diff options
Diffstat (limited to 'libMpegTPDec')
-rw-r--r-- | libMpegTPDec/src/tpdec_adts.cpp | 48 | ||||
-rw-r--r-- | libMpegTPDec/src/tpdec_asc.cpp | 45 | ||||
-rw-r--r-- | libMpegTPDec/src/tpdec_latm.cpp | 6 | ||||
-rw-r--r-- | libMpegTPDec/src/tpdec_lib.cpp | 39 |
4 files changed, 113 insertions, 25 deletions
diff --git a/libMpegTPDec/src/tpdec_adts.cpp b/libMpegTPDec/src/tpdec_adts.cpp index 1a4e3fd..f936634 100644 --- a/libMpegTPDec/src/tpdec_adts.cpp +++ b/libMpegTPDec/src/tpdec_adts.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2020 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -213,8 +213,8 @@ TRANSPORTDEC_ERROR adtsRead_DecodeHeader(HANDLE_ADTS pAdts, goto bail; } + FDKcrcReset(&pAdts->crcInfo); if (!bs.protection_absent) { - FDKcrcReset(&pAdts->crcInfo); FDKpushBack(hBs, 56); /* complete fixed and variable header! */ crcReg = FDKcrcStartReg(&pAdts->crcInfo, hBs, 0); FDKpushFor(hBs, 56); @@ -314,15 +314,55 @@ TRANSPORTDEC_ERROR adtsRead_DecodeHeader(HANDLE_ADTS pAdts, if (bs.channel_config == 0) { int pceBits = 0; UINT alignAnchor = FDKgetValidBits(hBs); + CProgramConfig tmpPce; if (FDKreadBits(hBs, 3) == ID_PCE) { /* Got luck! Parse the PCE */ crcReg = adtsRead_CrcStartReg(pAdts, hBs, 0); - CProgramConfig_Read(&pAsc->m_progrConfigElement, hBs, alignAnchor); + CProgramConfig_Init(&tmpPce); + CProgramConfig_Read(&tmpPce, hBs, alignAnchor); + + if (CProgramConfig_IsValid(&tmpPce)) { + if (CProgramConfig_IsValid(&oldPce)) { + /* Compare the new and the old PCE (tags ignored) */ + switch (CProgramConfig_Compare(&tmpPce, &oldPce)) { + case 0: /* Nothing to do because PCE matches the old one exactly. */ + case 1: /* Channel configuration not changed. Just new metadata. */ + FDKmemcpy(&pAsc->m_progrConfigElement, &tmpPce, + sizeof(CProgramConfig)); + break; + case 2: /* The number of channels are identical but not the config + */ + case -1: /* The channel configuration is completely different */ + default: + FDKmemcpy(&pAsc->m_progrConfigElement, &oldPce, + sizeof(CProgramConfig)); + FDKpushBack(hBs, adtsHeaderLength); + return TRANSPORTDEC_PARSE_ERROR; + } + } else { + FDKmemcpy(&pAsc->m_progrConfigElement, &tmpPce, + sizeof(CProgramConfig)); + } + } else { + if (CProgramConfig_IsValid(&oldPce)) { + FDKmemcpy(&pAsc->m_progrConfigElement, &oldPce, + sizeof(CProgramConfig)); + } else { + FDKpushBack(hBs, adtsHeaderLength); + return TRANSPORTDEC_PARSE_ERROR; + } + } adtsRead_CrcEndReg(pAdts, hBs, crcReg); - pceBits = alignAnchor - FDKgetValidBits(hBs); + pceBits = (INT)alignAnchor - (INT)FDKgetValidBits(hBs); + adtsHeaderLength += pceBits; + + if (pceBits > (INT)alignAnchor) { + goto bail; + } + /* store the number of PCE bits */ bs.num_pce_bits = pceBits; } else { diff --git a/libMpegTPDec/src/tpdec_asc.cpp b/libMpegTPDec/src/tpdec_asc.cpp index 28bc22d..82f840e 100644 --- a/libMpegTPDec/src/tpdec_asc.cpp +++ b/libMpegTPDec/src/tpdec_asc.