrix[i][2] = avio_rb32(pb); // 2.30 fixed point
1592 }
1593
1594 avio_rb32(pb); /* preview time */
1595 avio_rb32(pb); /* preview duration */
1596 avio_rb32(pb); /* poster time */
1597 avio_rb32(pb); /* selection time */
1598 avio_rb32(pb); /* selection duration */
1599 avio_rb32(pb); /* current time */
1600 avio_rb32(pb); /* next track ID */
1601
1602 return 0;
1603 }
1604
set_last_stream_little_endian(AVFormatContext * fc)1605 static void set_last_stream_little_endian(AVFormatContext *fc)
1606 {
1607 AVStream *st;
1608
1609 if (fc->nb_streams < 1)
1610 return;
1611 st = fc->streams[fc->nb_streams-1];
1612
1613 switch (st->codecpar->codec_id) {
1614 case AV_CODEC_ID_PCM_S16BE:
1615 st->codecpar->codec_id = AV_CODEC_ID_PCM_S16LE;
1616 break;
1617 case AV_CODEC_ID_PCM_S24BE:
1618 st->codecpar->codec_id = AV_CODEC_ID_PCM_S24LE;
1619 break;
1620 case AV_CODEC_ID_PCM_S32BE:
1621 st->codecpar->codec_id = AV_CODEC_ID_PCM_S32LE;
1622 break;
1623 case AV_CODEC_ID_PCM_F32BE:
1624 st->codecpar->codec_id = AV_CODEC_ID_PCM_F32LE;
1625 break;
1626 case AV_CODEC_ID_PCM_F64BE:
1627 st->codecpar->codec_id = AV_CODEC_ID_PCM_F64LE;
1628 break;
1629 default:
1630 break;
1631 }
1632 }
1633
mov_read_enda(MOVContext * c,AVIOContext * pb,MOVAtom atom)1634 static int mov_read_enda(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1635 {
1636 int little_endian = avio_rb16(pb) & 0xFF;
1637 av_log(c->fc, AV_LOG_TRACE, "enda %d\n", little_endian);
1638 if (little_endian == 1)
1639 set_last_stream_little_endian(c->fc);
1640 return 0;
1641 }
1642
mov_read_pcmc(MOVContext * c,AVIOContext * pb,MOVAtom atom)1643 static int mov_read_pcmc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1644 {
1645 int format_flags;
1646
1647 if (atom.size < 6) {
1648 av_log(c->fc, AV_LOG_ERROR, "Empty pcmC box\n");
1649 return AVERROR_INVALIDDATA;
1650 }
1651
1652 avio_r8(pb); // version
1653 avio_rb24(pb); // flags
1654 format_flags = avio_r8(pb);
1655 if (format_flags == 1) // indicates little-endian format. If not present, big-endian format is used
1656 set_last_stream_little_endian(c->fc);
1657
1658 return 0;
1659 }
1660
mov_read_colr(MOVContext * c,AVIOContext * pb,MOVAtom atom)1661 static int mov_read_colr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1662 {
1663 AVStream *st;
1664 uint8_t *icc_profile;
1665 char color_parameter_type[5] = { 0 };
1666 uint16_t color_primaries, color_trc, color_matrix;
1667 int ret;
1668
1669 if (c->fc->nb_streams < 1)
1670 return 0;
1671 st = c->fc->streams[c->fc->nb_streams - 1];
1672
1673 ret = ffio_read_size(pb, color_parameter_type, 4);
1674 if (ret < 0)
1675 return ret;
1676 if (strncmp(color_parameter_type, "nclx", 4) &&
1677 strncmp(color_parameter_type, "nclc", 4) &&
1678 strncmp(color_parameter_type, "prof", 4)) {
1679 av_log(c->fc, AV_LOG_WARNING, "unsupported color_parameter_type %s\n",
1680 color_parameter_type);
1681 return 0;
1682 }
1683
1684 if (!strncmp(color_parameter_type, "prof", 4)) {
1685 icc_profile = av_stream_new_side_data(st, AV_PKT_DATA_ICC_PROFILE, atom.size - 4);
1686 if (!icc_profile)
1687 return AVERROR(ENOMEM);
1688 ret = ffio_read_size(pb, icc_profile, atom.size - 4);
1689 if (ret < 0)
1690 return ret;
1691 } else {
1692 color_primaries = avio_rb16(pb);
1693 color_trc = avio_rb16(pb);
1694 color_matrix = avio_rb16(pb);
1695
1696 av_log(c->fc, AV_LOG_TRACE,
1697 "%s: pri %d trc %d matrix %d",
1698 color_parameter_type, color_primaries, color_trc, color_matrix);
1699
1700 if (!strncmp(color_parameter_type, "nclx", 4)) {
1701 uint8_t color_range = avio_r8(pb) >> 7;
1702 av_log(c->fc, AV_LOG_TRACE, " full %"PRIu8"", color_range);
1703 if (color_range)
1704 st->codecpar->color_range = AVCOL_RANGE_JPEG;
1705 else
1706 st->codecpar->color_range = AVCOL_RANGE_MPEG;
1707 }
1708
1709 if (!av_color_primaries_name(color_primaries))
1710 color_primaries = AVCOL_PRI_UNSPECIFIED;
1711 if (!av_color_transfer_name(color_trc))
1712 color_trc = AVCOL_TRC_UNSPECIFIED;
1713 if (!av_color_space_name(color_matrix))
1714 color_matrix = AVCOL_SPC_UNSPECIFIED;
1715
1716 st->codecpar->color_primaries = color_primaries;
1717 st->codecpar->color_trc = color_trc;
1718 st->codecpar->color_space = color_matrix;
1719 av_log(c->fc, AV_LOG_TRACE, "\n");
1720 }
1721 return 0;
1722 }
1723
mov_read_fiel(MOVContext * c,AVIOContext * pb,MOVAtom atom)1724 static int mov_read_fiel(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1725 {
1726 AVStream *st;
1727 unsigned mov_field_order;
1728 enum AVFieldOrder decoded_field_order = AV_FIELD_UNKNOWN;
1729
1730 if (c->fc->nb_streams < 1) // will happen with jp2 files
1731 return 0;
1732 st = c->fc->streams[c->fc->nb_streams-1];
1733 if (atom.size < 2)
1734 return AVERROR_INVALIDDATA;
1735 mov_field_order = avio_rb16(pb);
1736 if ((mov_field_order & 0xFF00) == 0x0100)
1737 decoded_field_order = AV_FIELD_PROGRESSIVE;
1738 else if ((mov_field_order & 0xFF00) == 0x0200) {
1739 switch (mov_field_order & 0xFF) {
1740 case 0x01: decoded_field_order = AV_FIELD_TT;
1741 break;
1742 case 0x06: decoded_field_order = AV_FIELD_BB;
1743 break;
1744 case 0x09: decoded_field_order = AV_FIELD_TB;
1745 break;
1746 case 0x0E: decoded_field_order = AV_FIELD_BT;
1747 break;
1748 }
1749 }
1750 if (decoded_field_order == AV_FIELD_UNKNOWN && mov_field_order) {
1751 av_log(c->fc, AV_LOG_ERROR, "Unknown MOV field order 0x%04x\n", mov_field_order);
1752 }
1753 st->codecpar->field_order = decoded_field_order;
1754
1755 return 0;
1756 }
1757
mov_realloc_extradata(AVCodecParameters * par,MOVAtom atom)1758 static int mov_realloc_extradata(AVCodecParameters *par, MOVAtom atom)
1759 {
1760 int err = 0;
1761 uint64_t size = (uint64_t)par->extradata_size + atom.size + 8 + AV_INPUT_BUFFER_PADDING_SIZE;
1762 if (size > INT_MAX || (uint64_t)atom.size > INT_MAX)
1763 return AVERROR_INVALIDDATA;
1764 if ((err = av_reallocp(&par->extradata, size)) < 0) {
1765 par->extradata_size = 0;
1766 return err;
1767 }
1768 par->extradata_size = size - AV_INPUT_BUFFER_PADDING_SIZE;
1769 return 0;
1770 }
1771
1772 /* Read a whole atom into the extradata return the size of the atom read, possibly truncated if != atom.size */
mov_read_atom_into_extradata(MOVContext * c,AVIOContext * pb,MOVAtom atom,AVCodecParameters * par,uint8_t * buf)1773 static int64_t mov_read_atom_into_extradata(MOVContext *c, AVIOContext *pb, MOVAtom atom,
1774 AVCodecParameters *par, uint8_t *buf)
1775 {
1776 int64_t result = atom.size;
1777 int err;
1778
1779 AV_WB32(buf , atom.size + 8);
1780 AV_WL32(buf + 4, atom.type);
1781 err = ffio_read_size(pb, buf + 8, atom.size);
1782 if (err < 0) {
1783 par->extradata_size -= atom.size;
1784 return err;
1785 } else if (err < atom.size) {
1786 av_log(c->fc, AV_LOG_WARNING, "truncated extradata\n");
1787 par->extradata_size -= atom.size - err;
1788 result = err;
1789 }
1790 memset(buf + 8 + err, 0, AV_INPUT_BUFFER_PADDING_SIZE);
1791 return result;
1792 }
1793
1794 /* FIXME modify QDM2/SVQ3/H.264 decoders to take full atom as extradata */
mov_read_extradata(MOVContext * c,AVIOContext * pb,MOVAtom atom,enum AVCodecID codec_id)1795 static int mov_read_extradata(MOVContext *c, AVIOContext *pb, MOVAtom atom,
1796 enum AVCodecID codec_id)
1797 {
1798 AVStream *st;
1799 uint64_t original_size;
1800 int err;
1801
1802 if (c->fc->nb_streams < 1) // will happen with jp2 files
1803 return 0;
1804 st = c->fc->streams[c->fc->nb_streams-1];
1805
1806 if (st->codecpar->codec_id != codec_id)
1807 return 0; /* unexpected codec_id - don't mess with extradata */
1808
1809 original_size = st->codecpar->extradata_size;
1810 err = mov_realloc_extradata(st->codecpar, atom);
1811 if (err)
1812 return err;
1813
1814 err = mov_read_atom_into_extradata(c, pb, atom, st->codecpar, st->codecpar->extradata + original_size);
1815 if (err < 0)
1816 return err;
1817 return 0; // Note: this is the original behavior to ignore truncation.
1818 }
1819
1820 /* wrapper functions for reading ALAC/AVS/MJPEG/MJPEG2000 extradata atoms only for those codecs */
mov_read_alac(MOVContext * c,AVIOContext * pb,MOVAtom atom)1821 static int mov_read_alac(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1822 {
1823 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_ALAC);
1824 }
1825
mov_read_avss(MOVContext * c,AVIOContext * pb,MOVAtom atom)1826 static int mov_read_avss(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1827 {
1828 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_AVS);
1829 }
1830
mov_read_jp2h(MOVContext * c,AVIOContext * pb,MOVAtom atom)1831 static int mov_read_jp2h(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1832 {
1833 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_JPEG2000);
1834 }
1835
mov_read_dpxe(MOVContext * c,AVIOContext * pb,MOVAtom atom)1836 static int mov_read_dpxe(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1837 {
1838 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_R10K);
1839 }
1840
mov_read_avid(MOVContext * c,AVIOContext * pb,MOVAtom atom)1841 static int mov_read_avid(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1842 {
1843 int ret = mov_read_extradata(c, pb, atom, AV_CODEC_ID_AVUI);
1844 if (!ret)
1845 ret = mov_read_extradata(c, pb, atom, AV_CODEC_ID_DNXHD);
1846 return ret;
1847 }
1848
mov_read_targa_y216(MOVContext * c,AVIOContext * pb,MOVAtom atom)1849 static int mov_read_targa_y216(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1850 {
1851 int ret = mov_read_extradata(c, pb, atom, AV_CODEC_ID_TARGA_Y216);
1852
1853 if (!ret && c->fc->nb_streams >= 1) {
1854 AVCodecParameters *par = c->fc->streams[c->fc->nb_streams-1]->codecpar;
1855 if (par->extradata_size >= 40) {
1856 par->height = AV_RB16(&par->extradata[36]);
1857 par->width = AV_RB16(&par->extradata[38]);
1858 }
1859 }
1860 return ret;
1861 }
1862
mov_read_ares(MOVContext * c,AVIOContext * pb,MOVAtom atom)1863 static int mov_read_ares(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1864 {
1865 if (c->fc->nb_streams >= 1) {
1866 AVStream *const st = c->fc->streams[c->fc->nb_streams - 1];
1867 FFStream *const sti = ffstream(st);
1868 AVCodecParameters *par = st->codecpar;
1869
1870 if (par->codec_tag == MKTAG('A', 'V', 'i', 'n') &&
1871 par->codec_id == AV_CODEC_ID_H264 &&
1872 atom.size > 11) {
1873 int cid;
1874 avio_skip(pb, 10);
1875 cid = avio_rb16(pb);
1876 /* For AVID AVCI50, force width of 1440 to be able to select the correct SPS and PPS */
1877 if (cid == 0xd4d || cid == 0xd4e)
1878 par->width = 1440;
1879 return 0;
1880 } else if ((par->codec_tag == MKTAG('A', 'V', 'd', '1') ||
1881 par->codec_tag == MKTAG('A', 'V', 'j', '2') ||
1882 par->codec_tag == MKTAG('A', 'V', 'd', 'n')) &&
1883 atom.size >= 24) {
1884 int num, den;
1885 avio_skip(pb, 12);
1886 num = avio_rb32(pb);
1887 den = avio_rb32(pb);
1888 if (num <= 0 || den <= 0)
1889 return 0;
1890 switch (avio_rb32(pb)) {
1891 case 2:
1892 if (den >= INT_MAX / 2)
1893 return 0;
1894 den *= 2;
1895 case 1:
1896 sti->display_aspect_ratio = (AVRational){ num, den };
1897 default:
1898 return 0;
1899 }
1900 }
1901 }
1902
1903 return mov_read_avid(c, pb, atom);
1904 }
1905
mov_read_aclr(MOVContext * c,AVIOContext * pb,MOVAtom atom)1906 static int mov_read_aclr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1907 {
1908 int ret = 0;
1909 int length = 0;
1910 uint64_t original_size;
1911 if (c->fc->nb_streams >= 1) {
1912 AVCodecParameters *par = c->fc->streams[c->fc->nb_streams-1]->codecpar;
1913 if (par->codec_id == AV_CODEC_ID_H264)
1914 return 0;
1915 if (atom.size == 16) {
1916 original_size = par->extradata_size;
1917 ret = mov_realloc_extradata(par, atom);
1918 if (!ret) {
1919 length = mov_read_atom_into_extradata(c, pb, atom, par, par->extradata + original_size);
1920 if (length == atom.size) {
1921 const uint8_t range_value = par->extradata[original_size + 19];
1922 switch (range_value) {
1923 case 1:
1924 par->color_range = AVCOL_RANGE_MPEG;
1925 break;
1926 case 2:
1927 par->color_range = AVCOL_RANGE_JPEG;
1928 break;
1929 default:
1930 av_log(c->fc, AV_LOG_WARNING, "ignored unknown aclr value (%d)\n", range_value);
1931 break;
1932 }
1933 ff_dlog(c->fc, "color_range: %d\n", par->color_range);
1934 } else {
1935 /* For some reason the whole atom was not added to the extradata */
1936 av_log(c->fc, AV_LOG_ERROR, "aclr not decoded - incomplete atom\n");
1937 }
1938 } else {
1939 av_log(c->fc, AV_LOG_ERROR, "aclr not decoded - unable to add atom to extradata\n");
1940 }
1941 } else {
1942 av_log(c->fc, AV_LOG_WARNING, "aclr not decoded - unexpected size %"PRId64"\n", atom.size);
1943 }
1944 }
1945
1946 return ret;
1947 }
1948
mov_read_svq3(MOVContext * c,AVIOContext * pb,MOVAtom atom)1949 static int mov_read_svq3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1950 {
1951 return mov_read_extradata(c, pb, atom, AV_CODEC_ID_SVQ3);
1952 }
1953
mov_read_wave(MOVContext * c,AVIOContext * pb,MOVAtom atom)1954 static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom)
1955 {
1956 AVStream *st;
1957 int ret;
1958
1959 if (c->fc->nb_streams < 1)
1960 return 0;
1961 st = c->fc->streams[c->fc->nb_streams-1];
1962
1963 if ((uint64_t)atom.size > (1<<30))
1964 return AVERROR_INVALIDDATA;
1965
1966 if (st->codecpar->codec_id == AV_CODEC_ID_QDM2 ||
1967 st->codecpar->codec_id == AV_CODEC_ID_QDMC ||
1968 st->codecpar->codec_id == AV_CODEC_ID_SPEEX) {
1969 // pass all frma atom to codec, needed at least for QDMC and QDM2
1970 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size);
1971 if (ret < 0)
1972 return ret;
1973 } else if (atom.size > 8) { /* to read frma, esds atoms */
1974 if (st->codecpar->codec_id == AV_CODEC_ID_ALAC && atom.size >= 24) {
1975 uint64_t buffer;
1976 ret = ffio_ensure_seekback(pb, 8);
1977 if (ret < 0)
1978 return ret;
1979 buffer = avio_rb64(pb);
1980 atom.size -= 8;
1981 if ( (buffer & 0xFFFFFFFF) == MKBETAG('f','r','m','a')
1982 && buffer >> 32 <= atom.size
1983 && buffer >> 32 >= 8) {
1984 avio_skip(pb, -8);
1985 atom.size += 8;
1986 } else if (!st->codecpar->extradata_size) {
1987 #define ALAC_EXTRADATA_SIZE 36
1988 st->codecpar->extradata = av_mallocz(ALAC_EXTRADATA_SIZE + AV_INPUT_BUFFER_PADDING_SIZE);
1989 if (!st->codecpar->extradata)
1990 return AVERROR(ENOMEM);
1991 st->codecpar->extradata_size = ALAC_EXTRADATA_SIZE;
1992 AV_WB32(st->codecpar->extradata , ALAC_EXTRADATA_SIZE);
1993 AV_WB32(st->codecpar->extradata + 4, MKTAG('a','l','a','c'));
1994 AV_WB64(st->codecpar->extradata + 12, buffer);
1995 avio_read(pb, st->codecpar->extradata + 20, 16);
1996 avio_skip(pb, atom.size - 24);
1997 return 0;
1998 }
1999 }
2000 if ((ret = mov_read_default(c, pb, atom)) < 0)
2001 return ret;
2002 } else
2003 avio_skip(pb, atom.size);
2004 return 0;
2005 }
2006
2007 /**
2008 * This function reads atom content and puts data in extradata without tag
2009 * nor size unlike mov_read_extradata.
2010 */
mov_read_glbl(MOVContext * c,AVIOContext * pb,MOVAtom atom)2011 static int mov_read_glbl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2012 {
2013 AVStream *st;
2014 int ret;
2015
2016 if (c->fc->nb_streams < 1)
2017 return 0;
2018 st = c->fc->streams[c->fc->nb_streams-1];
2019
2020 if ((uint64_t)atom.size > (1<<30))
2021 return AVERROR_INVALIDDATA;
2022 #ifdef OHOS_OPT_COMPAT
2023 if (atom.type == MKTAG('v','v','c','C')) {
2024 avio_rb32(pb);
2025 atom.size -= 4;
2026 }
2027 #endif
2028 if (atom.size >= 10) {
2029 // Broken files created by legacy versions of libavformat will
2030 // wrap a whole fiel atom inside of a glbl atom.
2031 unsigned size = avio_rb32(pb);
2032 unsigned type = avio_rl32(pb);
2033 if (avio_feof(pb))
2034 return AVERROR_INVALIDDATA;
2035 avio_seek(pb, -8, SEEK_CUR);
2036 if (type == MKTAG('f','i','e','l') && size == atom.size)
2037 return mov_read_default(c, pb, atom);
2038 }
2039 if (st->codecpar->extradata_size > 1 && st->codecpar->extradata) {
2040 av_log(c->fc, AV_LOG_WARNING, "ignoring multiple glbl\n");
2041 return 0;
2042 }
2043 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size);
2044 if (ret < 0)
2045 return ret;
2046 if (atom.type == MKTAG('h','v','c','C') && st->codecpar->codec_tag == MKTAG('d','v','h','1'))
2047 /* HEVC-based Dolby Vision derived from hvc1.
2048 Happens to match with an identifier
2049 previously utilized for DV. Thus, if we have
2050 the hvcC extradata box available as specified,
2051 set codec to HEVC */
2052 st->codecpar->codec_id = AV_CODEC_ID_HEVC;
2053 #ifdef OHOS_OPT_COMPAT
2054 if (atom.type == MKTAG('v','v','c','C'))
2055 st->codecpar->codec_id = AV_CODEC_ID_VVC;
2056 #endif
2057 return 0;
2058 }
2059
mov_read_dvc1(MOVContext * c,AVIOContext * pb,MOVAtom atom)2060 static int mov_read_dvc1(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2061 {
2062 AVStream *st;
2063 uint8_t profile_level;
2064 int ret;
2065
2066 if (c->fc->nb_streams < 1)
2067 return 0;
2068 st = c->fc->streams[c->fc->nb_streams-1];
2069
2070 if (atom.size >= (1<<28) || atom.size < 7)
2071 return AVERROR_INVALIDDATA;
2072
2073 profile_level = avio_r8(pb);
2074 if ((profile_level & 0xf0) != 0xc0)
2075 return 0;
2076
2077 avio_seek(pb, 6, SEEK_CUR);
2078 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size - 7);
2079 if (ret < 0)
2080 return ret;
2081
2082 return 0;
2083 }
2084
2085 /**
2086 * An strf atom is a BITMAPINFOHEADER struct. This struct is 40 bytes itself,
2087 * but can have extradata appended at the end after the 40 bytes belonging
2088 * to the struct.
2089 */
mov_read_strf(MOVContext * c,AVIOContext * pb,MOVAtom atom)2090 static int mov_read_strf(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2091 {
2092 AVStream *st;
2093 int ret;
2094
2095 if (c->fc->nb_streams < 1)
2096 return 0;
2097 if (atom.size <= 40)
2098 return 0;
2099 st = c->fc->streams[c->fc->nb_streams-1];
2100
2101 if ((uint64_t)atom.size > (1<<30))
2102 return AVERROR_INVALIDDATA;
2103
2104 avio_skip(pb, 40);
2105 ret = ff_get_extradata(c->fc, st->codecpar, pb, atom.size - 40);
2106 if (ret < 0)
2107 return ret;
2108
2109 return 0;
2110 }
2111
mov_read_stco(MOVContext * c,AVIOContext * pb,MOVAtom atom)2112 static int mov_read_stco(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2113 {
2114 AVStream *st;
2115 MOVStreamContext *sc;
2116 unsigned int i, entries;
2117
2118 if (c->trak_index < 0) {
2119 av_log(c->fc, AV_LOG_WARNING, "STCO outside TRAK\n");
2120 return 0;
2121 }
2122 if (c->fc->nb_streams < 1)
2123 return 0;
2124 st = c->fc->streams[c->fc->nb_streams-1];
2125 sc = st->priv_data;
2126
2127 avio_r8(pb); /* version */
2128 avio_rb24(pb); /* flags */
2129
2130 entries = avio_rb32(pb);
2131
2132 if (!entries)
2133 return 0;
2134
2135 if (sc->chunk_offsets) {
2136 av_log(c->fc, AV_LOG_WARNING, "Ignoring duplicated STCO atom\n");
2137 return 0;
2138 }
2139 av_free(sc->chunk_offsets);
2140 sc->chunk_count = 0;
2141 sc->chunk_offsets = av_malloc_array(entries, sizeof(*sc->chunk_offsets));
2142 if (!sc->chunk_offsets)
2143 return AVERROR(ENOMEM);
2144 sc->chunk_count = entries;
2145
2146 if (atom.type == MKTAG('s','t','c','o'))
2147 for (i = 0; i < entries && !pb->eof_reached; i++)
2148 sc->chunk_offsets[i] = avio_rb32(pb);
2149 else if (atom.type == MKTAG('c','o','6','4'))
2150 for (i = 0; i < entries && !pb->eof_reached; i++)
2151 sc->chunk_offsets[i] = avio_rb64(pb);
2152 else
2153 return AVERROR_INVALIDDATA;
2154
2155 sc->chunk_count = i;
2156
2157 if (pb->eof_reached) {
2158 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STCO atom\n");
2159 return AVERROR_EOF;
2160 }
2161
2162 return 0;
2163 }
2164
mov_codec_id(AVStream * st,uint32_t format)2165 static int mov_codec_id(AVStream *st, uint32_t format)
2166 {
2167 int id = ff_codec_get_id(ff_codec_movaudio_tags, format);
2168
2169 if (id <= 0 &&
2170 ((format & 0xFFFF) == 'm' + ('s' << 8) ||
2171 (format & 0xFFFF) == 'T' + ('S' << 8)))
2172 id = ff_codec_get_id(ff_codec_wav_tags, av_bswap32(format) & 0xFFFF);
2173
2174 if (st->codecpar->codec_type != AVMEDIA_TYPE_VIDEO && id > 0) {
2175 st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
2176 } else if (st->codecpar->codec_type != AVMEDIA_TYPE_AUDIO &&
2177 /* skip old ASF MPEG-4 tag */
2178 format && format != MKTAG('m','p','4','s')) {
2179 id = ff_codec_get_id(ff_codec_movvideo_tags, format);
2180 if (id <= 0)
2181 id = ff_codec_get_id(ff_codec_bmp_tags, format);
2182 if (id > 0)
2183 st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO;
2184 else if (st->codecpar->codec_type == AVMEDIA_TYPE_DATA ||
2185 (st->codecpar->codec_type == AVMEDIA_TYPE_SUBTITLE &&
2186 st->codecpar->codec_id == AV_CODEC_ID_NONE)) {
2187 id = ff_codec_get_id(ff_codec_movsubtitle_tags, format);
2188 if (id > 0)
2189 st->codecpar->codec_type = AVMEDIA_TYPE_SUBTITLE;
2190 else
2191 id = ff_codec_get_id(ff_codec_movdata_tags, format);
2192 #ifdef OHOS_TIMED_META_TRACK
2193 } else if (st->codecpar->codec_type == AVMEDIA_TYPE_TIMEDMETA) {
2194 id = AV_CODEC_ID_FFMETADATA;
2195 }
2196 #else
2197 }
2198 #endif
2199 }
2200
2201 st->codecpar->codec_tag = format;
2202
2203 return id;
2204 }
2205
mov_parse_stsd_video(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc)2206 static void mov_parse_stsd_video(MOVContext *c, AVIOContext *pb,
2207 AVStream *st, MOVStreamContext *sc)
2208 {
2209 uint8_t codec_name[32] = { 0 };
2210 int64_t stsd_start;
2211 unsigned int len;
2212 uint32_t id = 0;
2213
2214 /* The first 16 bytes of the video sample description are already
2215 * read in ff_mov_read_stsd_entries() */
2216 stsd_start = avio_tell(pb) - 16;
2217
2218 avio_rb16(pb); /* version */
2219 avio_rb16(pb); /* revision level */
2220 id = avio_rl32(pb); /* vendor */
2221 av_dict_set(&st->metadata, "vendor_id", av_fourcc2str(id), 0);
2222 avio_rb32(pb); /* temporal quality */
2223 avio_rb32(pb); /* spatial quality */
2224
2225 st->codecpar->width = avio_rb16(pb); /* width */
2226 st->codecpar->height = avio_rb16(pb); /* height */
2227
2228 avio_rb32(pb); /* horiz resolution */
2229 avio_rb32(pb); /* vert resolution */
2230 avio_rb32(pb); /* data size, always 0 */
2231 avio_rb16(pb); /* frames per samples */
2232
2233 len = avio_r8(pb); /* codec name, pascal string */
2234 if (len > 31)
2235 len = 31;
2236 mov_read_mac_string(c, pb, len, codec_name, sizeof(codec_name));
2237 if (len < 31)
2238 avio_skip(pb, 31 - len);
2239
2240 if (codec_name[0])
2241 av_dict_set(&st->metadata, "encoder", codec_name, 0);
2242
2243 /* codec_tag YV12 triggers an UV swap in rawdec.c */
2244 if (!strncmp(codec_name, "Planar Y'CbCr 8-bit 4:2:0", 25)) {
2245 st->codecpar->codec_tag = MKTAG('I', '4', '2', '0');
2246 st->codecpar->width &= ~1;
2247 st->codecpar->height &= ~1;
2248 }
2249 /* Flash Media Server uses tag H.263 with Sorenson Spark */
2250 if (st->codecpar->codec_tag == MKTAG('H','2','6','3') &&
2251 !strncmp(codec_name, "Sorenson H263", 13))
2252 st->codecpar->codec_id = AV_CODEC_ID_FLV1;
2253
2254 st->codecpar->bits_per_coded_sample = avio_rb16(pb); /* depth */
2255
2256 avio_seek(pb, stsd_start, SEEK_SET);
2257
2258 if (ff_get_qtpalette(st->codecpar->codec_id, pb, sc->palette)) {
2259 st->codecpar->bits_per_coded_sample &= 0x1F;
2260 sc->has_palette = 1;
2261 }
2262 }
2263
mov_parse_stsd_audio(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc)2264 static void mov_parse_stsd_audio(MOVContext *c, AVIOContext *pb,
2265 AVStream *st, MOVStreamContext *sc)
2266 {
2267 int bits_per_sample, flags;
2268 uint16_t version = avio_rb16(pb);
2269 uint32_t id = 0;
2270 AVDictionaryEntry *compatible_brands = av_dict_get(c->fc->metadata, "compatible_brands", NULL, AV_DICT_MATCH_CASE);
2271 int channel_count;
2272
2273 avio_rb16(pb); /* revision level */
2274 id = avio_rl32(pb); /* vendor */
2275 av_dict_set(&st->metadata, "vendor_id", av_fourcc2str(id), 0);
2276
2277 channel_count = avio_rb16(pb);
2278
2279 st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_UNSPEC;
2280 st->codecpar->ch_layout.nb_channels = channel_count;
2281 st->codecpar->bits_per_coded_sample = avio_rb16(pb); /* sample size */
2282 av_log(c->fc, AV_LOG_TRACE, "audio channels %d\n", channel_count);
2283
2284 sc->audio_cid = avio_rb16(pb);
2285 avio_rb16(pb); /* packet size = 0 */
2286
2287 st->codecpar->sample_rate = ((avio_rb32(pb) >> 16));
2288
2289 // Read QT version 1 fields. In version 0 these do not exist.
2290 av_log(c->fc, AV_LOG_TRACE, "version =%d, isom =%d\n", version, c->isom);
2291 if (!c->isom ||
2292 (compatible_brands && strstr(compatible_brands->value, "qt ")) ||
2293 (sc->stsd_version == 0 && version > 0)) {
2294 if (version == 1) {
2295 sc->samples_per_frame = avio_rb32(pb);
2296 avio_rb32(pb); /* bytes per packet */
2297 sc->bytes_per_frame = avio_rb32(pb);
2298 avio_rb32(pb); /* bytes per sample */
2299 } else if (version == 2) {
2300 avio_rb32(pb); /* sizeof struct only */
2301 st->codecpar->sample_rate = av_int2double(avio_rb64(pb));
2302 channel_count = avio_rb32(pb);
2303 st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_UNSPEC;
2304 st->codecpar->ch_layout.nb_channels = channel_count;
2305 avio_rb32(pb); /* always 0x7F000000 */
2306 st->codecpar->bits_per_coded_sample = avio_rb32(pb);
2307
2308 flags = avio_rb32(pb); /* lpcm format specific flag */
2309 sc->bytes_per_frame = avio_rb32(pb);
2310 sc->samples_per_frame = avio_rb32(pb);
2311 if (st->codecpar->codec_tag == MKTAG('l','p','c','m'))
2312 st->codecpar->codec_id =
2313 ff_mov_get_lpcm_codec_id(st->codecpar->bits_per_coded_sample,
2314 flags);
2315 }
2316 if (version == 0 || (version == 1 && sc->audio_cid != -2)) {
2317 /* can't correctly handle variable sized packet as audio unit */
2318 switch (st->codecpar->codec_id) {
2319 case AV_CODEC_ID_MP2:
2320 case AV_CODEC_ID_MP3:
2321 ffstream(st)->need_parsing = AVSTREAM_PARSE_FULL;
2322 break;
2323 }
2324 }
2325 }
2326
2327 if (sc->format == 0) {
2328 if (st->codecpar->bits_per_coded_sample == 8)
2329 st->codecpar->codec_id = mov_codec_id(st, MKTAG('r','a','w',' '));
2330 else if (st->codecpar->bits_per_coded_sample == 16)
2331 st->codecpar->codec_id = mov_codec_id(st, MKTAG('t','w','o','s'));
2332 }
2333
2334 switch (st->codecpar->codec_id) {
2335 case AV_CODEC_ID_PCM_S8:
2336 case AV_CODEC_ID_PCM_U8:
2337 if (st->codecpar->bits_per_coded_sample == 16)
2338 st->codecpar->codec_id = AV_CODEC_ID_PCM_S16BE;
2339 break;
2340 case AV_CODEC_ID_PCM_S16LE:
2341 case AV_CODEC_ID_PCM_S16BE:
2342 if (st->codecpar->bits_per_coded_sample == 8)
2343 st->codecpar->codec_id = AV_CODEC_ID_PCM_S8;
2344 else if (st->codecpar->bits_per_coded_sample == 24)
2345 st->codecpar->codec_id =
2346 st->codecpar->codec_id == AV_CODEC_ID_PCM_S16BE ?
2347 AV_CODEC_ID_PCM_S24BE : AV_CODEC_ID_PCM_S24LE;
2348 else if (st->codecpar->bits_per_coded_sample == 32)
2349 st->codecpar->codec_id =
2350 st->codecpar->codec_id == AV_CODEC_ID_PCM_S16BE ?
2351 AV_CODEC_ID_PCM_S32BE : AV_CODEC_ID_PCM_S32LE;
2352 break;
2353 /* set values for old format before stsd version 1 appeared */
2354 case AV_CODEC_ID_MACE3:
2355 sc->samples_per_frame = 6;
2356 sc->bytes_per_frame = 2 * st->codecpar->ch_layout.nb_channels;
2357 break;
2358 case AV_CODEC_ID_MACE6:
2359 sc->samples_per_frame = 6;
2360 sc->bytes_per_frame = 1 * st->codecpar->ch_layout.nb_channels;
2361 break;
2362 case AV_CODEC_ID_ADPCM_IMA_QT:
2363 sc->samples_per_frame = 64;
2364 sc->bytes_per_frame = 34 * st->codecpar->ch_layout.nb_channels;
2365 break;
2366 case AV_CODEC_ID_GSM:
2367 sc->samples_per_frame = 160;
2368 sc->bytes_per_frame = 33;
2369 break;
2370 default:
2371 break;
2372 }
2373
2374 bits_per_sample = av_get_bits_per_sample(st->codecpar->codec_id);
2375 if (bits_per_sample && (bits_per_sample >> 3) * (uint64_t)st->codecpar->ch_layout.nb_channels <= INT_MAX) {
2376 st->codecpar->bits_per_coded_sample = bits_per_sample;
2377 sc->sample_size = (bits_per_sample >> 3) * st->codecpar->ch_layout.nb_channels;
2378 }
2379 }
2380
mov_parse_stsd_subtitle(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc,int64_t size)2381 static void mov_parse_stsd_subtitle(MOVContext *c, AVIOContext *pb,
2382 AVStream *st, MOVStreamContext *sc,
2383 int64_t size)
2384 {
2385 // ttxt stsd contains display flags, justification, background
2386 // color, fonts, and default styles, so fake an atom to read it
2387 MOVAtom fake_atom = { .size = size };
2388 // mp4s contains a regular esds atom
2389 if (st->codecpar->codec_tag != AV_RL32("mp4s"))
2390 mov_read_glbl(c, pb, fake_atom);
2391 st->codecpar->width = sc->width;
2392 st->codecpar->height = sc->height;
2393 }
2394
yuv_to_rgba(uint32_t ycbcr)2395 static uint32_t yuv_to_rgba(uint32_t ycbcr)
2396 {
2397 uint8_t r, g, b;
2398 int y, cb, cr;
2399
2400 y = (ycbcr >> 16) & 0xFF;
2401 cr = (ycbcr >> 8) & 0xFF;
2402 cb = ycbcr & 0xFF;
2403
2404 b = av_clip_uint8((1164 * (y - 16) + 2018 * (cb - 128)) / 1000);
2405 g = av_clip_uint8((1164 * (y - 16) - 813 * (cr - 128) - 391 * (cb - 128)) / 1000);
2406 r = av_clip_uint8((1164 * (y - 16) + 1596 * (cr - 128) ) / 1000);
2407
2408 return (r << 16) | (g << 8) | b;
2409 }
2410
mov_rewrite_dvd_sub_extradata(AVStream * st)2411 static int mov_rewrite_dvd_sub_extradata(AVStream *st)
2412 {
2413 char buf[256] = {0};
2414 uint8_t *src = st->codecpar->extradata;
2415 int i, ret;
2416
2417 if (st->codecpar->extradata_size != 64)
2418 return 0;
2419
2420 if (st->codecpar->width > 0 && st->codecpar->height > 0)
2421 snprintf(buf, sizeof(buf), "size: %dx%d\n",
2422 st->codecpar->width, st->codecpar->height);
2423 av_strlcat(buf, "palette: ", sizeof(buf));
2424
2425 for (i = 0; i < 16; i++) {
2426 uint32_t yuv = AV_RB32(src + i * 4);
2427 uint32_t rgba = yuv_to_rgba(yuv);
2428
2429 av_strlcatf(buf, sizeof(buf), "%06"PRIx32"%s", rgba, i != 15 ? ", " : "");
2430 }
2431
2432 if (av_strlcat(buf, "\n", sizeof(buf)) >= sizeof(buf))
2433 return 0;
2434
2435 ret = ff_alloc_extradata(st->codecpar, strlen(buf));
2436 if (ret < 0)
2437 return ret;
2438 memcpy(st->codecpar->extradata, buf, st->codecpar->extradata_size);
2439
2440 return 0;
2441 }
2442
2443 #ifdef OHOS_TIMED_META_TRACK
mov_parse_mebx_keyd(MOVContext * c,AVIOContext * pb,AVStream * st)2444 static int mov_parse_mebx_keyd(MOVContext *c, AVIOContext *pb, AVStream *st)
2445 {
2446 int atom_size = (int)avio_rb32(pb);
2447 avio_rb32(pb); // local key id
2448 int keyd_size = (int)avio_rb32(pb);
2449 avio_rb32(pb); // keyd
2450 avio_rb32(pb); // mdta
2451 int key_value_size = keyd_size - 12; // 12 bytes to skip
2452
2453 unsigned char* buf = av_malloc(key_value_size + 1);
2454 if (!buf)
2455 return AVERROR(ENOMEM);
2456 int ret = ffio_read_size(pb, buf, key_value_size);
2457 if (ret < 0) {
2458 av_freep(&buf);
2459 av_log(c->fc, AV_LOG_WARNING, "failed to read key value\n");
2460 return ret;
2461 }
2462 buf[key_value_size] = 0;
2463 av_dict_set(&st->metadata, "timed_metadata_key", buf, 0);
2464 av_freep(&buf);
2465 return atom_size;
2466 }
2467
mov_parse_mebx_data(MOVContext * c,AVIOContext * pb,AVStream * st,int64_t size)2468 static int mov_parse_mebx_data(MOVContext *c, AVIOContext *pb,
2469 AVStream *st, int64_t size)
2470 {
2471 int read_size = 0;
2472
2473 if (c->fc->nb_streams < 1)
2474 return 0;
2475 st = c->fc->streams[c->fc->nb_streams-1];
2476
2477 int size_keys = (int)avio_rb32(pb); // size of keys
2478 avio_rb32(pb); // keys
2479 const int read_counts = 8;
2480 read_size += read_counts;
2481 while (read_size < size_keys) {
2482 int atom_size = mov_parse_mebx_keyd(c, pb, st);
2483 if (atom_size < 0) {
2484 return atom_size;
2485 }
2486 read_size += atom_size;
2487 }
2488 return 0;
2489 }
2490
mov_read_cdsc(MOVContext * c,AVIOContext * pb,MOVAtom atom)2491 static int mov_read_cdsc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2492 {
2493 AVStream *st;
2494
2495 if (c->fc->nb_streams < 1)
2496 return 0;
2497 st = c->fc->streams[c->fc->nb_streams - 1];
2498 int src_track_id = (int)avio_rb32(pb);
2499 char* metaKeyStr;
2500 metaKeyStr = av_d2str(src_track_id - 1);
2501 if (!metaKeyStr)
2502 return AVERROR(ENOMEM);
2503 av_dict_set(&st->metadata, "src_track_id", metaKeyStr, 0);
2504 av_freep(&metaKeyStr);
2505 return 0;
2506 }
2507 #endif
2508
mov_parse_stsd_data(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc,int64_t size)2509 static int mov_parse_stsd_data(MOVContext *c, AVIOContext *pb,
2510 AVStream *st, MOVStreamContext *sc,
2511 int64_t size)
2512 {
2513 int ret;
2514
2515 if (st->codecpar->codec_tag == MKTAG('t','m','c','d')) {
2516 if ((int)size != size)
2517 return AVERROR(ENOMEM);
2518
2519 ret = ff_get_extradata(c->fc, st->codecpar, pb, size);
2520 if (ret < 0)
2521 return ret;
2522 if (size > 16) {
2523 MOVStreamContext *tmcd_ctx = st->priv_data;
2524 int val;
2525 val = AV_RB32(st->codecpar->extradata + 4);
2526 tmcd_ctx->tmcd_flags = val;
2527 st->avg_frame_rate.num = AV_RB32(st->codecpar->extradata + 8); /* timescale */
2528 st->avg_frame_rate.den = AV_RB32(st->codecpar->extradata + 12); /* frameDuration */
2529 tmcd_ctx->tmcd_nb_frames = st->codecpar->extradata[16]; /* number of frames */
2530 if (size > 30) {
2531 uint32_t len = AV_RB32(st->codecpar->extradata + 18); /* name atom length */
2532 uint32_t format = AV_RB32(st->codecpar->extradata + 22);
2533 if (format == AV_RB32("name") && (int64_t)size >= (int64_t)len + 18) {
2534 uint16_t str_size = AV_RB16(st->codecpar->extradata + 26); /* string length */
2535 if (str_size > 0 && size >= (int)str_size + 30 &&
2536 st->codecpar->extradata[30] /* Don't add empty string */) {
2537 char *reel_name = av_malloc(str_size + 1);
2538 if (!reel_name)
2539 return AVERROR(ENOMEM);
2540 memcpy(reel_name, st->codecpar->extradata + 30, str_size);
2541 reel_name[str_size] = 0; /* Add null terminator */
2542 av_dict_set(&st->metadata, "reel_name", reel_name,
2543 AV_DICT_DONT_STRDUP_VAL);
2544 }
2545 }
2546 }
2547 }
2548 } else {
2549 /* other codec type, just skip (rtp, mp4s ...) */
2550 avio_skip(pb, size);
2551 }
2552 return 0;
2553 }
2554
mov_finalize_stsd_codec(MOVContext * c,AVIOContext * pb,AVStream * st,MOVStreamContext * sc)2555 static int mov_finalize_stsd_codec(MOVContext *c, AVIOContext *pb,
2556 AVStream *st, MOVStreamContext *sc)
2557 {
2558 FFStream *const sti = ffstream(st);
2559
2560 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO &&
2561 !st->codecpar->sample_rate && sc->time_scale > 1)
2562 st->codecpar->sample_rate = sc->time_scale;
2563
2564 /* special codec parameters handling */
2565 switch (st->codecpar->codec_id) {
2566 #if CONFIG_DV_DEMUXER
2567 case AV_CODEC_ID_DVAUDIO:
2568 c->dv_fctx = avformat_alloc_context();
2569 if (!c->dv_fctx) {
2570 av_log(c->fc, AV_LOG_ERROR, "dv demux context alloc error\n");
2571 return AVERROR(ENOMEM);
2572 }
2573 c->dv_demux = avpriv_dv_init_demux(c->dv_fctx);
2574 if (!c->dv_demux) {
2575 av_log(c->fc, AV_LOG_ERROR, "dv demux context init error\n");
2576 return AVERROR(ENOMEM);
2577 }
2578 sc->dv_audio_container = 1;
2579 st->codecpar->codec_id = AV_CODEC_ID_PCM_S16LE;
2580 break;
2581 #endif
2582 /* no ifdef since parameters are always those */
2583 case AV_CODEC_ID_QCELP:
2584 av_channel_layout_uninit(&st->codecpar->ch_layout);
2585 st->codecpar->ch_layout = (AVChannelLayout)AV_CHANNEL_LAYOUT_MONO;
2586 // force sample rate for qcelp when not stored in mov
2587 if (st->codecpar->codec_tag != MKTAG('Q','c','l','p'))
2588 st->codecpar->sample_rate = 8000;
2589 // FIXME: Why is the following needed for some files?
2590 sc->samples_per_frame = 160;
2591 if (!sc->bytes_per_frame)
2592 sc->bytes_per_frame = 35;
2593 break;
2594 case AV_CODEC_ID_AMR_NB:
2595 av_channel_layout_uninit(&st->codecpar->ch_layout);
2596 st->codecpar->ch_layout = (AVChannelLayout)AV_CHANNEL_LAYOUT_MONO;
2597 /* force sample rate for amr, stsd in 3gp does not store sample rate */
2598 st->codecpar->sample_rate = 8000;
2599 break;
2600 case AV_CODEC_ID_AMR_WB:
2601 av_channel_layout_uninit(&st->codecpar->ch_layout);
2602 st->codecpar->ch_layout = (AVChannelLayout)AV_CHANNEL_LAYOUT_MONO;
2603 st->codecpar->sample_rate = 16000;
2604 break;
2605 case AV_CODEC_ID_MP2:
2606 case AV_CODEC_ID_MP3:
2607 /* force type after stsd for m1a hdlr */
2608 st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
2609 break;
2610 case AV_CODEC_ID_GSM:
2611 case AV_CODEC_ID_ADPCM_MS:
2612 case AV_CODEC_ID_ADPCM_IMA_WAV:
2613 case AV_CODEC_ID_ILBC:
2614 case AV_CODEC_ID_MACE3:
2615 case AV_CODEC_ID_MACE6:
2616 case AV_CODEC_ID_QDM2:
2617 st->codecpar->block_align = sc->bytes_per_frame;
2618 break;
2619 case AV_CODEC_ID_ALAC:
2620 if (st->codecpar->extradata_size == 36) {
2621 int channel_count = AV_RB8(st->codecpar->extradata + 21);
2622 if (st->codecpar->ch_layout.nb_channels != channel_count) {
2623 av_channel_layout_uninit(&st->codecpar->ch_layout);
2624 st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_UNSPEC;
2625 st->codecpar->ch_layout.nb_channels = channel_count;
2626 }
2627 st->codecpar->sample_rate = AV_RB32(st->codecpar->extradata + 32);
2628 }
2629 break;
2630 case AV_CODEC_ID_AC3:
2631 case AV_CODEC_ID_EAC3:
2632 case AV_CODEC_ID_MPEG1VIDEO:
2633 case AV_CODEC_ID_VC1:
2634 case AV_CODEC_ID_VP8:
2635 case AV_CODEC_ID_VP9:
2636 sti->need_parsing = AVSTREAM_PARSE_FULL;
2637 break;
2638 case AV_CODEC_ID_AV1:
2639 /* field_order detection of H264 requires parsing */
2640 case AV_CODEC_ID_H264:
2641 sti->need_parsing = AVSTREAM_PARSE_HEADERS;
2642 break;
2643 default:
2644 break;
2645 }
2646 return 0;
2647 }
2648
mov_skip_multiple_stsd(MOVContext * c,AVIOContext * pb,int codec_tag,int format,int64_t size)2649 static int mov_skip_multiple_stsd(MOVContext *c, AVIOContext *pb,
2650 int codec_tag, int format,
2651 int64_t size)
2652 {
2653 if (codec_tag &&
2654 (codec_tag != format &&
2655 // AVID 1:1 samples with differing data format and codec tag exist
2656 (codec_tag != AV_RL32("AV1x") || format != AV_RL32("AVup")) &&
2657 // prores is allowed to have differing data format and codec tag
2658 codec_tag != AV_RL32("apcn") && codec_tag != AV_RL32("apch") &&
2659 // so is dv (sigh)
2660 codec_tag != AV_RL32("dvpp") && codec_tag != AV_RL32("dvcp") &&
2661 (c->fc->video_codec_id ? ff_codec_get_id(ff_codec_movvideo_tags, format) != c->fc->video_codec_id
2662 : codec_tag != MKTAG('j','p','e','g')))) {
2663 /* Multiple fourcc, we skip JPEG. This is not correct, we should
2664 * export it as a separate AVStream but this needs a few changes
2665 * in the MOV demuxer, patch welcome. */
2666
2667 av_log(c->fc, AV_LOG_WARNING, "multiple fourcc not supported\n");
2668 avio_skip(pb, size);
2669 return 1;
2670 }
2671
2672 return 0;
2673 }
2674
ff_mov_read_stsd_entries(MOVContext * c,AVIOContext * pb,int entries)2675 int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries)
2676 {
2677 av_log(c->fc, AV_LOG_INFO, "enter\n");
2678 AVStream *st;
2679 MOVStreamContext *sc;
2680 int pseudo_stream_id;
2681
2682 av_assert0 (c->fc->nb_streams >= 1);
2683 st = c->fc->streams[c->fc->nb_streams-1];
2684 sc = st->priv_data;
2685
2686 for (pseudo_stream_id = 0;
2687 pseudo_stream_id < entries && !pb->eof_reached;
2688 pseudo_stream_id++) {
2689 //Parsing Sample description table
2690 enum AVCodecID id;
2691 int ret, dref_id = 1;
2692 MOVAtom a = { AV_RL32("stsd") };
2693 int64_t start_pos = avio_tell(pb);
2694 int64_t size = avio_rb32(pb); /* size */
2695 uint32_t format = avio_rl32(pb); /* data format */
2696 av_log(c->fc, AV_LOG_INFO, "stsd_entries, size:%ld, format:%u\n", size, format);
2697
2698 if (size >= 16) {
2699 avio_rb32(pb); /* reserved */
2700 avio_rb16(pb); /* reserved */
2701 dref_id = avio_rb16(pb);
2702 } else if (size <= 7) {
2703 av_log(c->fc, AV_LOG_ERROR,
2704 "invalid size %"PRId64" in stsd\n", size);
2705 return AVERROR_INVALIDDATA;
2706 }
2707
2708 if (mov_skip_multiple_stsd(c, pb, st->codecpar->codec_tag, format,
2709 size - (avio_tell(pb) - start_pos))) {
2710 sc->stsd_count++;
2711 continue;
2712 }
2713
2714 sc->pseudo_stream_id = st->codecpar->codec_tag ? -1 : pseudo_stream_id;
2715 sc->dref_id = dref_id;
2716 sc->format = format;
2717
2718 id = mov_codec_id(st, format);
2719
2720 av_log(c->fc, AV_LOG_TRACE,
2721 "size=%"PRId64" 4CC=%s codec_type=%d\n", size,
2722 av_fourcc2str(format), st->codecpar->codec_type);
2723
2724 st->codecpar->codec_id = id;
2725 if (st->codecpar->codec_type==AVMEDIA_TYPE_VIDEO) {
2726 mov_parse_stsd_video(c, pb, st, sc);
2727 } else if (st->codecpar->codec_type==AVMEDIA_TYPE_AUDIO) {
2728 mov_parse_stsd_audio(c, pb, st, sc);
2729 if (st->codecpar->sample_rate < 0) {
2730 av_log(c->fc, AV_LOG_ERROR, "Invalid sample rate %d\n", st->codecpar->sample_rate);
2731 return AVERROR_INVALIDDATA;
2732 }
2733 if (st->codecpar->ch_layout.nb_channels < 0) {
2734 av_log(c->fc, AV_LOG_ERROR, "Invalid channels %d\n", st->codecpar->ch_layout.nb_channels);
2735 return AVERROR_INVALIDDATA;
2736 }
2737 } else if (st->codecpar->codec_type==AVMEDIA_TYPE_SUBTITLE){
2738 mov_parse_stsd_subtitle(c, pb, st, sc,
2739 size - (avio_tell(pb) - start_pos));
2740 } else {
2741 #ifdef OHOS_TIMED_META_TRACK
2742 if (st->codecpar->codec_type != AVMEDIA_TYPE_TIMEDMETA) {
2743 ret = mov_parse_stsd_data(c, pb, st, sc,
2744 size - (avio_tell(pb) - start_pos));
2745 } else {
2746 ret = mov_parse_mebx_data(c, pb, st,
2747 size - (avio_tell(pb) - start_pos));
2748 }
2749 if (ret < 0)
2750 return ret;
2751 #else
2752 ret = mov_parse_stsd_data(c, pb, st, sc,
2753 size - (avio_tell(pb) - start_pos));
2754 if (ret < 0)
2755 return ret;
2756 #endif
2757 }
2758 /* this will read extra atoms at the end (wave, alac, damr, avcC, hvcC, SMI ...) */
2759 a.size = size - (avio_tell(pb) - start_pos);
2760 av_log(c->fc, AV_LOG_INFO, "stsd_entries, a.size:%d\n", a.size);
2761 if (a.size > 8) {
2762 if ((ret = mov_read_default(c, pb, a)) < 0)
2763 return ret;
2764 } else if (a.size > 0)
2765 avio_skip(pb, a.size);
2766
2767 if (sc->extradata && st->codecpar->extradata) {
2768 int extra_size = st->codecpar->extradata_size;
2769
2770 /* Move the current stream extradata to the stream context one. */
2771 sc->extradata_size[pseudo_stream_id] = extra_size;
2772 sc->extradata[pseudo_stream_id] = st->codecpar->extradata;
2773 st->codecpar->extradata = NULL;
2774 st->codecpar->extradata_size = 0;
2775 }
2776 sc->stsd_count++;
2777 }
2778
2779 if (pb->eof_reached) {
2780 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STSD atom\n");
2781 return AVERROR_EOF;
2782 }
2783
2784 return 0;
2785 }
2786
mov_read_stsd(MOVContext * c,AVIOContext * pb,MOVAtom atom)2787 static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2788 {
2789 AVStream *st;
2790 MOVStreamContext *sc;
2791 int ret, entries;
2792
2793 if (c->fc->nb_streams < 1)
2794 return 0;
2795 st = c->fc->streams[c->fc->nb_streams - 1];
2796 sc = st->priv_data;
2797
2798 sc->stsd_version = avio_r8(pb);
2799 avio_rb24(pb); /* flags */
2800 entries = avio_rb32(pb);
2801
2802 /* Each entry contains a size (4 bytes) and format (4 bytes). */
2803 if (entries <= 0 || entries > atom.size / 8 || entries > 1024) {
2804 av_log(c->fc, AV_LOG_ERROR, "invalid STSD entries %d\n", entries);
2805 return AVERROR_INVALIDDATA;
2806 }
2807
2808 if (sc->extradata) {
2809 av_log(c->fc, AV_LOG_ERROR,
2810 "Duplicate stsd found in this track.\n");
2811 return AVERROR_INVALIDDATA;
2812 }
2813
2814 /* Prepare space for hosting multiple extradata. */
2815 sc->extradata = av_calloc(entries, sizeof(*sc->extradata));
2816 if (!sc->extradata)
2817 return AVERROR(ENOMEM);
2818
2819 sc->extradata_size = av_calloc(entries, sizeof(*sc->extradata_size));
2820 if (!sc->extradata_size) {
2821 ret = AVERROR(ENOMEM);
2822 goto fail;
2823 }
2824
2825 ret = ff_mov_read_stsd_entries(c, pb, entries);
2826 if (ret < 0)
2827 goto fail;
2828
2829 /* Restore back the primary extradata. */
2830 av_freep(&st->codecpar->extradata);
2831 st->codecpar->extradata_size = sc->extradata_size[0];
2832 if (sc->extradata_size[0]) {
2833 st->codecpar->extradata = av_mallocz(sc->extradata_size[0] + AV_INPUT_BUFFER_PADDING_SIZE);
2834 if (!st->codecpar->extradata)
2835 return AVERROR(ENOMEM);
2836 memcpy(st->codecpar->extradata, sc->extradata[0], sc->extradata_size[0]);
2837 }
2838
2839 return mov_finalize_stsd_codec(c, pb, st, sc);
2840 fail:
2841 if (sc->extradata) {
2842 int j;
2843 for (j = 0; j < sc->stsd_count; j++)
2844 av_freep(&sc->extradata[j]);
2845 }
2846
2847 av_freep(&sc->extradata);
2848 av_freep(&sc->extradata_size);
2849 return ret;
2850 }
2851
mov_read_stsc(MOVContext * c,AVIOContext * pb,MOVAtom atom)2852 static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2853 {
2854 AVStream *st;
2855 MOVStreamContext *sc;
2856 unsigned int i, entries;
2857
2858 if (c->fc->nb_streams < 1)
2859 return 0;
2860 st = c->fc->streams[c->fc->nb_streams-1];
2861 sc = st->priv_data;
2862
2863 avio_r8(pb); /* version */
2864 avio_rb24(pb); /* flags */
2865
2866 entries = avio_rb32(pb);
2867 if ((uint64_t)entries * 12 + 4 > atom.size)
2868 return AVERROR_INVALIDDATA;
2869
2870 av_log(c->fc, AV_LOG_TRACE, "track[%u].stsc.entries = %u\n", c->fc->nb_streams - 1, entries);
2871
2872 if (!entries)
2873 return 0;
2874 if (sc->stsc_data) {
2875 av_log(c->fc, AV_LOG_WARNING, "Ignoring duplicated STSC atom\n");
2876 return 0;
2877 }
2878 av_free(sc->stsc_data);
2879 sc->stsc_count = 0;
2880 sc->stsc_data = av_malloc_array(entries, sizeof(*sc->stsc_data));
2881 if (!sc->stsc_data)
2882 return AVERROR(ENOMEM);
2883
2884 for (i = 0; i < entries && !pb->eof_reached; i++) {
2885 sc->stsc_data[i].first = avio_rb32(pb);
2886 sc->stsc_data[i].count = avio_rb32(pb);
2887 sc->stsc_data[i].id = avio_rb32(pb);
2888 }
2889
2890 sc->stsc_count = i;
2891 for (i = sc->stsc_count - 1; i < UINT_MAX; i--) {
2892 int64_t first_min = i + 1;
2893 if ((i+1 < sc->stsc_count && sc->stsc_data[i].first >= sc->stsc_data[i+1].first) ||
2894 (i > 0 && sc->stsc_data[i].first <= sc->stsc_data[i-1].first) ||
2895 sc->stsc_data[i].first < first_min ||
2896 sc->stsc_data[i].count < 1 ||
2897 sc->stsc_data[i].id < 1) {
2898 av_log(c->fc, AV_LOG_WARNING, "STSC entry %d is invalid (first=%d count=%d id=%d)\n", i, sc->stsc_data[i].first, sc->stsc_data[i].count, sc->stsc_data[i].id);
2899 if (i+1 >= sc->stsc_count) {
2900 if (sc->stsc_data[i].count == 0 && i > 0) {
2901 sc->stsc_count --;
2902 continue;
2903 }
2904 sc->stsc_data[i].first = FFMAX(sc->stsc_data[i].first, first_min);
2905 if (i > 0 && sc->stsc_data[i].first <= sc->stsc_data[i-1].first)
2906 sc->stsc_data[i].first = FFMIN(sc->stsc_data[i-1].first + 1LL, INT_MAX);
2907 sc->stsc_data[i].count = FFMAX(sc->stsc_data[i].count, 1);
2908 sc->stsc_data[i].id = FFMAX(sc->stsc_data[i].id, 1);
2909 continue;
2910 }
2911 av_assert0(sc->stsc_data[i+1].first >= 2);
2912 // We replace this entry by the next valid
2913 sc->stsc_data[i].first = sc->stsc_data[i+1].first - 1;
2914 sc->stsc_data[i].count = sc->stsc_data[i+1].count;
2915 sc->stsc_data[i].id = sc->stsc_data[i+1].id;
2916 }
2917 }
2918
2919 if (pb->eof_reached) {
2920 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STSC atom\n");
2921 return AVERROR_EOF;
2922 }
2923
2924 return 0;
2925 }
2926
mov_stsc_index_valid(unsigned int index,unsigned int count)2927 static inline int mov_stsc_index_valid(unsigned int index, unsigned int count)
2928 {
2929 return index < count - 1;
2930 }
2931
2932 /* Compute the samples value for the stsc entry at the given index. */
mov_get_stsc_samples(MOVStreamContext * sc,unsigned int index)2933 static inline int64_t mov_get_stsc_samples(MOVStreamContext *sc, unsigned int index)
2934 {
2935 int chunk_count;
2936
2937 if (mov_stsc_index_valid(index, sc->stsc_count))
2938 chunk_count = sc->stsc_data[index + 1].first - sc->stsc_data[index].first;
2939 else {
2940 // Validation for stsc / stco happens earlier in mov_read_stsc + mov_read_trak.
2941 av_assert0(sc->stsc_data[index].first <= sc->chunk_count);
2942 chunk_count = sc->chunk_count - (sc->stsc_data[index].first - 1);
2943 }
2944
2945 return sc->stsc_data[index].count * (int64_t)chunk_count;
2946 }
2947
mov_read_stps(MOVContext * c,AVIOContext * pb,MOVAtom atom)2948 static int mov_read_stps(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2949 {
2950 AVStream *st;
2951 MOVStreamContext *sc;
2952 unsigned i, entries;
2953
2954 if (c->fc->nb_streams < 1)
2955 return 0;
2956 st = c->fc->streams[c->fc->nb_streams-1];
2957 sc = st->priv_data;
2958
2959 avio_rb32(pb); // version + flags
2960
2961 entries = avio_rb32(pb);
2962 if (sc->stps_data)
2963 av_log(c->fc, AV_LOG_WARNING, "Duplicated STPS atom\n");
2964 av_free(sc->stps_data);
2965 sc->stps_count = 0;
2966 sc->stps_data = av_malloc_array(entries, sizeof(*sc->stps_data));
2967 if (!sc->stps_data)
2968 return AVERROR(ENOMEM);
2969
2970 for (i = 0; i < entries && !pb->eof_reached; i++) {
2971 sc->stps_data[i] = avio_rb32(pb);
2972 }
2973
2974 sc->stps_count = i;
2975
2976 if (pb->eof_reached) {
2977 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STPS atom\n");
2978 return AVERROR_EOF;
2979 }
2980
2981 return 0;
2982 }
2983
mov_read_stss(MOVContext * c,AVIOContext * pb,MOVAtom atom)2984 static int mov_read_stss(MOVContext *c, AVIOContext *pb, MOVAtom atom)
2985 {
2986 AVStream *st;
2987 FFStream *sti;
2988 MOVStreamContext *sc;
2989 unsigned int i, entries;
2990
2991 if (c->fc->nb_streams < 1)
2992 return 0;
2993 st = c->fc->streams[c->fc->nb_streams-1];
2994 sti = ffstream(st);
2995 sc = st->priv_data;
2996
2997 avio_r8(pb); /* version */
2998 avio_rb24(pb); /* flags */
2999
3000 entries = avio_rb32(pb);
3001
3002 av_log(c->fc, AV_LOG_TRACE, "keyframe_count = %u\n", entries);
3003
3004 if (!entries) {
3005 sc->keyframe_absent = 1;
3006 if (!sti->need_parsing && st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO)
3007 sti->need_parsing = AVSTREAM_PARSE_HEADERS;
3008 return 0;
3009 }
3010 if (sc->keyframes)
3011 av_log(c->fc, AV_LOG_WARNING, "Duplicated STSS atom\n");
3012 if (entries >= UINT_MAX / sizeof(int))
3013 return AVERROR_INVALIDDATA;
3014 av_freep(&sc->keyframes);
3015 sc->keyframe_count = 0;
3016 sc->keyframes = av_malloc_array(entries, sizeof(*sc->keyframes));
3017 if (!sc->keyframes)
3018 return AVERROR(ENOMEM);
3019
3020 for (i = 0; i < entries && !pb->eof_reached; i++) {
3021 sc->keyframes[i] = avio_rb32(pb);
3022 }
3023
3024 sc->keyframe_count = i;
3025
3026 if (pb->eof_reached) {
3027 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STSS atom\n");
3028 return AVERROR_EOF;
3029 }
3030
3031 return 0;
3032 }
3033
mov_read_stsz(MOVContext * c,AVIOContext * pb,MOVAtom atom)3034 static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3035 {
3036 AVStream *st;
3037 MOVStreamContext *sc;
3038 unsigned int i, entries, sample_size, field_size, num_bytes;
3039 GetBitContext gb;
3040 unsigned char* buf;
3041 int ret;
3042
3043 if (c->fc->nb_streams < 1)
3044 return 0;
3045 st = c->fc->streams[c->fc->nb_streams-1];
3046 sc = st->priv_data;
3047
3048 avio_r8(pb); /* version */
3049 avio_rb24(pb); /* flags */
3050
3051 if (atom.type == MKTAG('s','t','s','z')) {
3052 sample_size = avio_rb32(pb);
3053 if (!sc->sample_size) /* do not overwrite value computed in stsd */
3054 sc->sample_size = sample_size;
3055 sc->stsz_sample_size = sample_size;
3056 field_size = 32;
3057 } else {
3058 sample_size = 0;
3059 avio_rb24(pb); /* reserved */
3060 field_size = avio_r8(pb);
3061 }
3062 entries = avio_rb32(pb);
3063
3064 av_log(c->fc, AV_LOG_TRACE, "sample_size = %u sample_count = %u\n", sc->sample_size, entries);
3065
3066 sc->sample_count = entries;
3067 if (sample_size)
3068 return 0;
3069
3070 if (field_size != 4 && field_size != 8 && field_size != 16 && field_size != 32) {
3071 av_log(c->fc, AV_LOG_ERROR, "Invalid sample field size %u\n", field_size);
3072 return AVERROR_INVALIDDATA;
3073 }
3074
3075 if (!entries)
3076 return 0;
3077 if (entries >= (INT_MAX - 4 - 8 * AV_INPUT_BUFFER_PADDING_SIZE) / field_size)
3078 return AVERROR_INVALIDDATA;
3079 if (sc->sample_sizes)
3080 av_log(c->fc, AV_LOG_WARNING, "Duplicated STSZ atom\n");
3081 av_free(sc->sample_sizes);
3082 sc->sample_count = 0;
3083 sc->sample_sizes = av_malloc_array(entries, sizeof(*sc->sample_sizes));
3084 if (!sc->sample_sizes)
3085 return AVERROR(ENOMEM);
3086
3087 num_bytes = (entries*field_size+4)>>3;
3088
3089 buf = av_malloc(num_bytes+AV_INPUT_BUFFER_PADDING_SIZE);
3090 if (!buf) {
3091 av_freep(&sc->sample_sizes);
3092 return AVERROR(ENOMEM);
3093 }
3094
3095 ret = ffio_read_size(pb, buf, num_bytes);
3096 if (ret < 0) {
3097 av_freep(&sc->sample_sizes);
3098 av_free(buf);
3099 av_log(c->fc, AV_LOG_WARNING, "STSZ atom truncated\n");
3100 return 0;
3101 }
3102
3103 init_get_bits(&gb, buf, 8*num_bytes);
3104
3105 for (i = 0; i < entries; i++) {
3106 sc->sample_sizes[i] = get_bits_long(&gb, field_size);
3107 if (sc->sample_sizes[i] < 0) {
3108 av_free(buf);
3109 av_log(c->fc, AV_LOG_ERROR, "Invalid sample size %d\n", sc->sample_sizes[i]);
3110 return AVERROR_INVALIDDATA;
3111 }
3112 sc->data_size += sc->sample_sizes[i];
3113 }
3114
3115 sc->sample_count = i;
3116
3117 av_free(buf);
3118
3119 return 0;
3120 }
3121
mov_read_stts(MOVContext * c,AVIOContext * pb,MOVAtom atom)3122 static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3123 {
3124 AVStream *st;
3125 MOVStreamContext *sc;
3126 unsigned int i, entries, alloc_size = 0;
3127 int64_t duration = 0;
3128 int64_t total_sample_count = 0;
3129 int64_t current_dts = 0;
3130 int64_t corrected_dts = 0;
3131
3132 if (c->fc->nb_streams < 1)
3133 return 0;
3134 st = c->fc->streams[c->fc->nb_streams-1];
3135 sc = st->priv_data;
3136
3137 avio_r8(pb); /* version */
3138 avio_rb24(pb); /* flags */
3139 entries = avio_rb32(pb);
3140
3141 av_log(c->fc, AV_LOG_TRACE, "track[%u].stts.entries = %u\n",
3142 c->fc->nb_streams-1, entries);
3143
3144 if (sc->stts_data)
3145 av_log(c->fc, AV_LOG_WARNING, "Duplicated STTS atom\n");
3146 av_freep(&sc->stts_data);
3147 sc->stts_count = 0;
3148 if (entries >= INT_MAX / sizeof(*sc->stts_data))
3149 return AVERROR(ENOMEM);
3150
3151 for (i = 0; i < entries && !pb->eof_reached; i++) {
3152 unsigned int sample_duration;
3153 unsigned int sample_count;
3154 unsigned int min_entries = FFMIN(FFMAX(i + 1, 1024 * 1024), entries);
3155 MOVStts *stts_data = av_fast_realloc(sc->stts_data, &alloc_size,
3156 min_entries * sizeof(*sc->stts_data));
3157 if (!stts_data) {
3158 av_freep(&sc->stts_data);
3159 sc->stts_count = 0;
3160 return AVERROR(ENOMEM);
3161 }
3162 sc->stts_count = min_entries;
3163 sc->stts_data = stts_data;
3164
3165 sample_count = avio_rb32(pb);
3166 sample_duration = avio_rb32(pb);
3167
3168 sc->stts_data[i].count= sample_count;
3169 sc->stts_data[i].duration= sample_duration;
3170
3171 av_log(c->fc, AV_LOG_TRACE, "sample_count=%u, sample_duration=%u\n",
3172 sample_count, sample_duration);
3173
3174 /* STTS sample offsets are uint32 but some files store it as int32
3175 * with negative values used to correct DTS delays.
3176 There may be abnormally large values as well. */
3177 if (sample_duration > c->max_stts_delta) {
3178 // assume high delta is a correction if negative when cast as int32
3179 int32_t delta_magnitude = (int32_t)sample_duration;
3180 av_log(c->fc, AV_LOG_WARNING, "Too large sample offset %u in stts entry %u with count %u in st:%d. Clipping to 1.\n",
3181 sample_duration, i, sample_count, st->index);
3182 sc->stts_data[i].duration = 1;
3183 corrected_dts += (delta_magnitude < 0 ? (int64_t)delta_magnitude : 1) * sample_count;
3184 } else {
3185 corrected_dts += sample_duration * (int64_t)sample_count;
3186 }
3187
3188 current_dts += sc->stts_data[i].duration * (int64_t)sample_count;
3189
3190 if (current_dts > corrected_dts) {
3191 int64_t drift = (current_dts - corrected_dts)/FFMAX(sample_count, 1);
3192 uint32_t correction = (sc->stts_data[i].duration > drift) ? drift : sc->stts_data[i].duration - 1;
3193 current_dts -= correction * (uint64_t)sample_count;
3194 sc->stts_data[i].duration -= correction;
3195 }
3196
3197 duration+=(int64_t)sc->stts_data[i].duration*(uint64_t)sc->stts_data[i].count;
3198 total_sample_count+=sc->stts_data[i].count;
3199 }
3200
3201 sc->stts_count = i;
3202
3203 #ifdef OHOS_EXPAND_MP4_INFO
3204 if (sc->stts_count > 0) {
3205 st->stts_count = sc->stts_count;
3206 st->stts_data = malloc(st->stts_count * sizeof(AVMOVStts));
3207 if (st->stts_data != NULL) {
3208 memcpy(st->stts_data, sc->stts_data, st->stts_count * sizeof(AVMOVStts));
3209 } else {
3210 av_log(c->fc, AV_LOG_WARNING, "st->stts_data malloc failed\n");
3211 st->stts_count = 0;
3212 }
3213 }
3214 #endif
3215
3216 if (duration > 0 &&
3217 duration <= INT64_MAX - sc->duration_for_fps &&
3218 total_sample_count <= INT_MAX - sc->nb_frames_for_fps) {
3219 sc->duration_for_fps += duration;
3220 sc->nb_frames_for_fps += total_sample_count;
3221 }
3222
3223 if (pb->eof_reached) {
3224 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted STTS atom\n");
3225 return AVERROR_EOF;
3226 }
3227
3228 st->nb_frames= total_sample_count;
3229 if (duration)
3230 st->duration= FFMIN(st->duration, duration);
3231 sc->track_end = duration;
3232 return 0;
3233 }
3234
mov_read_sdtp(MOVContext * c,AVIOContext * pb,MOVAtom atom)3235 static int mov_read_sdtp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3236 {
3237 AVStream *st;
3238 MOVStreamContext *sc;
3239 int64_t i, entries;
3240
3241 if (c->fc->nb_streams < 1)
3242 return 0;
3243 st = c->fc->streams[c->fc->nb_streams - 1];
3244 sc = st->priv_data;
3245
3246 avio_r8(pb); /* version */
3247 avio_rb24(pb); /* flags */
3248 entries = atom.size - 4;
3249
3250 av_log(c->fc, AV_LOG_TRACE, "track[%u].sdtp.entries = %" PRId64 "\n",
3251 c->fc->nb_streams - 1, entries);
3252
3253 if (sc->sdtp_data)
3254 av_log(c->fc, AV_LOG_WARNING, "Duplicated SDTP atom\n");
3255 av_freep(&sc->sdtp_data);
3256 sc->sdtp_count = 0;
3257
3258 sc->sdtp_data = av_malloc(entries);
3259 if (!sc->sdtp_data)
3260 return AVERROR(ENOMEM);
3261
3262 for (i = 0; i < entries && !pb->eof_reached; i++)
3263 sc->sdtp_data[i] = avio_r8(pb);
3264 sc->sdtp_count = i;
3265
3266 return 0;
3267 }
3268
mov_update_dts_shift(MOVStreamContext * sc,int duration,void * logctx)3269 static void mov_update_dts_shift(MOVStreamContext *sc, int duration, void *logctx)
3270 {
3271 if (duration < 0) {
3272 if (duration == INT_MIN) {
3273 av_log(logctx, AV_LOG_WARNING, "mov_update_dts_shift(): dts_shift set to %d\n", INT_MAX);
3274 duration++;
3275 }
3276 sc->dts_shift = FFMAX(sc->dts_shift, -duration);
3277 }
3278 }
3279
mov_read_ctts(MOVContext * c,AVIOContext * pb,MOVAtom atom)3280 static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3281 {
3282 AVStream *st;
3283 MOVStreamContext *sc;
3284 unsigned int i, entries, ctts_count = 0;
3285
3286 if (c->fc->nb_streams < 1)
3287 return 0;
3288 st = c->fc->streams[c->fc->nb_streams-1];
3289 sc = st->priv_data;
3290
3291 avio_r8(pb); /* version */
3292 avio_rb24(pb); /* flags */
3293 entries = avio_rb32(pb);
3294
3295 av_log(c->fc, AV_LOG_TRACE, "track[%u].ctts.entries = %u\n", c->fc->nb_streams - 1, entries);
3296
3297 if (!entries)
3298 return 0;
3299 if (entries >= UINT_MAX / sizeof(*sc->ctts_data))
3300 return AVERROR_INVALIDDATA;
3301 av_freep(&sc->ctts_data);
3302 sc->ctts_data = av_fast_realloc(NULL, &sc->ctts_allocated_size, entries * sizeof(*sc->ctts_data));
3303 if (!sc->ctts_data)
3304 return AVERROR(ENOMEM);
3305
3306 for (i = 0; i < entries && !pb->eof_reached; i++) {
3307 int count = avio_rb32(pb);
3308 int duration = avio_rb32(pb);
3309
3310 if (count <= 0) {
3311 av_log(c->fc, AV_LOG_TRACE,
3312 "ignoring CTTS entry with count=%d duration=%d\n",
3313 count, duration);
3314 continue;
3315 }
3316
3317 add_ctts_entry(&sc->ctts_data, &ctts_count, &sc->ctts_allocated_size,
3318 count, duration);
3319
3320 av_log(c->fc, AV_LOG_TRACE, "count=%d, duration=%d\n",
3321 count, duration);
3322
3323 if (FFNABS(duration) < -(1<<28) && i+2<entries) {
3324 av_log(c->fc, AV_LOG_WARNING, "CTTS invalid\n");
3325 av_freep(&sc->ctts_data);
3326 sc->ctts_count = 0;
3327 return 0;
3328 }
3329
3330 if (i+2<entries)
3331 mov_update_dts_shift(sc, duration, c->fc);
3332 }
3333
3334 sc->ctts_count = ctts_count;
3335
3336 #ifdef OHOS_EXPAND_MP4_INFO
3337 if (sc->ctts_count > 0) {
3338 st->ctts_count = sc->ctts_count;
3339 st->ctts_data = malloc(st->ctts_count * sizeof(AVMOVCtts));
3340 if (st->ctts_data != NULL) {
3341 memcpy(st->ctts_data, sc->ctts_data, st->ctts_count * sizeof(AVMOVCtts));
3342 } else {
3343 av_log(c->fc, AV_LOG_WARNING, "st->ctts_data malloc failed\n");
3344 st->ctts_count = 0;
3345 }
3346 }
3347 #endif
3348
3349 if (pb->eof_reached) {
3350 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted CTTS atom\n");
3351 return AVERROR_EOF;
3352 }
3353
3354 av_log(c->fc, AV_LOG_TRACE, "dts shift %d\n", sc->dts_shift);
3355
3356 return 0;
3357 }
3358
mov_read_sgpd(MOVContext * c,AVIOContext * pb,MOVAtom atom)3359 static int mov_read_sgpd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3360 {
3361 AVStream *st;
3362 MOVStreamContext *sc;
3363 uint8_t version;
3364 uint32_t grouping_type;
3365 uint32_t default_length;
3366 av_unused uint32_t default_group_description_index;
3367 uint32_t entry_count;
3368
3369 if (c->fc->nb_streams < 1)
3370 return 0;
3371 st = c->fc->streams[c->fc->nb_streams - 1];
3372 sc = st->priv_data;
3373
3374 version = avio_r8(pb); /* version */
3375 avio_rb24(pb); /* flags */
3376 grouping_type = avio_rl32(pb);
3377
3378 /*
3379 * This function only supports "sync" boxes, but the code is able to parse
3380 * other boxes (such as "tscl", "tsas" and "stsa")
3381 */
3382 if (grouping_type != MKTAG('s','y','n','c'))
3383 return 0;
3384
3385 default_length = version >= 1 ? avio_rb32(pb) : 0;
3386 default_group_description_index = version >= 2 ? avio_rb32(pb) : 0;
3387 entry_count = avio_rb32(pb);
3388
3389 av_freep(&sc->sgpd_sync);
3390 sc->sgpd_sync_count = entry_count;
3391 sc->sgpd_sync = av_calloc(entry_count, sizeof(*sc->sgpd_sync));
3392 if (!sc->sgpd_sync)
3393 return AVERROR(ENOMEM);
3394
3395 for (uint32_t i = 0; i < entry_count && !pb->eof_reached; i++) {
3396 uint32_t description_length = default_length;
3397 if (version >= 1 && default_length == 0)
3398 description_length = avio_rb32(pb);
3399 if (grouping_type == MKTAG('s','y','n','c')) {
3400 const uint8_t nal_unit_type = avio_r8(pb) & 0x3f;
3401 sc->sgpd_sync[i] = nal_unit_type;
3402 description_length -= 1;
3403 }
3404 avio_skip(pb, description_length);
3405 }
3406
3407 if (pb->eof_reached) {
3408 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted SGPD atom\n");
3409 return AVERROR_EOF;
3410 }
3411
3412 return 0;
3413 }
3414
mov_read_sbgp(MOVContext * c,AVIOContext * pb,MOVAtom atom)3415 static int mov_read_sbgp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
3416 {
3417 AVStream *st;
3418 MOVStreamContext *sc;
3419 unsigned int i, entries;
3420 uint8_t version;
3421 uint32_t grouping_type;
3422 MOVSbgp *table, **tablep;
3423 int *table_count;
3424
3425 if (c->fc->nb_streams < 1)
3426 return 0;
3427 st = c->fc->streams[c->fc->nb_streams-1];
3428 sc = st->priv_data;
3429
3430 version = avio_r8(pb); /* version */
3431 avio_rb24(pb); /* flags */
3432 grouping_type = avio_rl32(pb);
3433
3434 if (grouping_type == MKTAG('r','a','p',' ')) {
3435 tablep = &sc->rap_group;
3436 table_count = &sc->rap_group_count;
3437 } else if (grouping_type == MKTAG('s','y','n','c')) {
3438 tablep = &sc->sync_group;
3439 table_count = &sc->sync_group_count;
3440 } else {
3441 return 0;
3442 }
3443
3444 if (version == 1)
3445 avio_rb32(pb); /* grouping_type_parameter */
3446
3447 entries = avio_rb32(pb);
3448 if (!entries)
3449 return 0;
3450 if (*tablep)
3451 av_log(c->fc, AV_LOG_WARNING, "Duplicated SBGP %s atom\n", av_fourcc2str(grouping_type));
3452 av_freep(tablep);
3453 table = av_malloc_array(entries, sizeof(*table));
3454 if (!table)
3455 return AVERROR(ENOMEM);
3456 *tablep = table;
3457
3458 for (i = 0; i < entries && !pb->eof_reached; i++) {
3459 table[i].count = avio_rb32(pb); /* sample_count */
3460 table[i].index = avio_rb32(pb); /* group_description_index */
3461 }
3462
3463 *table_count = i;
3464
3465 if (pb->eof_reached) {
3466 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted SBGP atom\n");
3467 return AVERROR_EOF;
3468 }
3469
3470 return 0;
3471 }
3472
3473 /**
3474 * Get ith edit list entry (media time, duration).
3475 */
get_edit_list_entry(MOVContext * mov,const MOVStreamContext * msc,unsigned int edit_list_index,int64_t * edit_list_media_time,int64_t * edit_list_duration,int64_t global_timescale)3476 static int get_edit_list_entry(MOVContext *mov,
3477 const MOVStreamContext *msc,
3478 unsigned int edit_list_index,
3479 int64_t *edit_list_media_time,
3480 int64_t *edit_list_duration,
3481 int64_t global_timescale)
3482 {
3483 if (edit_list_index == msc->elst_count) {
3484 return 0;
3485 }
3486 *edit_list_media_time = msc->elst_data[edit_list_index].time;
3487 *edit_list_duration = msc->elst_data[edit_list_index].duration;
3488
3489 /* duration is in global timescale units;convert to msc timescale */
3490 if (global_timescale == 0) {
3491 avpriv_request_sample(mov->fc, "Support for mvhd.timescale = 0 with editlists");
3492 return 0;
3493 }
3494 *edit_list_duration = av_rescale(*edit_list_duration, msc->time_scale,
3495 global_timescale);
3496
3497 if (*edit_list_duration + (uint64_t)*edit_list_media_time > INT64_MAX)
3498 *edit_list_duration = 0;
3499
3500 return 1;
3501 }
3502
3503 /**
3504 * Find the closest previous frame to the timestamp_pts, in e_old index
3505 * entries. Searching for just any frame / just key frames can be controlled by
3506 * last argument 'flag'.
3507 * Note that if ctts_data is not NULL, we will always search for a key frame
3508 * irrespective of the value of 'flag'. If we don't find any keyframe, we will
3509 * return the first frame of the video.
3510 *
3511 * Here the timestamp_pts is considered to be a presentation timestamp and
3512 * the timestamp of index entries are considered to be decoding timestamps.
3513 *
3514 * Returns 0 if successful in finding a frame, else returns -1.
3515 * Places the found index corresponding output arg.
3516 *
3517 * If ctts_old is not NULL, then refines the searched entry by searching
3518 * backwards from the found timestamp, to find the frame with correct PTS.
3519 *
3520 * Places the found ctts_index and ctts_sample in corresponding output args.
3521 */
find_prev_closest_index(AVStream * st,AVIndexEntry * e_old,int nb_old,MOVCtts * ctts_data,int64_t ctts_count,int64_t timestamp_pts,int flag,int64_t * index,int64_t * ctts_index,int64_t * ctts_sample)3522 static int find_prev_closest_index(AVStream *st,
3523 AVIndexEntry *e_old,
3524 int nb_old,
3525 MOVCtts* ctts_data,
3526 int64_t ctts_count,
3527 int64_t timestamp_pts,
3528 int flag,
3529 int64_t* index,
3530 int64_t* ctts_index,
3531 int64_t* ctts_sample)
3532 {
3533 MOVStreamContext *msc = st->priv_data;
3534 FFStream *const sti = ffstream(st);
3535 AVIndexEntry *e_keep = sti->index_entries;
3536 int nb_keep = sti->nb_index_entries;
3537 int64_t i = 0;
3538 int64_t index_ctts_count;
3539
3540 av_assert0(index);
3541
3542 // If dts_shift > 0, then all the index timestamps will have to be offset by
3543 // at least dts_shift amount to obtain PTS.
3544 // Hence we decrement the searched timestamp_pts by dts_shift to find the closest index element.
3545 if (msc->dts_shift > 0) {
3546 timestamp_pts -= msc->dts_shift;
3547 }
3548
3549 sti->index_entries = e_old;
3550 sti->nb_index_entries = nb_old;
3551 *index = av_index_search_timestamp(st, timestamp_pts, flag | AVSEEK_FLAG_BACKWARD);
3552
3553 // Keep going backwards in the index entries until the timestamp is the same.
3554 if (*index >= 0) {
3555 for (i = *index; i > 0 && e_old[i].timestamp == e_old[i - 1].timestamp;
3556 i--) {
3557 if ((flag & AVSEEK_FLAG_ANY) ||
3558 (e_old[i - 1].flags & AVINDEX_KEYFRAME)) {
3559 *index = i - 1;
3560 }
3561 }
3562 }
3563
3564 // If we have CTTS then refine the search, by searching backwards over PTS
3565 // computed by adding corresponding CTTS durations to index timestamps.
3566 if (ctts_data && *index >= 0) {
3567 av_assert0(ctts_index);
3568 av_assert0(ctts_sample);
3569 // Find out the ctts_index for the found frame.
3570 *ctts_index = 0;
3571 *ctts_sample = 0;
3572 for (index_ctts_count = 0; index_ctts_count < *index; index_ctts_count++) {
3573 if (*ctts_index < ctts_count) {
3574 (*ctts_sample)++;
3575 if (ctts_data[*ctts_index].count == *ctts_sample) {
3576 (*ctts_index)++;
3577 *ctts_sample = 0;
3578 }
3579 }
3580 }
3581
3582 while (*index >= 0 && (*ctts_index) >= 0 && (*ctts_index) < ctts_count) {
3583 // Find a "key frame" with PTS <= timestamp_pts (So that we can decode B-frames correctly).
3584 // No need to add dts_shift to the timestamp here becase timestamp_pts has already been
3585 // compensated by dts_shift above.
3586 if ((e_old[*index].timestamp + ctts_data[*ctts_index].duration) <= timestamp_pts &&
3587 (e_old[*index].flags & AVINDEX_KEYFRAME)) {
3588 break;
3589 }
3590
3591 (*index)--;
3592 if (*ctts_sample == 0) {
3593 (*ctts_index)--;
3594 if (*ctts_index >= 0)
3595 *ctts_sample = ctts_data[*ctts_index].count - 1;
3596 } else {
3597 (*ctts_sample)--;
3598 }
3599 }
3600 }
3601
3602 /* restore AVStream state*/
3603 sti->index_entries = e_keep;
3604 sti->nb_index_entries = nb_keep;
3605 return *index >= 0 ? 0 : -1;
3606 }
3607
3608 /**
3609 * Add index entry with the given values, to the end of ffstream(st)->index_entries.
3610 * Returns the new size ffstream(st)->index_entries if successful, else returns -1.
3611 *
3612 * This function is similar to ff_add_index_entry in libavformat/utils.c
3613 * except that here we are always unconditionally adding an index entry to
3614 * the end, instead of searching the entries list and skipping the add if
3615 * there is an existing entry with the same timestamp.
3616 * This is needed because the mov_fix_index calls this func with the same
3617 * unincremented timestamp for successive discarded frames.
3618 */
add_index_entry(AVStream * st,int64_t pos,int64_t timestamp,int size,int distance,int flags)3619 static int64_t add_index_entry(AVStream *st, int64_t pos, int64_t timestamp,
3620 int size, int distance, int flags)
3621 {
3622 FFStream *const sti = ffstream(st);
3623 AVIndexEntry *entries, *ie;
3624 int64_t index = -1;
3625 const size_t min_size_needed = (sti->nb_index_entries + 1) * sizeof(AVIndexEntry);
3626
3627 // Double the allocation each time, to lower memory fragmentation.
3628 // Another difference from ff_add_index_entry function.
3629 const size_t requested_size =
3630 min_size_needed > sti->index_entries_allocated_size ?
3631 FFMAX(min_size_needed, 2 * sti->index_entries_allocated_size) :
3632 min_size_needed;
3633
3634 if (sti->nb_index_entries + 1U >= UINT_MAX / sizeof(AVIndexEntry))
3635 return -1;
3636
3637 entries = av_fast_realloc(sti->index_entries,
3638 &sti->index_entries_allocated_size,
3639 requested_size);
3640 if (!entries)
3641 return -1;
3642
3643 sti->index_entries = entries;
3644
3645 index = sti->nb_index_entries++;
3646 ie= &entries[index];
3647
3648 ie->pos = pos;
3649 ie->timestamp = timestamp;
3650 ie->min_distance= distance;
3651 ie->size= size;
3652 ie->flags = flags;
3653 return index;
3654 }
3655
3656 /**
3657 * Rewrite timestamps of index entries in the range [end_index - frame_duration_buffer_size, end_index)
3658 * by subtracting end_ts successively by the amounts given in frame_duration_buffer.
3659 */
fix_index_entry_timestamps(AVStream * st,int end_index,int64_t end_ts,int64_t * frame_duration_buffer,int frame_duration_buffer_size)3660 static void fix_index_entry_timestamps(AVStream* st, int end_index, int64_t end_ts,
3661 int64_t* frame_duration_buffer,
3662 int frame_duration_buffer_size) {
3663 FFStream *const sti = ffstream(st);
3664 int i = 0;
3665 av_assert0(end_index >= 0 && end_index <= sti->nb_index_entries);
3666 for (i = 0; i < frame_duration_buffer_size; i++) {
3667 end_ts -= frame_duration_buffer[frame_duration_buffer_size - 1 - i];
3668 sti->index_entries[end_index - 1 - i].timestamp = end_ts;
3669 }
3670 }
3671
3672 /**
3673 * Append a new ctts entry to ctts_data.
3674 * Returns the new ctts_count if successful, else returns -1.
3675 */
add_ctts_entry(MOVCtts ** ctts_data,unsigned int * ctts_count,unsigned int * allocated_size,int count,int duration)3676 static int64_t add_ctts_entry(MOVCtts** ctts_data, unsigned int* ctts_count, unsigned int* allocated_size,
3677 int count, int duration)
3678 {
3679 MOVCtts *ctts_buf_new;
3680 const size_t min_size_needed = (*ctts_count + 1) * sizeof(MOVCtts);
3681 const size_t requested_size =
3682 min_size_needed > *allocated_size ?
3683 FFMAX(min_size_needed, 2 * (*allocated_size)) :
3684 min_size_needed;
3685
3686 if ((unsigned)(*ctts_count) >= UINT_MAX / sizeof(MOVCtts) - 1)
3687 return -1;
3688
3689 ctts_buf_new = av_fast_realloc(*ctts_data, allocated_size, requested_size);
3690
3691 if (!ctts_buf_new)
3692 return -1;
3693
3694 *ctts_data = ctts_buf_new;
3695
3696 ctts_buf_new[*ctts_count].count = count;
3697 ctts_buf_new[*ctts_count].duration = duration;
3698
3699 *ctts_count = (*ctts_count) + 1;
3700 return *ctts_count;
3701 }
3702
3703 #define MAX_REORDER_DELAY 16
mov_estimate_video_delay(MOVContext * c,AVStream * st)3704 static void mov_estimate_video_delay(MOVContext *c, AVStream* st)
3705 {
3706 MOVStreamContext *msc = st->priv_data;
3707 FFStream *const sti = ffstream(st);
3708 int ctts_ind = 0;
3709 int ctts_sample = 0;
3710 int64_t pts_buf[MAX_REORDER_DELAY + 1]; // Circular buffer to sort pts.
3711 int buf_start = 0;
3712 int j, r, num_swaps;
3713
3714 for (j = 0; j < MAX_REORDER_DELAY + 1; j++)
3715 pts_buf[j] = INT64_MIN;
3716
3717 if (st->codecpar->video_delay <= 0 && msc->ctts_data &&
3718 st->codecpar->codec_id == AV_CODEC_ID_H264) {
3719 st->codecpar->video_delay = 0;
3720 for (int ind = 0; ind < sti->nb_index_entries && ctts_ind < msc->ctts_count; ++ind) {
3721 // Point j to the last elem of the buffer and insert the current pts there.
3722 j = buf_start;
3723 buf_start = (buf_start + 1);
3724 if (buf_start == MAX_REORDER_DELAY + 1)
3725 buf_start = 0;
3726
3727 pts_buf[j] = sti->index_entries[ind].timestamp + msc->ctts_data[ctts_ind].duration;
3728
3729 // The timestamps that are already in the sorted buffer, and are greater than the
3730 // current pts, are exactly the timestamps that need to be buffered to output PTS
3731 // in correct sorted order.
3732 // Hence the video delay (which is the buffer size used to sort DTS and output PTS),
3733 // can be computed as the maximum no. of swaps any particular timestamp needs to
3734 // go through, to keep this buffer in sorted order.
3735 num_swaps = 0;
3736 while (j != buf_start) {
3737 r = j - 1;
3738 if (r < 0) r = MAX_REORDER_DELAY;
3739 if (pts_buf[j] < pts_buf[r]) {
3740 FFSWAP(int64_t, pts_buf[j], pts_buf[r]);
3741 ++num_swaps;
3742 } else {
3743 break;
3744 }
3745 j = r;
3746 }
3747 st->codecpar->video_delay = FFMAX(st->codecpar->video_delay, num_swaps);
3748
3749 ctts_sample++;
3750 if (ctts_sample == msc->ctts_data[ctts_ind].count) {
3751 ctts_ind++;
3752 ctts_sample = 0;
3753 }
3754 }
3755 av_log(c->fc, AV_LOG_DEBUG, "Setting codecpar->delay to %d for stream st: %d\n",
3756 st->codecpar->video_delay, st->index);
3757 }
3758 }
3759
mov_current_sample_inc(MOVStreamContext * sc)3760 static void mov_current_sample_inc(MOVStreamContext *sc)
3761 {
3762 sc->current_sample++;
3763 sc->current_index++;
3764 if (sc->index_ranges &&
3765 sc->current_index >= sc->current_index_range->end &&
3766 sc->current_index_range->end) {
3767 sc->current_index_range++;
3768 sc->current_index = sc->current_index_range->start;
3769 }
3770 }
3771
mov_current_sample_dec(MOVStreamContext * sc)3772 static void mov_current_sample_dec(MOVStreamContext *sc)
3773 {
3774 sc->current_sample--;
3775 sc->current_index--;
3776 if (sc->index_ranges &&
3777 sc->current_index < sc->current_index_range->start &&
3778 sc->current_index_range > sc->index_ranges) {
3779 sc->current_index_range--;
3780 sc->current_index = sc->current_index_range->end - 1;
3781 }
3782 }
3783
mov_current_sample_set(MOVStreamContext * sc,int current_sample)3784 static void mov_current_sample_set(MOVStreamContext *sc, int current_sample)
3785 {
3786 int64_t range_size;
3787
3788 sc->current_sample = current_sample;
3789 sc->current_index = current_sample;
3790 if (!sc->index_ranges) {
3791 return;
3792 }
3793
3794 for (sc->current_index_range = sc->index_ranges;
3795 sc->current_index_range->end;
3796 sc->current_index_range++) {
3797 range_size = sc->current_index_range->end - sc->current_index_range->start;
3798 if (range_size > current_sample) {
3799 sc->current_index = sc->current_index_range->start + current_sample;
3800 break;
3801 }
3802 current_sample -= range_size;
3803 }
3804 }
3805
3806 /**
3807 * Fix ffstream(st)->index_entries, so that it contains only the entries (and the entries
3808 * which are needed to decode them) that fall in the edit list time ranges.
3809 * Also fixes the timestamps of the index entries to match the timeline
3810 * specified the edit lists.
3811 */
mov_fix_index(MOVContext * mov,AVStream * st)3812 static void mov_fix_index(MOVContext *mov, AVStream *st)
3813 {
3814 MOVStreamContext *msc = st->priv_data;
3815 FFStream *const sti = ffstream(st);
3816 AVIndexEntry *e_old = sti->index_entries;
3817 int nb_old = sti->nb_index_entries;
3818 const AVIndexEntry *e_old_end = e_old + nb_old;
3819 const AVIndexEntry *current = NULL;
3820 MOVCtts *ctts_data_old = msc->ctts_data;
3821 int64_t ctts_index_old = 0;
3822 int64_t ctts_sample_old = 0;
3823 int64_t ctts_count_old = msc->ctts_count;
3824 int64_t edit_list_media_time = 0;
3825 int64_t edit_list_duration = 0;
3826 int64_t frame_duration = 0;
3827 int64_t edit_list_dts_counter = 0;
3828 int64_t edit_list_dts_entry_end = 0;
3829 int64_t edit_list_start_ctts_sample = 0;
3830 int64_t curr_cts;
3831 int64_t curr_ctts = 0;
3832 int64_t empty_edits_sum_duration = 0;
3833 int64_t edit_list_index = 0;
3834 int64_t index;
3835 int flags;
3836 int64_t start_dts = 0;
3837 int64_t edit_list_start_encountered = 0;
3838 int64_t search_timestamp = 0;
3839 int64_t* frame_duration_buffer = NULL;
3840 int num_discarded_begin = 0;
3841 int first_non_zero_audio_edit = -1;
3842 int packet_skip_samples = 0;
3843 MOVIndexRange *current_index_range;
3844 int found_keyframe_after_edit = 0;
3845 int found_non_empty_edit = 0;
3846
3847 if (!msc->elst_data || msc->elst_count <= 0 || nb_old <= 0) {
3848 return;
3849 }
3850
3851 // allocate the index ranges array
3852 msc->index_ranges = av_malloc((msc->elst_count + 1) * sizeof(msc->index_ranges[0]));
3853 if (!msc->index_ranges) {
3854 av_log(mov->fc, AV_LOG_ERROR, "Cannot allocate index ranges buffer\n");
3855 return;
3856 }
3857 msc->current_index_range = msc->index_ranges;
3858 current_index_range = msc->index_ranges - 1;
3859
3860 // Clean AVStream from traces of old index
3861 sti->index_entries = NULL;
3862 sti->index_entries_allocated_size = 0;
3863 sti->nb_index_entries = 0;
3864
3865 // Clean ctts fields of MOVStreamContext
3866 msc->ctts_data = NULL;
3867 msc->ctts_count = 0;
3868 msc->ctts_index = 0;
3869 msc->ctts_sample = 0;
3870 msc->ctts_allocated_size = 0;
3871
3872 // Reinitialize min_corrected_pts so that it can be computed again.
3873 msc->min_corrected_pts = -1;
3874
3875 // If the dts_shift is positive (in case of negative ctts values in mov),
3876 // then negate the DTS by dts_shift
3877 if (msc->dts_shift > 0) {
3878 edit_list_dts_entry_end -= msc->dts_shift;
3879 av_log(mov->fc, AV_LOG_DEBUG, "Shifting DTS by %d because of negative CTTS.\n", msc->dts_shift);
3880 }
3881
3882 start_dts = edit_list_dts_entry_end;
3883
3884 while (get_edit_list_entry(mov, msc, edit_list_index, &edit_list_media_time,
3885 &edit_list_duration, mov->time_scale)) {
3886 av_log(mov->fc, AV_LOG_DEBUG, "Processing st: %d, edit list %"PRId64" - media time: %"PRId64", duration: %"PRId64"\n",
3887 st->index, edit_list_index, edit_list_media_time, edit_list_duration);
3888 edit_list_index++;
3889 edit_list_dts_counter = edit_list_dts_entry_end;
3890 edit_list_dts_entry_end += edit_list_duration;
3891 num_discarded_begin = 0;
3892 if (!found_non_empty_edit && edit_list_media_time == -1) {
3893 empty_edits_sum_duration += edit_list_duration;
3894 continue;
3895 }
3896 found_non_empty_edit = 1;
3897
3898 // If we encounter a non-negative edit list reset the skip_samples/start_pad fields and set them
3899 // according to the edit list below.
3900 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO) {
3901 if (first_non_zero_audio_edit < 0) {
3902 first_non_zero_audio_edit = 1;
3903 } else {
3904 first_non_zero_audio_edit = 0;
3905 }
3906
3907 if (first_non_zero_audio_edit > 0)
3908 sti->skip_samples = msc->start_pad = 0;
3909 }
3910
3911 // While reordering frame index according to edit list we must handle properly
3912 // the scenario when edit list entry starts from none key frame.
3913 // We find closest previous key frame and preserve it and consequent frames in index.
3914 // All frames which are outside edit list entry time boundaries will be dropped after decoding.
3915 search_timestamp = edit_list_media_time;
3916 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO) {
3917 // Audio decoders like AAC need need a decoder delay samples previous to the current sample,
3918 // to correctly decode this frame. Hence for audio we seek to a frame 1 sec. before the
3919 // edit_list_media_time to cover the decoder delay.
3920 search_timestamp = FFMAX(search_timestamp - msc->time_scale, e_old[0].timestamp);
3921 }
3922
3923 if (find_prev_closest_index(st, e_old, nb_old, ctts_data_old, ctts_count_old, search_timestamp, 0,
3924 &index, &ctts_index_old, &ctts_sample_old) < 0) {
3925 av_log(mov->fc, AV_LOG_WARNING,
3926 "st: %d edit list: %"PRId64" Missing key frame while searching for timestamp: %"PRId64"\n",
3927 st->index, edit_list_index, search_timestamp);
3928 if (find_prev_closest_index(st, e_old, nb_old, ctts_data_old, ctts_count_old, search_timestamp, AVSEEK_FLAG_ANY,
3929 &index, &ctts_index_old, &ctts_sample_old) < 0) {
3930 av_log(mov->fc, AV_LOG_WARNING,
3931 "st: %d edit list %"PRId64" Cannot find an index entry before timestamp: %"PRId64".\n",
3932 st->index, edit_list_index, search_timestamp);
3933 index = 0;
3934 ctts_index_old = 0;
3935 ctts_sample_old = 0;
3936 }
3937 }
3938 current = e_old + index;
3939 edit_list_start_ctts_sample = ctts_sample_old;
3940
3941 // Iterate over index and arrange it according to edit list
3942 edit_list_start_encountered = 0;
3943 found_keyframe_after_edit = 0;
3944 for (; current < e_old_end; current++, index++) {
3945 // check if frame outside edit list mark it for discard
3946 frame_duration = (current + 1 < e_old_end) ?
3947 ((current + 1)->timestamp - current->timestamp) : edit_list_duration;
3948
3949 flags = current->flags;
3950
3951 // frames (pts) before or after edit list
3952 curr_cts = current->timestamp + msc->dts_shift;
3953 curr_ctts = 0;
3954
3955 if (ctts_data_old && ctts_index_old < ctts_count_old) {
3956 curr_ctts = ctts_data_old[ctts_index_old].duration;
3957 av_log(mov->fc, AV_LOG_TRACE, "stts: %"PRId64" ctts: %"PRId64", ctts_index: %"PRId64", ctts_count: %"PRId64"\n",
3958 curr_cts, curr_ctts, ctts_index_old, ctts_count_old);
3959 curr_cts += curr_ctts;
3960 ctts_sample_old++;
3961 if (ctts_sample_old == ctts_data_old[ctts_index_old].count) {
3962 if (add_ctts_entry(&msc->ctts_data, &msc->ctts_count,
3963 &msc->ctts_allocated_size,
3964 ctts_data_old[ctts_index_old].count - edit_list_start_ctts_sample,
3965 ctts_data_old[ctts_index_old].duration) == -1) {
3966 av_log(mov->fc, AV_LOG_ERROR, "Cannot add CTTS entry %"PRId64" - {%"PRId64", %d}\n",
3967 ctts_index_old,
3968 ctts_data_old[ctts_index_old].count - edit_list_start_ctts_sample,
3969 ctts_data_old[ctts_index_old].duration);
3970 break;
3971 }
3972 ctts_index_old++;
3973 ctts_sample_old = 0;
3974 edit_list_start_ctts_sample = 0;
3975 }
3976 }
3977
3978 if (curr_cts < edit_list_media_time || curr_cts >= (edit_list_duration + edit_list_media_time)) {
3979 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO && st->codecpar->codec_id != AV_CODEC_ID_VORBIS &&
3980 curr_cts < edit_list_media_time && curr_cts + frame_duration > edit_list_media_time &&
3981 first_non_zero_audio_edit > 0) {
3982 packet_skip_samples = edit_list_media_time - curr_cts;
3983 sti->skip_samples += packet_skip_samples;
3984
3985 // Shift the index entry timestamp by packet_skip_samples to be correct.
3986 edit_list_dts_counter -= packet_skip_samples;
3987 if (edit_list_start_encountered == 0) {
3988 edit_list_start_encountered = 1;
3989 // Make timestamps strictly monotonically increasing for audio, by rewriting timestamps for
3990 // discarded packets.
3991 if (frame_duration_buffer) {
3992 fix_index_entry_timestamps(st, sti->nb_index_entries, edit_list_dts_counter,
3993 frame_duration_buffer, num_discarded_begin);
3994 av_freep(&frame_duration_buffer);
3995 }
3996 }
3997
3998 av_log(mov->fc, AV_LOG_DEBUG, "skip %d audio samples from curr_cts: %"PRId64"\n", packet_skip_samples, curr_cts);
3999 } else {
4000 flags |= AVINDEX_DISCARD_FRAME;
4001 av_log(mov->fc, AV_LOG_DEBUG, "drop a frame at curr_cts: %"PRId64" @ %"PRId64"\n", curr_cts, index);
4002
4003 if (edit_list_start_encountered == 0) {
4004 num_discarded_begin++;
4005 frame_duration_buffer = av_realloc(frame_duration_buffer,
4006 num_discarded_begin * sizeof(int64_t));
4007 if (!frame_duration_buffer) {
4008 av_log(mov->fc, AV_LOG_ERROR, "Cannot reallocate frame duration buffer\n");
4009 break;
4010 }
4011 frame_duration_buffer[num_discarded_begin - 1] = frame_duration;
4012
4013 // Increment skip_samples for the first non-zero audio edit list
4014 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO &&
4015 first_non_zero_audio_edit > 0 && st->codecpar->codec_id != AV_CODEC_ID_VORBIS) {
4016 sti->skip_samples += frame_duration;
4017 }
4018 }
4019 }
4020 } else {
4021 if (msc->min_corrected_pts < 0) {
4022 msc->min_corrected_pts = edit_list_dts_counter + curr_ctts + msc->dts_shift;
4023 } else {
4024 msc->min_corrected_pts = FFMIN(msc->min_corrected_pts, edit_list_dts_counter + curr_ctts + msc->dts_shift);
4025 }
4026 if (edit_list_start_encountered == 0) {
4027 edit_list_start_encountered = 1;
4028 // Make timestamps strictly monotonically increasing by rewriting timestamps for
4029 // discarded packets.
4030 if (frame_duration_buffer) {
4031 fix_index_entry_timestamps(st, sti->nb_index_entries, edit_list_dts_counter,
4032 frame_duration_buffer, num_discarded_begin);
4033 av_freep(&frame_duration_buffer);
4034 }
4035 }
4036 }
4037
4038 if (add_index_entry(st, current->pos, edit_list_dts_counter, current->size,
4039 current->min_distance, flags) == -1) {
4040 av_log(mov->fc, AV_LOG_ERROR, "Cannot add index entry\n");
4041 break;
4042 }
4043
4044 // Update the index ranges array
4045 if (current_index_range < msc->index_ranges || index != current_index_range->end) {
4046 current_index_range++;
4047 current_index_range->start = index;
4048 }
4049 current_index_range->end = index + 1;
4050
4051 // Only start incrementing DTS in frame_duration amounts, when we encounter a frame in edit list.
4052 if (edit_list_start_encountered > 0) {
4053 edit_list_dts_counter = edit_list_dts_counter + frame_duration;
4054 }
4055
4056 // Break when found first key frame after edit entry completion
4057 if ((curr_cts + frame_duration >= (edit_list_duration + edit_list_media_time)) &&
4058 ((flags & AVINDEX_KEYFRAME) || ((st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO)))) {
4059 if (ctts_data_old) {
4060 // If we have CTTS and this is the first keyframe after edit elist,
4061 // wait for one more, because there might be trailing B-frames after this I-frame
4062 // that do belong to the edit.
4063 if (st->codecpar->codec_type != AVMEDIA_TYPE_AUDIO && found_keyframe_after_edit == 0) {
4064 found_keyframe_after_edit = 1;
4065 continue;
4066 }
4067 if (ctts_sample_old != 0) {
4068 if (add_ctts_entry(&msc->ctts_data, &msc->ctts_count,
4069 &msc->ctts_allocated_size,
4070 ctts_sample_old - edit_list_start_ctts_sample,
4071 ctts_data_old[ctts_index_old].duration) == -1) {
4072 av_log(mov->fc, AV_LOG_ERROR, "Cannot add CTTS entry %"PRId64" - {%"PRId64", %d}\n",
4073 ctts_index_old, ctts_sample_old - edit_list_start_ctts_sample,
4074 ctts_data_old[ctts_index_old].duration);
4075 break;
4076 }
4077 }
4078 }
4079 break;
4080 }
4081 }
4082 }
4083 // If there are empty edits, then msc->min_corrected_pts might be positive
4084 // intentionally. So we subtract the sum duration of emtpy edits here.
4085 msc->min_corrected_pts -= empty_edits_sum_duration;
4086
4087 // If the minimum pts turns out to be greater than zero after fixing the index, then we subtract the
4088 // dts by that amount to make the first pts zero.
4089 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) {
4090 if (msc->min_corrected_pts > 0) {
4091 av_log(mov->fc, AV_LOG_DEBUG, "Offset DTS by %"PRId64" to make first pts zero.\n", msc->min_corrected_pts);
4092 for (int i = 0; i < sti->nb_index_entries; ++i)
4093 sti->index_entries[i].timestamp -= msc->min_corrected_pts;
4094 }
4095 }
4096 // Start time should be equal to zero or the duration of any empty edits.
4097 st->start_time = empty_edits_sum_duration;
4098
4099 // Update av stream length, if it ends up shorter than the track's media duration
4100 st->duration = FFMIN(st->duration, edit_list_dts_entry_end - start_dts);
4101 msc->start_pad = sti->skip_samples;
4102
4103 // Free the old index and the old CTTS structures
4104 av_free(e_old);
4105 av_free(ctts_data_old);
4106 av_freep(&frame_duration_buffer);
4107
4108 // Null terminate the index ranges array
4109 current_index_range++;
4110 current_index_range->start = 0;
4111 current_index_range->end = 0;
4112 msc->current_index = msc->index_ranges[0].start;
4113 }
4114
get_sgpd_sync_index(const MOVStreamContext * sc,int nal_unit_type)4115 static uint32_t get_sgpd_sync_index(const MOVStreamContext *sc, int nal_unit_type)
4116 {
4117 for (uint32_t i = 0; i < sc->sgpd_sync_count; i++)
4118 if (sc->sgpd_sync[i] == HEVC_NAL_CRA_NUT)
4119 return i + 1;
4120 return 0;
4121 }
4122
build_open_gop_key_points(AVStream * st)4123 static int build_open_gop_key_points(AVStream *st)
4124 {
4125 int k;
4126 int sample_id = 0;
4127 uint32_t cra_index;
4128 MOVStreamContext *sc = st->priv_data;
4129
4130 if (st->codecpar->codec_id != AV_CODEC_ID_HEVC || !sc->sync_group_count)
4131 return 0;
4132
4133 /* Build an unrolled index of the samples */
4134 sc->sample_offsets_count = 0;
4135 for (uint32_t i = 0; i < sc->ctts_count; i++) {
4136 if (sc->ctts_data[i].count > INT_MAX - sc->sample_offsets_count)
4137 return AVERROR(ENOMEM);
4138 sc->sample_offsets_count += sc->ctts_data[i].count;
4139 }
4140 av_freep(&sc->sample_offsets);
4141 sc->sample_offsets = av_calloc(sc->sample_offsets_count, sizeof(*sc->sample_offsets));
4142 if (!sc->sample_offsets)
4143 return AVERROR(ENOMEM);
4144 k = 0;
4145 for (uint32_t i = 0; i < sc->ctts_count; i++)
4146 for (int j = 0; j < sc->ctts_data[i].count; j++)
4147 sc->sample_offsets[k++] = sc->ctts_data[i].duration;
4148
4149 /* The following HEVC NAL type reveal the use of open GOP sync points
4150 * (TODO: BLA types may also be concerned) */
4151 cra_index = get_sgpd_sync_index(sc, HEVC_NAL_CRA_NUT); /* Clean Random Access */
4152 if (!cra_index)
4153 return 0;
4154
4155 /* Build a list of open-GOP key samples */
4156 sc->open_key_samples_count = 0;
4157 for (uint32_t i = 0; i < sc->sync_group_count; i++)
4158 if (sc->sync_group[i].index == cra_index) {
4159 if (sc->sync_group[i].count > INT_MAX - sc->open_key_samples_count)
4160 return AVERROR(ENOMEM);
4161 sc->open_key_samples_count += sc->sync_group[i].count;
4162 }
4163 av_freep(&sc->open_key_samples);
4164 sc->open_key_samples = av_calloc(sc->open_key_samples_count, sizeof(*sc->open_key_samples));
4165 if (!sc->open_key_samples)
4166 return AVERROR(ENOMEM);
4167 k = 0;
4168 for (uint32_t i = 0; i < sc->sync_group_count; i++) {
4169 const MOVSbgp *sg = &sc->sync_group[i];
4170 if (sg->index == cra_index)
4171 for (uint32_t j = 0; j < sg->count; j++)
4172 sc->open_key_samples[k++] = sample_id;
4173 if (sg->count > INT_MAX - sample_id)
4174 return AVERROR_PATCHWELCOME;
4175 sample_id += sg->count;
4176 }
4177
4178 /* Identify the minimal time step between samples */
4179 sc->min_sample_duration = UINT_MAX;
4180 for (uint32_t i = 0; i < sc->stts_count; i++)
4181 sc->min_sample_duration = FFMIN(sc->min_sample_duration, sc->stts_data[i].duration);
4182
4183 return 0;
4184 }
4185
mov_build_index(MOVContext * mov,AVStream * st)4186 static void mov_build_index(MOVContext *mov, AVStream *st)
4187 {
4188 MOVStreamContext *sc = st->priv_data;
4189 FFStream *const sti = ffstream(st);
4190 int64_t current_offset;
4191 int64_t current_dts = 0;
4192 unsigned int stts_index = 0;
4193 unsigned int stsc_index = 0;
4194 unsigned int stss_index = 0;
4195 unsigned int stps_index = 0;
4196 unsigned int i, j;
4197 uint64_t stream_size = 0;
4198 MOVCtts *ctts_data_old = sc->ctts_data;
4199 unsigned int ctts_count_old = sc->ctts_count;
4200
4201 int ret = build_open_gop_key_points(st);
4202 if (ret < 0)
4203 return;
4204
4205 if (sc->elst_count) {
4206 int i, edit_start_index = 0, multiple_edits = 0;
4207 int64_t empty_duration = 0; // empty duration of the first edit list entry
4208 int64_t start_time = 0; // start time of the media
4209
4210 for (i = 0; i < sc->elst_count; i++) {
4211 const MOVElst *e = &sc->elst_data[i];
4212 if (i == 0 && e->time == -1) {
4213 /* if empty, the first entry is the start time of the stream
4214 * relative to the presentation itself */
4215 empty_duration = e->duration;
4216 edit_start_index = 1;
4217 } else if (i == edit_start_index && e->time >= 0) {
4218 start_time = e->time;
4219 } else {
4220 multiple_edits = 1;
4221 }
4222 }
4223
4224 if (multiple_edits && !mov->advanced_editlist)
4225 av_log(mov->fc, AV_LOG_WARNING, "multiple edit list entries, "
4226 "Use -advanced_editlist to correctly decode otherwise "
4227 "a/v desync might occur\n");
4228
4229 /* adjust first dts according to edit list */
4230 if ((empty_duration || start_time) && mov->time_scale > 0) {
4231 if (empty_duration)
4232 empty_duration = av_rescale(empty_duration, sc->time_scale, mov->time_scale);
4233
4234 if (av_sat_sub64(start_time, empty_duration) != start_time - (uint64_t)empty_duration)
4235 av_log(mov->fc, AV_LOG_WARNING, "start_time - empty_duration is not representable\n");
4236
4237 sc->time_offset = start_time - (uint64_t)empty_duration;
4238 sc->min_corrected_pts = start_time;
4239 if (!mov->advanced_editlist)
4240 current_dts = -sc->time_offset;
4241 }
4242
4243 if (!multiple_edits && !mov->advanced_editlist &&
4244 st->codecpar->codec_id == AV_CODEC_ID_AAC && start_time > 0)
4245 sc->start_pad = start_time;
4246 }
4247
4248 /* only use old uncompressed audio chunk demuxing when stts specifies it */
4249 if (!(st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO &&
4250 sc->stts_count == 1 && sc->stts_data[0].duration == 1)) {
4251 unsigned int current_sample = 0;
4252 unsigned int stts_sample = 0;
4253 unsigned int sample_size;
4254 unsigned int distance = 0;
4255 unsigned int rap_group_index = 0;
4256 unsigned int rap_group_sample = 0;
4257 int rap_group_present = sc->rap_group_count && sc->rap_group;
4258 int key_off = (sc->keyframe_count && sc->keyframes[0] > 0) || (sc->stps_count && sc->stps_data[0] > 0);
4259
4260 current_dts -= sc->dts_shift;
4261
4262 if (!sc->sample_count || sti->nb_index_entries)
4263 return;
4264 if (sc->sample_count >= UINT_MAX / sizeof(*sti->index_entries) - sti->nb_index_entries)
4265 return;
4266 if (av_reallocp_array(&sti->index_entries,
4267 sti->nb_index_entries + sc->sample_count,
4268 sizeof(*sti->index_entries)) < 0) {
4269 sti->nb_index_entries = 0;
4270 return;
4271 }
4272 sti->index_entries_allocated_size = (sti->nb_index_entries + sc->sample_count) * sizeof(*sti->index_entries);
4273
4274 if (ctts_data_old) {
4275 // Expand ctts entries such that we have a 1-1 mapping with samples
4276 if (sc->sample_count >= UINT_MAX / sizeof(*sc->ctts_data))
4277 return;
4278 sc->ctts_count = 0;
4279 sc->ctts_allocated_size = 0;
4280 sc->ctts_data = av_fast_realloc(NULL, &sc->ctts_allocated_size,
4281 sc->sample_count * sizeof(*sc->ctts_data));
4282 if (!sc->ctts_data) {
4283 av_free(ctts_data_old);
4284 return;
4285 }
4286
4287 memset((uint8_t*)(sc->ctts_data), 0, sc->ctts_allocated_size);
4288
4289 for (i = 0; i < ctts_count_old &&
4290 sc->ctts_count < sc->sample_count; i++)
4291 for (j = 0; j < ctts_data_old[i].count &&
4292 sc->ctts_count < sc->sample_count; j++)
4293 add_ctts_entry(&sc->ctts_data, &sc->ctts_count,
4294 &sc->ctts_allocated_size, 1,
4295 ctts_data_old[i].duration);
4296 av_free(ctts_data_old);
4297 }
4298
4299 for (i = 0; i < sc->chunk_count; i++) {
4300 int64_t next_offset = i+1 < sc->chunk_count ? sc->chunk_offsets[i+1] : INT64_MAX;
4301 current_offset = sc->chunk_offsets[i];
4302 while (mov_stsc_index_valid(stsc_index, sc->stsc_count) &&
4303 i + 1 == sc->stsc_data[stsc_index + 1].first)
4304 stsc_index++;
4305
4306 if (next_offset > current_offset && sc->sample_size>0 && sc->sample_size < sc->stsz_sample_size &&
4307 sc->stsc_data[stsc_index].count * (int64_t)sc->stsz_sample_size > next_offset - current_offset) {
4308 av_log(mov->fc, AV_LOG_WARNING, "STSZ sample size %d invalid (too large), ignoring\n", sc->stsz_sample_size);
4309 sc->stsz_sample_size = sc->sample_size;
4310 }
4311 if (sc->stsz_sample_size>0 && sc->stsz_sample_size < sc->sample_size) {
4312 av_log(mov->fc, AV_LOG_WARNING, "STSZ sample size %d invalid (too small), ignoring\n", sc->stsz_sample_size);
4313 sc->stsz_sample_size = sc->sample_size;
4314 }
4315
4316 for (j = 0; j < sc->stsc_data[stsc_index].count; j++) {
4317 int keyframe = 0;
4318 if (current_sample >= sc->sample_count) {
4319 av_log(mov->fc, AV_LOG_ERROR, "wrong sample count\n");
4320 return;
4321 }
4322
4323 if (!sc->keyframe_absent && (!sc->keyframe_count || current_sample+key_off == sc->keyframes[stss_index])) {
4324 keyframe = 1;
4325 if (stss_index + 1 < sc->keyframe_count)
4326 stss_index++;
4327 } else if (sc->stps_count && current_sample+key_off == sc->stps_data[stps_index]) {
4328 keyframe = 1;
4329 if (stps_index + 1 < sc->stps_count)
4330 stps_index++;
4331 }
4332 if (rap_group_present && rap_group_index < sc->rap_group_count) {
4333 if (sc->rap_group[rap_group_index].index > 0)
4334 keyframe = 1;
4335 if (++rap_group_sample == sc->rap_group[rap_group_index].count) {
4336 rap_group_sample = 0;
4337 rap_group_index++;
4338 }
4339 }
4340 if (sc->keyframe_absent
4341 && !sc->stps_count
4342 && !rap_group_present
4343 && (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO || (i==0 && j==0)))
4344 keyframe = 1;
4345 if (keyframe)
4346 distance = 0;
4347 sample_size = sc->stsz_sample_size > 0 ? sc->stsz_sample_size : sc->sample_sizes[current_sample];
4348 if (current_offset > INT64_MAX - sample_size) {
4349 av_log(mov->fc, AV_LOG_ERROR, "Current offset %"PRId64" or sample size %u is too large\n",
4350 current_offset,
4351 sample_size);
4352 return;
4353 }
4354
4355 if (sc->pseudo_stream_id == -1 ||
4356 sc->stsc_data[stsc_index].id - 1 == sc->pseudo_stream_id) {
4357 AVIndexEntry *e;
4358 if (sample_size > 0x3FFFFFFF) {
4359 av_log(mov->fc, AV_LOG_ERROR, "Sample size %u is too large\n", sample_size);
4360 return;
4361 }
4362 e = &sti->index_entries[sti->nb_index_entries++];
4363 e->pos = current_offset;
4364 e->timestamp = current_dts;
4365 e->size = sample_size;
4366 e->min_distance = distance;
4367 e->flags = keyframe ? AVINDEX_KEYFRAME : 0;
4368 av_log(mov->fc, AV_LOG_TRACE, "AVIndex stream %d, sample %u, offset %"PRIx64", dts %"PRId64", "
4369 "size %u, distance %u, keyframe %d\n", st->index, current_sample,
4370 current_offset, current_dts, sample_size, distance, keyframe);
4371 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO && sti->nb_index_entries < 100)
4372 ff_rfps_add_frame(mov->fc, st, current_dts);
4373 }
4374
4375 current_offset += sample_size;
4376 stream_size += sample_size;
4377
4378 current_dts += sc->stts_data[stts_index].duration;
4379
4380 distance++;
4381 stts_sample++;
4382 current_sample++;
4383 if (stts_index + 1 < sc->stts_count && stts_sample == sc->stts_data[stts_index].count) {
4384 stts_sample = 0;
4385 stts_index++;
4386 }
4387 }
4388 }
4389 if (st->duration > 0)
4390 st->codecpar->bit_rate = stream_size*8*sc->time_scale/st->duration;
4391 } else {
4392 unsigned chunk_samples, total = 0;
4393
4394 if (!sc->chunk_count)
4395 return;
4396
4397 // compute total chunk count
4398 for (i = 0; i < sc->stsc_count; i++) {
4399 unsigned count, chunk_count;
4400
4401 chunk_samples = sc->stsc_data[i].count;
4402 if (i != sc->stsc_count - 1 &&
4403 sc->samples_per_frame && chunk_samples % sc->samples_per_frame) {
4404 av_log(mov->fc, AV_LOG_ERROR, "error unaligned chunk\n");
4405 return;
4406 }
4407
4408 if (sc->samples_per_frame >= 160) { // gsm
4409 count = chunk_samples / sc->samples_per_frame;
4410 } else if (sc->samples_per_frame > 1) {
4411 unsigned samples = (1024/sc->samples_per_frame)*sc->samples_per_frame;
4412 count = (chunk_samples+samples-1) / samples;
4413 } else {
4414 count = (chunk_samples+1023) / 1024;
4415 }
4416
4417 if (mov_stsc_index_valid(i, sc->stsc_count))
4418 chunk_count = sc->stsc_data[i+1].first - sc->stsc_data[i].first;
4419 else
4420 chunk_count = sc->chunk_count - (sc->stsc_data[i].first - 1);
4421 total += chunk_count * count;
4422 }
4423
4424 av_log(mov->fc, AV_LOG_TRACE, "chunk count %u\n", total);
4425 if (total >= UINT_MAX / sizeof(*sti->index_entries) - sti->nb_index_entries)
4426 return;
4427 if (av_reallocp_array(&sti->index_entries,
4428 sti->nb_index_entries + total,
4429 sizeof(*sti->index_entries)) < 0) {
4430 sti->nb_index_entries = 0;
4431 return;
4432 }
4433 sti->index_entries_allocated_size = (sti->nb_index_entries + total) * sizeof(*sti->index_entries);
4434
4435 // populate index
4436 for (i = 0; i < sc->chunk_count; i++) {
4437 current_offset = sc->chunk_offsets[i];
4438 if (mov_stsc_index_valid(stsc_index, sc->stsc_count) &&
4439 i + 1 == sc->stsc_data[stsc_index + 1].first)
4440 stsc_index++;
4441 chunk_samples = sc->stsc_data[stsc_index].count;
4442
4443 while (chunk_samples > 0) {
4444 AVIndexEntry *e;
4445 unsigned size, samples;
4446
4447 if (sc->samples_per_frame > 1 && !sc->bytes_per_frame) {
4448 avpriv_request_sample(mov->fc,
4449 "Zero bytes per frame, but %d samples per frame",
4450 sc->samples_per_frame);
4451 return;
4452 }
4453
4454 if (sc->samples_per_frame >= 160) { // gsm
4455 samples = sc->samples_per_frame;
4456 size = sc->bytes_per_frame;
4457 } else {
4458 if (sc->samples_per_frame > 1) {
4459 samples = FFMIN((1024 / sc->samples_per_frame)*
4460 sc->samples_per_frame, chunk_samples);
4461 size = (samples / sc->samples_per_frame) * sc->bytes_per_frame;
4462 } else {
4463 samples = FFMIN(1024, chunk_samples);
4464 size = samples * sc->sample_size;
4465 }
4466 }
4467
4468 if (sti->nb_index_entries >= total) {
4469 av_log(mov->fc, AV_LOG_ERROR, "wrong chunk count %u\n", total);
4470 return;
4471 }
4472 if (size > 0x3FFFFFFF) {
4473 av_log(mov->fc, AV_LOG_ERROR, "Sample size %u is too large\n", size);
4474 return;
4475 }
4476 e = &sti->index_entries[sti->nb_index_entries++];
4477 e->pos = current_offset;
4478 e->timestamp = current_dts;
4479 e->size = size;
4480 e->min_distance = 0;
4481 e->flags = AVINDEX_KEYFRAME;
4482 av_log(mov->fc, AV_LOG_TRACE, "AVIndex stream %d, chunk %u, offset %"PRIx64", dts %"PRId64", "
4483 "size %u, duration %u\n", st->index, i, current_offset, current_dts,
4484 size, samples);
4485
4486 current_offset += size;
4487 current_dts += samples;
4488 chunk_samples -= samples;
4489 }
4490 }
4491 }
4492
4493 if (!mov->ignore_editlist && mov->advanced_editlist) {
4494 // Fix index according to edit lists.
4495 mov_fix_index(mov, st);
4496 }
4497
4498 // Update start time of the stream.
4499 if (st->start_time == AV_NOPTS_VALUE && st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO && sti->nb_index_entries > 0) {
4500 st->start_time = sti->index_entries[0].timestamp + sc->dts_shift;
4501 if (sc->ctts_data) {
4502 st->start_time += sc->ctts_data[0].duration;
4503 }
4504 }
4505
4506 mov_estimate_video_delay(mov, st);
4507 }
4508
test_same_origin(const char * src,const char * ref)4509 static int test_same_origin(const char *src, const char *ref) {
4510 char src_proto[64];
4511 char ref_proto[64];
4512 char src_auth[256];
4513 char ref_auth[256];
4514 char src_host[256];
4515 char ref_host[256];
4516 int src_port=-1;
4517 int ref_port=-1;
4518
4519 av_url_split(src_proto, sizeof(src_proto), src_auth, sizeof(src_auth), src_host, sizeof(src_host), &src_port, NULL, 0, src);
4520 av_url_split(ref_proto, sizeof(ref_proto), ref_auth, sizeof(ref_auth), ref_host, sizeof(ref_host), &ref_port, NULL, 0, ref);
4521
4522 if (strlen(src) == 0) {
4523 return -1;
4524 } else if (strlen(src_auth) + 1 >= sizeof(src_auth) ||
4525 strlen(ref_auth) + 1 >= sizeof(ref_auth) ||
4526 strlen(src_host) + 1 >= sizeof(src_host) ||
4527 strlen(ref_host) + 1 >= sizeof(ref_host)) {
4528 return 0;
4529 } else if (strcmp(src_proto, ref_proto) ||
4530 strcmp(src_auth, ref_auth) ||
4531 strcmp(src_host, ref_host) ||
4532 src_port != ref_port) {
4533 return 0;
4534 } else
4535 return 1;
4536 }
4537
mov_open_dref(MOVContext * c,AVIOContext ** pb,const char * src,MOVDref * ref)4538 static int mov_open_dref(MOVContext *c, AVIOContext **pb, const char *src, MOVDref *ref)
4539 {
4540 /* try relative path, we do not try the absolute because it can leak information about our
4541 system to an attacker */
4542 if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
4543 char filename[1025];
4544 const char *src_path;
4545 int i, l;
4546
4547 /* find a source dir */
4548 src_path = strrchr(src, '/');
4549 if (src_path)
4550 src_path++;
4551 else
4552 src_path = src;
4553
4554 /* find a next level down to target */
4555 for (i = 0, l = strlen(ref->path) - 1; l >= 0; l--)
4556 if (ref->path[l] == '/') {
4557 if (i == ref->nlvl_to - 1)
4558 break;
4559 else
4560 i++;
4561 }
4562
4563 /* compose filename if next level down to target was found */
4564 if (i == ref->nlvl_to - 1 && src_path - src < sizeof(filename)) {
4565 memcpy(filename, src, src_path - src);
4566 filename[src_path - src] = 0;
4567
4568 for (i = 1; i < ref->nlvl_from; i++)
4569 av_strlcat(filename, "../", sizeof(filename));
4570
4571 av_strlcat(filename, ref->path + l + 1, sizeof(filename));
4572 if (!c->use_absolute_path) {
4573 int same_origin = test_same_origin(src, filename);
4574
4575 if (!same_origin) {
4576 av_log(c->fc, AV_LOG_ERROR,
4577 "Reference with mismatching origin, %s not tried for security reasons, "
4578 "set demuxer option use_absolute_path to allow it anyway\n",
4579 ref->path);
4580 return AVERROR(ENOENT);
4581 }
4582
4583 if (strstr(ref->path + l + 1, "..") ||
4584 strstr(ref->path + l + 1, ":") ||
4585 (ref->nlvl_from > 1 && same_origin < 0) ||
4586 (filename[0] == '/' && src_path == src))
4587 return AVERROR(ENOENT);
4588 }
4589
4590 if (strlen(filename) + 1 == sizeof(filename))
4591 return AVERROR(ENOENT);
4592 if (!c->fc->io_open(c->fc, pb, filename, AVIO_FLAG_READ, NULL))
4593 return 0;
4594 }
4595 } else if (c->use_absolute_path) {
4596 av_log(c->fc, AV_LOG_WARNING, "Using absolute path on user request, "
4597 "this is a possible security issue\n");
4598 if (!c->fc->io_open(c->fc, pb, ref->path, AVIO_FLAG_READ, NULL))
4599 return 0;
4600 } else {
4601 av_log(c->fc, AV_LOG_ERROR,
4602 "Absolute path %s not tried for security reasons, "
4603 "set demuxer option use_absolute_path to allow absolute paths\n",
4604 ref->path);
4605 }
4606
4607 return AVERROR(ENOENT);
4608 }
4609
fix_timescale(MOVContext * c,MOVStreamContext * sc)4610 static void fix_timescale(MOVContext *c, MOVStreamContext *sc)
4611 {
4612 if (sc->time_scale <= 0) {
4613 av_log(c->fc, AV_LOG_WARNING, "stream %d, timescale not set\n", sc->ffindex);
4614 sc->time_scale = c->time_scale;
4615 if (sc->time_scale <= 0)
4616 sc->time_scale = 1;
4617 }
4618 }
4619
mov_read_trak(MOVContext * c,AVIOContext * pb,MOVAtom atom)4620 static int mov_read_trak(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4621 {
4622 AVStream *st;
4623 MOVStreamContext *sc;
4624 int ret;
4625
4626 if (c->is_still_picture_avif) {
4627 return AVERROR_INVALIDDATA;
4628 }
4629
4630 st = avformat_new_stream(c->fc, NULL);
4631 if (!st) return AVERROR(ENOMEM);
4632 st->id = -1;
4633 sc = av_mallocz(sizeof(MOVStreamContext));
4634 if (!sc) return AVERROR(ENOMEM);
4635
4636 st->priv_data = sc;
4637 st->codecpar->codec_type = AVMEDIA_TYPE_DATA;
4638 sc->ffindex = st->index;
4639 c->trak_index = st->index;
4640
4641 if ((ret = mov_read_default(c, pb, atom)) < 0)
4642 return ret;
4643
4644 c->trak_index = -1;
4645
4646 // Here stsc refers to a chunk not described in stco. This is technically invalid,
4647 // but we can overlook it (clearing stsc) whenever stts_count == 0 (indicating no samples).
4648 if (!sc->chunk_count && !sc->stts_count && sc->stsc_count) {
4649 sc->stsc_count = 0;
4650 av_freep(&sc->stsc_data);
4651 }
4652
4653 /* sanity checks */
4654 if ((sc->chunk_count && (!sc->stts_count || !sc->stsc_count ||
4655 (!sc->sample_size && !sc->sample_count))) ||
4656 (!sc->chunk_count && sc->sample_count)) {
4657 av_log(c->fc, AV_LOG_ERROR, "stream %d, missing mandatory atoms, broken header\n",
4658 st->index);
4659 return 0;
4660 }
4661 if (sc->stsc_count && sc->stsc_data[ sc->stsc_count - 1 ].first > sc->chunk_count) {
4662 av_log(c->fc, AV_LOG_ERROR, "stream %d, contradictionary STSC and STCO\n",
4663 st->index);
4664 return AVERROR_INVALIDDATA;
4665 }
4666
4667 fix_timescale(c, sc);
4668
4669 avpriv_set_pts_info(st, 64, 1, sc->time_scale);
4670
4671 mov_build_index(c, st);
4672
4673 if (sc->dref_id-1 < sc->drefs_count && sc->drefs[sc->dref_id-1].path) {
4674 MOVDref *dref = &sc->drefs[sc->dref_id - 1];
4675 if (c->enable_drefs) {
4676 if (mov_open_dref(c, &sc->pb, c->fc->url, dref) < 0)
4677 av_log(c->fc, AV_LOG_ERROR,
4678 "stream %d, error opening alias: path='%s', dir='%s', "
4679 "filename='%s', volume='%s', nlvl_from=%d, nlvl_to=%d\n",
4680 st->index, dref->path, dref->dir, dref->filename,
4681 dref->volume, dref->nlvl_from, dref->nlvl_to);
4682 } else {
4683 av_log(c->fc, AV_LOG_WARNING,
4684 "Skipped opening external track: "
4685 "stream %d, alias: path='%s', dir='%s', "
4686 "filename='%s', volume='%s', nlvl_from=%d, nlvl_to=%d."
4687 "Set enable_drefs to allow this.\n",
4688 st->index, dref->path, dref->dir, dref->filename,
4689 dref->volume, dref->nlvl_from, dref->nlvl_to);
4690 }
4691 } else {
4692 sc->pb = c->fc->pb;
4693 sc->pb_is_copied = 1;
4694 }
4695
4696 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) {
4697 if (!st->sample_aspect_ratio.num && st->codecpar->width && st->codecpar->height &&
4698 sc->height && sc->width &&
4699 (st->codecpar->width != sc->width || st->codecpar->height != sc->height)) {
4700 st->sample_aspect_ratio = av_d2q(((double)st->codecpar->height * sc->width) /
4701 ((double)st->codecpar->width * sc->height), INT_MAX);
4702 }
4703
4704 #if FF_API_R_FRAME_RATE
4705 if (sc->stts_count == 1 || (sc->stts_count == 2 && sc->stts_data[1].count == 1))
4706 av_reduce(&st->r_frame_rate.num, &st->r_frame_rate.den,
4707 sc->time_scale, sc->stts_data[0].duration, INT_MAX);
4708 #endif
4709 }
4710
4711 // done for ai5q, ai52, ai55, ai1q, ai12 and ai15.
4712 if (!st->codecpar->extradata_size && st->codecpar->codec_id == AV_CODEC_ID_H264 &&
4713 TAG_IS_AVCI(st->codecpar->codec_tag)) {
4714 ret = ff_generate_avci_extradata(st);
4715 if (ret < 0)
4716 return ret;
4717 }
4718
4719 switch (st->codecpar->codec_id) {
4720 #if CONFIG_H261_DECODER
4721 case AV_CODEC_ID_H261:
4722 #endif
4723 #if CONFIG_H263_DECODER
4724 case AV_CODEC_ID_H263:
4725 #endif
4726 #if CONFIG_MPEG4_DECODER
4727 case AV_CODEC_ID_MPEG4:
4728 #endif
4729 st->codecpar->width = 0; /* let decoder init width/height */
4730 st->codecpar->height= 0;
4731 break;
4732 }
4733
4734 // If the duration of the mp3 packets is not constant, then they could need a parser
4735 if (st->codecpar->codec_id == AV_CODEC_ID_MP3
4736 && sc->stts_count > 3
4737 && sc->stts_count*10 > st->nb_frames
4738 && sc->time_scale == st->codecpar->sample_rate) {
4739 ffstream(st)->need_parsing = AVSTREAM_PARSE_FULL;
4740 }
4741 /* Do not need those anymore. */
4742 av_freep(&sc->chunk_offsets);
4743 av_freep(&sc->sample_sizes);
4744 av_freep(&sc->keyframes);
4745 av_freep(&sc->stts_data);
4746 av_freep(&sc->stps_data);
4747 av_freep(&sc->elst_data);
4748 av_freep(&sc->rap_group);
4749 av_freep(&sc->sync_group);
4750 av_freep(&sc->sgpd_sync);
4751
4752 return 0;
4753 }
4754
mov_read_ilst(MOVContext * c,AVIOContext * pb,MOVAtom atom)4755 static int mov_read_ilst(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4756 {
4757 int ret;
4758 c->itunes_metadata = 1;
4759 ret = mov_read_default(c, pb, atom);
4760 c->itunes_metadata = 0;
4761 return ret;
4762 }
4763
mov_read_keys(MOVContext * c,AVIOContext * pb,MOVAtom atom)4764 static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4765 {
4766 uint32_t count;
4767 uint32_t i;
4768
4769 if (atom.size < 8)
4770 return 0;
4771
4772 avio_skip(pb, 4);
4773 count = avio_rb32(pb);
4774 if (count > UINT_MAX / sizeof(*c->meta_keys) - 1) {
4775 av_log(c->fc, AV_LOG_ERROR,
4776 "The 'keys' atom with the invalid key count: %"PRIu32"\n", count);
4777 return AVERROR_INVALIDDATA;
4778 }
4779
4780 c->meta_keys_count = count + 1;
4781 c->meta_keys = av_mallocz(c->meta_keys_count * sizeof(*c->meta_keys));
4782 if (!c->meta_keys)
4783 return AVERROR(ENOMEM);
4784
4785 for (i = 1; i <= count; ++i) {
4786 uint32_t key_size = avio_rb32(pb);
4787 uint32_t type = avio_rl32(pb);
4788 if (key_size < 8) {
4789 av_log(c->fc, AV_LOG_ERROR,
4790 "The key# %"PRIu32" in meta has invalid size:"
4791 "%"PRIu32"\n", i, key_size);
4792 return AVERROR_INVALIDDATA;
4793 }
4794 key_size -= 8;
4795 if (type != MKTAG('m','d','t','a')) {
4796 avio_skip(pb, key_size);
4797 }
4798 #ifdef OHOS_MOOV_LEVEL_META
4799 char* tempKey = av_mallocz(key_size + 1);
4800 if (!tempKey) {
4801 return AVERROR(ENOMEM);
4802 }
4803 avio_read(pb, tempKey, key_size);
4804 c->meta_keys[i] = av_asprintf("%s%s", "moov_level_meta_key_", tempKey);
4805 av_freep(&tempKey);
4806 #else
4807 c->meta_keys[i] = av_mallocz(key_size + 1);
4808 if (!c->meta_keys[i])
4809 return AVERROR(ENOMEM);
4810 avio_read(pb, c->meta_keys[i], key_size);
4811 #endif
4812 }
4813
4814 return 0;
4815 }
4816
mov_read_custom(MOVContext * c,AVIOContext * pb,MOVAtom atom)4817 static int mov_read_custom(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4818 {
4819 int64_t end = av_sat_add64(avio_tell(pb), atom.size);
4820 uint8_t *key = NULL, *val = NULL, *mean = NULL;
4821 int i;
4822 int ret = 0;
4823 AVStream *st;
4824 MOVStreamContext *sc;
4825
4826 if (c->fc->nb_streams < 1)
4827 return 0;
4828 st = c->fc->streams[c->fc->nb_streams-1];
4829 sc = st->priv_data;
4830
4831 for (i = 0; i < 3; i++) {
4832 uint8_t **p;
4833 uint32_t len, tag;
4834
4835 if (end - avio_tell(pb) <= 12)
4836 break;
4837
4838 len = avio_rb32(pb);
4839 tag = avio_rl32(pb);
4840 avio_skip(pb, 4); // flags
4841
4842 if (len < 12 || len - 12 > end - avio_tell(pb))
4843 break;
4844 len -= 12;
4845
4846 if (tag == MKTAG('m', 'e', 'a', 'n'))
4847 p = &mean;
4848 else if (tag == MKTAG('n', 'a', 'm', 'e'))
4849 p = &key;
4850 else if (tag == MKTAG('d', 'a', 't', 'a') && len > 4) {
4851 avio_skip(pb, 4);
4852 len -= 4;
4853 p = &val;
4854 } else
4855 break;
4856
4857 if (*p)
4858 break;
4859
4860 *p = av_malloc(len + 1);
4861 if (!*p) {
4862 ret = AVERROR(ENOMEM);
4863 break;
4864 }
4865 ret = ffio_read_size(pb, *p, len);
4866 if (ret < 0) {
4867 av_freep(p);
4868 break;
4869 }
4870 (*p)[len] = 0;
4871 }
4872
4873 if (mean && key && val) {
4874 if (strcmp(key, "iTunSMPB") == 0) {
4875 int priming, remainder, samples;
4876 if(sscanf(val, "%*X %X %X %X", &priming, &remainder, &samples) == 3){
4877 if(priming>0 && priming<16384)
4878 sc->start_pad = priming;
4879 }
4880 }
4881 if (strcmp(key, "cdec") != 0) {
4882 av_dict_set(&c->fc->metadata, key, val,
4883 AV_DICT_DONT_STRDUP_KEY | AV_DICT_DONT_STRDUP_VAL);
4884 key = val = NULL;
4885 }
4886 } else {
4887 av_log(c->fc, AV_LOG_VERBOSE,
4888 "Unhandled or malformed custom metadata of size %"PRId64"\n", atom.size);
4889 }
4890
4891 avio_seek(pb, end, SEEK_SET);
4892 av_freep(&key);
4893 av_freep(&val);
4894 av_freep(&mean);
4895 return ret;
4896 }
4897
mov_read_meta(MOVContext * c,AVIOContext * pb,MOVAtom atom)4898 static int mov_read_meta(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4899 {
4900 while (atom.size > 8) {
4901 uint32_t tag;
4902 if (avio_feof(pb))
4903 return AVERROR_EOF;
4904 tag = avio_rl32(pb);
4905 atom.size -= 4;
4906 if (tag == MKTAG('h','d','l','r')) {
4907 avio_seek(pb, -8, SEEK_CUR);
4908 atom.size += 8;
4909 return mov_read_default(c, pb, atom);
4910 }
4911 }
4912 return 0;
4913 }
4914
4915 // return 1 when matrix is identity, 0 otherwise
4916 #define IS_MATRIX_IDENT(matrix) \
4917 ( (matrix)[0][0] == (1 << 16) && \
4918 (matrix)[1][1] == (1 << 16) && \
4919 (matrix)[2][2] == (1 << 30) && \
4920 !(matrix)[0][1] && !(matrix)[0][2] && \
4921 !(matrix)[1][0] && !(matrix)[1][2] && \
4922 !(matrix)[2][0] && !(matrix)[2][1])
4923
mov_read_tkhd(MOVContext * c,AVIOContext * pb,MOVAtom atom)4924 static int mov_read_tkhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
4925 {
4926 int i, j, e;
4927 int width;
4928 int height;
4929 int display_matrix[3][3];
4930 int res_display_matrix[3][3] = { { 0 } };
4931 AVStream *st;
4932 MOVStreamContext *sc;
4933 int version;
4934 int flags;
4935
4936 if (c->fc->nb_streams < 1)
4937 return 0;
4938 st = c->fc->streams[c->fc->nb_streams-1];
4939 sc = st->priv_data;
4940
4941 // Each stream (trak) should have exactly 1 tkhd. This catches bad files and
4942 // avoids corrupting AVStreams mapped to an earlier tkhd.
4943 if (st->id != -1)
4944 return AVERROR_INVALIDDATA;
4945
4946 version = avio_r8(pb);
4947 flags = avio_rb24(pb);
4948 st->disposition |= (flags & MOV_TKHD_FLAG_ENABLED) ? AV_DISPOSITION_DEFAULT : 0;
4949
4950 if (version == 1) {
4951 avio_rb64(pb);
4952 avio_rb64(pb);
4953 } else {
4954 avio_rb32(pb); /* creation time */
4955 avio_rb32(pb); /* modification time */
4956 }
4957 st->id = (int)avio_rb32(pb); /* track id (NOT 0 !)*/
4958 avio_rb32(pb); /* reserved */
4959
4960 /* highlevel (considering edits) duration in movie timebase */
4961 (version == 1) ? avio_rb64(pb) : avio_rb32(pb);
4962 avio_rb32(pb); /* reserved */
4963 avio_rb32(pb); /* reserved */
4964
4965 avio_rb16(pb); /* layer */
4966 avio_rb16(pb); /* alternate group */
4967 avio_rb16(pb); /* volume */
4968 avio_rb16(pb); /* reserved */
4969
4970 //read in the display matrix (outlined in ISO 14496-12, Section 6.2.2)
4971 // they're kept in fixed point format through all calculations
4972 // save u,v,z to store the whole matrix in the AV_PKT_DATA_DISPLAYMATRIX
4973 // side data, but the scale factor is not needed to calculate aspect ratio
4974 for (i = 0; i < 3; i++) {
4975 display_matrix[i][0] = avio_rb32(pb); // 16.16 fixed point
4976 display_matrix[i][1] = avio_rb32(pb); // 16.16 fixed point
4977 display_matrix[i][2] = avio_rb32(pb); // 2.30 fixed point
4978 }
4979
4980 width = avio_rb32(pb); // 16.16 fixed point track width
4981 height = avio_rb32(pb); // 16.16 fixed point track height
4982 sc->width = width >> 16;
4983 sc->height = height >> 16;
4984
4985 // apply the moov display matrix (after the tkhd one)
4986 for (i = 0; i < 3; i++) {
4987 const int sh[3] = { 16, 16, 30 };
4988 for (j = 0; j < 3; j++) {
4989 for (e = 0; e < 3; e++) {
4990 res_display_matrix[i][j] +=
4991 ((int64_t) display_matrix[i][e] *
4992 c->movie_display_matrix[e][j]) >> sh[e];
4993 }
4994 }
4995 }
4996
4997 // save the matrix when it is not the default identity
4998 if (!IS_MATRIX_IDENT(res_display_matrix)) {
4999 av_freep(&sc->display_matrix);
5000 sc->display_matrix = av_malloc(sizeof(int32_t) * 9);
5001 if (!sc->display_matrix)
5002 return AVERROR(ENOMEM);
5003
5004 for (i = 0; i < 3; i++)
5005 for (j = 0; j < 3; j++)
5006 sc->display_matrix[i * 3 + j] = res_display_matrix[i][j];
5007 }
5008
5009 // transform the display width/height according to the matrix
5010 // to keep the same scale, use [width height 1<<16]
5011 if (width && height && sc->display_matrix) {
5012 double disp_transform[2];
5013
5014 for (i = 0; i < 2; i++)
5015 disp_transform[i] = hypot(sc->display_matrix[0 + i],
5016 sc->display_matrix[3 + i]);
5017
5018 if (disp_transform[0] > 1 && disp_transform[1] > 1 &&
5019 disp_transform[0] < (1<<24) && disp_transform[1] < (1<<24) &&
5020 fabs((disp_transform[0] / disp_transform[1]) - 1.0) > 0.01)
5021 st->sample_aspect_ratio = av_d2q(
5022 disp_transform[0] / disp_transform[1],
5023 INT_MAX);
5024 }
5025 return 0;
5026 }
5027
mov_read_tfhd(MOVContext * c,AVIOContext * pb,MOVAtom atom)5028 static int mov_read_tfhd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5029 {
5030 MOVFragment *frag = &c->fragment;
5031 MOVTrackExt *trex = NULL;
5032 int flags, track_id, i;
5033 MOVFragmentStreamInfo * frag_stream_info;
5034
5035 avio_r8(pb); /* version */
5036 flags = avio_rb24(pb);
5037
5038 track_id = avio_rb32(pb);
5039 if (!track_id)
5040 return AVERROR_INVALIDDATA;
5041 for (i = 0; i < c->trex_count; i++)
5042 if (c->trex_data[i].track_id == track_id) {
5043 trex = &c->trex_data[i];
5044 break;
5045 }
5046 if (!trex) {
5047 av_log(c->fc, AV_LOG_WARNING, "could not find corresponding trex (id %u)\n", track_id);
5048 return 0;
5049 }
5050 c->fragment.found_tfhd = 1;
5051 frag->track_id = track_id;
5052 set_frag_stream(&c->frag_index, track_id);
5053
5054 frag->base_data_offset = flags & MOV_TFHD_BASE_DATA_OFFSET ?
5055 avio_rb64(pb) : flags & MOV_TFHD_DEFAULT_BASE_IS_MOOF ?
5056 frag->moof_offset : frag->implicit_offset;
5057 frag->stsd_id = flags & MOV_TFHD_STSD_ID ? avio_rb32(pb) : trex->stsd_id;
5058
5059 frag->duration = flags & MOV_TFHD_DEFAULT_DURATION ?
5060 avio_rb32(pb) : trex->duration;
5061 frag->size = flags & MOV_TFHD_DEFAULT_SIZE ?
5062 avio_rb32(pb) : trex->size;
5063 frag->flags = flags & MOV_TFHD_DEFAULT_FLAGS ?
5064 avio_rb32(pb) : trex->flags;
5065 av_log(c->fc, AV_LOG_TRACE, "frag flags 0x%x\n", frag->flags);
5066
5067 frag_stream_info = get_current_frag_stream_info(&c->frag_index);
5068 if (frag_stream_info)
5069 frag_stream_info->next_trun_dts = AV_NOPTS_VALUE;
5070
5071 return 0;
5072 }
5073
mov_read_chap(MOVContext * c,AVIOContext * pb,MOVAtom atom)5074 static int mov_read_chap(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5075 {
5076 unsigned i, num;
5077 void *new_tracks;
5078
5079 num = atom.size / 4;
5080 if (!(new_tracks = av_malloc_array(num, sizeof(int))))
5081 return AVERROR(ENOMEM);
5082
5083 av_free(c->chapter_tracks);
5084 c->chapter_tracks = new_tracks;
5085 c->nb_chapter_tracks = num;
5086
5087 for (i = 0; i < num && !pb->eof_reached; i++)
5088 c->chapter_tracks[i] = avio_rb32(pb);
5089
5090 c->nb_chapter_tracks = i;
5091
5092 return 0;
5093 }
5094
mov_read_trex(MOVContext * c,AVIOContext * pb,MOVAtom atom)5095 static int mov_read_trex(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5096 {
5097 MOVTrackExt *trex;
5098 int err;
5099
5100 if ((uint64_t)c->trex_count+1 >= UINT_MAX / sizeof(*c->trex_data))
5101 return AVERROR_INVALIDDATA;
5102 if ((err = av_reallocp_array(&c->trex_data, c->trex_count + 1,
5103 sizeof(*c->trex_data))) < 0) {
5104 c->trex_count = 0;
5105 return err;
5106 }
5107
5108 c->fc->duration = AV_NOPTS_VALUE; // the duration from mvhd is not representing the whole file when fragments are used.
5109
5110 trex = &c->trex_data[c->trex_count++];
5111 avio_r8(pb); /* version */
5112 avio_rb24(pb); /* flags */
5113 trex->track_id = avio_rb32(pb);
5114 trex->stsd_id = avio_rb32(pb);
5115 trex->duration = avio_rb32(pb);
5116 trex->size = avio_rb32(pb);
5117 trex->flags = avio_rb32(pb);
5118 return 0;
5119 }
5120
mov_read_tfdt(MOVContext * c,AVIOContext * pb,MOVAtom atom)5121 static int mov_read_tfdt(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5122 {
5123 MOVFragment *frag = &c->fragment;
5124 AVStream *st = NULL;
5125 MOVStreamContext *sc;
5126 int version, i;
5127 MOVFragmentStreamInfo * frag_stream_info;
5128 int64_t base_media_decode_time;
5129
5130 for (i = 0; i < c->fc->nb_streams; i++) {
5131 if (c->fc->streams[i]->id == frag->track_id) {
5132 st = c->fc->streams[i];
5133 break;
5134 }
5135 }
5136 if (!st) {
5137 av_log(c->fc, AV_LOG_WARNING, "could not find corresponding track id %u\n", frag->track_id);
5138 return 0;
5139 }
5140 sc = st->priv_data;
5141 if (sc->pseudo_stream_id + 1 != frag->stsd_id && sc->pseudo_stream_id != -1)
5142 return 0;
5143 version = avio_r8(pb);
5144 avio_rb24(pb); /* flags */
5145 if (version) {
5146 base_media_decode_time = avio_rb64(pb);
5147 } else {
5148 base_media_decode_time = avio_rb32(pb);
5149 }
5150
5151 frag_stream_info = get_current_frag_stream_info(&c->frag_index);
5152 if (frag_stream_info)
5153 frag_stream_info->tfdt_dts = base_media_decode_time;
5154 sc->track_end = base_media_decode_time;
5155
5156 return 0;
5157 }
5158
mov_read_trun(MOVContext * c,AVIOContext * pb,MOVAtom atom)5159 static int mov_read_trun(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5160 {
5161 MOVFragment *frag = &c->fragment;
5162 AVStream *st = NULL;
5163 FFStream *sti = NULL;
5164 MOVStreamContext *sc;
5165 MOVCtts *ctts_data;
5166 uint64_t offset;
5167 int64_t dts, pts = AV_NOPTS_VALUE;
5168 int data_offset = 0;
5169 unsigned entries, first_sample_flags = frag->flags;
5170 int flags, distance, i;
5171 int64_t prev_dts = AV_NOPTS_VALUE;
5172 int next_frag_index = -1, index_entry_pos;
5173 size_t requested_size;
5174 size_t old_ctts_allocated_size;
5175 AVIndexEntry *new_entries;
5176 MOVFragmentStreamInfo * frag_stream_info;
5177
5178 if (!frag->found_tfhd) {
5179 av_log(c->fc, AV_LOG_ERROR, "trun track id unknown, no tfhd was found\n");
5180 return AVERROR_INVALIDDATA;
5181 }
5182
5183 for (i = 0; i < c->fc->nb_streams; i++) {
5184 if (c->fc->streams[i]->id == frag->track_id) {
5185 st = c->fc->streams[i];
5186 sti = ffstream(st);
5187 break;
5188 }
5189 }
5190 if (!st) {
5191 av_log(c->fc, AV_LOG_WARNING, "could not find corresponding track id %u\n", frag->track_id);
5192 return 0;
5193 }
5194 sc = st->priv_data;
5195 if (sc->pseudo_stream_id+1 != frag->stsd_id && sc->pseudo_stream_id != -1)
5196 return 0;
5197
5198 // Find the next frag_index index that has a valid index_entry for
5199 // the current track_id.
5200 //
5201 // A valid index_entry means the trun for the fragment was read
5202 // and it's samples are in index_entries at the given position.
5203 // New index entries will be inserted before the index_entry found.
5204 index_entry_pos = sti->nb_index_entries;
5205 for (i = c->frag_index.current + 1; i < c->frag_index.nb_items; i++) {
5206 frag_stream_info = get_frag_stream_info(&c->frag_index, i, frag->track_id);
5207 if (frag_stream_info && frag_stream_info->index_entry >= 0) {
5208 next_frag_index = i;
5209 index_entry_pos = frag_stream_info->index_entry;
5210 break;
5211 }
5212 }
5213 av_assert0(index_entry_pos <= sti->nb_index_entries);
5214
5215 avio_r8(pb); /* version */
5216 flags = avio_rb24(pb);
5217 entries = avio_rb32(pb);
5218 av_log(c->fc, AV_LOG_TRACE, "flags 0x%x entries %u\n", flags, entries);
5219
5220 if ((uint64_t)entries+sc->ctts_count >= UINT_MAX/sizeof(*sc->ctts_data))
5221 return AVERROR_INVALIDDATA;
5222 if (flags & MOV_TRUN_DATA_OFFSET) data_offset = avio_rb32(pb);
5223 if (flags & MOV_TRUN_FIRST_SAMPLE_FLAGS) first_sample_flags = avio_rb32(pb);
5224
5225 frag_stream_info = get_current_frag_stream_info(&c->frag_index);
5226 if (frag_stream_info) {
5227 if (frag_stream_info->next_trun_dts != AV_NOPTS_VALUE) {
5228 dts = frag_stream_info->next_trun_dts - sc->time_offset;
5229 } else if (frag_stream_info->first_tfra_pts != AV_NOPTS_VALUE &&
5230 c->use_mfra_for == FF_MOV_FLAG_MFRA_PTS) {
5231 pts = frag_stream_info->first_tfra_pts;
5232 av_log(c->fc, AV_LOG_DEBUG, "found mfra time %"PRId64
5233 ", using it for pts\n", pts);
5234 } else if (frag_stream_info->first_tfra_pts != AV_NOPTS_VALUE &&
5235 c->use_mfra_for == FF_MOV_FLAG_MFRA_DTS) {
5236 dts = frag_stream_info->first_tfra_pts;
5237 av_log(c->fc, AV_LOG_DEBUG, "found mfra time %"PRId64
5238 ", using it for dts\n", pts);
5239 } else {
5240 int has_tfdt = frag_stream_info->tfdt_dts != AV_NOPTS_VALUE;
5241 int has_sidx = frag_stream_info->sidx_pts != AV_NOPTS_VALUE;
5242 int fallback_tfdt = !c->use_tfdt && !has_sidx && has_tfdt;
5243 int fallback_sidx = c->use_tfdt && !has_tfdt && has_sidx;
5244
5245 if (fallback_sidx) {
5246 av_log(c->fc, AV_LOG_DEBUG, "use_tfdt set but no tfdt found, using sidx instead\n");
5247 }
5248 if (fallback_tfdt) {
5249 av_log(c->fc, AV_LOG_DEBUG, "use_tfdt not set but no sidx found, using tfdt instead\n");
5250 }
5251
5252 if (has_tfdt && c->use_tfdt || fallback_tfdt) {
5253 dts = frag_stream_info->tfdt_dts - sc->time_offset;
5254 av_log(c->fc, AV_LOG_DEBUG, "found tfdt time %"PRId64
5255 ", using it for dts\n", dts);
5256 } else if (has_sidx && !c->use_tfdt || fallback_sidx) {
5257 // FIXME: sidx earliest_presentation_time is *PTS*, s.b.
5258 // pts = frag_stream_info->sidx_pts;
5259 dts = frag_stream_info->sidx_pts - sc->time_offset;
5260 av_log(c->fc, AV_LOG_DEBUG, "found sidx time %"PRId64
5261 ", using it for dts\n", frag_stream_info->sidx_pts);
5262 } else {
5263 dts = sc->track_end - sc->time_offset;
5264 av_log(c->fc, AV_LOG_DEBUG, "found track end time %"PRId64
5265 ", using it for dts\n", dts);
5266 }
5267 }
5268 } else {
5269 dts = sc->track_end - sc->time_offset;
5270 av_log(c->fc, AV_LOG_DEBUG, "found track end time %"PRId64
5271 ", using it for dts\n", dts);
5272 }
5273 offset = frag->base_data_offset + data_offset;
5274 distance = 0;
5275 av_log(c->fc, AV_LOG_TRACE, "first sample flags 0x%x\n", first_sample_flags);
5276
5277 // realloc space for new index entries
5278 if ((uint64_t)sti->nb_index_entries + entries >= UINT_MAX / sizeof(AVIndexEntry)) {
5279 entries = UINT_MAX / sizeof(AVIndexEntry) - sti->nb_index_entries;
5280 av_log(c->fc, AV_LOG_ERROR, "Failed to add index entry\n");
5281 }
5282 if (entries == 0)
5283 return 0;
5284
5285 requested_size = (sti->nb_index_entries + entries) * sizeof(AVIndexEntry);
5286 new_entries = av_fast_realloc(sti->index_entries,
5287 &sti->index_entries_allocated_size,
5288 requested_size);
5289 if (!new_entries)
5290 return AVERROR(ENOMEM);
5291 sti->index_entries= new_entries;
5292
5293 requested_size = (sti->nb_index_entries + entries) * sizeof(*sc->ctts_data);
5294 old_ctts_allocated_size = sc->ctts_allocated_size;
5295 ctts_data = av_fast_realloc(sc->ctts_data, &sc->ctts_allocated_size,
5296 requested_size);
5297 if (!ctts_data)
5298 return AVERROR(ENOMEM);
5299 sc->ctts_data = ctts_data;
5300
5301 // In case there were samples without ctts entries, ensure they get
5302 // zero valued entries. This ensures clips which mix boxes with and
5303 // without ctts entries don't pickup uninitialized data.
5304 memset((uint8_t*)(sc->ctts_data) + old_ctts_allocated_size, 0,
5305 sc->ctts_allocated_size - old_ctts_allocated_size);
5306
5307 if (index_entry_pos < sti->nb_index_entries) {
5308 // Make hole in index_entries and ctts_data for new samples
5309 memmove(sti->index_entries + index_entry_pos + entries,
5310 sti->index_entries + index_entry_pos,
5311 sizeof(*sti->index_entries) *
5312 (sti->nb_index_entries - index_entry_pos));
5313 memmove(sc->ctts_data + index_entry_pos + entries,
5314 sc->ctts_data + index_entry_pos,
5315 sizeof(*sc->ctts_data) * (sc->ctts_count - index_entry_pos));
5316 if (index_entry_pos < sc->current_sample) {
5317 sc->current_sample += entries;
5318 }
5319 }
5320
5321 sti->nb_index_entries += entries;
5322 sc->ctts_count = sti->nb_index_entries;
5323
5324 // Record the index_entry position in frag_index of this fragment
5325 if (frag_stream_info)
5326 frag_stream_info->index_entry = index_entry_pos;
5327
5328 if (index_entry_pos > 0)
5329 prev_dts = sti->index_entries[index_entry_pos-1].timestamp;
5330
5331 for (i = 0; i < entries && !pb->eof_reached; i++) {
5332 unsigned sample_size = frag->size;
5333 int sample_flags = i ? frag->flags : first_sample_flags;
5334 unsigned sample_duration = frag->duration;
5335 unsigned ctts_duration = 0;
5336 int keyframe = 0;
5337 int index_entry_flags = 0;
5338
5339 if (flags & MOV_TRUN_SAMPLE_DURATION) sample_duration = avio_rb32(pb);
5340 if (flags & MOV_TRUN_SAMPLE_SIZE) sample_size = avio_rb32(pb);
5341 if (flags & MOV_TRUN_SAMPLE_FLAGS) sample_flags = avio_rb32(pb);
5342 if (flags & MOV_TRUN_SAMPLE_CTS) ctts_duration = avio_rb32(pb);
5343
5344 mov_update_dts_shift(sc, ctts_duration, c->fc);
5345 if (pts != AV_NOPTS_VALUE) {
5346 dts = pts - sc->dts_shift;
5347 if (flags & MOV_TRUN_SAMPLE_CTS) {
5348 dts -= ctts_duration;
5349 } else {
5350 dts -= sc->time_offset;
5351 }
5352 av_log(c->fc, AV_LOG_DEBUG,
5353 "pts %"PRId64" calculated dts %"PRId64
5354 " sc->dts_shift %d ctts.duration %d"
5355 " sc->time_offset %"PRId64
5356 " flags & MOV_TRUN_SAMPLE_CTS %d\n",
5357 pts, dts,
5358 sc->dts_shift, ctts_duration,
5359 sc->time_offset, flags & MOV_TRUN_SAMPLE_CTS);
5360 pts = AV_NOPTS_VALUE;
5361 }
5362
5363 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO)
5364 keyframe = 1;
5365 else
5366 keyframe =
5367 !(sample_flags & (MOV_FRAG_SAMPLE_FLAG_IS_NON_SYNC |
5368 MOV_FRAG_SAMPLE_FLAG_DEPENDS_YES));
5369 if (keyframe) {
5370 distance = 0;
5371 index_entry_flags |= AVINDEX_KEYFRAME;
5372 }
5373 // Fragments can overlap in time. Discard overlapping frames after
5374 // decoding.
5375 if (prev_dts >= dts)
5376 index_entry_flags |= AVINDEX_DISCARD_FRAME;
5377
5378 sti->index_entries[index_entry_pos].pos = offset;
5379 sti->index_entries[index_entry_pos].timestamp = dts;
5380 sti->index_entries[index_entry_pos].size = sample_size;
5381 sti->index_entries[index_entry_pos].min_distance = distance;
5382 sti->index_entries[index_entry_pos].flags = index_entry_flags;
5383
5384 sc->ctts_data[index_entry_pos].count = 1;
5385 sc->ctts_data[index_entry_pos].duration = ctts_duration;
5386 index_entry_pos++;
5387
5388 av_log(c->fc, AV_LOG_TRACE, "AVIndex stream %d, sample %d, offset %"PRIx64", dts %"PRId64", "
5389 "size %u, distance %d, keyframe %d\n", st->index,
5390 index_entry_pos, offset, dts, sample_size, distance, keyframe);
5391 distance++;
5392 if (av_sat_add64(dts, sample_duration) != dts + (uint64_t)sample_duration)
5393 return AVERROR_INVALIDDATA;
5394 if (!sample_size)
5395 return AVERROR_INVALIDDATA;
5396 dts += sample_duration;
5397 offset += sample_size;
5398 sc->data_size += sample_size;
5399
5400 if (sample_duration <= INT64_MAX - sc->duration_for_fps &&
5401 1 <= INT_MAX - sc->nb_frames_for_fps
5402 ) {
5403 sc->duration_for_fps += sample_duration;
5404 sc->nb_frames_for_fps ++;
5405 }
5406 }
5407 if (frag_stream_info)
5408 frag_stream_info->next_trun_dts = dts + sc->time_offset;
5409 if (i < entries) {
5410 // EOF found before reading all entries. Fix the hole this would
5411 // leave in index_entries and ctts_data
5412 int gap = entries - i;
5413 memmove(sti->index_entries + index_entry_pos,
5414 sti->index_entries + index_entry_pos + gap,
5415 sizeof(*sti->index_entries) *
5416 (sti->nb_index_entries - (index_entry_pos + gap)));
5417 memmove(sc->ctts_data + index_entry_pos,
5418 sc->ctts_data + index_entry_pos + gap,
5419 sizeof(*sc->ctts_data) *
5420 (sc->ctts_count - (index_entry_pos + gap)));
5421
5422 sti->nb_index_entries -= gap;
5423 sc->ctts_count -= gap;
5424 if (index_entry_pos < sc->current_sample) {
5425 sc->current_sample -= gap;
5426 }
5427 entries = i;
5428 }
5429
5430 // The end of this new fragment may overlap in time with the start
5431 // of the next fragment in index_entries. Mark the samples in the next
5432 // fragment that overlap with AVINDEX_DISCARD_FRAME
5433 prev_dts = AV_NOPTS_VALUE;
5434 if (index_entry_pos > 0)
5435 prev_dts = sti->index_entries[index_entry_pos-1].timestamp;
5436 for (int i = index_entry_pos; i < sti->nb_index_entries; i++) {
5437 if (prev_dts < sti->index_entries[i].timestamp)
5438 break;
5439 sti->index_entries[i].flags |= AVINDEX_DISCARD_FRAME;
5440 }
5441
5442 // If a hole was created to insert the new index_entries into,
5443 // the index_entry recorded for all subsequent moof must
5444 // be incremented by the number of entries inserted.
5445 fix_frag_index_entries(&c->frag_index, next_frag_index,
5446 frag->track_id, entries);
5447
5448 if (pb->eof_reached) {
5449 av_log(c->fc, AV_LOG_WARNING, "reached eof, corrupted TRUN atom\n");
5450 return AVERROR_EOF;
5451 }
5452
5453 frag->implicit_offset = offset;
5454
5455 sc->track_end = dts + sc->time_offset;
5456 if (st->duration < sc->track_end)
5457 st->duration = sc->track_end;
5458
5459 return 0;
5460 }
5461
mov_read_sidx(MOVContext * c,AVIOContext * pb,MOVAtom atom)5462 static int mov_read_sidx(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5463 {
5464 int64_t stream_size = avio_size(pb);
5465 int64_t offset = av_sat_add64(avio_tell(pb), atom.size), pts, timestamp;
5466 uint8_t version, is_complete;
5467 int64_t offadd;
5468 unsigned i, j, track_id, item_count;
5469 AVStream *st = NULL;
5470 AVStream *ref_st = NULL;
5471 MOVStreamContext *sc, *ref_sc = NULL;
5472 AVRational timescale;
5473
5474 version = avio_r8(pb);
5475 if (version > 1) {
5476 avpriv_request_sample(c->fc, "sidx version %u", version);
5477 return 0;
5478 }
5479
5480 avio_rb24(pb); // flags
5481
5482 track_id = avio_rb32(pb); // Reference ID
5483 for (i = 0; i < c->fc->nb_streams; i++) {
5484 if (c->fc->streams[i]->id == track_id) {
5485 st = c->fc->streams[i];
5486 break;
5487 }
5488 }
5489 if (!st) {
5490 av_log(c->fc, AV_LOG_WARNING, "could not find corresponding track id %d\n", track_id);
5491 return 0;
5492 }
5493
5494 sc = st->priv_data;
5495
5496 timescale = av_make_q(1, avio_rb32(pb));
5497
5498 if (timescale.den <= 0) {
5499 av_log(c->fc, AV_LOG_ERROR, "Invalid sidx timescale 1/%d\n", timescale.den);
5500 return AVERROR_INVALIDDATA;
5501 }
5502
5503 if (version == 0) {
5504 pts = avio_rb32(pb);
5505 offadd= avio_rb32(pb);
5506 } else {
5507 pts = avio_rb64(pb);
5508 offadd= avio_rb64(pb);
5509 }
5510 if (av_sat_add64(offset, offadd) != offset + (uint64_t)offadd)
5511 return AVERROR_INVALIDDATA;
5512
5513 offset += (uint64_t)offadd;
5514
5515 avio_rb16(pb); // reserved
5516
5517 item_count = avio_rb16(pb);
5518 if (item_count == 0)
5519 return AVERROR_INVALIDDATA;
5520
5521 for (i = 0; i < item_count; i++) {
5522 int index;
5523 MOVFragmentStreamInfo * frag_stream_info;
5524 uint32_t size = avio_rb32(pb);
5525 uint32_t duration = avio_rb32(pb);
5526 if (size & 0x80000000) {
5527 avpriv_request_sample(c->fc, "sidx reference_type 1");
5528 return AVERROR_PATCHWELCOME;
5529 }
5530 avio_rb32(pb); // sap_flags
5531 timestamp = av_rescale_q(pts, timescale, st->time_base);
5532
5533 index = update_frag_index(c, offset);
5534 frag_stream_info = get_frag_stream_info(&c->frag_index, index, track_id);
5535 if (frag_stream_info)
5536 frag_stream_info->sidx_pts = timestamp;
5537
5538 if (av_sat_add64(offset, size) != offset + (uint64_t)size ||
5539 av_sat_add64(pts, duration) != pts + (uint64_t)duration
5540 )
5541 return AVERROR_INVALIDDATA;
5542 offset += size;
5543 pts += duration;
5544 }
5545
5546 st->duration = sc->track_end = pts;
5547
5548 sc->has_sidx = 1;
5549
5550 // See if the remaining bytes are just an mfra which we can ignore.
5551 is_complete = offset == stream_size;
5552 if (!is_complete && (pb->seekable & AVIO_SEEKABLE_NORMAL) && stream_size > 0 ) {
5553 int64_t ret;
5554 int64_t original_pos = avio_tell(pb);
5555 if (!c->have_read_mfra_size) {
5556 if ((ret = avio_seek(pb, stream_size - 4, SEEK_SET)) < 0)
5557 return ret;
5558 c->mfra_size = avio_rb32(pb);
5559 c->have_read_mfra_size = 1;
5560 if ((ret = avio_seek(pb, original_pos, SEEK_SET)) < 0)
5561 return ret;
5562 }
5563 if (offset == stream_size - c->mfra_size)
5564 is_complete = 1;
5565 }
5566
5567 if (is_complete) {
5568 // Find first entry in fragment index that came from an sidx.
5569 // This will pretty much always be the first entry.
5570 for (i = 0; i < c->frag_index.nb_items; i++) {
5571 MOVFragmentIndexItem * item = &c->frag_index.item[i];
5572 for (j = 0; ref_st == NULL && j < item->nb_stream_info; j++) {
5573 MOVFragmentStreamInfo * si;
5574 si = &item->stream_info[j];
5575 if (si->sidx_pts != AV_NOPTS_VALUE) {
5576 ref_st = c->fc->streams[j];
5577 ref_sc = ref_st->priv_data;
5578 break;
5579 }
5580 }
5581 }
5582 if (ref_st) for (i = 0; i < c->fc->nb_streams; i++) {
5583 st = c->fc->streams[i];
5584 sc = st->priv_data;
5585 if (!sc->has_sidx) {
5586 st->duration = sc->track_end = av_rescale(ref_st->duration, sc->time_scale, ref_sc->time_scale);
5587 }
5588 }
5589
5590 c->frag_index.complete = 1;
5591 }
5592
5593 return 0;
5594 }
5595
5596 /* this atom should be null (from specs), but some buggy files put the 'moov' atom inside it... */
5597 /* like the files created with Adobe Premiere 5.0, for samples see */
5598 /* http://graphics.tudelft.nl/~wouter/publications/soundtests/ */
mov_read_wide(MOVContext * c,AVIOContext * pb,MOVAtom atom)5599 static int mov_read_wide(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5600 {
5601 int err;
5602
5603 if (atom.size < 8)
5604 return 0; /* continue */
5605 if (avio_rb32(pb) != 0) { /* 0 sized mdat atom... use the 'wide' atom size */
5606 avio_skip(pb, atom.size - 4);
5607 return 0;
5608 }
5609 atom.type = avio_rl32(pb);
5610 atom.size -= 8;
5611 if (atom.type != MKTAG('m','d','a','t')) {
5612 avio_skip(pb, atom.size);
5613 return 0;
5614 }
5615 err = mov_read_mdat(c, pb, atom);
5616 return err;
5617 }
5618
mov_read_cmov(MOVContext * c,AVIOContext * pb,MOVAtom atom)5619 static int mov_read_cmov(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5620 {
5621 #if CONFIG_ZLIB
5622 FFIOContext ctx;
5623 uint8_t *cmov_data;
5624 uint8_t *moov_data; /* uncompressed data */
5625 long cmov_len, moov_len;
5626 int ret = -1;
5627
5628 avio_rb32(pb); /* dcom atom */
5629 if (avio_rl32(pb) != MKTAG('d','c','o','m'))
5630 return AVERROR_INVALIDDATA;
5631 if (avio_rl32(pb) != MKTAG('z','l','i','b')) {
5632 av_log(c->fc, AV_LOG_ERROR, "unknown compression for cmov atom !\n");
5633 return AVERROR_INVALIDDATA;
5634 }
5635 avio_rb32(pb); /* cmvd atom */
5636 if (avio_rl32(pb) != MKTAG('c','m','v','d'))
5637 return AVERROR_INVALIDDATA;
5638 moov_len = avio_rb32(pb); /* uncompressed size */
5639 cmov_len = atom.size - 6 * 4;
5640
5641 cmov_data = av_malloc(cmov_len);
5642 if (!cmov_data)
5643 return AVERROR(ENOMEM);
5644 moov_data = av_malloc(moov_len);
5645 if (!moov_data) {
5646 av_free(cmov_data);
5647 return AVERROR(ENOMEM);
5648 }
5649 ret = ffio_read_size(pb, cmov_data, cmov_len);
5650 if (ret < 0)
5651 goto free_and_return;
5652
5653 ret = AVERROR_INVALIDDATA;
5654 if (uncompress (moov_data, (uLongf *) &moov_len, (const Bytef *)cmov_data, cmov_len) != Z_OK)
5655 goto free_and_return;
5656 ffio_init_context(&ctx, moov_data, moov_len, 0, NULL, NULL, NULL, NULL);
5657 ctx.pub.seekable = AVIO_SEEKABLE_NORMAL;
5658 atom.type = MKTAG('m','o','o','v');
5659 atom.size = moov_len;
5660 ret = mov_read_default(c, &ctx.pub, atom);
5661 free_and_return:
5662 av_free(moov_data);
5663 av_free(cmov_data);
5664 return ret;
5665 #else
5666 av_log(c->fc, AV_LOG_ERROR, "this file requires zlib support compiled in\n");
5667 return AVERROR(ENOSYS);
5668 #endif
5669 }
5670
5671 /* edit list atom */
mov_read_elst(MOVContext * c,AVIOContext * pb,MOVAtom atom)5672 static int mov_read_elst(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5673 {
5674 MOVStreamContext *sc;
5675 int i, edit_count, version;
5676 int64_t elst_entry_size;
5677
5678 if (c->fc->nb_streams < 1 || c->ignore_editlist)
5679 return 0;
5680 sc = c->fc->streams[c->fc->nb_streams-1]->priv_data;
5681
5682 version = avio_r8(pb); /* version */
5683 avio_rb24(pb); /* flags */
5684 edit_count = avio_rb32(pb); /* entries */
5685 atom.size -= 8;
5686
5687 elst_entry_size = version == 1 ? 20 : 12;
5688 if (atom.size != edit_count * elst_entry_size) {
5689 if (c->fc->strict_std_compliance >= FF_COMPLIANCE_STRICT) {
5690 av_log(c->fc, AV_LOG_ERROR, "Invalid edit list entry_count: %d for elst atom of size: %"PRId64" bytes.\n",
5691 edit_count, atom.size + 8);
5692 return AVERROR_INVALIDDATA;
5693 } else {
5694 edit_count = atom.size / elst_entry_size;
5695 if (edit_count * elst_entry_size != atom.size) {
5696 av_log(c->fc, AV_LOG_WARNING, "ELST atom of %"PRId64" bytes, bigger than %d entries.\n", atom.size, edit_count);
5697 }
5698 }
5699 }
5700
5701 if (!edit_count)
5702 return 0;
5703 if (sc->elst_data)
5704 av_log(c->fc, AV_LOG_WARNING, "Duplicated ELST atom\n");
5705 av_free(sc->elst_data);
5706 sc->elst_count = 0;
5707 sc->elst_data = av_malloc_array(edit_count, sizeof(*sc->elst_data));
5708 if (!sc->elst_data)
5709 return AVERROR(ENOMEM);
5710
5711 av_log(c->fc, AV_LOG_TRACE, "track[%u].edit_count = %i\n", c->fc->nb_streams - 1, edit_count);
5712 for (i = 0; i < edit_count && atom.size > 0 && !pb->eof_reached; i++) {
5713 MOVElst *e = &sc->elst_data[i];
5714
5715 if (version == 1) {
5716 e->duration = avio_rb64(pb);
5717 e->time = avio_rb64(pb);
5718 atom.size -= 16;
5719 } else {
5720 e->duration = avio_rb32(pb); /* segment duration */
5721 e->time = (int32_t)avio_rb32(pb); /* media time */
5722 atom.size -= 8;
5723 }
5724 e->rate = avio_rb32(pb) / 65536.0;
5725 atom.size -= 4;
5726 av_log(c->fc, AV_LOG_TRACE, "duration=%"PRId64" time=%"PRId64" rate=%f\n",
5727 e->duration, e->time, e->rate);
5728
5729 if (e->time < 0 && e->time != -1 &&
5730 c->fc->strict_std_compliance >= FF_COMPLIANCE_STRICT) {
5731 av_log(c->fc, AV_LOG_ERROR, "Track %d, edit %d: Invalid edit list media time=%"PRId64"\n",
5732 c->fc->nb_streams-1, i, e->time);
5733 return AVERROR_INVALIDDATA;
5734 }
5735 }
5736 sc->elst_count = i;
5737
5738 return 0;
5739 }
5740
mov_read_tmcd(MOVContext * c,AVIOContext * pb,MOVAtom atom)5741 static int mov_read_tmcd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5742 {
5743 MOVStreamContext *sc;
5744
5745 if (c->fc->nb_streams < 1)
5746 return AVERROR_INVALIDDATA;
5747 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5748 sc->timecode_track = avio_rb32(pb);
5749 return 0;
5750 }
5751
mov_read_vpcc(MOVContext * c,AVIOContext * pb,MOVAtom atom)5752 static int mov_read_vpcc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5753 {
5754 AVStream *st;
5755 int version, color_range, color_primaries, color_trc, color_space;
5756
5757 if (c->fc->nb_streams < 1)
5758 return 0;
5759 st = c->fc->streams[c->fc->nb_streams - 1];
5760
5761 if (atom.size < 5) {
5762 av_log(c->fc, AV_LOG_ERROR, "Empty VP Codec Configuration box\n");
5763 return AVERROR_INVALIDDATA;
5764 }
5765
5766 version = avio_r8(pb);
5767 if (version != 1) {
5768 av_log(c->fc, AV_LOG_WARNING, "Unsupported VP Codec Configuration box version %d\n", version);
5769 return 0;
5770 }
5771 avio_skip(pb, 3); /* flags */
5772
5773 avio_skip(pb, 2); /* profile + level */
5774 color_range = avio_r8(pb); /* bitDepth, chromaSubsampling, videoFullRangeFlag */
5775 color_primaries = avio_r8(pb);
5776 color_trc = avio_r8(pb);
5777 color_space = avio_r8(pb);
5778 if (avio_rb16(pb)) /* codecIntializationDataSize */
5779 return AVERROR_INVALIDDATA;
5780
5781 if (!av_color_primaries_name(color_primaries))
5782 color_primaries = AVCOL_PRI_UNSPECIFIED;
5783 if (!av_color_transfer_name(color_trc))
5784 color_trc = AVCOL_TRC_UNSPECIFIED;
5785 if (!av_color_space_name(color_space))
5786 color_space = AVCOL_SPC_UNSPECIFIED;
5787
5788 st->codecpar->color_range = (color_range & 1) ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG;
5789 st->codecpar->color_primaries = color_primaries;
5790 st->codecpar->color_trc = color_trc;
5791 st->codecpar->color_space = color_space;
5792
5793 return 0;
5794 }
5795
mov_read_smdm(MOVContext * c,AVIOContext * pb,MOVAtom atom)5796 static int mov_read_smdm(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5797 {
5798 MOVStreamContext *sc;
5799 int i, version;
5800
5801 if (c->fc->nb_streams < 1)
5802 return AVERROR_INVALIDDATA;
5803
5804 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5805
5806 if (atom.size < 5) {
5807 av_log(c->fc, AV_LOG_ERROR, "Empty Mastering Display Metadata box\n");
5808 return AVERROR_INVALIDDATA;
5809 }
5810
5811 version = avio_r8(pb);
5812 if (version) {
5813 av_log(c->fc, AV_LOG_WARNING, "Unsupported Mastering Display Metadata box version %d\n", version);
5814 return 0;
5815 }
5816 if (sc->mastering)
5817 return AVERROR_INVALIDDATA;
5818
5819 avio_skip(pb, 3); /* flags */
5820
5821 sc->mastering = av_mastering_display_metadata_alloc();
5822 if (!sc->mastering)
5823 return AVERROR(ENOMEM);
5824
5825 for (i = 0; i < 3; i++) {
5826 sc->mastering->display_primaries[i][0] = av_make_q(avio_rb16(pb), 1 << 16);
5827 sc->mastering->display_primaries[i][1] = av_make_q(avio_rb16(pb), 1 << 16);
5828 }
5829 sc->mastering->white_point[0] = av_make_q(avio_rb16(pb), 1 << 16);
5830 sc->mastering->white_point[1] = av_make_q(avio_rb16(pb), 1 << 16);
5831
5832 sc->mastering->max_luminance = av_make_q(avio_rb32(pb), 1 << 8);
5833 sc->mastering->min_luminance = av_make_q(avio_rb32(pb), 1 << 14);
5834
5835 sc->mastering->has_primaries = 1;
5836 sc->mastering->has_luminance = 1;
5837
5838 return 0;
5839 }
5840
mov_read_mdcv(MOVContext * c,AVIOContext * pb,MOVAtom atom)5841 static int mov_read_mdcv(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5842 {
5843 MOVStreamContext *sc;
5844 const int mapping[3] = {1, 2, 0};
5845 const int chroma_den = 50000;
5846 const int luma_den = 10000;
5847 int i;
5848
5849 if (c->fc->nb_streams < 1)
5850 return AVERROR_INVALIDDATA;
5851
5852 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5853
5854 if (atom.size < 24 || sc->mastering) {
5855 av_log(c->fc, AV_LOG_ERROR, "Invalid Mastering Display Color Volume box\n");
5856 return AVERROR_INVALIDDATA;
5857 }
5858
5859 sc->mastering = av_mastering_display_metadata_alloc();
5860 if (!sc->mastering)
5861 return AVERROR(ENOMEM);
5862
5863 for (i = 0; i < 3; i++) {
5864 const int j = mapping[i];
5865 sc->mastering->display_primaries[j][0] = av_make_q(avio_rb16(pb), chroma_den);
5866 sc->mastering->display_primaries[j][1] = av_make_q(avio_rb16(pb), chroma_den);
5867 }
5868 sc->mastering->white_point[0] = av_make_q(avio_rb16(pb), chroma_den);
5869 sc->mastering->white_point[1] = av_make_q(avio_rb16(pb), chroma_den);
5870
5871 sc->mastering->max_luminance = av_make_q(avio_rb32(pb), luma_den);
5872 sc->mastering->min_luminance = av_make_q(avio_rb32(pb), luma_den);
5873
5874 sc->mastering->has_luminance = 1;
5875 sc->mastering->has_primaries = 1;
5876
5877 return 0;
5878 }
5879
mov_read_coll(MOVContext * c,AVIOContext * pb,MOVAtom atom)5880 static int mov_read_coll(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5881 {
5882 MOVStreamContext *sc;
5883 int version;
5884
5885 if (c->fc->nb_streams < 1)
5886 return AVERROR_INVALIDDATA;
5887
5888 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5889
5890 if (atom.size < 5) {
5891 av_log(c->fc, AV_LOG_ERROR, "Empty Content Light Level box\n");
5892 return AVERROR_INVALIDDATA;
5893 }
5894
5895 version = avio_r8(pb);
5896 if (version) {
5897 av_log(c->fc, AV_LOG_WARNING, "Unsupported Content Light Level box version %d\n", version);
5898 return 0;
5899 }
5900 avio_skip(pb, 3); /* flags */
5901
5902 if (sc->coll){
5903 av_log(c->fc, AV_LOG_WARNING, "Ignoring duplicate COLL\n");
5904 return 0;
5905 }
5906
5907 sc->coll = av_content_light_metadata_alloc(&sc->coll_size);
5908 if (!sc->coll)
5909 return AVERROR(ENOMEM);
5910
5911 sc->coll->MaxCLL = avio_rb16(pb);
5912 sc->coll->MaxFALL = avio_rb16(pb);
5913
5914 return 0;
5915 }
5916
mov_read_clli(MOVContext * c,AVIOContext * pb,MOVAtom atom)5917 static int mov_read_clli(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5918 {
5919 MOVStreamContext *sc;
5920
5921 if (c->fc->nb_streams < 1)
5922 return AVERROR_INVALIDDATA;
5923
5924 sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
5925
5926 if (atom.size < 4) {
5927 av_log(c->fc, AV_LOG_ERROR, "Empty Content Light Level Info box\n");
5928 return AVERROR_INVALIDDATA;
5929 }
5930
5931 if (sc->coll){
5932 av_log(c->fc, AV_LOG_WARNING, "Ignoring duplicate CLLI/COLL\n");
5933 return 0;
5934 }
5935
5936 sc->coll = av_content_light_metadata_alloc(&sc->coll_size);
5937 if (!sc->coll)
5938 return AVERROR(ENOMEM);
5939
5940 sc->coll->MaxCLL = avio_rb16(pb);
5941 sc->coll->MaxFALL = avio_rb16(pb);
5942
5943 return 0;
5944 }
5945
mov_read_st3d(MOVContext * c,AVIOContext * pb,MOVAtom atom)5946 static int mov_read_st3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5947 {
5948 AVStream *st;
5949 MOVStreamContext *sc;
5950 enum AVStereo3DType type;
5951 int mode;
5952
5953 if (c->fc->nb_streams < 1)
5954 return 0;
5955
5956 st = c->fc->streams[c->fc->nb_streams - 1];
5957 sc = st->priv_data;
5958
5959 if (atom.size < 5) {
5960 av_log(c->fc, AV_LOG_ERROR, "Empty stereoscopic video box\n");
5961 return AVERROR_INVALIDDATA;
5962 }
5963
5964 if (sc->stereo3d)
5965 return AVERROR_INVALIDDATA;
5966
5967 avio_skip(pb, 4); /* version + flags */
5968
5969 mode = avio_r8(pb);
5970 switch (mode) {
5971 case 0:
5972 type = AV_STEREO3D_2D;
5973 break;
5974 case 1:
5975 type = AV_STEREO3D_TOPBOTTOM;
5976 break;
5977 case 2:
5978 type = AV_STEREO3D_SIDEBYSIDE;
5979 break;
5980 default:
5981 av_log(c->fc, AV_LOG_WARNING, "Unknown st3d mode value %d\n", mode);
5982 return 0;
5983 }
5984
5985 sc->stereo3d = av_stereo3d_alloc();
5986 if (!sc->stereo3d)
5987 return AVERROR(ENOMEM);
5988
5989 sc->stereo3d->type = type;
5990 return 0;
5991 }
5992
mov_read_sv3d(MOVContext * c,AVIOContext * pb,MOVAtom atom)5993 static int mov_read_sv3d(MOVContext *c, AVIOContext *pb, MOVAtom atom)
5994 {
5995 AVStream *st;
5996 MOVStreamContext *sc;
5997 int size, version, layout;
5998 int32_t yaw, pitch, roll;
5999 uint32_t l = 0, t = 0, r = 0, b = 0;
6000 uint32_t tag, padding = 0;
6001 enum AVSphericalProjection projection;
6002
6003 if (c->fc->nb_streams < 1)
6004 return 0;
6005
6006 st = c->fc->streams[c->fc->nb_streams - 1];
6007 sc = st->priv_data;
6008
6009 if (atom.size < 8) {
6010 av_log(c->fc, AV_LOG_ERROR, "Empty spherical video box\n");
6011 return AVERROR_INVALIDDATA;
6012 }
6013
6014 size = avio_rb32(pb);
6015 if (size <= 12 || size > atom.size)
6016 return AVERROR_INVALIDDATA;
6017
6018 tag = avio_rl32(pb);
6019 if (tag != MKTAG('s','v','h','d')) {
6020 av_log(c->fc, AV_LOG_ERROR, "Missing spherical video header\n");
6021 return 0;
6022 }
6023 version = avio_r8(pb);
6024 if (version != 0) {
6025 av_log(c->fc, AV_LOG_WARNING, "Unknown spherical version %d\n",
6026 version);
6027 return 0;
6028 }
6029 avio_skip(pb, 3); /* flags */
6030 avio_skip(pb, size - 12); /* metadata_source */
6031
6032 size = avio_rb32(pb);
6033 if (size > atom.size)
6034 return AVERROR_INVALIDDATA;
6035
6036 tag = avio_rl32(pb);
6037 if (tag != MKTAG('p','r','o','j')) {
6038 av_log(c->fc, AV_LOG_ERROR, "Missing projection box\n");
6039 return 0;
6040 }
6041
6042 size = avio_rb32(pb);
6043 if (size > atom.size)
6044 return AVERROR_INVALIDDATA;
6045
6046 tag = avio_rl32(pb);
6047 if (tag != MKTAG('p','r','h','d')) {
6048 av_log(c->fc, AV_LOG_ERROR, "Missing projection header box\n");
6049 return 0;
6050 }
6051 version = avio_r8(pb);
6052 if (version != 0) {
6053 av_log(c->fc, AV_LOG_WARNING, "Unknown spherical version %d\n",
6054 version);
6055 return 0;
6056 }
6057 avio_skip(pb, 3); /* flags */
6058
6059 /* 16.16 fixed point */
6060 yaw = avio_rb32(pb);
6061 pitch = avio_rb32(pb);
6062 roll = avio_rb32(pb);
6063
6064 size = avio_rb32(pb);
6065 if (size > atom.size)
6066 return AVERROR_INVALIDDATA;
6067
6068 tag = avio_rl32(pb);
6069 version = avio_r8(pb);
6070 if (version != 0) {
6071 av_log(c->fc, AV_LOG_WARNING, "Unknown spherical version %d\n",
6072 version);
6073 return 0;
6074 }
6075 avio_skip(pb, 3); /* flags */
6076 switch (tag) {
6077 case MKTAG('c','b','m','p'):
6078 layout = avio_rb32(pb);
6079 if (layout) {
6080 av_log(c->fc, AV_LOG_WARNING,
6081 "Unsupported cubemap layout %d\n", layout);
6082 return 0;
6083 }
6084 projection = AV_SPHERICAL_CUBEMAP;
6085 padding = avio_rb32(pb);
6086 break;
6087 case MKTAG('e','q','u','i'):
6088 t = avio_rb32(pb);
6089 b = avio_rb32(pb);
6090 l = avio_rb32(pb);
6091 r = avio_rb32(pb);
6092
6093 if (b >= UINT_MAX - t || r >= UINT_MAX - l) {
6094 av_log(c->fc, AV_LOG_ERROR,
6095 "Invalid bounding rectangle coordinates "
6096 "%"PRIu32",%"PRIu32",%"PRIu32",%"PRIu32"\n", l, t, r, b);
6097 return AVERROR_INVALIDDATA;
6098 }
6099
6100 if (l || t || r || b)
6101 projection = AV_SPHERICAL_EQUIRECTANGULAR_TILE;
6102 else
6103 projection = AV_SPHERICAL_EQUIRECTANGULAR;
6104 break;
6105 default:
6106 av_log(c->fc, AV_LOG_ERROR, "Unknown projection type: %s\n", av_fourcc2str(tag));
6107 return 0;
6108 }
6109
6110 sc->spherical = av_spherical_alloc(&sc->spherical_size);
6111 if (!sc->spherical)
6112 return AVERROR(ENOMEM);
6113
6114 sc->spherical->projection = projection;
6115
6116 sc->spherical->yaw = yaw;
6117 sc->spherical->pitch = pitch;
6118 sc->spherical->roll = roll;
6119
6120 sc->spherical->padding = padding;
6121
6122 sc->spherical->bound_left = l;
6123 sc->spherical->bound_top = t;
6124 sc->spherical->bound_right = r;
6125 sc->spherical->bound_bottom = b;
6126
6127 return 0;
6128 }
6129
mov_parse_uuid_spherical(MOVStreamContext * sc,AVIOContext * pb,size_t len)6130 static int mov_parse_uuid_spherical(MOVStreamContext *sc, AVIOContext *pb, size_t len)
6131 {
6132 int ret = 0;
6133 uint8_t *buffer = av_malloc(len + 1);
6134 const char *val;
6135
6136 if (!buffer)
6137 return AVERROR(ENOMEM);
6138 buffer[len] = '\0';
6139
6140 ret = ffio_read_size(pb, buffer, len);
6141 if (ret < 0)
6142 goto out;
6143
6144 /* Check for mandatory keys and values, try to support XML as best-effort */
6145 if (!sc->spherical &&
6146 av_stristr(buffer, "<GSpherical:StitchingSoftware>") &&
6147 (val = av_stristr(buffer, "<GSpherical:Spherical>")) &&
6148 av_stristr(val, "true") &&
6149 (val = av_stristr(buffer, "<GSpherical:Stitched>")) &&
6150 av_stristr(val, "true") &&
6151 (val = av_stristr(buffer, "<GSpherical:ProjectionType>")) &&
6152 av_stristr(val, "equirectangular")) {
6153 sc->spherical = av_spherical_alloc(&sc->spherical_size);
6154 if (!sc->spherical)
6155 goto out;
6156
6157 sc->spherical->projection = AV_SPHERICAL_EQUIRECTANGULAR;
6158
6159 if (av_stristr(buffer, "<GSpherical:StereoMode>") && !sc->stereo3d) {
6160 enum AVStereo3DType mode;
6161
6162 if (av_stristr(buffer, "left-right"))
6163 mode = AV_STEREO3D_SIDEBYSIDE;
6164 else if (av_stristr(buffer, "top-bottom"))
6165 mode = AV_STEREO3D_TOPBOTTOM;
6166 else
6167 mode = AV_STEREO3D_2D;
6168
6169 sc->stereo3d = av_stereo3d_alloc();
6170 if (!sc->stereo3d)
6171 goto out;
6172
6173 sc->stereo3d->type = mode;
6174 }
6175
6176 /* orientation */
6177 val = av_stristr(buffer, "<GSpherical:InitialViewHeadingDegrees>");
6178 if (val)
6179 sc->spherical->yaw = strtol(val, NULL, 10) * (1 << 16);
6180 val = av_stristr(buffer, "<GSpherical:InitialViewPitchDegrees>");
6181 if (val)
6182 sc->spherical->pitch = strtol(val, NULL, 10) * (1 << 16);
6183 val = av_stristr(buffer, "<GSpherical:InitialViewRollDegrees>");
6184 if (val)
6185 sc->spherical->roll = strtol(val, NULL, 10) * (1 << 16);
6186 }
6187
6188 out:
6189 av_free(buffer);
6190 return ret;
6191 }
6192
mov_read_uuid(MOVContext * c,AVIOContext * pb,MOVAtom atom)6193 static int mov_read_uuid(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6194 {
6195 AVStream *st;
6196 MOVStreamContext *sc;
6197 int64_t ret;
6198 AVUUID uuid;
6199 static const AVUUID uuid_isml_manifest = {
6200 0xa5, 0xd4, 0x0b, 0x30, 0xe8, 0x14, 0x11, 0xdd,
6201 0xba, 0x2f, 0x08, 0x00, 0x20, 0x0c, 0x9a, 0x66
6202 };
6203 static const AVUUID uuid_xmp = {
6204 0xbe, 0x7a, 0xcf, 0xcb, 0x97, 0xa9, 0x42, 0xe8,
6205 0x9c, 0x71, 0x99, 0x94, 0x91, 0xe3, 0xaf, 0xac
6206 };
6207 static const AVUUID uuid_spherical = {
6208 0xff, 0xcc, 0x82, 0x63, 0xf8, 0x55, 0x4a, 0x93,
6209 0x88, 0x14, 0x58, 0x7a, 0x02, 0x52, 0x1f, 0xdd,
6210 };
6211
6212 if (atom.size < AV_UUID_LEN || atom.size >= FFMIN(INT_MAX, SIZE_MAX))
6213 return AVERROR_INVALIDDATA;
6214
6215 if (c->fc->nb_streams < 1)
6216 return 0;
6217 st = c->fc->streams[c->fc->nb_streams - 1];
6218 sc = st->priv_data;
6219
6220 ret = ffio_read_size(pb, uuid, AV_UUID_LEN);
6221 if (ret < 0)
6222 return ret;
6223 if (av_uuid_equal(uuid, uuid_isml_manifest)) {
6224 uint8_t *buffer, *ptr;
6225 char *endptr;
6226 size_t len = atom.size - AV_UUID_LEN;
6227
6228 if (len < 4) {
6229 return AVERROR_INVALIDDATA;
6230 }
6231 ret = avio_skip(pb, 4); // zeroes
6232 len -= 4;
6233
6234 buffer = av_mallocz(len + 1);
6235 if (!buffer) {
6236 return AVERROR(ENOMEM);
6237 }
6238 ret = ffio_read_size(pb, buffer, len);
6239 if (ret < 0) {
6240 av_free(buffer);
6241 return ret;
6242 }
6243
6244 ptr = buffer;
6245 while ((ptr = av_stristr(ptr, "systemBitrate=\""))) {
6246 ptr += sizeof("systemBitrate=\"") - 1;
6247 c->bitrates_count++;
6248 c->bitrates = av_realloc_f(c->bitrates, c->bitrates_count, sizeof(*c->bitrates));
6249 if (!c->bitrates) {
6250 c->bitrates_count = 0;
6251 av_free(buffer);
6252 return AVERROR(ENOMEM);
6253 }
6254 errno = 0;
6255 ret = strtol(ptr, &endptr, 10);
6256 if (ret < 0 || errno || *endptr != '"') {
6257 c->bitrates[c->bitrates_count - 1] = 0;
6258 } else {
6259 c->bitrates[c->bitrates_count - 1] = ret;
6260 }
6261 }
6262
6263 av_free(buffer);
6264 } else if (av_uuid_equal(uuid, uuid_xmp)) {
6265 uint8_t *buffer;
6266 size_t len = atom.size - AV_UUID_LEN;
6267 if (c->export_xmp) {
6268 buffer = av_mallocz(len + 1);
6269 if (!buffer) {
6270 return AVERROR(ENOMEM);
6271 }
6272 ret = ffio_read_size(pb, buffer, len);
6273 if (ret < 0) {
6274 av_free(buffer);
6275 return ret;
6276 }
6277 buffer[len] = '\0';
6278 av_dict_set(&c->fc->metadata, "xmp",
6279 buffer, AV_DICT_DONT_STRDUP_VAL);
6280 } else {
6281 // skip all uuid atom, which makes it fast for long uuid-xmp file
6282 ret = avio_skip(pb, len);
6283 if (ret < 0)
6284 return ret;
6285 }
6286 } else if (av_uuid_equal(uuid, uuid_spherical)) {
6287 size_t len = atom.size - AV_UUID_LEN;
6288 ret = mov_parse_uuid_spherical(sc, pb, len);
6289 if (ret < 0)
6290 return ret;
6291 if (!sc->spherical)
6292 av_log(c->fc, AV_LOG_WARNING, "Invalid spherical metadata found\n");
6293 }
6294
6295 return 0;
6296 }
6297
mov_read_free(MOVContext * c,AVIOContext * pb,MOVAtom atom)6298 static int mov_read_free(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6299 {
6300 int ret;
6301 uint8_t content[16];
6302
6303 if (atom.size < 8)
6304 return 0;
6305
6306 ret = ffio_read_size(pb, content, FFMIN(sizeof(content), atom.size));
6307 if (ret < 0)
6308 return ret;
6309
6310 if ( !c->found_moov
6311 && !c->found_mdat
6312 && !memcmp(content, "Anevia\x1A\x1A", 8)
6313 && c->use_mfra_for == FF_MOV_FLAG_MFRA_AUTO) {
6314 c->use_mfra_for = FF_MOV_FLAG_MFRA_PTS;
6315 }
6316
6317 return 0;
6318 }
6319
mov_read_frma(MOVContext * c,AVIOContext * pb,MOVAtom atom)6320 static int mov_read_frma(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6321 {
6322 uint32_t format = avio_rl32(pb);
6323 MOVStreamContext *sc;
6324 enum AVCodecID id;
6325 AVStream *st;
6326
6327 if (c->fc->nb_streams < 1)
6328 return 0;
6329 st = c->fc->streams[c->fc->nb_streams - 1];
6330 sc = st->priv_data;
6331
6332 switch (sc->format)
6333 {
6334 case MKTAG('e','n','c','v'): // encrypted video
6335 case MKTAG('e','n','c','a'): // encrypted audio
6336 id = mov_codec_id(st, format);
6337 if (st->codecpar->codec_id != AV_CODEC_ID_NONE &&
6338 st->codecpar->codec_id != id) {
6339 av_log(c->fc, AV_LOG_WARNING,
6340 "ignoring 'frma' atom of '%.4s', stream has codec id %d\n",
6341 (char*)&format, st->codecpar->codec_id);
6342 break;
6343 }
6344
6345 st->codecpar->codec_id = id;
6346 sc->format = format;
6347 break;
6348
6349 default:
6350 if (format != sc->format) {
6351 av_log(c->fc, AV_LOG_WARNING,
6352 "ignoring 'frma' atom of '%.4s', stream format is '%.4s'\n",
6353 (char*)&format, (char*)&sc->format);
6354 }
6355 break;
6356 }
6357
6358 return 0;
6359 }
6360
6361 /**
6362 * Gets the current encryption info and associated current stream context. If
6363 * we are parsing a track fragment, this will return the specific encryption
6364 * info for this fragment; otherwise this will return the global encryption
6365 * info for the current stream.
6366 */
get_current_encryption_info(MOVContext * c,MOVEncryptionIndex ** encryption_index,MOVStreamContext ** sc)6367 static int get_current_encryption_info(MOVContext *c, MOVEncryptionIndex **encryption_index, MOVStreamContext **sc)
6368 {
6369 MOVFragmentStreamInfo *frag_stream_info;
6370 AVStream *st;
6371 int i;
6372
6373 frag_stream_info = get_current_frag_stream_info(&c->frag_index);
6374 if (frag_stream_info) {
6375 for (i = 0; i < c->fc->nb_streams; i++) {
6376 if (c->fc->streams[i]->id == frag_stream_info->id) {
6377 st = c->fc->streams[i];
6378 break;
6379 }
6380 }
6381 if (i == c->fc->nb_streams)
6382 return 0;
6383 *sc = st->priv_data;
6384
6385 if (!frag_stream_info->encryption_index) {
6386 // If this stream isn't encrypted, don't create the index.
6387 if (!(*sc)->cenc.default_encrypted_sample)
6388 return 0;
6389 frag_stream_info->encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
6390 if (!frag_stream_info->encryption_index)
6391 return AVERROR(ENOMEM);
6392 }
6393 *encryption_index = frag_stream_info->encryption_index;
6394 return 1;
6395 } else {
6396 // No current track fragment, using stream level encryption info.
6397
6398 if (c->fc->nb_streams < 1)
6399 return 0;
6400 st = c->fc->streams[c->fc->nb_streams - 1];
6401 *sc = st->priv_data;
6402
6403 if (!(*sc)->cenc.encryption_index) {
6404 // If this stream isn't encrypted, don't create the index.
6405 if (!(*sc)->cenc.default_encrypted_sample)
6406 return 0;
6407 (*sc)->cenc.encryption_index = av_mallocz(sizeof(*frag_stream_info->encryption_index));
6408 if (!(*sc)->cenc.encryption_index)
6409 return AVERROR(ENOMEM);
6410 }
6411
6412 *encryption_index = (*sc)->cenc.encryption_index;
6413 return 1;
6414 }
6415 }
6416
mov_read_sample_encryption_info(MOVContext * c,AVIOContext * pb,MOVStreamContext * sc,AVEncryptionInfo ** sample,int use_subsamples)6417 static int mov_read_sample_encryption_info(MOVContext *c, AVIOContext *pb, MOVStreamContext *sc, AVEncryptionInfo **sample, int use_subsamples)
6418 {
6419 int i, ret;
6420 unsigned int subsample_count;
6421 AVSubsampleEncryptionInfo *subsamples;
6422
6423 if (!sc->cenc.default_encrypted_sample) {
6424 av_log(c->fc, AV_LOG_ERROR, "Missing schm or tenc\n");
6425 return AVERROR_INVALIDDATA;
6426 }
6427
6428 *sample = av_encryption_info_clone(sc->cenc.default_encrypted_sample);
6429 if (!*sample)
6430 return AVERROR(ENOMEM);
6431
6432 if (sc->cenc.per_sample_iv_size != 0) {
6433 if ((ret = ffio_read_size(pb, (*sample)->iv, sc->cenc.per_sample_iv_size)) < 0) {
6434 av_log(c->fc, AV_LOG_ERROR, "failed to read the initialization vector\n");
6435 av_encryption_info_free(*sample);
6436 *sample = NULL;
6437 return ret;
6438 }
6439 }
6440
6441 if (use_subsamples) {
6442 subsample_count = avio_rb16(pb);
6443 av_free((*sample)->subsamples);
6444 (*sample)->subsamples = av_calloc(subsample_count, sizeof(*subsamples));
6445 if (!(*sample)->subsamples) {
6446 av_encryption_info_free(*sample);
6447 *sample = NULL;
6448 return AVERROR(ENOMEM);
6449 }
6450
6451 for (i = 0; i < subsample_count && !pb->eof_reached; i++) {
6452 (*sample)->subsamples[i].bytes_of_clear_data = avio_rb16(pb);
6453 (*sample)->subsamples[i].bytes_of_protected_data = avio_rb32(pb);
6454 }
6455
6456 if (pb->eof_reached) {
6457 av_log(c->fc, AV_LOG_ERROR, "hit EOF while reading sub-sample encryption info\n");
6458 av_encryption_info_free(*sample);
6459 *sample = NULL;
6460 return AVERROR_INVALIDDATA;
6461 }
6462 (*sample)->subsample_count = subsample_count;
6463 }
6464
6465 return 0;
6466 }
6467
mov_read_senc(MOVContext * c,AVIOContext * pb,MOVAtom atom)6468 static int mov_read_senc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6469 {
6470 AVEncryptionInfo **encrypted_samples;
6471 MOVEncryptionIndex *encryption_index;
6472 MOVStreamContext *sc;
6473 int use_subsamples, ret;
6474 unsigned int sample_count, i, alloc_size = 0;
6475
6476 ret = get_current_encryption_info(c, &encryption_index, &sc);
6477 if (ret != 1)
6478 return ret;
6479
6480 if (encryption_index->nb_encrypted_samples) {
6481 // This can happen if we have both saio/saiz and senc atoms.
6482 av_log(c->fc, AV_LOG_DEBUG, "Ignoring duplicate encryption info in senc\n");
6483 return 0;
6484 }
6485
6486 avio_r8(pb); /* version */
6487 use_subsamples = avio_rb24(pb) & 0x02; /* flags */
6488
6489 sample_count = avio_rb32(pb);
6490 if (sample_count >= INT_MAX / sizeof(*encrypted_samples))
6491 return AVERROR(ENOMEM);
6492
6493 for (i = 0; i < sample_count; i++) {
6494 unsigned int min_samples = FFMIN(FFMAX(i + 1, 1024 * 1024), sample_count);
6495 encrypted_samples = av_fast_realloc(encryption_index->encrypted_samples, &alloc_size,
6496 min_samples * sizeof(*encrypted_samples));
6497 if (encrypted_samples) {
6498 encryption_index->encrypted_samples = encrypted_samples;
6499
6500 ret = mov_read_sample_encryption_info(
6501 c, pb, sc, &encryption_index->encrypted_samples[i], use_subsamples);
6502 } else {
6503 ret = AVERROR(ENOMEM);
6504 }
6505 if (pb->eof_reached) {
6506 av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading senc\n");
6507 if (ret >= 0)
6508 av_encryption_info_free(encryption_index->encrypted_samples[i]);
6509 ret = AVERROR_INVALIDDATA;
6510 }
6511
6512 if (ret < 0) {
6513 for (; i > 0; i--)
6514 av_encryption_info_free(encryption_index->encrypted_samples[i - 1]);
6515 av_freep(&encryption_index->encrypted_samples);
6516 return ret;
6517 }
6518 }
6519 encryption_index->nb_encrypted_samples = sample_count;
6520
6521 return 0;
6522 }
6523
mov_parse_auxiliary_info(MOVContext * c,MOVStreamContext * sc,AVIOContext * pb,MOVEncryptionIndex * encryption_index)6524 static int mov_parse_auxiliary_info(MOVContext *c, MOVStreamContext *sc, AVIOContext *pb, MOVEncryptionIndex *encryption_index)
6525 {
6526 AVEncryptionInfo **sample, **encrypted_samples;
6527 int64_t prev_pos;
6528 size_t sample_count, sample_info_size, i;
6529 int ret = 0;
6530 unsigned int alloc_size = 0;
6531
6532 if (encryption_index->nb_encrypted_samples)
6533 return 0;
6534 sample_count = encryption_index->auxiliary_info_sample_count;
6535 if (encryption_index->auxiliary_offsets_count != 1) {
6536 av_log(c->fc, AV_LOG_ERROR, "Multiple auxiliary info chunks are not supported\n");
6537 return AVERROR_PATCHWELCOME;
6538 }
6539 if (sample_count >= INT_MAX / sizeof(*encrypted_samples))
6540 return AVERROR(ENOMEM);
6541
6542 prev_pos = avio_tell(pb);
6543 if (!(pb->seekable & AVIO_SEEKABLE_NORMAL) ||
6544 avio_seek(pb, encryption_index->auxiliary_offsets[0], SEEK_SET) != encryption_index->auxiliary_offsets[0]) {
6545 av_log(c->fc, AV_LOG_INFO, "Failed to seek for auxiliary info, will only parse senc atoms for encryption info\n");
6546 goto finish;
6547 }
6548
6549 for (i = 0; i < sample_count && !pb->eof_reached; i++) {
6550 unsigned int min_samples = FFMIN(FFMAX(i + 1, 1024 * 1024), sample_count);
6551 encrypted_samples = av_fast_realloc(encryption_index->encrypted_samples, &alloc_size,
6552 min_samples * sizeof(*encrypted_samples));
6553 if (!encrypted_samples) {
6554 ret = AVERROR(ENOMEM);
6555 goto finish;
6556 }
6557 encryption_index->encrypted_samples = encrypted_samples;
6558
6559 sample = &encryption_index->encrypted_samples[i];
6560 sample_info_size = encryption_index->auxiliary_info_default_size
6561 ? encryption_index->auxiliary_info_default_size
6562 : encryption_index->auxiliary_info_sizes[i];
6563
6564 ret = mov_read_sample_encryption_info(c, pb, sc, sample, sample_info_size > sc->cenc.per_sample_iv_size);
6565 if (ret < 0)
6566 goto finish;
6567 }
6568 if (pb->eof_reached) {
6569 av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading auxiliary info\n");
6570 ret = AVERROR_INVALIDDATA;
6571 } else {
6572 encryption_index->nb_encrypted_samples = sample_count;
6573 }
6574
6575 finish:
6576 avio_seek(pb, prev_pos, SEEK_SET);
6577 if (ret < 0) {
6578 for (; i > 0; i--) {
6579 av_encryption_info_free(encryption_index->encrypted_samples[i - 1]);
6580 }
6581 av_freep(&encryption_index->encrypted_samples);
6582 }
6583 return ret;
6584 }
6585
6586 /**
6587 * Tries to read the given number of bytes from the stream and puts it in a
6588 * newly allocated buffer. This reads in small chunks to avoid allocating large
6589 * memory if the file contains an invalid/malicious size value.
6590 */
mov_try_read_block(AVIOContext * pb,size_t size,uint8_t ** data)6591 static int mov_try_read_block(AVIOContext *pb, size_t size, uint8_t **data)
6592 {
6593 const unsigned int block_size = 1024 * 1024;
6594 uint8_t *buffer = NULL;
6595 unsigned int alloc_size = 0, offset = 0;
6596 while (offset < size) {
6597 unsigned int new_size =
6598 alloc_size >= INT_MAX - block_size ? INT_MAX : alloc_size + block_size;
6599 uint8_t *new_buffer = av_fast_realloc(buffer, &alloc_size, new_size);
6600 unsigned int to_read = FFMIN(size, alloc_size) - offset;
6601 if (!new_buffer) {
6602 av_free(buffer);
6603 return AVERROR(ENOMEM);
6604 }
6605 buffer = new_buffer;
6606
6607 if (avio_read(pb, buffer + offset, to_read) != to_read) {
6608 av_free(buffer);
6609 return AVERROR_INVALIDDATA;
6610 }
6611 offset += to_read;
6612 }
6613
6614 *data = buffer;
6615 return 0;
6616 }
6617
mov_read_saiz(MOVContext * c,AVIOContext * pb,MOVAtom atom)6618 static int mov_read_saiz(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6619 {
6620 MOVEncryptionIndex *encryption_index;
6621 MOVStreamContext *sc;
6622 int ret;
6623 unsigned int sample_count, aux_info_type, aux_info_param;
6624
6625 ret = get_current_encryption_info(c, &encryption_index, &sc);
6626 if (ret != 1)
6627 return ret;
6628
6629 if (encryption_index->nb_encrypted_samples) {
6630 // This can happen if we have both saio/saiz and senc atoms.
6631 av_log(c->fc, AV_LOG_DEBUG, "Ignoring duplicate encryption info in saiz\n");
6632 return 0;
6633 }
6634
6635 if (encryption_index->auxiliary_info_sample_count) {
6636 av_log(c->fc, AV_LOG_ERROR, "Duplicate saiz atom\n");
6637 return AVERROR_INVALIDDATA;
6638 }
6639
6640 avio_r8(pb); /* version */
6641 if (avio_rb24(pb) & 0x01) { /* flags */
6642 aux_info_type = avio_rb32(pb);
6643 aux_info_param = avio_rb32(pb);
6644 if (sc->cenc.default_encrypted_sample) {
6645 if (aux_info_type != sc->cenc.default_encrypted_sample->scheme) {
6646 av_log(c->fc, AV_LOG_DEBUG, "Ignoring saiz box with non-zero aux_info_type\n");
6647 return 0;
6648 }
6649 if (aux_info_param != 0) {
6650 av_log(c->fc, AV_LOG_DEBUG, "Ignoring saiz box with non-zero aux_info_type_parameter\n");
6651 return 0;
6652 }
6653 } else {
6654 // Didn't see 'schm' or 'tenc', so this isn't encrypted.
6655 if ((aux_info_type == MKBETAG('c','e','n','c') ||
6656 aux_info_type == MKBETAG('c','e','n','s') ||
6657 aux_info_type == MKBETAG('c','b','c','1') ||
6658 aux_info_type == MKBETAG('c','b','c','s')) &&
6659 aux_info_param == 0) {
6660 av_log(c->fc, AV_LOG_ERROR, "Saw encrypted saiz without schm/tenc\n");
6661 return AVERROR_INVALIDDATA;
6662 } else {
6663 return 0;
6664 }
6665 }
6666 } else if (!sc->cenc.default_encrypted_sample) {
6667 // Didn't see 'schm' or 'tenc', so this isn't encrypted.
6668 return 0;
6669 }
6670
6671 encryption_index->auxiliary_info_default_size = avio_r8(pb);
6672 sample_count = avio_rb32(pb);
6673 encryption_index->auxiliary_info_sample_count = sample_count;
6674
6675 if (encryption_index->auxiliary_info_default_size == 0) {
6676 ret = mov_try_read_block(pb, sample_count, &encryption_index->auxiliary_info_sizes);
6677 if (ret < 0) {
6678 av_log(c->fc, AV_LOG_ERROR, "Failed to read the auxiliary info\n");
6679 return ret;
6680 }
6681 }
6682
6683 if (encryption_index->auxiliary_offsets_count) {
6684 return mov_parse_auxiliary_info(c, sc, pb, encryption_index);
6685 }
6686
6687 return 0;
6688 }
6689
mov_read_saio(MOVContext * c,AVIOContext * pb,MOVAtom atom)6690 static int mov_read_saio(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6691 {
6692 uint64_t *auxiliary_offsets;
6693 MOVEncryptionIndex *encryption_index;
6694 MOVStreamContext *sc;
6695 int i, ret;
6696 unsigned int version, entry_count, aux_info_type, aux_info_param;
6697 unsigned int alloc_size = 0;
6698
6699 ret = get_current_encryption_info(c, &encryption_index, &sc);
6700 if (ret != 1)
6701 return ret;
6702
6703 if (encryption_index->nb_encrypted_samples) {
6704 // This can happen if we have both saio/saiz and senc atoms.
6705 av_log(c->fc, AV_LOG_DEBUG, "Ignoring duplicate encryption info in saio\n");
6706 return 0;
6707 }
6708
6709 if (encryption_index->auxiliary_offsets_count) {
6710 av_log(c->fc, AV_LOG_ERROR, "Duplicate saio atom\n");
6711 return AVERROR_INVALIDDATA;
6712 }
6713
6714 version = avio_r8(pb); /* version */
6715 if (avio_rb24(pb) & 0x01) { /* flags */
6716 aux_info_type = avio_rb32(pb);
6717 aux_info_param = avio_rb32(pb);
6718 if (sc->cenc.default_encrypted_sample) {
6719 if (aux_info_type != sc->cenc.default_encrypted_sample->scheme) {
6720 av_log(c->fc, AV_LOG_DEBUG, "Ignoring saio box with non-zero aux_info_type\n");
6721 return 0;
6722 }
6723 if (aux_info_param != 0) {
6724 av_log(c->fc, AV_LOG_DEBUG, "Ignoring saio box with non-zero aux_info_type_parameter\n");
6725 return 0;
6726 }
6727 } else {
6728 // Didn't see 'schm' or 'tenc', so this isn't encrypted.
6729 if ((aux_info_type == MKBETAG('c','e','n','c') ||
6730 aux_info_type == MKBETAG('c','e','n','s') ||
6731 aux_info_type == MKBETAG('c','b','c','1') ||
6732 aux_info_type == MKBETAG('c','b','c','s')) &&
6733 aux_info_param == 0) {
6734 av_log(c->fc, AV_LOG_ERROR, "Saw encrypted saio without schm/tenc\n");
6735 return AVERROR_INVALIDDATA;
6736 } else {
6737 return 0;
6738 }
6739 }
6740 } else if (!sc->cenc.default_encrypted_sample) {
6741 // Didn't see 'schm' or 'tenc', so this isn't encrypted.
6742 return 0;
6743 }
6744
6745 entry_count = avio_rb32(pb);
6746 if (entry_count >= INT_MAX / sizeof(*auxiliary_offsets))
6747 return AVERROR(ENOMEM);
6748
6749 for (i = 0; i < entry_count && !pb->eof_reached; i++) {
6750 unsigned int min_offsets = FFMIN(FFMAX(i + 1, 1024), entry_count);
6751 auxiliary_offsets = av_fast_realloc(
6752 encryption_index->auxiliary_offsets, &alloc_size,
6753 min_offsets * sizeof(*auxiliary_offsets));
6754 if (!auxiliary_offsets) {
6755 av_freep(&encryption_index->auxiliary_offsets);
6756 return AVERROR(ENOMEM);
6757 }
6758 encryption_index->auxiliary_offsets = auxiliary_offsets;
6759
6760 if (version == 0) {
6761 encryption_index->auxiliary_offsets[i] = avio_rb32(pb);
6762 } else {
6763 encryption_index->auxiliary_offsets[i] = avio_rb64(pb);
6764 }
6765 if (c->frag_index.current >= 0) {
6766 encryption_index->auxiliary_offsets[i] += c->fragment.base_data_offset;
6767 }
6768 }
6769
6770 if (pb->eof_reached) {
6771 av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading saio\n");
6772 av_freep(&encryption_index->auxiliary_offsets);
6773 return AVERROR_INVALIDDATA;
6774 }
6775
6776 encryption_index->auxiliary_offsets_count = entry_count;
6777
6778 if (encryption_index->auxiliary_info_sample_count) {
6779 return mov_parse_auxiliary_info(c, sc, pb, encryption_index);
6780 }
6781
6782 return 0;
6783 }
6784
6785 #ifdef OHOS_DRM
mov_set_drm_info(const uint8_t * pssh_buf,uint32_t pssh_buf_size,AV_DrmInfo * side_data)6786 static int mov_set_drm_info(const uint8_t *pssh_buf, uint32_t pssh_buf_size, AV_DrmInfo *side_data)
6787 {
6788 if (pssh_buf_size < (AV_DRM_UUID_OFFSET + AV_DRM_MAX_DRM_UUID_LEN)) {
6789 return AVERROR_INVALIDDATA;
6790 }
6791 side_data->uuid_len = AV_DRM_MAX_DRM_UUID_LEN;
6792 memcpy(side_data->uuid, pssh_buf + AV_DRM_UUID_OFFSET, AV_DRM_MAX_DRM_UUID_LEN);
6793 side_data->pssh_len = pssh_buf_size;
6794 memcpy(side_data->pssh, pssh_buf, pssh_buf_size);
6795 return 0;
6796 }
6797
mov_is_exist_pssh(const AV_DrmInfo * old_side_data,uint32_t count,AV_DrmInfo side_data_node)6798 static int mov_is_exist_pssh(const AV_DrmInfo *old_side_data, uint32_t count, AV_DrmInfo side_data_node)
6799 {
6800 uint32_t i = 0;
6801 if (count == 0) {
6802 return 0;
6803 }
6804 for (; i < count; i++) {
6805 if ((old_side_data[i].pssh_len == side_data_node.pssh_len) &&
6806 (old_side_data[i].uuid_len == side_data_node.uuid_len)) {
6807 if ((memcmp(old_side_data[i].pssh, side_data_node.pssh, old_side_data[i].pssh_len) == 0) &&
6808 (memcmp(old_side_data[i].uuid, side_data_node.uuid, old_side_data[i].uuid_len) == 0)) {
6809 return 1;
6810 }
6811 }
6812 }
6813 return 0;
6814 }
6815
mov_copy_drm_info(AV_DrmInfo * new_side_data,const AV_DrmInfo * old_side_data,uint32_t old_side_data_count,AV_DrmInfo side_data_node)6816 static void mov_copy_drm_info(AV_DrmInfo *new_side_data, const AV_DrmInfo *old_side_data,
6817 uint32_t old_side_data_count, AV_DrmInfo side_data_node)
6818 {
6819 uint32_t i = 0;
6820 for (; i < old_side_data_count; i++) {
6821 new_side_data[i].uuid_len = old_side_data[i].uuid_len;
6822 memcpy(new_side_data[i].uuid, old_side_data[i].uuid, old_side_data[i].uuid_len);
6823 new_side_data[i].pssh_len = old_side_data[i].pssh_len;
6824 memcpy(new_side_data[i].pssh, old_side_data[i].pssh, old_side_data[i].pssh_len);
6825 }
6826 new_side_data[i].uuid_len = side_data_node.uuid_len;
6827 memcpy(new_side_data[i].uuid, side_data_node.uuid, side_data_node.uuid_len);
6828 new_side_data[i].pssh_len = side_data_node.pssh_len;
6829 memcpy(new_side_data[i].pssh, side_data_node.pssh, side_data_node.pssh_len);
6830 return;
6831 }
6832
mov_read_pssh_ex(MOVContext * c,AVIOContext * pb,MOVAtom atom)6833 static int mov_read_pssh_ex(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6834 {
6835 int ret = 0;
6836 AVStream *st;
6837 AV_DrmInfo side_data_node;
6838 AV_DrmInfo *old_side_data = NULL;
6839 AV_DrmInfo *new_side_data = NULL;
6840 uint8_t pssh_buf[AV_DRM_MAX_DRM_PSSH_LEN];
6841 size_t old_side_data_size = 0;
6842 uint32_t old_side_data_count = 0;
6843 int pssh_exist_flag = 0;
6844 if ((c == NULL) || (c->fc == NULL) || (c->fc->nb_streams < 1) || (c->fc->streams == NULL) || (pb == NULL) ||
6845 (atom.size > (AV_DRM_MAX_DRM_PSSH_LEN - MOV_DRM_PSSH_TITLE_LEN)) || (atom.size <= 0)) {
6846 return 0;
6847 }
6848 st = c->fc->streams[c->fc->nb_streams-1];
6849 if (st == NULL) {
6850 return 0;
6851 }
6852
6853 memset(pssh_buf, 0, sizeof(pssh_buf));
6854 AV_WB32(pssh_buf, (atom.size + MOV_DRM_PSSH_TITLE_LEN));
6855 memcpy(pssh_buf + sizeof(uint32_t), g_pssh_title_buf, sizeof(g_pssh_title_buf));
6856
6857 if ((ret = ffio_read_size(pb, pssh_buf + MOV_DRM_PSSH_TITLE_LEN, atom.size)) < 0) {
6858 av_log(c->fc, AV_LOG_ERROR, "Failed to read the pssh data\n");
6859 return 0;
6860 }
6861 if ((ret = mov_set_drm_info(pssh_buf, (uint32_t)(atom.size + MOV_DRM_PSSH_TITLE_LEN), &side_data_node)) != 0) {
6862 av_log(c->fc, AV_LOG_ERROR, "Failed to set drm info\n");
6863 return 0;
6864 }
6865
6866 old_side_data = (AV_DrmInfo *)av_stream_get_side_data(st, AV_PKT_DATA_ENCRYPTION_INIT_INFO, &old_side_data_size);
6867 if ((old_side_data != NULL) && (old_side_data_size != 0)) {
6868 old_side_data_count = old_side_data_size / sizeof(AV_DrmInfo);
6869 pssh_exist_flag = mov_is_exist_pssh(old_side_data, old_side_data_count, side_data_node);
6870 }
6871 if (pssh_exist_flag == 0) {
6872 new_side_data = (AV_DrmInfo *)av_mallocz(sizeof(AV_DrmInfo) * (old_side_data_count + 1));
6873 if (new_side_data != NULL) {
6874 mov_copy_drm_info(new_side_data, old_side_data, old_side_data_count, side_data_node);
6875 ret = av_stream_add_side_data(st, AV_PKT_DATA_ENCRYPTION_INIT_INFO, (uint8_t *)new_side_data,
6876 (size_t)(sizeof(AV_DrmInfo) * (old_side_data_count + 1)));
6877 if (ret < 0)
6878 av_free(new_side_data);
6879 }
6880 }
6881 return 0;
6882 }
6883 #endif
6884
mov_read_pssh(MOVContext * c,AVIOContext * pb,MOVAtom atom)6885 static int mov_read_pssh(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6886 {
6887 AVEncryptionInitInfo *info, *old_init_info;
6888 uint8_t **key_ids;
6889 AVStream *st;
6890 uint8_t *side_data, *extra_data, *old_side_data;
6891 size_t side_data_size, old_side_data_size;
6892 int ret = 0;
6893 unsigned int version, kid_count, extra_data_size, alloc_size = 0;
6894
6895 if (c->fc->nb_streams < 1)
6896 return 0;
6897 st = c->fc->streams[c->fc->nb_streams-1];
6898
6899 version = avio_r8(pb); /* version */
6900 avio_rb24(pb); /* flags */
6901
6902 info = av_encryption_init_info_alloc(/* system_id_size */ 16, /* num_key_ids */ 0,
6903 /* key_id_size */ 16, /* data_size */ 0);
6904 if (!info)
6905 return AVERROR(ENOMEM);
6906
6907 if ((ret = ffio_read_size(pb, info->system_id, 16)) < 0) {
6908 av_log(c->fc, AV_LOG_ERROR, "Failed to read the system id\n");
6909 goto finish;
6910 }
6911
6912 if (version > 0) {
6913 kid_count = avio_rb32(pb);
6914 if (kid_count >= INT_MAX / sizeof(*key_ids)) {
6915 ret = AVERROR(ENOMEM);
6916 goto finish;
6917 }
6918
6919 for (unsigned int i = 0; i < kid_count && !pb->eof_reached; i++) {
6920 unsigned int min_kid_count = FFMIN(FFMAX(i + 1, 1024), kid_count);
6921 key_ids = av_fast_realloc(info->key_ids, &alloc_size,
6922 min_kid_count * sizeof(*key_ids));
6923 if (!key_ids) {
6924 ret = AVERROR(ENOMEM);
6925 goto finish;
6926 }
6927 info->key_ids = key_ids;
6928
6929 info->key_ids[i] = av_mallocz(16);
6930 if (!info->key_ids[i]) {
6931 ret = AVERROR(ENOMEM);
6932 goto finish;
6933 }
6934 info->num_key_ids = i + 1;
6935
6936 if ((ret = ffio_read_size(pb, info->key_ids[i], 16)) < 0) {
6937 av_log(c->fc, AV_LOG_ERROR, "Failed to read the key id\n");
6938 goto finish;
6939 }
6940 }
6941
6942 if (pb->eof_reached) {
6943 av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading pssh\n");
6944 ret = AVERROR_INVALIDDATA;
6945 goto finish;
6946 }
6947 }
6948
6949 extra_data_size = avio_rb32(pb);
6950 ret = mov_try_read_block(pb, extra_data_size, &extra_data);
6951 if (ret < 0)
6952 goto finish;
6953
6954 av_freep(&info->data); // malloc(0) may still allocate something.
6955 info->data = extra_data;
6956 info->data_size = extra_data_size;
6957
6958 // If there is existing initialization data, append to the list.
6959 old_side_data = av_stream_get_side_data(st, AV_PKT_DATA_ENCRYPTION_INIT_INFO, &old_side_data_size);
6960 if (old_side_data) {
6961 old_init_info = av_encryption_init_info_get_side_data(old_side_data, old_side_data_size);
6962 if (old_init_info) {
6963 // Append to the end of the list.
6964 for (AVEncryptionInitInfo *cur = old_init_info;; cur = cur->next) {
6965 if (!cur->next) {
6966 cur->next = info;
6967 break;
6968 }
6969 }
6970 info = old_init_info;
6971 } else {
6972 // Assume existing side-data will be valid, so the only error we could get is OOM.
6973 ret = AVERROR(ENOMEM);
6974 goto finish;
6975 }
6976 }
6977
6978 side_data = av_encryption_init_info_add_side_data(info, &side_data_size);
6979 if (!side_data) {
6980 ret = AVERROR(ENOMEM);
6981 goto finish;
6982 }
6983 ret = av_stream_add_side_data(st, AV_PKT_DATA_ENCRYPTION_INIT_INFO,
6984 side_data, side_data_size);
6985 if (ret < 0)
6986 av_free(side_data);
6987
6988 finish:
6989 av_encryption_init_info_free(info);
6990 return ret;
6991 }
6992
mov_read_schm(MOVContext * c,AVIOContext * pb,MOVAtom atom)6993 static int mov_read_schm(MOVContext *c, AVIOContext *pb, MOVAtom atom)
6994 {
6995 AVStream *st;
6996 MOVStreamContext *sc;
6997
6998 if (c->fc->nb_streams < 1)
6999 return 0;
7000 st = c->fc->streams[c->fc->nb_streams-1];
7001 sc = st->priv_data;
7002
7003 if (sc->pseudo_stream_id != 0) {
7004 av_log(c->fc, AV_LOG_ERROR, "schm boxes are only supported in first sample descriptor\n");
7005 return AVERROR_PATCHWELCOME;
7006 }
7007
7008 if (atom.size < 8)
7009 return AVERROR_INVALIDDATA;
7010
7011 avio_rb32(pb); /* version and flags */
7012
7013 if (!sc->cenc.default_encrypted_sample) {
7014 sc->cenc.default_encrypted_sample = av_encryption_info_alloc(0, 16, 16);
7015 if (!sc->cenc.default_encrypted_sample) {
7016 return AVERROR(ENOMEM);
7017 }
7018 }
7019
7020 sc->cenc.default_encrypted_sample->scheme = avio_rb32(pb);
7021 return 0;
7022 }
7023
mov_read_tenc(MOVContext * c,AVIOContext * pb,MOVAtom atom)7024 static int mov_read_tenc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7025 {
7026 AVStream *st;
7027 MOVStreamContext *sc;
7028 unsigned int version, pattern, is_protected, iv_size;
7029
7030 if (c->fc->nb_streams < 1)
7031 return 0;
7032 st = c->fc->streams[c->fc->nb_streams-1];
7033 sc = st->priv_data;
7034
7035 if (sc->pseudo_stream_id != 0) {
7036 av_log(c->fc, AV_LOG_ERROR, "tenc atom are only supported in first sample descriptor\n");
7037 return AVERROR_PATCHWELCOME;
7038 }
7039
7040 if (!sc->cenc.default_encrypted_sample) {
7041 sc->cenc.default_encrypted_sample = av_encryption_info_alloc(0, 16, 16);
7042 if (!sc->cenc.default_encrypted_sample) {
7043 return AVERROR(ENOMEM);
7044 }
7045 }
7046
7047 if (atom.size < 20)
7048 return AVERROR_INVALIDDATA;
7049
7050 version = avio_r8(pb); /* version */
7051 avio_rb24(pb); /* flags */
7052
7053 avio_r8(pb); /* reserved */
7054 pattern = avio_r8(pb);
7055
7056 if (version > 0) {
7057 sc->cenc.default_encrypted_sample->crypt_byte_block = pattern >> 4;
7058 sc->cenc.default_encrypted_sample->skip_byte_block = pattern & 0xf;
7059 }
7060
7061 is_protected = avio_r8(pb);
7062 if (is_protected && !sc->cenc.encryption_index) {
7063 // The whole stream should be by-default encrypted.
7064 sc->cenc.encryption_index = av_mallocz(sizeof(MOVEncryptionIndex));
7065 if (!sc->cenc.encryption_index)
7066 return AVERROR(ENOMEM);
7067 }
7068 sc->cenc.per_sample_iv_size = avio_r8(pb);
7069 if (sc->cenc.per_sample_iv_size != 0 && sc->cenc.per_sample_iv_size != 8 &&
7070 sc->cenc.per_sample_iv_size != 16) {
7071 av_log(c->fc, AV_LOG_ERROR, "invalid per-sample IV size value\n");
7072 return AVERROR_INVALIDDATA;
7073 }
7074 if (avio_read(pb, sc->cenc.default_encrypted_sample->key_id, 16) != 16) {
7075 av_log(c->fc, AV_LOG_ERROR, "failed to read the default key ID\n");
7076 return AVERROR_INVALIDDATA;
7077 }
7078
7079 if (is_protected && !sc->cenc.per_sample_iv_size) {
7080 iv_size = avio_r8(pb);
7081 if (iv_size != 8 && iv_size != 16) {
7082 av_log(c->fc, AV_LOG_ERROR, "invalid default_constant_IV_size in tenc atom\n");
7083 return AVERROR_INVALIDDATA;
7084 }
7085
7086 if (avio_read(pb, sc->cenc.default_encrypted_sample->iv, iv_size) != iv_size) {
7087 av_log(c->fc, AV_LOG_ERROR, "failed to read the default IV\n");
7088 return AVERROR_INVALIDDATA;
7089 }
7090 }
7091
7092 return 0;
7093 }
7094
mov_read_dfla(MOVContext * c,AVIOContext * pb,MOVAtom atom)7095 static int mov_read_dfla(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7096 {
7097 AVStream *st;
7098 int last, type, size, ret;
7099 uint8_t buf[4];
7100
7101 if (c->fc->nb_streams < 1)
7102 return 0;
7103 st = c->fc->streams[c->fc->nb_streams-1];
7104
7105 if ((uint64_t)atom.size > (1<<30) || atom.size < 42)
7106 return AVERROR_INVALIDDATA;
7107
7108 /* Check FlacSpecificBox version. */
7109 if (avio_r8(pb) != 0)
7110 return AVERROR_INVALIDDATA;
7111
7112 avio_rb24(pb); /* Flags */
7113
7114 if (avio_read(pb, buf, sizeof(buf)) != sizeof(buf)) {
7115 av_log(c->fc, AV_LOG_ERROR, "failed to read FLAC metadata block header\n");
7116 return pb->error < 0 ? pb->error : AVERROR_INVALIDDATA;
7117 }
7118 flac_parse_block_header(buf, &last, &type, &size);
7119
7120 if (type != FLAC_METADATA_TYPE_STREAMINFO || size != FLAC_STREAMINFO_SIZE) {
7121 av_log(c->fc, AV_LOG_ERROR, "STREAMINFO must be first FLACMetadataBlock\n");
7122 return AVERROR_INVALIDDATA;
7123 }
7124
7125 ret = ff_get_extradata(c->fc, st->codecpar, pb, size);
7126 if (ret < 0)
7127 return ret;
7128
7129 if (!last)
7130 av_log(c->fc, AV_LOG_WARNING, "non-STREAMINFO FLACMetadataBlock(s) ignored\n");
7131
7132 return 0;
7133 }
7134
cenc_scheme_decrypt(MOVContext * c,MOVStreamContext * sc,AVEncryptionInfo * sample,uint8_t * input,int size)7135 static int cenc_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *sample, uint8_t *input, int size)
7136 {
7137 int i, ret;
7138 int bytes_of_protected_data;
7139
7140 if (!sc->cenc.aes_ctr) {
7141 /* initialize the cipher */
7142 sc->cenc.aes_ctr = av_aes_ctr_alloc();
7143 if (!sc->cenc.aes_ctr) {
7144 return AVERROR(ENOMEM);
7145 }
7146
7147 ret = av_aes_ctr_init(sc->cenc.aes_ctr, c->decryption_key);
7148 if (ret < 0) {
7149 return ret;
7150 }
7151 }
7152
7153 av_aes_ctr_set_full_iv(sc->cenc.aes_ctr, sample->iv);
7154
7155 if (!sample->subsample_count) {
7156 /* decrypt the whole packet */
7157 av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, size);
7158 return 0;
7159 }
7160
7161 for (i = 0; i < sample->subsample_count; i++) {
7162 if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) {
7163 av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n");
7164 return AVERROR_INVALIDDATA;
7165 }
7166
7167 /* skip the clear bytes */
7168 input += sample->subsamples[i].bytes_of_clear_data;
7169 size -= sample->subsamples[i].bytes_of_clear_data;
7170
7171 /* decrypt the encrypted bytes */
7172
7173 bytes_of_protected_data = sample->subsamples[i].bytes_of_protected_data;
7174 av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, bytes_of_protected_data);
7175
7176 input += bytes_of_protected_data;
7177 size -= bytes_of_protected_data;
7178 }
7179
7180 if (size > 0) {
7181 av_log(c->fc, AV_LOG_ERROR, "leftover packet bytes after subsample processing\n");
7182 return AVERROR_INVALIDDATA;
7183 }
7184
7185 return 0;
7186 }
7187
cbc1_scheme_decrypt(MOVContext * c,MOVStreamContext * sc,AVEncryptionInfo * sample,uint8_t * input,int size)7188 static int cbc1_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *sample, uint8_t *input, int size)
7189 {
7190 int i, ret;
7191 int num_of_encrypted_blocks;
7192 uint8_t iv[16];
7193
7194 if (!sc->cenc.aes_ctx) {
7195 /* initialize the cipher */
7196 sc->cenc.aes_ctx = av_aes_alloc();
7197 if (!sc->cenc.aes_ctx) {
7198 return AVERROR(ENOMEM);
7199 }
7200
7201 ret = av_aes_init(sc->cenc.aes_ctx, c->decryption_key, 16 * 8, 1);
7202 if (ret < 0) {
7203 return ret;
7204 }
7205 }
7206
7207 memcpy(iv, sample->iv, 16);
7208
7209 /* whole-block full sample encryption */
7210 if (!sample->subsample_count) {
7211 /* decrypt the whole packet */
7212 av_aes_crypt(sc->cenc.aes_ctx, input, input, size/16, iv, 1);
7213 return 0;
7214 }
7215
7216 for (i = 0; i < sample->subsample_count; i++) {
7217 if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) {
7218 av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n");
7219 return AVERROR_INVALIDDATA;
7220 }
7221
7222 if (sample->subsamples[i].bytes_of_protected_data % 16) {
7223 av_log(c->fc, AV_LOG_ERROR, "subsample BytesOfProtectedData is not a multiple of 16\n");
7224 return AVERROR_INVALIDDATA;
7225 }
7226
7227 /* skip the clear bytes */
7228 input += sample->subsamples[i].bytes_of_clear_data;
7229 size -= sample->subsamples[i].bytes_of_clear_data;
7230
7231 /* decrypt the encrypted bytes */
7232 num_of_encrypted_blocks = sample->subsamples[i].bytes_of_protected_data/16;
7233 if (num_of_encrypted_blocks > 0) {
7234 av_aes_crypt(sc->cenc.aes_ctx, input, input, num_of_encrypted_blocks, iv, 1);
7235 }
7236 input += sample->subsamples[i].bytes_of_protected_data;
7237 size -= sample->subsamples[i].bytes_of_protected_data;
7238 }
7239
7240 if (size > 0) {
7241 av_log(c->fc, AV_LOG_ERROR, "leftover packet bytes after subsample processing\n");
7242 return AVERROR_INVALIDDATA;
7243 }
7244
7245 return 0;
7246 }
7247
cens_scheme_decrypt(MOVContext * c,MOVStreamContext * sc,AVEncryptionInfo * sample,uint8_t * input,int size)7248 static int cens_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *sample, uint8_t *input, int size)
7249 {
7250 int i, ret, rem_bytes;
7251 uint8_t *data;
7252
7253 if (!sc->cenc.aes_ctr) {
7254 /* initialize the cipher */
7255 sc->cenc.aes_ctr = av_aes_ctr_alloc();
7256 if (!sc->cenc.aes_ctr) {
7257 return AVERROR(ENOMEM);
7258 }
7259
7260 ret = av_aes_ctr_init(sc->cenc.aes_ctr, c->decryption_key);
7261 if (ret < 0) {
7262 return ret;
7263 }
7264 }
7265
7266 av_aes_ctr_set_full_iv(sc->cenc.aes_ctr, sample->iv);
7267
7268 /* whole-block full sample encryption */
7269 if (!sample->subsample_count) {
7270 /* decrypt the whole packet */
7271 av_aes_ctr_crypt(sc->cenc.aes_ctr, input, input, size);
7272 return 0;
7273 } else if (!sample->crypt_byte_block && !sample->skip_byte_block) {
7274 av_log(c->fc, AV_LOG_ERROR, "pattern encryption is not present in 'cens' scheme\n");
7275 return AVERROR_INVALIDDATA;
7276 }
7277
7278 for (i = 0; i < sample->subsample_count; i++) {
7279 if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) {
7280 av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n");
7281 return AVERROR_INVALIDDATA;
7282 }
7283
7284 /* skip the clear bytes */
7285 input += sample->subsamples[i].bytes_of_clear_data;
7286 size -= sample->subsamples[i].bytes_of_clear_data;
7287
7288 /* decrypt the encrypted bytes */
7289 data = input;
7290 rem_bytes = sample->subsamples[i].bytes_of_protected_data;
7291 while (rem_bytes > 0) {
7292 if (rem_bytes < 16*sample->crypt_byte_block) {
7293 break;
7294 }
7295 av_aes_ctr_crypt(sc->cenc.aes_ctr, data, data, 16*sample->crypt_byte_block);
7296 data += 16*sample->crypt_byte_block;
7297 rem_bytes -= 16*sample->crypt_byte_block;
7298 data += FFMIN(16*sample->skip_byte_block, rem_bytes);
7299 rem_bytes -= FFMIN(16*sample->skip_byte_block, rem_bytes);
7300 }
7301 input += sample->subsamples[i].bytes_of_protected_data;
7302 size -= sample->subsamples[i].bytes_of_protected_data;
7303 }
7304
7305 if (size > 0) {
7306 av_log(c->fc, AV_LOG_ERROR, "leftover packet bytes after subsample processing\n");
7307 return AVERROR_INVALIDDATA;
7308 }
7309
7310 return 0;
7311 }
7312
cbcs_scheme_decrypt(MOVContext * c,MOVStreamContext * sc,AVEncryptionInfo * sample,uint8_t * input,int size)7313 static int cbcs_scheme_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *sample, uint8_t *input, int size)
7314 {
7315 int i, ret, rem_bytes;
7316 uint8_t iv[16];
7317 uint8_t *data;
7318
7319 if (!sc->cenc.aes_ctx) {
7320 /* initialize the cipher */
7321 sc->cenc.aes_ctx = av_aes_alloc();
7322 if (!sc->cenc.aes_ctx) {
7323 return AVERROR(ENOMEM);
7324 }
7325
7326 ret = av_aes_init(sc->cenc.aes_ctx, c->decryption_key, 16 * 8, 1);
7327 if (ret < 0) {
7328 return ret;
7329 }
7330 }
7331
7332 /* whole-block full sample encryption */
7333 if (!sample->subsample_count) {
7334 /* decrypt the whole packet */
7335 memcpy(iv, sample->iv, 16);
7336 av_aes_crypt(sc->cenc.aes_ctx, input, input, size/16, iv, 1);
7337 return 0;
7338 } else if (!sample->crypt_byte_block && !sample->skip_byte_block) {
7339 av_log(c->fc, AV_LOG_ERROR, "pattern encryption is not present in 'cbcs' scheme\n");
7340 return AVERROR_INVALIDDATA;
7341 }
7342
7343 for (i = 0; i < sample->subsample_count; i++) {
7344 if (sample->subsamples[i].bytes_of_clear_data + sample->subsamples[i].bytes_of_protected_data > size) {
7345 av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n");
7346 return AVERROR_INVALIDDATA;
7347 }
7348
7349 /* skip the clear bytes */
7350 input += sample->subsamples[i].bytes_of_clear_data;
7351 size -= sample->subsamples[i].bytes_of_clear_data;
7352
7353 /* decrypt the encrypted bytes */
7354 memcpy(iv, sample->iv, 16);
7355 data = input;
7356 rem_bytes = sample->subsamples[i].bytes_of_protected_data;
7357 while (rem_bytes > 0) {
7358 if (rem_bytes < 16*sample->crypt_byte_block) {
7359 break;
7360 }
7361 av_aes_crypt(sc->cenc.aes_ctx, data, data, sample->crypt_byte_block, iv, 1);
7362 data += 16*sample->crypt_byte_block;
7363 rem_bytes -= 16*sample->crypt_byte_block;
7364 data += FFMIN(16*sample->skip_byte_block, rem_bytes);
7365 rem_bytes -= FFMIN(16*sample->skip_byte_block, rem_bytes);
7366 }
7367 input += sample->subsamples[i].bytes_of_protected_data;
7368 size -= sample->subsamples[i].bytes_of_protected_data;
7369 }
7370
7371 if (size > 0) {
7372 av_log(c->fc, AV_LOG_ERROR, "leftover packet bytes after subsample processing\n");
7373 return AVERROR_INVALIDDATA;
7374 }
7375
7376 return 0;
7377 }
7378
cenc_decrypt(MOVContext * c,MOVStreamContext * sc,AVEncryptionInfo * sample,uint8_t * input,int size)7379 static int cenc_decrypt(MOVContext *c, MOVStreamContext *sc, AVEncryptionInfo *sample, uint8_t *input, int size)
7380 {
7381 if (sample->scheme == MKBETAG('c','e','n','c') && !sample->crypt_byte_block && !sample->skip_byte_block) {
7382 return cenc_scheme_decrypt(c, sc, sample, input, size);
7383 } else if (sample->scheme == MKBETAG('c','b','c','1') && !sample->crypt_byte_block && !sample->skip_byte_block) {
7384 return cbc1_scheme_decrypt(c, sc, sample, input, size);
7385 } else if (sample->scheme == MKBETAG('c','e','n','s')) {
7386 return cens_scheme_decrypt(c, sc, sample, input, size);
7387 } else if (sample->scheme == MKBETAG('c','b','c','s')) {
7388 return cbcs_scheme_decrypt(c, sc, sample, input, size);
7389 } else {
7390 av_log(c->fc, AV_LOG_ERROR, "invalid encryption scheme\n");
7391 return AVERROR_INVALIDDATA;
7392 }
7393 }
7394
cenc_filter(MOVContext * mov,AVStream * st,MOVStreamContext * sc,AVPacket * pkt,int current_index)7395 static int cenc_filter(MOVContext *mov, AVStream* st, MOVStreamContext *sc, AVPacket *pkt, int current_index)
7396 {
7397 MOVFragmentStreamInfo *frag_stream_info;
7398 MOVEncryptionIndex *encryption_index;
7399 AVEncryptionInfo *encrypted_sample;
7400 int encrypted_index, ret;
7401
7402 frag_stream_info = get_frag_stream_info(&mov->frag_index, mov->frag_index.current, st->id);
7403 encrypted_index = current_index;
7404 encryption_index = NULL;
7405 if (frag_stream_info) {
7406 // Note this only supports encryption info in the first sample descriptor.
7407 if (mov->fragment.stsd_id == 1) {
7408 if (frag_stream_info->encryption_index) {
7409 if (!current_index && frag_stream_info->index_entry)
7410 sc->cenc.frag_index_entry_base = frag_stream_info->index_entry;
7411 encrypted_index = current_index - (frag_stream_info->index_entry - sc->cenc.frag_index_entry_base);
7412 encryption_index = frag_stream_info->encryption_index;
7413 } else {
7414 encryption_index = sc->cenc.encryption_index;
7415 }
7416 }
7417 } else {
7418 encryption_index = sc->cenc.encryption_index;
7419 }
7420
7421 if (encryption_index) {
7422 if (encryption_index->auxiliary_info_sample_count &&
7423 !encryption_index->nb_encrypted_samples) {
7424 av_log(mov->fc, AV_LOG_ERROR, "saiz atom found without saio\n");
7425 return AVERROR_INVALIDDATA;
7426 }
7427 if (encryption_index->auxiliary_offsets_count &&
7428 !encryption_index->nb_encrypted_samples) {
7429 av_log(mov->fc, AV_LOG_ERROR, "saio atom found without saiz\n");
7430 return AVERROR_INVALIDDATA;
7431 }
7432
7433 if (!encryption_index->nb_encrypted_samples) {
7434 // Full-sample encryption with default settings.
7435 encrypted_sample = sc->cenc.default_encrypted_sample;
7436 } else if (encrypted_index >= 0 && encrypted_index < encryption_index->nb_encrypted_samples) {
7437 // Per-sample setting override.
7438 encrypted_sample = encryption_index->encrypted_samples[encrypted_index];
7439 } else {
7440 av_log(mov->fc, AV_LOG_ERROR, "Incorrect number of samples in encryption info\n");
7441 return AVERROR_INVALIDDATA;
7442 }
7443
7444 if (mov->decryption_key) {
7445 return cenc_decrypt(mov, sc, encrypted_sample, pkt->data, pkt->size);
7446 } else {
7447 size_t size;
7448 #ifdef OHOS_DRM
7449 AV_DrmCencInfo *side_data = NULL;
7450 side_data = av_encryption_info_add_side_data_ex(encrypted_sample, &size, side_data, pkt->size);
7451 #else
7452 uint8_t *side_data = av_encryption_info_add_side_data(encrypted_sample, &size);
7453 #endif
7454 if (!side_data)
7455 return AVERROR(ENOMEM);
7456 #ifdef OHOS_DRM
7457 ret = av_packet_add_side_data(pkt, AV_PKT_DATA_ENCRYPTION_INFO, (uint8_t *)side_data, size);
7458 #else
7459 ret = av_packet_add_side_data(pkt, AV_PKT_DATA_ENCRYPTION_INFO, side_data, size);
7460 #endif
7461 if (ret < 0)
7462 av_free(side_data);
7463 return ret;
7464 }
7465 }
7466
7467 return 0;
7468 }
7469
mov_read_dops(MOVContext * c,AVIOContext * pb,MOVAtom atom)7470 static int mov_read_dops(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7471 {
7472 const int OPUS_SEEK_PREROLL_MS = 80;
7473 int ret;
7474 AVStream *st;
7475 size_t size;
7476 uint16_t pre_skip;
7477
7478 if (c->fc->nb_streams < 1)
7479 return 0;
7480 st = c->fc->streams[c->fc->nb_streams-1];
7481
7482 if ((uint64_t)atom.size > (1<<30) || atom.size < 11)
7483 return AVERROR_INVALIDDATA;
7484
7485 /* Check OpusSpecificBox version. */
7486 if (avio_r8(pb) != 0) {
7487 av_log(c->fc, AV_LOG_ERROR, "unsupported OpusSpecificBox version\n");
7488 return AVERROR_INVALIDDATA;
7489 }
7490
7491 /* OpusSpecificBox size plus magic for Ogg OpusHead header. */
7492 size = atom.size + 8;
7493
7494 if ((ret = ff_alloc_extradata(st->codecpar, size)) < 0)
7495 return ret;
7496
7497 AV_WL32(st->codecpar->extradata, MKTAG('O','p','u','s'));
7498 AV_WL32(st->codecpar->extradata + 4, MKTAG('H','e','a','d'));
7499 AV_WB8(st->codecpar->extradata + 8, 1); /* OpusHead version */
7500 avio_read(pb, st->codecpar->extradata + 9, size - 9);
7501
7502 /* OpusSpecificBox is stored in big-endian, but OpusHead is
7503 little-endian; aside from the preceeding magic and version they're
7504 otherwise currently identical. Data after output gain at offset 16
7505 doesn't need to be bytewapped. */
7506 pre_skip = AV_RB16(st->codecpar->extradata + 10);
7507 AV_WL16(st->codecpar->extradata + 10, pre_skip);
7508 AV_WL32(st->codecpar->extradata + 12, AV_RB32(st->codecpar->extradata + 12));
7509 AV_WL16(st->codecpar->extradata + 16, AV_RB16(st->codecpar->extradata + 16));
7510
7511 st->codecpar->initial_padding = pre_skip;
7512 st->codecpar->seek_preroll = av_rescale_q(OPUS_SEEK_PREROLL_MS,
7513 (AVRational){1, 1000},
7514 (AVRational){1, 48000});
7515
7516 return 0;
7517 }
7518
mov_read_dmlp(MOVContext * c,AVIOContext * pb,MOVAtom atom)7519 static int mov_read_dmlp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7520 {
7521 AVStream *st;
7522 unsigned format_info;
7523 int channel_assignment, channel_assignment1, channel_assignment2;
7524 int ratebits;
7525 uint64_t chmask;
7526
7527 if (c->fc->nb_streams < 1)
7528 return 0;
7529 st = c->fc->streams[c->fc->nb_streams-1];
7530
7531 if (atom.size < 10)
7532 return AVERROR_INVALIDDATA;
7533
7534 format_info = avio_rb32(pb);
7535
7536 ratebits = (format_info >> 28) & 0xF;
7537 channel_assignment1 = (format_info >> 15) & 0x1F;
7538 channel_assignment2 = format_info & 0x1FFF;
7539 if (channel_assignment2)
7540 channel_assignment = channel_assignment2;
7541 else
7542 channel_assignment = channel_assignment1;
7543
7544 st->codecpar->frame_size = 40 << (ratebits & 0x7);
7545 st->codecpar->sample_rate = mlp_samplerate(ratebits);
7546
7547 av_channel_layout_uninit(&st->codecpar->ch_layout);
7548 chmask = truehd_layout(channel_assignment);
7549 av_channel_layout_from_mask(&st->codecpar->ch_layout, chmask);
7550
7551 return 0;
7552 }
7553
mov_read_dvcc_dvvc(MOVContext * c,AVIOContext * pb,MOVAtom atom)7554 static int mov_read_dvcc_dvvc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7555 {
7556 AVStream *st;
7557 uint8_t buf[ISOM_DVCC_DVVC_SIZE];
7558 int ret;
7559 int64_t read_size = atom.size;
7560
7561 if (c->fc->nb_streams < 1)
7562 return 0;
7563 st = c->fc->streams[c->fc->nb_streams-1];
7564
7565 // At most 24 bytes
7566 read_size = FFMIN(read_size, ISOM_DVCC_DVVC_SIZE);
7567
7568 if ((ret = ffio_read_size(pb, buf, read_size)) < 0)
7569 return ret;
7570
7571 return ff_isom_parse_dvcc_dvvc(c->fc, st, buf, read_size);
7572 }
7573
mov_read_kind(MOVContext * c,AVIOContext * pb,MOVAtom atom)7574 static int mov_read_kind(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7575 {
7576 AVFormatContext *ctx = c->fc;
7577 AVStream *st = NULL;
7578 AVBPrint scheme_buf, value_buf;
7579 int64_t scheme_str_len = 0, value_str_len = 0;
7580 int version, flags, ret = AVERROR_BUG;
7581 int64_t size = atom.size;
7582
7583 if (atom.size < 6)
7584 // 4 bytes for version + flags, 2x 1 byte for null
7585 return AVERROR_INVALIDDATA;
7586
7587 if (c->fc->nb_streams < 1)
7588 return 0;
7589 st = c->fc->streams[c->fc->nb_streams-1];
7590
7591 version = avio_r8(pb);
7592 flags = avio_rb24(pb);
7593 size -= 4;
7594
7595 if (version != 0 || flags != 0) {
7596 av_log(ctx, AV_LOG_ERROR,
7597 "Unsupported 'kind' box with version %d, flags: %x",
7598 version, flags);
7599 return AVERROR_INVALIDDATA;
7600 }
7601
7602 av_bprint_init(&scheme_buf, 0, AV_BPRINT_SIZE_UNLIMITED);
7603 av_bprint_init(&value_buf, 0, AV_BPRINT_SIZE_UNLIMITED);
7604
7605 if ((scheme_str_len = ff_read_string_to_bprint_overwrite(pb, &scheme_buf,
7606 size)) < 0) {
7607 ret = scheme_str_len;
7608 goto cleanup;
7609 }
7610
7611 if (scheme_str_len + 1 >= size) {
7612 // we need to have another string, even if nullptr.
7613 // we check with + 1 since we expect that if size was not hit,
7614 // an additional null was read.
7615 ret = AVERROR_INVALIDDATA;
7616 goto cleanup;
7617 }
7618
7619 size -= scheme_str_len + 1;
7620
7621 if ((value_str_len = ff_read_string_to_bprint_overwrite(pb, &value_buf,
7622 size)) < 0) {
7623 ret = value_str_len;
7624 goto cleanup;
7625 }
7626
7627 if (value_str_len == size) {
7628 // in case of no trailing null, box is not valid.
7629 ret = AVERROR_INVALIDDATA;
7630 goto cleanup;
7631 }
7632
7633 av_log(ctx, AV_LOG_TRACE,
7634 "%s stream %d KindBox(scheme: %s, value: %s)\n",
7635 av_get_media_type_string(st->codecpar->codec_type),
7636 st->index,
7637 scheme_buf.str, value_buf.str);
7638
7639 for (int i = 0; ff_mov_track_kind_table[i].scheme_uri; i++) {
7640 const struct MP4TrackKindMapping map = ff_mov_track_kind_table[i];
7641 if (!av_strstart(scheme_buf.str, map.scheme_uri, NULL))
7642 continue;
7643
7644 for (int j = 0; map.value_maps[j].disposition; j++) {
7645 const struct MP4TrackKindValueMapping value_map = map.value_maps[j];
7646 if (!av_strstart(value_buf.str, value_map.value, NULL))
7647 continue;
7648
7649 st->disposition |= value_map.disposition;
7650 }
7651 }
7652
7653 ret = 0;
7654
7655 cleanup:
7656
7657 av_bprint_finalize(&scheme_buf, NULL);
7658 av_bprint_finalize(&value_buf, NULL);
7659
7660 return ret;
7661 }
7662
mov_read_SA3D(MOVContext * c,AVIOContext * pb,MOVAtom atom)7663 static int mov_read_SA3D(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7664 {
7665 AVStream *st;
7666 int i, version, type;
7667 int ambisonic_order, channel_order, normalization, channel_count;
7668
7669 if (c->fc->nb_streams < 1)
7670 return 0;
7671
7672 st = c->fc->streams[c->fc->nb_streams - 1];
7673
7674 if (atom.size < 16) {
7675 av_log(c->fc, AV_LOG_ERROR, "SA3D audio box too small\n");
7676 return AVERROR_INVALIDDATA;
7677 }
7678
7679 version = avio_r8(pb);
7680 if (version) {
7681 av_log(c->fc, AV_LOG_WARNING, "Unsupported SA3D box version %d\n", version);
7682 return 0;
7683 }
7684
7685 type = avio_r8(pb);
7686 if (type) {
7687 av_log(c->fc, AV_LOG_WARNING,
7688 "Unsupported ambisonic type %d\n", type);
7689 return 0;
7690 }
7691
7692 ambisonic_order = avio_rb32(pb);
7693
7694 channel_order = avio_r8(pb);
7695 if (channel_order) {
7696 av_log(c->fc, AV_LOG_WARNING,
7697 "Unsupported channel_order %d\n", channel_order);
7698 return 0;
7699 }
7700
7701 normalization = avio_r8(pb);
7702 if (normalization) {
7703 av_log(c->fc, AV_LOG_WARNING,
7704 "Unsupported normalization %d\n", normalization);
7705 return 0;
7706 }
7707
7708 channel_count = avio_rb32(pb);
7709 if (ambisonic_order < 0 || channel_count != (ambisonic_order + 1LL) * (ambisonic_order + 1LL)) {
7710 av_log(c->fc, AV_LOG_ERROR,
7711 "Invalid number of channels (%d / %d)\n",
7712 channel_count, ambisonic_order);
7713 return 0;
7714 }
7715
7716 for (i = 0; i < channel_count; i++) {
7717 if (i != avio_rb32(pb)) {
7718 av_log(c->fc, AV_LOG_WARNING,
7719 "Ambisonic channel reordering is not supported\n");
7720 return 0;
7721 }
7722 }
7723
7724 av_channel_layout_uninit(&st->codecpar->ch_layout);
7725 st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_AMBISONIC;
7726 st->codecpar->ch_layout.nb_channels = channel_count;
7727
7728 return 0;
7729 }
7730
mov_read_SAND(MOVContext * c,AVIOContext * pb,MOVAtom atom)7731 static int mov_read_SAND(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7732 {
7733 AVStream *st;
7734 int version;
7735
7736 if (c->fc->nb_streams < 1)
7737 return 0;
7738
7739 st = c->fc->streams[c->fc->nb_streams - 1];
7740
7741 if (atom.size < 5) {
7742 av_log(c->fc, AV_LOG_ERROR, "Empty SAND audio box\n");
7743 return AVERROR_INVALIDDATA;
7744 }
7745
7746 version = avio_r8(pb);
7747 if (version) {
7748 av_log(c->fc, AV_LOG_WARNING, "Unsupported SAND box version %d\n", version);
7749 return 0;
7750 }
7751
7752 st->disposition |= AV_DISPOSITION_NON_DIEGETIC;
7753
7754 return 0;
7755 }
7756
rb_size(AVIOContext * pb,uint64_t * value,int size)7757 static int rb_size(AVIOContext *pb, uint64_t* value, int size)
7758 {
7759 if (size == 0)
7760 *value = 0;
7761 else if (size == 1)
7762 *value = avio_r8(pb);
7763 else if (size == 2)
7764 *value = avio_rb16(pb);
7765 else if (size == 4)
7766 *value = avio_rb32(pb);
7767 else if (size == 8)
7768 *value = avio_rb64(pb);
7769 else
7770 return -1;
7771 return size;
7772 }
7773
mov_read_pitm(MOVContext * c,AVIOContext * pb,MOVAtom atom)7774 static int mov_read_pitm(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7775 {
7776 avio_rb32(pb); // version & flags.
7777 c->primary_item_id = avio_rb16(pb);
7778 return atom.size;
7779 }
7780
mov_read_iloc(MOVContext * c,AVIOContext * pb,MOVAtom atom)7781 static int mov_read_iloc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7782 {
7783 int version, offset_size, length_size, base_offset_size, index_size;
7784 int item_count, extent_count;
7785 uint64_t base_offset, extent_offset, extent_length;
7786 uint8_t value;
7787 AVStream *st;
7788 MOVStreamContext *sc;
7789
7790 if (!c->is_still_picture_avif) {
7791 // * For non-avif, we simply ignore the iloc box.
7792 // * For animated avif, we don't care about the iloc box as all the
7793 // necessary information can be found in the moov box.
7794 return 0;
7795 }
7796
7797 if (c->fc->nb_streams) {
7798 av_log(c->fc, AV_LOG_INFO, "Duplicate iloc box found\n");
7799 return 0;
7800 }
7801
7802 st = avformat_new_stream(c->fc, NULL);
7803 if (!st)
7804 return AVERROR(ENOMEM);
7805 st->id = c->fc->nb_streams;
7806 sc = av_mallocz(sizeof(MOVStreamContext));
7807 if (!sc)
7808 return AVERROR(ENOMEM);
7809
7810 st->priv_data = sc;
7811 st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO;
7812 st->codecpar->codec_id = AV_CODEC_ID_AV1;
7813 sc->ffindex = st->index;
7814 c->trak_index = st->index;
7815 st->avg_frame_rate.num = st->avg_frame_rate.den = 1;
7816 st->time_base.num = st->time_base.den = 1;
7817 st->nb_frames = 1;
7818 sc->time_scale = 1;
7819 sc = st->priv_data;
7820 sc->pb = c->fc->pb;
7821 sc->pb_is_copied = 1;
7822
7823 version = avio_r8(pb);
7824 avio_rb24(pb); // flags.
7825
7826 value = avio_r8(pb);
7827 offset_size = (value >> 4) & 0xF;
7828 length_size = value & 0xF;
7829 value = avio_r8(pb);
7830 base_offset_size = (value >> 4) & 0xF;
7831 index_size = !version ? 0 : (value & 0xF);
7832 if (index_size) {
7833 av_log(c->fc, AV_LOG_ERROR, "iloc: index_size != 0 not supported.\n");
7834 return AVERROR_PATCHWELCOME;
7835 }
7836 item_count = (version < 2) ? avio_rb16(pb) : avio_rb32(pb);
7837
7838 // Populate the necessary fields used by mov_build_index.
7839 sc->stsc_count = 1;
7840 sc->stsc_data = av_malloc_array(1, sizeof(*sc->stsc_data));
7841 if (!sc->stsc_data)
7842 return AVERROR(ENOMEM);
7843 sc->stsc_data[0].first = 1;
7844 sc->stsc_data[0].count = 1;
7845 sc->stsc_data[0].id = 1;
7846 sc->chunk_count = 1;
7847 sc->chunk_offsets = av_malloc_array(1, sizeof(*sc->chunk_offsets));
7848 if (!sc->chunk_offsets)
7849 return AVERROR(ENOMEM);
7850 sc->sample_count = 1;
7851 sc->sample_sizes = av_malloc_array(1, sizeof(*sc->sample_sizes));
7852 if (!sc->sample_sizes)
7853 return AVERROR(ENOMEM);
7854 sc->stts_count = 1;
7855 sc->stts_data = av_malloc_array(1, sizeof(*sc->stts_data));
7856 if (!sc->stts_data)
7857 return AVERROR(ENOMEM);
7858 sc->stts_data[0].count = 1;
7859 // Not used for still images. But needed by mov_build_index.
7860 sc->stts_data[0].duration = 0;
7861
7862 for (int i = 0; i < item_count; i++) {
7863 int item_id = (version < 2) ? avio_rb16(pb) : avio_rb32(pb);
7864 if (avio_feof(pb))
7865 return AVERROR_INVALIDDATA;
7866 if (version > 0)
7867 avio_rb16(pb); // construction_method.
7868 avio_rb16(pb); // data_reference_index.
7869 if (rb_size(pb, &base_offset, base_offset_size) < 0)
7870 return AVERROR_INVALIDDATA;
7871 extent_count = avio_rb16(pb);
7872 if (extent_count > 1) {
7873 // For still AVIF images, we only support one extent item.
7874 av_log(c->fc, AV_LOG_ERROR, "iloc: extent_count > 1 not supported.\n");
7875 return AVERROR_PATCHWELCOME;
7876 }
7877 for (int j = 0; j < extent_count; j++) {
7878 if (rb_size(pb, &extent_offset, offset_size) < 0 ||
7879 rb_size(pb, &extent_length, length_size) < 0 ||
7880 base_offset > INT64_MAX - extent_offset)
7881 return AVERROR_INVALIDDATA;
7882 if (item_id == c->primary_item_id) {
7883 sc->sample_sizes[0] = extent_length;
7884 sc->chunk_offsets[0] = base_offset + extent_offset;
7885 }
7886 }
7887 }
7888
7889 mov_build_index(c, st);
7890
7891 // For still AVIF images, the iloc box contains all the necessary
7892 // information that would generally be provided by the moov box. So simply
7893 // mark that we have found the moov box so that parsing can continue.
7894 c->found_moov = 1;
7895
7896 return atom.size;
7897 }
7898
7899
7900 #ifdef OHOS_MOOV_LEVEL_META
mov_read_gnre(MOVContext * c,AVIOContext * pb,MOVAtom atom)7901 static int mov_read_gnre(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7902 {
7903 int32_t i = 0;
7904 if (atom.size > 0) {
7905 if (atom.size > FFMIN(INT_MAX, SIZE_MAX - 1))
7906 return AVERROR_INVALIDDATA;
7907 char* genre = av_mallocz(atom.size + 1); /* Add null terminator */
7908 if (!genre)
7909 return AVERROR(ENOMEM);
7910
7911 int ret = ffio_read_size(pb, genre, atom.size);
7912 if (ret < 0) {
7913 av_freep(&genre);
7914 return ret;
7915 }
7916 /* skip zero at head of genre from dual frame video */
7917 for (i = 0; i < atom.size; ++i) {
7918 if (genre[i] != 0) {
7919 break;
7920 }
7921 }
7922 av_dict_set(&c->fc->metadata, "genre", genre + i, AV_DICT_DONT_OVERWRITE);
7923 av_freep(&genre);
7924 }
7925 return 0;
7926 }
7927 #endif
7928
7929 #ifdef OHOS_AV3A_DEMUXER
mov_read_dca3(MOVContext * c,AVIOContext * pb,MOVAtom atom)7930 static int mov_read_dca3(MOVContext *c, AVIOContext *pb, MOVAtom atom)
7931 {
7932 int ret = 0;
7933 int i = 0;
7934 int nb_channels = 0;
7935 int nb_objects = 0;
7936 int buff_size = 0;
7937 AVStream *st = NULL;
7938 GetBitContext gb;
7939 uint8_t buffer[(AV3A_DCA3_BOX_MAX_SIZE + 1) + AV_INPUT_BUFFER_PADDING_SIZE];
7940 int audio_codec_id, sampling_frequency_index;
7941 int nn_type, content_type, channel_number_index, number_objects;
7942 int hoa_order, resolution_index, reserved;
7943 int bitrate_kbps;
7944
7945 if ((atom.size < AV3A_DCA3_BOX_MIN_SIZE) || (atom.size > AV3A_DCA3_BOX_MAX_SIZE)) {
7946 return AVERROR_INVALIDDATA;
7947 }
7948 buff_size = (int)(atom.size);
7949
7950 if ((ret = init_get_bits8(&gb, buffer, (AV3A_DCA3_BOX_MAX_SIZE + 1))) < 0) {
7951 return ret;
7952 }
7953
7954 if (c->fc->nb_streams < 1) {
7955 return 0;
7956 }
7957 st = c->fc->streams[c->fc->nb_streams - 1];
7958
7959 if ((ret = avio_read(pb, buffer, buff_size)) < 0) {
7960 return ret;
7961 }
7962
7963 audio_codec_id = get_bits(&gb, 4);
7964 if (audio_codec_id != AV3A_LOSSY_CODEC_ID) {
7965 return AVERROR_INVALIDDATA;
7966 }
7967
7968 st->codecpar->frame_size = AV3A_AUDIO_FRAME_SIZE;
7969 sampling_frequency_index = get_bits(&gb, 4);
7970 if ((sampling_frequency_index >= AV3A_FS_TABLE_SIZE) || (sampling_frequency_index < 0)) {
7971 return AVERROR_INVALIDDATA;
7972 }
7973 st->codecpar->sample_rate = ff_av3a_sampling_rate_table[sampling_frequency_index];
7974
7975 nn_type = get_bits(&gb, 3);
7976 if ((nn_type > AV3A_LC_NN_TYPE) || (nn_type < AV3A_BASELINE_NN_TYPE)) {
7977 return AVERROR_INVALIDDATA;
7978 }
7979
7980 reserved = get_bits(&gb, 1);
7981 content_type = get_bits(&gb, 4);
7982 if (content_type == AV3A_CHANNEL_BASED_TYPE) {
7983 channel_number_index = get_bits(&gb, 7);
7984 reserved = get_bits(&gb, 1);
7985 if ((channel_number_index > CHANNEL_CONFIG_MC_7_1_4) ||
7986 (channel_number_index == CHANNEL_CONFIG_MC_10_2) ||
7987 (channel_number_index == CHANNEL_CONFIG_MC_22_2) ||
7988 (channel_number_index < CHANNEL_CONFIG_MONO)) {
7989 return AVERROR_INVALIDDATA;
7990 }
7991 nb_channels = ff_av3a_channels_map_table[channel_number_index].channels;
7992 } else if (content_type == AV3A_OBJECT_BASED_TYPE) {
7993 number_objects = get_bits(&gb, 7);
7994 reserved = get_bits(&gb, 1);
7995 nb_objects = number_objects;
7996 if (nb_objects < 1) {
7997 return AVERROR_INVALIDDATA;
7998 }
7999 } else if (content_type == AV3A_CHANNEL_OBJECT_TYPE) {
8000 channel_number_index = get_bits(&gb, 7);
8001 reserved = get_bits(&gb, 1);
8002 if ((channel_number_index > CHANNEL_CONFIG_MC_7_1_4) ||
8003 (channel_number_index == CHANNEL_CONFIG_MC_10_2) ||
8004 (channel_number_index == CHANNEL_CONFIG_MC_22_2) ||
8005 (channel_number_index < CHANNEL_CONFIG_STEREO)) {
8006 return AVERROR_INVALIDDATA;
8007 }
8008 number_objects = get_bits(&gb, 7);
8009 reserved = get_bits(&gb, 1);
8010 nb_channels = ff_av3a_channels_map_table[channel_number_index].channels;
8011 nb_objects = number_objects;
8012 if (nb_objects < 1) {
8013 return AVERROR_INVALIDDATA;
8014 }
8015 } else if (content_type == AV3A_AMBISONIC_TYPE) {
8016 hoa_order = get_bits(&gb, 4);
8017 if ((hoa_order < AV3A_AMBISONIC_FIRST_ORDER) || (hoa_order > AV3A_AMBISONIC_THIRD_ORDER)) {
8018 return AVERROR_INVALIDDATA;
8019 }
8020 nb_channels = (hoa_order + 1) * (hoa_order + 1);
8021 } else {
8022 return AVERROR_INVALIDDATA;
8023 }
8024
8025 bitrate_kbps = get_bits(&gb, 16);
8026 if (bitrate_kbps <= 0) {
8027 return AVERROR_INVALIDDATA;
8028 }
8029 st->codecpar->bit_rate = (int64_t)(bitrate_kbps * 1000);
8030
8031 resolution_index = get_bits(&gb, 2);
8032 if ((resolution_index >= AV3A_RESOLUTION_TABLE_SIZE) || (resolution_index < 0)) {
8033 return AVERROR_INVALIDDATA;
8034 }
8035 st->codecpar->format = ff_av3a_sample_format_map_table[resolution_index].sample_format;
8036 st->codecpar->bits_per_raw_sample = ff_av3a_sample_format_map_table[resolution_index].resolution;
8037
8038 av_channel_layout_uninit(&st->codecpar->ch_layout);
8039 if (content_type != AV3A_AMBISONIC_TYPE) {
8040 st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_CUSTOM;
8041 st->codecpar->ch_layout.nb_channels = (nb_channels + nb_objects);
8042 st->codecpar->ch_layout.u.map = av_calloc(st->codecpar->ch_layout.nb_channels, sizeof(AVChannelCustom));
8043 if (!st->codecpar->ch_layout.u.map) {
8044 return AVERROR(ENOMEM);
8045 }
8046
8047 if (content_type != AV3A_OBJECT_BASED_TYPE) {
8048 for (i = 0; i < nb_channels; i ++) {
8049 st->codecpar->ch_layout.u.map[i].id = ff_av3a_channels_map_table[channel_number_index].channel_layout[i];
8050 }
8051 }
8052
8053 for (i = nb_channels; i < st->codecpar->ch_layout.nb_channels; i++) {
8054 st->codecpar->ch_layout.u.map[i].id = AV3A_CH_AUDIO_OBJECT;
8055 }
8056 } else {
8057 st->codecpar->ch_layout.order = AV_CHANNEL_ORDER_AMBISONIC;
8058 st->codecpar->ch_layout.nb_channels = nb_channels;
8059 }
8060
8061 return 0;
8062 }
8063 #endif
8064
8065 static const MOVParseTableEntry mov_default_parse_table[] = {
8066 { MKTAG('A','C','L','R'), mov_read_aclr },
8067 { MKTAG('A','P','R','G'), mov_read_avid },
8068 { MKTAG('A','A','L','P'), mov_read_avid },
8069 { MKTAG('A','R','E','S'), mov_read_ares },
8070 { MKTAG('a','v','s','s'), mov_read_avss },
8071 { MKTAG('a','v','1','C'), mov_read_glbl },
8072 { MKTAG('c','h','p','l'), mov_read_chpl },
8073 { MKTAG('c','o','6','4'), mov_read_stco },
8074 { MKTAG('c','o','l','r'), mov_read_colr },
8075 { MKTAG('c','t','t','s'), mov_read_ctts }, /* composition time to sample */
8076 { MKTAG('d','i','n','f'), mov_read_default },
8077 { MKTAG('D','p','x','E'), mov_read_dpxe },
8078 { MKTAG('d','r','e','f'), mov_read_dref },
8079 { MKTAG('e','d','t','s'), mov_read_default },
8080 { MKTAG('e','l','s','t'), mov_read_elst },
8081 { MKTAG('e','n','d','a'), mov_read_enda },
8082 { MKTAG('f','i','e','l'), mov_read_fiel },
8083 { MKTAG('a','d','r','m'), mov_read_adrm },
8084 { MKTAG('f','t','y','p'), mov_read_ftyp },
8085 { MKTAG('g','l','b','l'), mov_read_glbl },
8086 { MKTAG('h','d','l','r'), mov_read_hdlr },
8087 { MKTAG('i','l','s','t'), mov_read_ilst },
8088 { MKTAG('j','p','2','h'), mov_read_jp2h },
8089 { MKTAG('m','d','a','t'), mov_read_mdat },
8090 { MKTAG('m','d','h','d'), mov_read_mdhd },
8091 { MKTAG('m','d','i','a'), mov_read_default },
8092 { MKTAG('m','e','t','a'), mov_read_meta },
8093 { MKTAG('m','i','n','f'), mov_read_default },
8094 { MKTAG('m','o','o','f'), mov_read_moof },
8095 { MKTAG('m','o','o','v'), mov_read_moov },
8096 { MKTAG('m','v','e','x'), mov_read_default },
8097 { MKTAG('m','v','h','d'), mov_read_mvhd },
8098 { MKTAG('S','M','I',' '), mov_read_svq3 },
8099 { MKTAG('a','l','a','c'), mov_read_alac }, /* alac specific atom */
8100 { MKTAG('a','v','c','C'), mov_read_glbl },
8101 { MKTAG('p','a','s','p'), mov_read_pasp },
8102 { MKTAG('s','i','d','x'), mov_read_sidx },
8103 { MKTAG('s','t','b','l'), mov_read_default },
8104 { MKTAG('s','t','c','o'), mov_read_stco },
8105 { MKTAG('s','t','p','s'), mov_read_stps },
8106 { MKTAG('s','t','r','f'), mov_read_strf },
8107 { MKTAG('s','t','s','c'), mov_read_stsc },
8108 { MKTAG('s','t','s','d'), mov_read_stsd }, /* sample description */
8109 { MKTAG('s','t','s','s'), mov_read_stss }, /* sync sample */
8110 { MKTAG('s','t','s','z'), mov_read_stsz }, /* sample size */
8111 { MKTAG('s','t','t','s'), mov_read_stts },
8112 { MKTAG('s','t','z','2'), mov_read_stsz }, /* compact sample size */
8113 { MKTAG('s','d','t','p'), mov_read_sdtp }, /* independent and disposable samples */
8114 { MKTAG('t','k','h','d'), mov_read_tkhd }, /* track header */
8115 { MKTAG('t','f','d','t'), mov_read_tfdt },
8116 { MKTAG('t','f','h','d'), mov_read_tfhd }, /* track fragment header */
8117 { MKTAG('t','r','a','k'), mov_read_trak },
8118 { MKTAG('t','r','a','f'), mov_read_default },
8119 { MKTAG('t','r','e','f'), mov_read_default },
8120 { MKTAG('t','m','c','d'), mov_read_tmcd },
8121 { MKTAG('c','h','a','p'), mov_read_chap },
8122 { MKTAG('t','r','e','x'), mov_read_trex },
8123 { MKTAG('t','r','u','n'), mov_read_trun },
8124 { MKTAG('u','d','t','a'), mov_read_default },
8125 { MKTAG('w','a','v','e'), mov_read_wave },
8126 { MKTAG('e','s','d','s'), mov_read_esds },
8127 { MKTAG('d','a','c','3'), mov_read_dac3 }, /* AC-3 info */
8128 { MKTAG('d','e','c','3'), mov_read_dec3 }, /* EAC-3 info */
8129 { MKTAG('d','d','t','s'), mov_read_ddts }, /* DTS audio descriptor */
8130 { MKTAG('w','i','d','e'), mov_read_wide }, /* place holder */
8131 { MKTAG('w','f','e','x'), mov_read_wfex },
8132 { MKTAG('c','m','o','v'), mov_read_cmov },
8133 { MKTAG('c','h','a','n'), mov_read_chan }, /* channel layout */
8134 { MKTAG('d','v','c','1'), mov_read_dvc1 },
8135 { MKTAG('s','g','p','d'), mov_read_sgpd },
8136 { MKTAG('s','b','g','p'), mov_read_sbgp },
8137 { MKTAG('h','v','c','C'), mov_read_glbl },
8138 #ifdef OHOS_OPT_COMPAT
8139 { MKTAG('v','v','c','C'), mov_read_glbl },
8140 #endif
8141 { MKTAG('u','u','i','d'), mov_read_uuid },
8142 { MKTAG('C','i','n', 0x8e), mov_read_targa_y216 },
8143 { MKTAG('f','r','e','e'), mov_read_free },
8144 { MKTAG('-','-','-','-'), mov_read_custom },
8145 { MKTAG('s','i','n','f'), mov_read_default },
8146 { MKTAG('f','r','m','a'), mov_read_frma },
8147 { MKTAG('s','e','n','c'), mov_read_senc },
8148 { MKTAG('s','a','i','z'), mov_read_saiz },
8149 { MKTAG('s','a','i','o'), mov_read_saio },
8150 #ifdef OHOS_DRM
8151 { MKTAG('p','s','s','h'), mov_read_pssh_ex },
8152 #else
8153 { MKTAG('p','s','s','h'), mov_read_pssh },
8154 #endif
8155 { MKTAG('s','c','h','m'), mov_read_schm },
8156 { MKTAG('s','c','h','i'), mov_read_default },
8157 { MKTAG('t','e','n','c'), mov_read_tenc },
8158 { MKTAG('d','f','L','a'), mov_read_dfla },
8159 { MKTAG('s','t','3','d'), mov_read_st3d }, /* stereoscopic 3D video box */
8160 { MKTAG('s','v','3','d'), mov_read_sv3d }, /* spherical video box */
8161 { MKTAG('d','O','p','s'), mov_read_dops },
8162 { MKTAG('d','m','l','p'), mov_read_dmlp },
8163 { MKTAG('S','m','D','m'), mov_read_smdm },
8164 { MKTAG('C','o','L','L'), mov_read_coll },
8165 { MKTAG('v','p','c','C'), mov_read_vpcc },
8166 { MKTAG('m','d','c','v'), mov_read_mdcv },
8167 { MKTAG('c','l','l','i'), mov_read_clli },
8168 { MKTAG('d','v','c','C'), mov_read_dvcc_dvvc },
8169 { MKTAG('d','v','v','C'), mov_read_dvcc_dvvc },
8170 { MKTAG('d','v','w','C'), mov_read_dvcc_dvvc },
8171 { MKTAG('k','i','n','d'), mov_read_kind },
8172 { MKTAG('S','A','3','D'), mov_read_SA3D }, /* ambisonic audio box */
8173 { MKTAG('S','A','N','D'), mov_read_SAND }, /* non diegetic audio box */
8174 { MKTAG('i','l','o','c'), mov_read_iloc },
8175 { MKTAG('p','c','m','C'), mov_read_pcmc }, /* PCM configuration box */
8176 { MKTAG('p','i','t','m'), mov_read_pitm },
8177 #ifdef OHOS_TIMED_META_TRACK
8178 { MKTAG('c','d','s','c'), mov_read_cdsc },
8179 #endif
8180 #ifdef OHOS_AV3A_DEMUXER
8181 { MKTAG('d','c','a','3'), mov_read_dca3 },
8182 #endif
8183 { 0, NULL }
8184 };
8185
mov_read_default(MOVContext * c,AVIOContext * pb,MOVAtom atom)8186 static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom)
8187 {
8188 int64_t total_size = 0;
8189 MOVAtom a;
8190 int i;
8191
8192 if (c->atom_depth > 10) {
8193 av_log(c->fc, AV_LOG_ERROR, "Atoms too deeply nested\n");
8194 return AVERROR_INVALIDDATA;
8195 }
8196 c->atom_depth ++;
8197
8198 if (atom.size < 0)
8199 atom.size = INT64_MAX;
8200 while (total_size <= atom.size - 8) {
8201 int (*parse)(MOVContext*, AVIOContext*, MOVAtom) = NULL;
8202 a.size = avio_rb32(pb);
8203 a.type = avio_rl32(pb);
8204 if (avio_feof(pb))
8205 break;
8206 if (((a.type == MKTAG('f','r','e','e') && c->moov_retry) ||
8207 a.type == MKTAG('h','o','o','v')) &&
8208 a.size >= 8 &&
8209 c->fc->strict_std_compliance < FF_COMPLIANCE_STRICT) {
8210 uint32_t type;
8211 avio_skip(pb, 4);
8212 type = avio_rl32(pb);
8213 if (avio_feof(pb))
8214 break;
8215 avio_seek(pb, -8, SEEK_CUR);
8216 if (type == MKTAG('m','v','h','d') ||
8217 type == MKTAG('c','m','o','v')) {
8218 av_log(c->fc, AV_LOG_ERROR, "Detected moov in a free or hoov atom.\n");
8219 a.type = MKTAG('m','o','o','v');
8220 }
8221 }
8222 if (atom.type != MKTAG('r','o','o','t') &&
8223 atom.type != MKTAG('m','o','o','v')) {
8224 if (a.type == MKTAG('t','r','a','k') ||
8225 a.type == MKTAG('m','d','a','t')) {
8226 av_log(c->fc, AV_LOG_ERROR, "Broken file, trak/mdat not at top-level\n");
8227 avio_skip(pb, -8);
8228 c->atom_depth --;
8229 return 0;
8230 }
8231 }
8232 total_size += 8;
8233 if (a.size == 1 && total_size + 8 <= atom.size) { /* 64 bit extended size */
8234 a.size = avio_rb64(pb) - 8;
8235 total_size += 8;
8236 }
8237 av_log(c->fc, AV_LOG_TRACE, "type:'%s' parent:'%s' sz: %"PRId64" %"PRId64" %"PRId64"\n",
8238 av_fourcc2str(a.type), av_fourcc2str(atom.type), a.size, total_size, atom.size);
8239 if (a.size == 0) {
8240 a.size = atom.size - total_size + 8;
8241 }
8242 if (a.size < 0)
8243 break;
8244 a.size -= 8;
8245 if (a.size < 0)
8246 break;
8247 a.size = FFMIN(a.size, atom.size - total_size);
8248
8249 for (i = 0; mov_default_parse_table[i].type; i++)
8250 if (mov_default_parse_table[i].type == a.type) {
8251 parse = mov_default_parse_table[i].parse;
8252 break;
8253 }
8254
8255 // container is user data
8256 if (!parse && (atom.type == MKTAG('u','d','t','a') ||
8257 atom.type == MKTAG('i','l','s','t')))
8258 parse = mov_read_udta_string;
8259
8260 #ifdef OHOS_MOOV_LEVEL_META
8261 // support moov gnre info
8262 if (!parse && a.type == MKTAG('g','n','r','e')) {
8263 parse = mov_read_gnre;
8264 }
8265 #endif
8266
8267 // Supports parsing the QuickTime Metadata Keys.
8268 // https://developer.apple.com/library/mac/documentation/QuickTime/QTFF/Metadata/Metadata.html
8269 if (!parse && c->found_hdlr_mdta &&
8270 atom.type == MKTAG('m','e','t','a') &&
8271 a.type == MKTAG('k','e','y','s') &&
8272 c->meta_keys_count == 0) {
8273 parse = mov_read_keys;
8274 }
8275
8276 if (!parse) { /* skip leaf atoms data */
8277 avio_skip(pb, a.size);
8278 } else {
8279 int64_t start_pos = avio_tell(pb);
8280 int64_t left;
8281 int err = parse(c, pb, a);
8282 if (err < 0) {
8283 c->atom_depth --;
8284 return err;
8285 }
8286 if (c->found_moov && c->found_mdat && a.size <= INT64_MAX - start_pos &&
8287 ((!(pb->seekable & AVIO_SEEKABLE_NORMAL) || c->fc->flags & AVFMT_FLAG_IGNIDX || c->frag_index.complete) ||
8288 start_pos + a.size == avio_size(pb))) {
8289 if (!(pb->seekable & AVIO_SEEKABLE_NORMAL) || c->fc->flags & AVFMT_FLAG_IGNIDX || c->frag_index.complete)
8290 c->next_root_atom = start_pos + a.size;
8291 c->atom_depth --;
8292 return 0;
8293 }
8294 left = a.size - avio_tell(pb) + start_pos;
8295 if (left > 0) /* skip garbage at atom end */
8296 avio_skip(pb, left);
8297 else if (left < 0) {
8298 av_log(c->fc, AV_LOG_WARNING,
8299 "overread end of atom '%s' by %"PRId64" bytes\n",
8300 av_fourcc2str(a.type), -left);
8301 avio_seek(pb, left, SEEK_CUR);
8302 }
8303 }
8304
8305 total_size += a.size;
8306 }
8307
8308 if (total_size < atom.size && atom.size < 0x7ffff)
8309 avio_skip(pb, atom.size - total_size);
8310
8311 c->atom_depth --;
8312 return 0;
8313 }
8314
mov_probe(const AVProbeData * p)8315 static int mov_probe(const AVProbeData *p)
8316 {
8317 int64_t offset;
8318 uint32_t tag;
8319 int score = 0;
8320 int moov_offset = -1;
8321
8322 /* check file header */
8323 offset = 0;
8324 for (;;) {
8325 int64_t size;
8326 int minsize = 8;
8327 /* ignore invalid offset */
8328 if ((offset + 8ULL) > (unsigned int)p->buf_size)
8329 break;
8330 size = AV_RB32(p->buf + offset);
8331 if (size == 1 && offset + 16 <= (unsigned int)p->buf_size) {
8332 size = AV_RB64(p->buf+offset + 8);
8333 minsize = 16;
8334 } else if (size == 0) {
8335 size = p->buf_size - offset;
8336 }
8337 if (size < minsize) {
8338 offset += 4;
8339 continue;
8340 }
8341 tag = AV_RL32(p->buf + offset + 4);
8342 switch(tag) {
8343 /* check for obvious tags */
8344 case MKTAG('m','o','o','v'):
8345 moov_offset = offset + 4;
8346 case MKTAG('m','d','a','t'):
8347 case MKTAG('p','n','o','t'): /* detect movs with preview pics like ew.mov and april.mov */
8348 case MKTAG('u','d','t','a'): /* Packet Video PVAuthor adds this and a lot of more junk */
8349 case MKTAG('f','t','y','p'):
8350 if (tag == MKTAG('f','t','y','p') &&
8351 ( AV_RL32(p->buf + offset + 8) == MKTAG('j','p','2',' ')
8352 || AV_RL32(p->buf + offset + 8) == MKTAG('j','p','x',' ')
8353 || AV_RL32(p->buf + offset + 8) == MKTAG('j','x','l',' ')
8354 )) {
8355 score = FFMAX(score, 5);
8356 } else {
8357 score = AVPROBE_SCORE_MAX;
8358 }
8359 break;
8360 /* those are more common words, so rate then a bit less */
8361 case MKTAG('e','d','i','w'): /* xdcam files have reverted first tags */
8362 case MKTAG('w','i','d','e'):
8363 case MKTAG('f','r','e','e'):
8364 case MKTAG('j','u','n','k'):
8365 case MKTAG('p','i','c','t'):
8366 score = FFMAX(score, AVPROBE_SCORE_MAX - 5);
8367 break;
8368 case MKTAG(0x82,0x82,0x7f,0x7d):
8369 case MKTAG('s','k','i','p'):
8370 case MKTAG('u','u','i','d'):
8371 case MKTAG('p','r','f','l'):
8372 /* if we only find those cause probedata is too small at least rate them */
8373 score = FFMAX(score, AVPROBE_SCORE_EXTENSION);
8374 break;
8375 }
8376 if (size > INT64_MAX - offset)
8377 break;
8378 offset += size;
8379 }
8380 if (score > AVPROBE_SCORE_MAX - 50 && moov_offset != -1) {
8381 /* moov atom in the header - we should make sure that this is not a
8382 * MOV-packed MPEG-PS */
8383 offset = moov_offset;
8384
8385 while (offset < (p->buf_size - 16)) { /* Sufficient space */
8386 /* We found an actual hdlr atom */
8387 if (AV_RL32(p->buf + offset ) == MKTAG('h','d','l','r') &&
8388 AV_RL32(p->buf + offset + 8) == MKTAG('m','h','l','r') &&
8389 AV_RL32(p->buf + offset + 12) == MKTAG('M','P','E','G')) {
8390 av_log(NULL, AV_LOG_WARNING, "Found media data tag MPEG indicating this is a MOV-packed MPEG-PS.\n");
8391 /* We found a media handler reference atom describing an
8392 * MPEG-PS-in-MOV, return a
8393 * low score to force expanding the probe window until
8394 * mpegps_probe finds what it needs */
8395 return 5;
8396 } else {
8397 /* Keep looking */
8398 offset += 2;
8399 }
8400 }
8401 }
8402
8403 return score;
8404 }
8405
8406 // must be done after parsing all trak because there's no order requirement
mov_read_chapters(AVFormatContext * s)8407 static void mov_read_chapters(AVFormatContext *s)
8408 {
8409 MOVContext *mov = s->priv_data;
8410 MOVStreamContext *sc;
8411 int64_t cur_pos;
8412 int i, j;
8413 int chapter_track;
8414
8415 for (j = 0; j < mov->nb_chapter_tracks; j++) {
8416 AVStream *st = NULL;
8417 FFStream *sti = NULL;
8418 chapter_track = mov->chapter_tracks[j];
8419 for (i = 0; i < s->nb_streams; i++)
8420 if (s->streams[i]->id == chapter_track) {
8421 st = s->streams[i];
8422 break;
8423 }
8424 if (!st) {
8425 av_log(s, AV_LOG_ERROR, "Referenced QT chapter track not found\n");
8426 continue;
8427 }
8428 sti = ffstream(st);
8429
8430 sc = st->priv_data;
8431 cur_pos = avio_tell(sc->pb);
8432
8433 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) {
8434 st->disposition |= AV_DISPOSITION_ATTACHED_PIC | AV_DISPOSITION_TIMED_THUMBNAILS;
8435 if (sti->nb_index_entries) {
8436 // Retrieve the first frame, if possible
8437 AVIndexEntry *sample = &sti->index_entries[0];
8438 if (avio_seek(sc->pb, sample->pos, SEEK_SET) != sample->pos) {
8439 av_log(s, AV_LOG_ERROR, "Failed to retrieve first frame\n");
8440 goto finish;
8441 }
8442
8443 if (ff_add_attached_pic(s, st, sc->pb, NULL, sample->size) < 0)
8444 goto finish;
8445 }
8446 } else {
8447 st->codecpar->codec_type = AVMEDIA_TYPE_DATA;
8448 st->codecpar->codec_id = AV_CODEC_ID_BIN_DATA;
8449 st->discard = AVDISCARD_ALL;
8450 for (int i = 0; i < sti->nb_index_entries; i++) {
8451 AVIndexEntry *sample = &sti->index_entries[i];
8452 int64_t end = i+1 < sti->nb_index_entries ? sti->index_entries[i+1].timestamp : st->duration;
8453 uint8_t *title;
8454 uint16_t ch;
8455 int len, title_len;
8456
8457 if (end < sample->timestamp) {
8458 av_log(s, AV_LOG_WARNING, "ignoring stream duration which is shorter than chapters\n");
8459 end = AV_NOPTS_VALUE;
8460 }
8461
8462 if (avio_seek(sc->pb, sample->pos, SEEK_SET) != sample->pos) {
8463 av_log(s, AV_LOG_ERROR, "Chapter %d not found in file\n", i);
8464 goto finish;
8465 }
8466
8467 // the first two bytes are the length of the title
8468 len = avio_rb16(sc->pb);
8469 if (len > sample->size-2)
8470 continue;
8471 title_len = 2*len + 1;
8472 if (!(title = av_mallocz(title_len)))
8473 goto finish;
8474
8475 // The samples could theoretically be in any encoding if there's an encd
8476 // atom following, but in practice are only utf-8 or utf-16, distinguished
8477 // instead by the presence of a BOM
8478 if (!len) {
8479 title[0] = 0;
8480 } else {
8481 ch = avio_rb16(sc->pb);
8482 if (ch == 0xfeff)
8483 avio_get_str16be(sc->pb, len, title, title_len);
8484 else if (ch == 0xfffe)
8485 avio_get_str16le(sc->pb, len, title, title_len);
8486 else {
8487 AV_WB16(title, ch);
8488 if (len == 1 || len == 2)
8489 title[len] = 0;
8490 else
8491 avio_get_str(sc->pb, INT_MAX, title + 2, len - 1);
8492 }
8493 }
8494
8495 avpriv_new_chapter(s, i, st->time_base, sample->timestamp, end, title);
8496 av_freep(&title);
8497 }
8498 }
8499 finish:
8500 avio_seek(sc->pb, cur_pos, SEEK_SET);
8501 }
8502 }
8503
parse_timecode_in_framenum_format(AVFormatContext * s,AVStream * st,int64_t value,int flags)8504 static int parse_timecode_in_framenum_format(AVFormatContext *s, AVStream *st,
8505 int64_t value, int flags)
8506 {
8507 AVTimecode tc;
8508 char buf[AV_TIMECODE_STR_SIZE];
8509 AVRational rate = st->avg_frame_rate;
8510 int ret = av_timecode_init(&tc, rate, flags, 0, s);
8511 if (ret < 0)
8512 return ret;
8513 av_dict_set(&st->metadata, "timecode",
8514 av_timecode_make_string(&tc, buf, value), 0);
8515 return 0;
8516 }
8517
mov_read_rtmd_track(AVFormatContext * s,AVStream * st)8518 static int mov_read_rtmd_track(AVFormatContext *s, AVStream *st)
8519 {
8520 MOVStreamContext *sc = st->priv_data;
8521 FFStream *const sti = ffstream(st);
8522 char buf[AV_TIMECODE_STR_SIZE];
8523 int64_t cur_pos = avio_tell(sc->pb);
8524 int hh, mm, ss, ff, drop;
8525
8526 if (!sti->nb_index_entries)
8527 return -1;
8528
8529 avio_seek(sc->pb, sti->index_entries->pos, SEEK_SET);
8530 avio_skip(s->pb, 13);
8531 hh = avio_r8(s->pb);
8532 mm = avio_r8(s->pb);
8533 ss = avio_r8(s->pb);
8534 drop = avio_r8(s->pb);
8535 ff = avio_r8(s->pb);
8536 snprintf(buf, AV_TIMECODE_STR_SIZE, "%02d:%02d:%02d%c%02d",
8537 hh, mm, ss, drop ? ';' : ':', ff);
8538 av_dict_set(&st->metadata, "timecode", buf, 0);
8539
8540 avio_seek(sc->pb, cur_pos, SEEK_SET);
8541 return 0;
8542 }
8543
mov_read_timecode_track(AVFormatContext * s,AVStream * st)8544 static int mov_read_timecode_track(AVFormatContext *s, AVStream *st)
8545 {
8546 MOVStreamContext *sc = st->priv_data;
8547 FFStream *const sti = ffstream(st);
8548 int flags = 0;
8549 int64_t cur_pos = avio_tell(sc->pb);
8550 int64_t value;
8551 AVRational tc_rate = st->avg_frame_rate;
8552 int tmcd_nb_frames = sc->tmcd_nb_frames;
8553 int rounded_tc_rate;
8554
8555 if (!sti->nb_index_entries)
8556 return -1;
8557
8558 if (!tc_rate.num || !tc_rate.den || !tmcd_nb_frames)
8559 return -1;
8560
8561 avio_seek(sc->pb, sti->index_entries->pos, SEEK_SET);
8562 value = avio_rb32(s->pb);
8563
8564 if (sc->tmcd_flags & 0x0001) flags |= AV_TIMECODE_FLAG_DROPFRAME;
8565 if (sc->tmcd_flags & 0x0002) flags |= AV_TIMECODE_FLAG_24HOURSMAX;
8566 if (sc->tmcd_flags & 0x0004) flags |= AV_TIMECODE_FLAG_ALLOWNEGATIVE;
8567
8568 /* Assume Counter flag is set to 1 in tmcd track (even though it is likely
8569 * not the case) and thus assume "frame number format" instead of QT one.
8570 * No sample with tmcd track can be found with a QT timecode at the moment,
8571 * despite what the tmcd track "suggests" (Counter flag set to 0 means QT
8572 * format). */
8573
8574 /* 60 fps content have tmcd_nb_frames set to 30 but tc_rate set to 60, so
8575 * we multiply the frame number with the quotient.
8576 * See tickets #9492, #9710. */
8577 rounded_tc_rate = (tc_rate.num + tc_rate.den / 2) / tc_rate.den;
8578 /* Work around files where tmcd_nb_frames is rounded down from frame rate
8579 * instead of up. See ticket #5978. */
8580 if (tmcd_nb_frames == tc_rate.num / tc_rate.den &&
8581 s->strict_std_compliance < FF_COMPLIANCE_STRICT)
8582 tmcd_nb_frames = rounded_tc_rate;
8583 value = av_rescale(value, rounded_tc_rate, tmcd_nb_frames);
8584
8585 parse_timecode_in_framenum_format(s, st, value, flags);
8586
8587 avio_seek(sc->pb, cur_pos, SEEK_SET);
8588 return 0;
8589 }
8590
mov_free_encryption_index(MOVEncryptionIndex ** index)8591 static void mov_free_encryption_index(MOVEncryptionIndex **index) {
8592 int i;
8593 if (!index || !*index) return;
8594 for (i = 0; i < (*index)->nb_encrypted_samples; i++) {
8595 av_encryption_info_free((*index)->encrypted_samples[i]);
8596 }
8597 av_freep(&(*index)->encrypted_samples);
8598 av_freep(&(*index)->auxiliary_info_sizes);
8599 av_freep(&(*index)->auxiliary_offsets);
8600 av_freep(index);
8601 }
8602
mov_read_close(AVFormatContext * s)8603 static int mov_read_close(AVFormatContext *s)
8604 {
8605 MOVContext *mov = s->priv_data;
8606 int i, j;
8607
8608 for (i = 0; i < s->nb_streams; i++) {
8609 AVStream *st = s->streams[i];
8610 MOVStreamContext *sc = st->priv_data;
8611
8612 #ifdef OHOS_EXPAND_MP4_INFO
8613 if (st->stts_data != NULL) {
8614 free(st->stts_data);
8615 st->stts_data = NULL;
8616 }
8617
8618 if (st->ctts_data != NULL) {
8619 free(st->ctts_data);
8620 st->ctts_data = NULL;
8621 }
8622 #endif
8623
8624 if (!sc)
8625 continue;
8626
8627 av_freep(&sc->ctts_data);
8628 for (j = 0; j < sc->drefs_count; j++) {
8629 av_freep(&sc->drefs[j].path);
8630 av_freep(&sc->drefs[j].dir);
8631 }
8632 av_freep(&sc->drefs);
8633
8634 sc->drefs_count = 0;
8635
8636 if (!sc->pb_is_copied)
8637 ff_format_io_close(s, &sc->pb);
8638
8639 sc->pb = NULL;
8640 av_freep(&sc->chunk_offsets);
8641 av_freep(&sc->stsc_data);
8642 av_freep(&sc->sample_sizes);
8643 av_freep(&sc->keyframes);
8644 av_freep(&sc->stts_data);
8645 av_freep(&sc->sdtp_data);
8646 av_freep(&sc->stps_data);
8647 av_freep(&sc->elst_data);
8648 av_freep(&sc->rap_group);
8649 av_freep(&sc->sync_group);
8650 av_freep(&sc->sgpd_sync);
8651 av_freep(&sc->sample_offsets);
8652 av_freep(&sc->open_key_samples);
8653 av_freep(&sc->display_matrix);
8654 av_freep(&sc->index_ranges);
8655
8656 if (sc->extradata)
8657 for (j = 0; j < sc->stsd_count; j++)
8658 av_free(sc->extradata[j]);
8659 av_freep(&sc->extradata);
8660 av_freep(&sc->extradata_size);
8661
8662 mov_free_encryption_index(&sc->cenc.encryption_index);
8663 av_encryption_info_free(sc->cenc.default_encrypted_sample);
8664 av_aes_ctr_free(sc->cenc.aes_ctr);
8665
8666 av_freep(&sc->stereo3d);
8667 av_freep(&sc->spherical);
8668 av_freep(&sc->mastering);
8669 av_freep(&sc->coll);
8670 }
8671
8672 av_freep(&mov->dv_demux);
8673 avformat_free_context(mov->dv_fctx);
8674 mov->dv_fctx = NULL;
8675
8676 if (mov->meta_keys) {
8677 for (i = 1; i < mov->meta_keys_count; i++) {
8678 av_freep(&mov->meta_keys[i]);
8679 }
8680 av_freep(&mov->meta_keys);
8681 }
8682
8683 av_freep(&mov->trex_data);
8684 av_freep(&mov->bitrates);
8685
8686 for (i = 0; i < mov->frag_index.nb_items; i++) {
8687 MOVFragmentStreamInfo *frag = mov->frag_index.item[i].stream_info;
8688 for (j = 0; j < mov->frag_index.item[i].nb_stream_info; j++) {
8689 mov_free_encryption_index(&frag[j].encryption_index);
8690 }
8691 av_freep(&mov->frag_index.item[i].stream_info);
8692 }
8693 av_freep(&mov->frag_index.item);
8694
8695 av_freep(&mov->aes_decrypt);
8696 av_freep(&mov->chapter_tracks);
8697
8698 return 0;
8699 }
8700
tmcd_is_referenced(AVFormatContext * s,int tmcd_id)8701 static int tmcd_is_referenced(AVFormatContext *s, int tmcd_id)
8702 {
8703 int i;
8704
8705 for (i = 0; i < s->nb_streams; i++) {
8706 AVStream *st = s->streams[i];
8707 MOVStreamContext *sc = st->priv_data;
8708
8709 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO &&
8710 sc->timecode_track == tmcd_id)
8711 return 1;
8712 }
8713 return 0;
8714 }
8715
8716 /* look for a tmcd track not referenced by any video track, and export it globally */
export_orphan_timecode(AVFormatContext * s)8717 static void export_orphan_timecode(AVFormatContext *s)
8718 {
8719 int i;
8720
8721 for (i = 0; i < s->nb_streams; i++) {
8722 AVStream *st = s->streams[i];
8723
8724 if (st->codecpar->codec_tag == MKTAG('t','m','c','d') &&
8725 !tmcd_is_referenced(s, i + 1)) {
8726 AVDictionaryEntry *tcr = av_dict_get(st->metadata, "timecode", NULL, 0);
8727 if (tcr) {
8728 av_dict_set(&s->metadata, "timecode", tcr->value, 0);
8729 break;
8730 }
8731 }
8732 }
8733 }
8734
read_tfra(MOVContext * mov,AVIOContext * f)8735 static int read_tfra(MOVContext *mov, AVIOContext *f)
8736 {
8737 int version, fieldlength, i, j;
8738 int64_t pos = avio_tell(f);
8739 uint32_t size = avio_rb32(f);
8740 unsigned track_id, item_count;
8741
8742 if (avio_rb32(f) != MKBETAG('t', 'f', 'r', 'a')) {
8743 return 1;
8744 }
8745 av_log(mov->fc, AV_LOG_VERBOSE, "found tfra\n");
8746
8747 version = avio_r8(f);
8748 avio_rb24(f);
8749 track_id = avio_rb32(f);
8750 fieldlength = avio_rb32(f);
8751 item_count = avio_rb32(f);
8752 for (i = 0; i < item_count; i++) {
8753 int64_t time, offset;
8754 int index;
8755 MOVFragmentStreamInfo * frag_stream_info;
8756
8757 if (avio_feof(f)) {
8758 return AVERROR_INVALIDDATA;
8759 }
8760
8761 if (version == 1) {
8762 time = avio_rb64(f);
8763 offset = avio_rb64(f);
8764 } else {
8765 time = avio_rb32(f);
8766 offset = avio_rb32(f);
8767 }
8768
8769 // The first sample of each stream in a fragment is always a random
8770 // access sample. So it's entry in the tfra can be used as the
8771 // initial PTS of the fragment.
8772 index = update_frag_index(mov, offset);
8773 frag_stream_info = get_frag_stream_info(&mov->frag_index, index, track_id);
8774 if (frag_stream_info &&
8775 frag_stream_info->first_tfra_pts == AV_NOPTS_VALUE)
8776 frag_stream_info->first_tfra_pts = time;
8777
8778 for (j = 0; j < ((fieldlength >> 4) & 3) + 1; j++)
8779 avio_r8(f);
8780 for (j = 0; j < ((fieldlength >> 2) & 3) + 1; j++)
8781 avio_r8(f);
8782 for (j = 0; j < ((fieldlength >> 0) & 3) + 1; j++)
8783 avio_r8(f);
8784 }
8785
8786 avio_seek(f, pos + size, SEEK_SET);
8787 return 0;
8788 }
8789
mov_read_mfra(MOVContext * c,AVIOContext * f)8790 static int mov_read_mfra(MOVContext *c, AVIOContext *f)
8791 {
8792 int64_t stream_size = avio_size(f);
8793 int64_t original_pos = avio_tell(f);
8794 int64_t seek_ret;
8795 int ret = -1;
8796 if ((seek_ret = avio_seek(f, stream_size - 4, SEEK_SET)) < 0) {
8797 ret = seek_ret;
8798 goto fail;
8799 }
8800 c->mfra_size = avio_rb32(f);
8801 c->have_read_mfra_size = 1;
8802 if (!c->mfra_size || c->mfra_size > stream_size) {
8803 av_log(c->fc, AV_LOG_DEBUG, "doesn't look like mfra (unreasonable size)\n");
8804 goto fail;
8805 }
8806 if ((seek_ret = avio_seek(f, -((int64_t) c->mfra_size), SEEK_CUR)) < 0) {
8807 ret = seek_ret;
8808 goto fail;
8809 }
8810 if (avio_rb32(f) != c->mfra_size) {
8811 av_log(c->fc, AV_LOG_DEBUG, "doesn't look like mfra (size mismatch)\n");
8812 goto fail;
8813 }
8814 if (avio_rb32(f) != MKBETAG('m', 'f', 'r', 'a')) {
8815 av_log(c->fc, AV_LOG_DEBUG, "doesn't look like mfra (tag mismatch)\n");
8816 goto fail;
8817 }
8818 av_log(c->fc, AV_LOG_VERBOSE, "stream has mfra\n");
8819 do {
8820 ret = read_tfra(c, f);
8821 if (ret < 0)
8822 goto fail;
8823 } while (!ret);
8824 ret = 0;
8825 c->frag_index.complete = 1;
8826 fail:
8827 seek_ret = avio_seek(f, original_pos, SEEK_SET);
8828 if (seek_ret < 0) {
8829 av_log(c->fc, AV_LOG_ERROR,
8830 "failed to seek back after looking for mfra\n");
8831 ret = seek_ret;
8832 }
8833 return ret;
8834 }
8835
mov_read_header(AVFormatContext * s)8836 static int mov_read_header(AVFormatContext *s)
8837 {
8838 MOVContext *mov = s->priv_data;
8839 AVIOContext *pb = s->pb;
8840 int j, err;
8841 MOVAtom atom = { AV_RL32("root") };
8842 int i;
8843
8844 if (mov->decryption_key_len != 0 && mov->decryption_key_len != AES_CTR_KEY_SIZE) {
8845 av_log(s, AV_LOG_ERROR, "Invalid decryption key len %d expected %d\n",
8846 mov->decryption_key_len, AES_CTR_KEY_SIZE);
8847 return AVERROR(EINVAL);
8848 }
8849
8850 mov->fc = s;
8851 mov->trak_index = -1;
8852 /* .mov and .mp4 aren't streamable anyway (only progressive download if moov is before mdat) */
8853 if (pb->seekable & AVIO_SEEKABLE_NORMAL)
8854 atom.size = avio_size(pb);
8855 else
8856 atom.size = INT64_MAX;
8857
8858 /* check MOV header */
8859 do {
8860 if (mov->moov_retry)
8861 avio_seek(pb, 0, SEEK_SET);
8862 if ((err = mov_read_default(mov, pb, atom)) < 0) {
8863 av_log(s, AV_LOG_ERROR, "error reading header\n");
8864 return err;
8865 }
8866 } while ((pb->seekable & AVIO_SEEKABLE_NORMAL) && !mov->found_moov && !mov->moov_retry++);
8867 if (!mov->found_moov) {
8868 av_log(s, AV_LOG_ERROR, "moov atom not found\n");
8869 return AVERROR_INVALIDDATA;
8870 }
8871 av_log(mov->fc, AV_LOG_TRACE, "on_parse_exit_offset=%"PRId64"\n", avio_tell(pb));
8872
8873 if (pb->seekable & AVIO_SEEKABLE_NORMAL) {
8874 if (mov->nb_chapter_tracks > 0 && !mov->ignore_chapters)
8875 mov_read_chapters(s);
8876 for (i = 0; i < s->nb_streams; i++)
8877 if (s->streams[i]->codecpar->codec_tag == AV_RL32("tmcd")) {
8878 mov_read_timecode_track(s, s->streams[i]);
8879 } else if (s->streams[i]->codecpar->codec_tag == AV_RL32("rtmd")) {
8880 mov_read_rtmd_track(s, s->streams[i]);
8881 }
8882 }
8883
8884 /* copy timecode metadata from tmcd tracks to the related video streams */
8885 for (i = 0; i < s->nb_streams; i++) {
8886 AVStream *st = s->streams[i];
8887 MOVStreamContext *sc = st->priv_data;
8888 if (sc->timecode_track > 0) {
8889 AVDictionaryEntry *tcr;
8890 int tmcd_st_id = -1;
8891
8892 for (j = 0; j < s->nb_streams; j++)
8893 if (s->streams[j]->id == sc->timecode_track)
8894 tmcd_st_id = j;
8895
8896 if (tmcd_st_id < 0 || tmcd_st_id == i)
8897 continue;
8898 tcr = av_dict_get(s->streams[tmcd_st_id]->metadata, "timecode", NULL, 0);
8899 if (tcr)
8900 av_dict_set(&st->metadata, "timecode", tcr->value, 0);
8901 }
8902 }
8903 export_orphan_timecode(s);
8904
8905 for (i = 0; i < s->nb_streams; i++) {
8906 AVStream *st = s->streams[i];
8907 FFStream *const sti = ffstream(st);
8908 MOVStreamContext *sc = st->priv_data;
8909 fix_timescale(mov, sc);
8910 if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO &&
8911 st->codecpar->codec_id == AV_CODEC_ID_AAC) {
8912 sti->skip_samples = sc->start_pad;
8913 }
8914 if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO && sc->nb_frames_for_fps > 0 && sc->duration_for_fps > 0)
8915 av_reduce(&st->avg_frame_rate.num, &st->avg_frame_rate.den,
8916 sc->time_scale*(int64_t)sc->nb_frames_for_fps, sc->duration_for_fps, INT_MAX);
8917 if (st->codecpar->codec_type == AVMEDIA_TYPE_SUBTITLE) {
8918 if (st->codecpar->width <= 0 || st->codecpar->height <= 0) {
8919 st->codecpar->width = sc->width;
8920 st->codecpar->height = sc->height;
8921 }
8922 if (st->codecpar->codec_id == AV_CODEC_ID_DVD_SUBTITLE) {
8923 if ((err = mov_rewrite_dvd_sub_extradata(st)) < 0)
8924 return err;
8925 }
8926 }
8927 if (mov->handbrake_version &&
8928 mov->handbrake_version <= 1000000*0 + 1000*10 + 2 && // 0.10.2
8929 st->codecpar->codec_id == AV_CODEC_ID_MP3) {
8930 av_log(s, AV_LOG_VERBOSE, "Forcing full parsing for mp3 stream\n");
8931 sti->need_parsing = AVSTREAM_PARSE_FULL;
8932 }
8933 }
8934
8935 if (mov->trex_data) {
8936 for (i = 0; i < s->nb_streams; i++) {
8937 AVStream *st = s->streams[i];
8938 MOVStreamContext *sc = st->priv_data;
8939 if (st->duration > 0) {
8940 /* Akin to sc->data_size * 8 * sc->time_scale / st->duration but accounting for overflows. */
8941 st->codecpar->bit_rate = av_rescale(sc->data_size, ((int64_t) sc->time_scale) * 8, st->duration);
8942 if (st->codecpar->bit_rate == INT64_MIN) {
8943 av_log(s, AV_LOG_WARNING, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n",
8944 sc->data_size, sc->time_scale);
8945 st->codecpar->bit_rate = 0;
8946 if (s->error_recognition & AV_EF_EXPLODE)
8947 return AVERROR_INVALIDDATA;
8948 }
8949 }
8950 }
8951 }
8952
8953 if (mov->use_mfra_for > 0) {
8954 for (i = 0; i < s->nb_streams; i++) {
8955 AVStream *st = s->streams[i];
8956 MOVStreamContext *sc = st->priv_data;
8957 if (sc->duration_for_fps > 0) {
8958 /* Akin to sc->data_size * 8 * sc->time_scale / sc->duration_for_fps but accounting for overflows. */
8959 st->codecpar->bit_rate = av_rescale(sc->data_size, ((int64_t) sc->time_scale) * 8, sc->duration_for_fps);
8960 if (st->codecpar->bit_rate == INT64_MIN) {
8961 av_log(s, AV_LOG_WARNING, "Overflow during bit rate calculation %"PRId64" * 8 * %d\n",
8962 sc->data_size, sc->time_scale);
8963 st->codecpar->bit_rate = 0;
8964 if (s->error_recognition & AV_EF_EXPLODE)
8965 return AVERROR_INVALIDDATA;
8966 }
8967 }
8968 }
8969 }
8970
8971 for (i = 0; i < mov->bitrates_count && i < s->nb_streams; i++) {
8972 if (mov->bitrates[i]) {
8973 s->streams[i]->codecpar->bit_rate = mov->bitrates[i];
8974 }
8975 }
8976
8977 ff_rfps_calculate(s);
8978
8979 for (i = 0; i < s->nb_streams; i++) {
8980 AVStream *st = s->streams[i];
8981 MOVStreamContext *sc = st->priv_data;
8982
8983 switch (st->codecpar->codec_type) {
8984 case AVMEDIA_TYPE_AUDIO:
8985 err = ff_replaygain_export(st, s->metadata);
8986 if (err < 0)
8987 return err;
8988 break;
8989 case AVMEDIA_TYPE_VIDEO:
8990 if (sc->display_matrix) {
8991 err = av_stream_add_side_data(st, AV_PKT_DATA_DISPLAYMATRIX, (uint8_t*)sc->display_matrix,
8992 sizeof(int32_t) * 9);
8993 if (err < 0)
8994 return err;
8995
8996 sc->display_matrix = NULL;
8997 }
8998 if (sc->stereo3d) {
8999 err = av_stream_add_side_data(st, AV_PKT_DATA_STEREO3D,
9000 (uint8_t *)sc->stereo3d,
9001 sizeof(*sc->stereo3d));
9002 if (err < 0)
9003 return err;
9004
9005 sc->stereo3d = NULL;
9006 }
9007 if (sc->spherical) {
9008 err = av_stream_add_side_data(st, AV_PKT_DATA_SPHERICAL,
9009 (uint8_t *)sc->spherical,
9010 sc->spherical_size);
9011 if (err < 0)
9012 return err;
9013
9014 sc->spherical = NULL;
9015 }
9016 if (sc->mastering) {
9017 err = av_stream_add_side_data(st, AV_PKT_DATA_MASTERING_DISPLAY_METADATA,
9018 (uint8_t *)sc->mastering,
9019 sizeof(*sc->mastering));
9020 if (err < 0)
9021 return err;
9022
9023 sc->mastering = NULL;
9024 }
9025 if (sc->coll) {
9026 err = av_stream_add_side_data(st, AV_PKT_DATA_CONTENT_LIGHT_LEVEL,
9027 (uint8_t *)sc->coll,
9028 sc->coll_size);
9029 if (err < 0)
9030 return err;
9031
9032 sc->coll = NULL;
9033 }
9034 break;
9035 }
9036 }
9037 ff_configure_buffers_for_index(s, AV_TIME_BASE);
9038
9039 for (i = 0; i < mov->frag_index.nb_items; i++)
9040 if (mov->frag_index.item[i].moof_offset <= mov->fragment.moof_offset)
9041 mov->frag_index.item[i].headers_read = 1;
9042
9043 return 0;
9044 }
9045
mov_find_next_sample(AVFormatContext * s,AVStream ** st)9046 static AVIndexEntry *mov_find_next_sample(AVFormatContext *s, AVStream **st)
9047 {
9048 AVIndexEntry *sample = NULL;
9049 int64_t best_dts = INT64_MAX;
9050 int i;
9051 for (i = 0; i < s->nb_streams; i++) {
9052 AVStream *avst = s->streams[i];
9053 FFStream *const avsti = ffstream(avst);
9054 MOVStreamContext *msc = avst->priv_data;
9055 if (msc->pb && msc->current_sample < avsti->nb_index_entries) {
9056 AVIndexEntry *current_sample = &avsti->index_entries[msc->current_sample];
9057 int64_t dts = av_rescale(current_sample->timestamp, AV_TIME_BASE, msc->time_scale);
9058 uint64_t dtsdiff = best_dts > dts ? best_dts - (uint64_t)dts : ((uint64_t)dts - best_dts);
9059 av_log(s, AV_LOG_TRACE, "stream %d, sample %d, dts %"PRId64"\n", i, msc->current_sample, dts);
9060 if (!sample || (!(s->pb->seekable & AVIO_SEEKABLE_NORMAL) && current_sample->pos < sample->pos) ||
9061 ((s->pb->seekable & AVIO_SEEKABLE_NORMAL) &&
9062 ((msc->pb != s->pb && dts < best_dts) || (msc->pb == s->pb && dts != AV_NOPTS_VALUE &&
9063 ((dtsdiff <= AV_TIME_BASE && current_sample->pos < sample->pos) ||
9064 (dtsdiff > AV_TIME_BASE && dts < best_dts)))))) {
9065 sample = current_sample;
9066 best_dts = dts;
9067 *st = avst;
9068 }
9069 }
9070 }
9071 return sample;
9072 }
9073
should_retry(AVIOContext * pb,int error_code)9074 static int should_retry(AVIOContext *pb, int error_code) {
9075 if (error_code == AVERROR_EOF || avio_feof(pb))
9076 return 0;
9077
9078 return 1;
9079 }
9080
mov_switch_root(AVFormatContext * s,int64_t target,int index)9081 static int mov_switch_root(AVFormatContext *s, int64_t target, int index)
9082 {
9083 int ret;
9084 MOVContext *mov = s->priv_data;
9085
9086 if (index >= 0 && index < mov->frag_index.nb_items)
9087 target = mov->frag_index.item[index].moof_offset;
9088 if (avio_seek(s->pb, target, SEEK_SET) != target) {
9089 av_log(mov->fc, AV_LOG_ERROR, "root atom offset 0x%"PRIx64": partial file\n", target);
9090 return AVERROR_INVALIDDATA;
9091 }
9092
9093 mov->next_root_atom = 0;
9094 if (index < 0 || index >= mov->frag_index.nb_items)
9095 index = search_frag_moof_offset(&mov->frag_index, target);
9096 if (index < mov->frag_index.nb_items &&
9097 mov->frag_index.item[index].moof_offset == target) {
9098 if (index + 1 < mov->frag_index.nb_items)
9099 mov->next_root_atom = mov->frag_index.item[index + 1].moof_offset;
9100 if (mov->frag_index.item[index].headers_read)
9101 return 0;
9102 mov->frag_index.item[index].headers_read = 1;
9103 }
9104
9105 mov->found_mdat = 0;
9106
9107 ret = mov_read_default(mov, s->pb, (MOVAtom){ AV_RL32("root"), INT64_MAX });
9108 if (ret < 0)
9109 return ret;
9110 if (avio_feof(s->pb))
9111 return AVERROR_EOF;
9112 av_log(s, AV_LOG_TRACE, "read fragments, offset 0x%"PRIx64"\n", avio_tell(s->pb));
9113
9114 return 1;
9115 }
9116
mov_change_extradata(MOVStreamContext * sc,AVPacket * pkt)9117 static int mov_change_extradata(MOVStreamContext *sc, AVPacket *pkt)
9118 {
9119 uint8_t *side, *extradata;
9120 int extradata_size;
9121
9122 /* Save the current index. */
9123 sc->last_stsd_index = sc->stsc_data[sc->stsc_index].id - 1;
9124
9125 /* Notify the decoder that extradata changed. */
9126 extradata_size = sc->extradata_size[sc->last_stsd_index];
9127 extradata = sc->extradata[sc->last_stsd_index];
9128 if (extradata_size > 0 && extradata) {
9129 side = av_packet_new_side_data(pkt,
9130 AV_PKT_DATA_NEW_EXTRADATA,
9131 extradata_size);
9132 if (!side)
9133 return AVERROR(ENOMEM);
9134 memcpy(side, extradata, extradata_size);
9135 }
9136
9137 return 0;
9138 }
9139
get_eia608_packet(AVIOContext * pb,AVPacket * pkt,int size)9140 static int get_eia608_packet(AVIOContext *pb, AVPacket *pkt, int size)
9141 {
9142 int new_size, ret;
9143
9144 if (size <= 8)
9145 return AVERROR_INVALIDDATA;
9146 new_size = ((size - 8) / 2) * 3;
9147 ret = av_new_packet(pkt, new_size);
9148 if (ret < 0)
9149 return ret;
9150
9151 avio_skip(pb, 8);
9152 for (int j = 0; j < new_size; j += 3) {
9153 pkt->data[j] = 0xFC;
9154 pkt->data[j+1] = avio_r8(pb);
9155 pkt->data[j+2] = avio_r8(pb);
9156 }
9157
9158 return 0;
9159 }
9160
mov_read_packet(AVFormatContext * s,AVPacket * pkt)9161 static int mov_read_packet(AVFormatContext *s, AVPacket *pkt)
9162 {
9163 MOVContext *mov = s->priv_data;
9164 MOVStreamContext *sc;
9165 AVIndexEntry *sample;
9166 AVStream *st = NULL;
9167 int64_t current_index;
9168 int ret;
9169 mov->fc = s;
9170 retry:
9171 sample = mov_find_next_sample(s, &st);
9172 if (!sample || (mov->next_root_atom && sample->pos > mov->next_root_atom)) {
9173 if (!mov->next_root_atom)
9174 return AVERROR_EOF;
9175 if ((ret = mov_switch_root(s, mov->next_root_atom, -1)) < 0)
9176 return ret;
9177 goto retry;
9178 }
9179 sc = st->priv_data;
9180 /* must be done just before reading, to avoid infinite loop on sample */
9181 current_index = sc->current_index;
9182 mov_current_sample_inc(sc);
9183
9184 if (mov->next_root_atom) {
9185 sample->pos = FFMIN(sample->pos, mov->next_root_atom);
9186 sample->size = FFMIN(sample->size, (mov->next_root_atom - sample->pos));
9187 }
9188
9189 if (st->discard != AVDISCARD_ALL) {
9190 int64_t ret64 = avio_seek(sc->pb, sample->pos, SEEK_SET);
9191 if (ret64 != sample->pos) {
9192 av_log(mov->fc, AV_LOG_ERROR, "stream %d, offset 0x%"PRIx64": partial file\n",
9193 sc->ffindex, sample->pos);
9194 if (should_retry(sc->pb, ret64)) {
9195 mov_current_sample_dec(sc);
9196 } else if (ret64 < 0) {
9197 return (int)ret64;
9198 }
9199 return AVERROR_INVALIDDATA;
9200 }
9201
9202 if (st->discard == AVDISCARD_NONKEY && !(sample->flags & AVINDEX_KEYFRAME)) {
9203 av_log(mov->fc, AV_LOG_DEBUG, "Nonkey frame from stream %d discarded due to AVDISCARD_NONKEY\n", sc->ffindex);
9204 goto retry;
9205 }
9206
9207 if (st->codecpar->codec_id == AV_CODEC_ID_EIA_608 && sample->size > 8)
9208 ret = get_eia608_packet(sc->pb, pkt, sample->size);
9209 else
9210 ret = av_get_packet(sc->pb, pkt, sample->size);
9211 if (ret < 0) {
9212 if (should_retry(sc->pb, ret)) {
9213 mov_current_sample_dec(sc);
9214 }
9215 return ret;
9216 }
9217 #ifdef OHOS_SUBTITLE_DEMUXER
9218 if (st->codecpar->codec_id == AV_CODEC_ID_WEBVTT) {
9219 if (pkt->size >= 8) {
9220 uint32_t type = AV_RL32(pkt->data + 4);
9221 int payload_size = pkt->size - 8;
9222 if (type == MKTAG('v', 't', 't', 'e')) {
9223 pkt->size = 0;
9224 } else if (type == MKTAG('v', 't', 't', 'c')) {
9225 uint8_t *payload_data = pkt->data + 8;
9226 while (payload_size >= 8) {
9227 int64_t temp_size = AV_RB32(payload_data);
9228 uint32_t temp_type = AV_RL32(payload_data + 4);
9229 if (temp_type == MKTAG('p', 'a', 'y', 'l')) {
9230 payload_data += 8;
9231 payload_size -= 8;
9232 int move_size = payload_size;
9233 if (pkt->size < move_size) {
9234 move_size = pkt->size;
9235 }
9236 memmove(pkt->data, payload_data, move_size);
9237 pkt->size = payload_size;
9238 pkt->data[pkt->size] = '\0';
9239 break;
9240 } else {
9241 if (temp_size > payload_size) {
9242 break;
9243 }
9244 payload_data += temp_size;
9245 payload_size -= temp_size;
9246 }
9247 }
9248 }
9249 }
9250 }
9251 #endif
9252 #if CONFIG_DV_DEMUXER
9253 if (mov->dv_demux && sc->dv_audio_container) {
9254 ret = avpriv_dv_produce_packet(mov->dv_demux, pkt, pkt->data, pkt->size, pkt->pos);
9255 av_packet_unref(pkt);
9256 if (ret < 0)
9257 return ret;
9258 ret = avpriv_dv_get_packet(mov->dv_demux, pkt);
9259 if (ret < 0)
9260 return ret;
9261 }
9262 #endif
9263 if (sc->has_palette) {
9264 uint8_t *pal;
9265
9266 pal = av_packet_new_side_data(pkt, AV_PKT_DATA_PALETTE, AVPALETTE_SIZE);
9267 if (!pal) {
9268 av_log(mov->fc, AV_LOG_ERROR, "Cannot append palette to packet\n");
9269 } else {
9270 memcpy(pal, sc->palette, AVPALETTE_SIZE);
9271 sc->has_palette = 0;
9272 }
9273 }
9274 if (st->codecpar->codec_id == AV_CODEC_ID_MP3 && !ffstream(st)->need_parsing && pkt->size > 4) {
9275 if (ff_mpa_check_header(AV_RB32(pkt->data)) < 0)
9276 ffstream(st)->need_parsing = AVSTREAM_PARSE_FULL;
9277 }
9278 }
9279
9280 pkt->stream_index = sc->ffindex;
9281 pkt->dts = sample->timestamp;
9282 if (sample->flags & AVINDEX_DISCARD_FRAME) {
9283 pkt->flags |= AV_PKT_FLAG_DISCARD;
9284 }
9285 if (sc->ctts_data && sc->ctts_index < sc->ctts_count) {
9286 pkt->pts = pkt->dts + sc->dts_shift + sc->ctts_data[sc->ctts_index].duration;
9287 /* update ctts context */
9288 sc->ctts_sample++;
9289 if (sc->ctts_index < sc->ctts_count &&
9290 sc->ctts_data[sc->ctts_index].count == sc->ctts_sample) {
9291 sc->ctts_index++;
9292 sc->ctts_sample = 0;
9293 }
9294 } else {
9295 int64_t next_dts = (sc->current_sample < ffstream(st)->nb_index_entries) ?
9296 ffstream(st)->index_entries[sc->current_sample].timestamp : st->duration;
9297
9298 if (next_dts >= pkt->dts)
9299 pkt->duration = next_dts - pkt->dts;
9300 pkt->pts = pkt->dts;
9301 }
9302 if (st->discard == AVDISCARD_ALL)
9303 goto retry;
9304 if (sc->sdtp_data && sc->current_sample <= sc->sdtp_count) {
9305 uint8_t sample_flags = sc->sdtp_data[sc->current_sample - 1];
9306 uint8_t sample_is_depended_on = (sample_flags >> 2) & 0x3;
9307 pkt->flags |= sample_is_depended_on == MOV_SAMPLE_DEPENDENCY_NO ? AV_PKT_FLAG_DISPOSABLE : 0;
9308 }
9309 pkt->flags |= sample->flags & AVINDEX_KEYFRAME ? AV_PKT_FLAG_KEY : 0;
9310 pkt->pos = sample->pos;
9311
9312 /* Multiple stsd handling. */
9313 if (sc->stsc_data) {
9314 if (sc->stsc_data[sc->stsc_index].id > 0 &&
9315 sc->stsc_data[sc->stsc_index].id - 1 < sc->stsd_count &&
9316 sc->stsc_data[sc->stsc_index].id - 1 != sc->last_stsd_index) {
9317 ret = mov_change_extradata(sc, pkt);
9318 if (ret < 0)
9319 return ret;
9320 }
9321
9322 /* Update the stsc index for the next sample */
9323 sc->stsc_sample++;
9324 if (mov_stsc_index_valid(sc->stsc_index, sc->stsc_count) &&
9325 mov_get_stsc_samples(sc, sc->stsc_index) == sc->stsc_sample) {
9326 sc->stsc_index++;
9327 sc->stsc_sample = 0;
9328 }
9329 }
9330
9331 if (mov->aax_mode)
9332 aax_filter(pkt->data, pkt->size, mov);
9333
9334 ret = cenc_filter(mov, st, sc, pkt, current_index);
9335 if (ret < 0) {
9336 return ret;
9337 }
9338
9339 return 0;
9340 }
9341
mov_seek_fragment(AVFormatContext * s,AVStream * st,int64_t timestamp)9342 static int mov_seek_fragment(AVFormatContext *s, AVStream *st, int64_t timestamp)
9343 {
9344 MOVContext *mov = s->priv_data;
9345 int index;
9346
9347 if (!mov->frag_index.complete)
9348 return 0;
9349
9350 index = search_frag_timestamp(&mov->frag_index, st, timestamp);
9351 if (index < 0)
9352 index = 0;
9353 if (!mov->frag_index.item[index].headers_read)
9354 return mov_switch_root(s, -1, index);
9355 if (index + 1 < mov->frag_index.nb_items)
9356 mov->next_root_atom = mov->frag_index.item[index + 1].moof_offset;
9357
9358 return 0;
9359 }
9360
is_open_key_sample(const MOVStreamContext * sc,int sample)9361 static int is_open_key_sample(const MOVStreamContext *sc, int sample)
9362 {
9363 // TODO: a bisect search would scale much better
9364 for (int i = 0; i < sc->open_key_samples_count; i++) {
9365 const int oks = sc->open_key_samples[i];
9366 if (oks == sample)
9367 return 1;
9368 if (oks > sample) /* list is monotically increasing so we can stop early */
9369 break;
9370 }
9371 return 0;
9372 }
9373
9374 /*
9375 * Some key sample may be key frames but not IDR frames, so a random access to
9376 * them may not be allowed.
9377 */
can_seek_to_key_sample(AVStream * st,int sample,int64_t requested_pts)9378 static int can_seek_to_key_sample(AVStream *st, int sample, int64_t requested_pts)
9379 {
9380 MOVStreamContext *sc = st->priv_data;
9381 FFStream *const sti = ffstream(st);
9382 int64_t key_sample_dts, key_sample_pts;
9383
9384 if (st->codecpar->codec_id != AV_CODEC_ID_HEVC)
9385 return 1;
9386
9387 if (sample >= sc->sample_offsets_count)
9388 return 1;
9389
9390 key_sample_dts = sti->index_entries[sample].timestamp;
9391 key_sample_pts = key_sample_dts + sc->sample_offsets[sample] + sc->dts_shift;
9392
9393 /*
9394 * If the sample needs to be presented before an open key sample, they may
9395 * not be decodable properly, even though they come after in decoding
9396 * order.
9397 */
9398 if (is_open_key_sample(sc, sample) && key_sample_pts > requested_pts)
9399 return 0;
9400
9401 return 1;
9402 }
9403
mov_seek_stream(AVFormatContext * s,AVStream * st,int64_t timestamp,int flags)9404 static int mov_seek_stream(AVFormatContext *s, AVStream *st, int64_t timestamp, int flags)
9405 {
9406 MOVStreamContext *sc = st->priv_data;
9407 FFStream *const sti = ffstream(st);
9408 int sample, time_sample, ret;
9409 unsigned int i;
9410
9411 // Here we consider timestamp to be PTS, hence try to offset it so that we
9412 // can search over the DTS timeline.
9413 timestamp -= (sc->min_corrected_pts + sc->dts_shift);
9414
9415 ret = mov_seek_fragment(s, st, timestamp);
9416 if (ret < 0)
9417 return ret;
9418
9419 for (;;) {
9420 sample = av_index_search_timestamp(st, timestamp, flags);
9421 av_log(s, AV_LOG_TRACE, "stream %d, timestamp %"PRId64", sample %d\n", st->index, timestamp, sample);
9422 if (sample < 0 && sti->nb_index_entries && timestamp < sti->index_entries[0].timestamp)
9423 sample = 0;
9424 if (sample < 0) /* not sure what to do */
9425 return AVERROR_INVALIDDATA;
9426
9427 if (!sample || can_seek_to_key_sample(st, sample, timestamp))
9428 break;
9429 timestamp -= FFMAX(sc->min_sample_duration, 1);
9430 }
9431
9432 mov_current_sample_set(sc, sample);
9433 av_log(s, AV_LOG_TRACE, "stream %d, found sample %d\n", st->index, sc->current_sample);
9434 /* adjust ctts index */
9435 if (sc->ctts_data) {
9436 time_sample = 0;
9437 for (i = 0; i < sc->ctts_count; i++) {
9438 int next = time_sample + sc->ctts_data[i].count;
9439 if (next > sc->current_sample) {
9440 sc->ctts_index = i;
9441 sc->ctts_sample = sc->current_sample - time_sample;
9442 break;
9443 }
9444 time_sample = next;
9445 }
9446 }
9447
9448 /* adjust stsd index */
9449 if (sc->chunk_count) {
9450 time_sample = 0;
9451 for (i = 0; i < sc->stsc_count; i++) {
9452 int64_t next = time_sample + mov_get_stsc_samples(sc, i);
9453 if (next > sc->current_sample) {
9454 sc->stsc_index = i;
9455 sc->stsc_sample = sc->current_sample - time_sample;
9456 break;
9457 }
9458 av_assert0(next == (int)next);
9459 time_sample = next;
9460 }
9461 }
9462
9463 return sample;
9464 }
9465
mov_get_skip_samples(AVStream * st,int sample)9466 static int64_t mov_get_skip_samples(AVStream *st, int sample)
9467 {
9468 MOVStreamContext *sc = st->priv_data;
9469 FFStream *const sti = ffstream(st);
9470 int64_t first_ts = sti->index_entries[0].timestamp;
9471 int64_t ts = sti->index_entries[sample].timestamp;
9472 int64_t off;
9473
9474 if (st->codecpar->codec_type != AVMEDIA_TYPE_AUDIO)
9475 return 0;
9476
9477 /* compute skip samples according to stream start_pad, seek ts and first ts */
9478 off = av_rescale_q(ts - first_ts, st->time_base,
9479 (AVRational){1, st->codecpar->sample_rate});
9480 return FFMAX(sc->start_pad - off, 0);
9481 }
9482
mov_read_seek(AVFormatContext * s,int stream_index,int64_t sample_time,int flags)9483 static int mov_read_seek(AVFormatContext *s, int stream_index, int64_t sample_time, int flags)
9484 {
9485 MOVContext *mc = s->priv_data;
9486 AVStream *st;
9487 FFStream *sti;
9488 int sample;
9489 int i;
9490
9491 if (stream_index >= s->nb_streams)
9492 return AVERROR_INVALIDDATA;
9493
9494 st = s->streams[stream_index];
9495 sti = ffstream(st);
9496 sample = mov_seek_stream(s, st, sample_time, flags);
9497 if (sample < 0)
9498 return sample;
9499
9500 if (mc->seek_individually) {
9501 /* adjust seek timestamp to found sample timestamp */
9502 int64_t seek_timestamp = sti->index_entries[sample].timestamp;
9503 sti->skip_samples = mov_get_skip_samples(st, sample);
9504
9505 for (i = 0; i < s->nb_streams; i++) {
9506 AVStream *const st = s->streams[i];
9507 FFStream *const sti = ffstream(st);
9508 int64_t timestamp;
9509
9510 if (stream_index == i)
9511 continue;
9512
9513 timestamp = av_rescale_q(seek_timestamp, s->streams[stream_index]->time_base, st->time_base);
9514 sample = mov_seek_stream(s, st, timestamp, flags);
9515 if (sample >= 0)
9516 sti->skip_samples = mov_get_skip_samples(st, sample);
9517 }
9518 } else {
9519 for (i = 0; i < s->nb_streams; i++) {
9520 MOVStreamContext *sc;
9521 st = s->streams[i];
9522 sc = st->priv_data;
9523 mov_current_sample_set(sc, 0);
9524 }
9525 while (1) {
9526 MOVStreamContext *sc;
9527 AVIndexEntry *entry = mov_find_next_sample(s, &st);
9528 if (!entry)
9529 return AVERROR_INVALIDDATA;
9530 sc = st->priv_data;
9531 if (sc->ffindex == stream_index && sc->current_sample == sample)
9532 break;
9533 mov_current_sample_inc(sc);
9534 }
9535 }
9536 return 0;
9537 }
9538
9539 #define OFFSET(x) offsetof(MOVContext, x)
9540 #define FLAGS AV_OPT_FLAG_VIDEO_PARAM | AV_OPT_FLAG_DECODING_PARAM
9541 static const AVOption mov_options[] = {
9542 {"use_absolute_path",
9543 "allow using absolute path when opening alias, this is a possible security issue",
9544 OFFSET(use_absolute_path), AV_OPT_TYPE_BOOL, {.i64 = 0},
9545 0, 1, FLAGS},
9546 {"seek_streams_individually",
9547 "Seek each stream individually to the closest point",
9548 OFFSET(seek_individually), AV_OPT_TYPE_BOOL, { .i64 = 1 },
9549 0, 1, FLAGS},
9550 {"ignore_editlist", "Ignore the edit list atom.", OFFSET(ignore_editlist), AV_OPT_TYPE_BOOL, {.i64 = 0},
9551 0, 1, FLAGS},
9552 {"advanced_editlist",
9553 "Modify the AVIndex according to the editlists. Use this option to decode in the order specified by the edits.",
9554 OFFSET(advanced_editlist), AV_OPT_TYPE_BOOL, {.i64 = 1},
9555 0, 1, FLAGS},
9556 {"ignore_chapters", "", OFFSET(ignore_chapters), AV_OPT_TYPE_BOOL, {.i64 = 0},
9557 0, 1, FLAGS},
9558 {"use_mfra_for",
9559 "use mfra for fragment timestamps",
9560 OFFSET(use_mfra_for), AV_OPT_TYPE_INT, {.i64 = FF_MOV_FLAG_MFRA_AUTO},
9561 -1, FF_MOV_FLAG_MFRA_PTS, FLAGS,
9562 "use_mfra_for"},
9563 {"auto", "auto", 0, AV_OPT_TYPE_CONST, {.i64 = FF_MOV_FLAG_MFRA_AUTO}, 0, 0,
9564 FLAGS, "use_mfra_for" },
9565 {"dts", "dts", 0, AV_OPT_TYPE_CONST, {.i64 = FF_MOV_FLAG_MFRA_DTS}, 0, 0,
9566 FLAGS, "use_mfra_for" },
9567 {"pts", "pts", 0, AV_OPT_TYPE_CONST, {.i64 = FF_MOV_FLAG_MFRA_PTS}, 0, 0,
9568 FLAGS, "use_mfra_for" },
9569 {"use_tfdt", "use tfdt for fragment timestamps", OFFSET(use_tfdt), AV_OPT_TYPE_BOOL, {.i64 = 1},
9570 0, 1, FLAGS},
9571 { "export_all", "Export unrecognized metadata entries", OFFSET(export_all),
9572 AV_OPT_TYPE_BOOL, { .i64 = 0 }, 0, 1, .flags = FLAGS },
9573 { "export_xmp", "Export full XMP metadata", OFFSET(export_xmp),
9574 AV_OPT_TYPE_BOOL, { .i64 = 0 }, 0, 1, .flags = FLAGS },
9575 { "activation_bytes", "Secret bytes for Audible AAX files", OFFSET(activation_bytes),
9576 AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_DECODING_PARAM },
9577 { "audible_key", "AES-128 Key for Audible AAXC files", OFFSET(audible_key),
9578 AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_DECODING_PARAM },
9579 { "audible_iv", "AES-128 IV for Audible AAXC files", OFFSET(audible_iv),
9580 AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_DECODING_PARAM },
9581 { "audible_fixed_key", // extracted from libAAX_SDK.so and AAXSDKWin.dll files!
9582 "Fixed key used for handling Audible AAX files", OFFSET(audible_fixed_key),
9583 AV_OPT_TYPE_BINARY, {.str="77214d4b196a87cd520045fd20a51d67"},
9584 .flags = AV_OPT_FLAG_DECODING_PARAM },
9585 { "decryption_key", "The media decryption key (hex)", OFFSET(decryption_key), AV_OPT_TYPE_BINARY, .flags = AV_OPT_FLAG_DECODING_PARAM },
9586 { "enable_drefs", "Enable external track support.", OFFSET(enable_drefs), AV_OPT_TYPE_BOOL,
9587 {.i64 = 0}, 0, 1, FLAGS },
9588 { "max_stts_delta", "treat offsets above this value as invalid", OFFSET(max_stts_delta), AV_OPT_TYPE_INT, {.i64 = UINT_MAX-48000*10 }, 0, UINT_MAX, .flags = AV_OPT_FLAG_DECODING_PARAM },
9589
9590 { NULL },
9591 };
9592
9593 static const AVClass mov_class = {
9594 .class_name = "mov,mp4,m4a,3gp,3g2,mj2",
9595 .item_name = av_default_item_name,
9596 .option = mov_options,
9597 .version = LIBAVUTIL_VERSION_INT,
9598 };
9599
9600 const AVInputFormat ff_mov_demuxer = {
9601 .name = "mov,mp4,m4a,3gp,3g2,mj2",
9602 .long_name = NULL_IF_CONFIG_SMALL("QuickTime / MOV"),
9603 .priv_class = &mov_class,
9604 .priv_data_size = sizeof(MOVContext),
9605 .extensions = "mov,mp4,m4a,3gp,3g2,mj2,psp,m4b,ism,ismv,isma,f4v,avif",
9606 .flags_internal = FF_FMT_INIT_CLEANUP,
9607 .read_probe = mov_probe,
9608 .read_header = mov_read_header,
9609 .read_packet = mov_read_packet,
9610 .read_close = mov_read_close,
9611 .read_seek = mov_read_seek,
9612 .flags = AVFMT_NO_BYTE_SEEK | AVFMT_SEEK_TO_PTS | AVFMT_SHOW_IDS,
9613 };