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -1325,9 +1325,9 @@ static TRANSPORTDEC_ERROR EldSpecificConfig_Parse(CSAudioSpecificConfig *asc, CSTpCallBacks *cb) { TRANSPORTDEC_ERROR ErrorStatus = TRANSPORTDEC_OK; CSEldSpecificConfig *esc = &asc->m_sc.m_eldSpecificConfig; - ASC_ELD_EXT_TYPE eldExtType; + UINT eldExtType; int eldExtLen, len, cnt, ldSbrLen = 0, eldExtLenSum, numSbrHeader = 0, - sbrIndex; + sbrIndex, eldExtCnt = 0; unsigned char downscale_fill_nibble; @@ -1394,9 +1394,8 @@ static TRANSPORTDEC_ERROR EldSpecificConfig_Parse(CSAudioSpecificConfig *asc, eldExtLenSum = FDKgetValidBits(hBs); esc->m_downscaledSamplingFrequency = asc->m_samplingFrequency; /* parse ExtTypeConfigData */ - while ( - ((eldExtType = (ASC_ELD_EXT_TYPE)FDKreadBits(hBs, 4)) != ELDEXT_TERM) && - ((INT)FDKgetValidBits(hBs) >= 0)) { + while (((eldExtType = FDKreadBits(hBs, 4)) != ELDEXT_TERM) && + ((INT)FDKgetValidBits(hBs) >= 0) && (eldExtCnt++ < 15)) { eldExtLen = len = FDKreadBits(hBs, 4); if (len == 0xf) { len = FDKreadBits(hBs, 8); @@ -1440,7 +1439,8 @@ static TRANSPORTDEC_ERROR EldSpecificConfig_Parse(CSAudioSpecificConfig *asc, UCHAR tmpDownscaleFreqIdx; esc->m_downscaledSamplingFrequency = getSampleRate(hBs, &tmpDownscaleFreqIdx, 4); - if (esc->m_downscaledSamplingFrequency == 0) { + if (esc->m_downscaledSamplingFrequency == 0 || + esc->m_downscaledSamplingFrequency > 96000) { return TRANSPORTDEC_PARSE_ERROR; } downscale_fill_nibble = FDKreadBits(hBs, 4); @@ -1454,6 +1454,9 @@ static TRANSPORTDEC_ERROR EldSpecificConfig_Parse(CSAudioSpecificConfig *asc, break; } } + if (eldExtType != ELDEXT_TERM) { + return TRANSPORTDEC_PARSE_ERROR; + } if ((INT)FDKgetValidBits(hBs) < 0) { return TRANSPORTDEC_PARSE_ERROR; @@ -1948,6 +1951,9 @@ static TRANSPORTDEC_ERROR UsacConfig_Parse(CSAudioSpecificConfig *asc, INT nbits = (INT)FDKgetValidBits(hBs); usacSamplingFrequency = getSampleRate(hBs, &asc->m_samplingFrequencyIndex, 5); + if (usacSamplingFrequency == 0 || usacSamplingFrequency > 96000) { + return TRANSPORTDEC_PARSE_ERROR; + } asc->m_samplingFrequency = (UINT)usacSamplingFrequency; coreSbrFrameLengthIndex = FDKreadBits(hBs, 3); @@ -2027,7 +2033,8 @@ static TRANSPORTDEC_ERROR AudioSpecificConfig_ExtensionParse( self->m_extensionSamplingFrequency = getSampleRate( bs, &self->m_extensionSamplingFrequencyIndex, 4); - if ((INT)self->m_extensionSamplingFrequency <= 0) { + if (self->m_extensionSamplingFrequency == 0 || + self->m_extensionSamplingFrequency > 96000) { return TRANSPORTDEC_PARSE_ERROR; } } @@ -2139,6 +2146,24 @@ TRANSPORTDEC_ERROR AudioSpecificConfig_Parse( self->m_channelConfiguration = FDKreadBits(bs, 4); + /* MPEG-04 standard ISO/IEC 14496-3: channelConfiguration == 0 is reserved + in er_raw_data_block (table 4.19) and er_raw_data_block_eld (table 4.75) + MPEG-04 conformance ISO/IEC 14496-4: channelConfiguration == 0 is not + permitted for AOT_ER_AAC_LC, AOT_ER_AAC_LTP, AOT_ER_AAC_LD, + AOT_ER_AAC_SCAL (chapter 6.6.4.1.2.1.1) */ + if ((self->m_channelConfiguration == 0) && + ((self->m_aot == AOT_ER_AAC_LC) || (self->m_aot == AOT_ER_AAC_LTP) || + (self->m_aot == AOT_ER_AAC_LD) || (self->m_aot == AOT_ER_AAC_SCAL) || + (self->m_aot == AOT_ER_AAC_ELD))) { + return TRANSPORTDEC_UNSUPPORTED_FORMAT; + } + /* MPEG-04 conformance ISO/IEC 14496-4: channelConfiguration > 2 is not + * permitted for AOT_AAC_SCAL and AOT_ER_AAC_SCAL (chapter 6.6.4.1.2.1.1) */ + if ((self->m_channelConfiguration > 2) && + ((self->m_aot == AOT_AAC_SCAL) || (self->m_aot == AOT_ER_AAC_SCAL))) { + return TRANSPORTDEC_UNSUPPORTED_FORMAT; + } + /* SBR extension ( explicit non-backwards compatible mode ) */ self->m_sbrPresentFlag = 0; self->m_psPresentFlag = 0; @@ -2153,6 +2178,10 @@ TRANSPORTDEC_ERROR AudioSpecificConfig_Parse( self->m_extensionSamplingFrequency = getSampleRate(bs, &self->m_extensionSamplingFrequencyIndex, 4); + if (self->m_extensionSamplingFrequency == 0 || + self->m_extensionSamplingFrequency > 96000) { + return TRANSPORTDEC_PARSE_ERROR; + } self->m_aot = getAOT(bs); switch (self->m_aot) { diff --git a/libMpegTPDec/src/tpdec_latm.cpp b/libMpegTPDec/src/tpdec_latm.cpp index 2edf055..3b71db8 100644 --- a/libMpegTPDec/src/tpdec_latm.cpp +++ b/libMpegTPDec/src/tpdec_latm.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -367,10 +367,10 @@ TRANSPORTDEC_ERROR CLatmDemux_ReadStreamMuxConfig( } if (pLatmDemux->m_AudioMuxVersion == 1) { FDK_BITSTREAM tmpBs; - UINT ascLen = 0; + INT ascLen = 0; ascLen = CLatmDemux_GetValue(bs); /* The ascLen could be wrong, so check if validBits<=bufBits*/ - if (ascLen > FDKgetValidBits(bs)) { + if (ascLen < 0 || ascLen > (INT)FDKgetValidBits(bs)) { ErrorStatus = TRANSPORTDEC_PARSE_ERROR; goto bail; } diff --git a/libMpegTPDec/src/tpdec_lib.cpp b/libMpegTPDec/src/tpdec_lib.cpp index 506aed3..ca35184 100644 --- a/libMpegTPDec/src/tpdec_lib.cpp +++ b/libMpegTPDec/src/tpdec_lib.cpp @@ -1,7 +1,7 @@ /* ----------------------------------------------------------------------------- Software License for The Fraunhofer FDK AAC Codec Library for Android -© Copyright 1995 - 2018 Fraunhofer-Gesellschaft zur Förderung der angewandten +© Copyright 1995 - 2019 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. All rights reserved. 1. INTRODUCTION @@ -482,7 +482,8 @@ TRANSPORTDEC_ERROR transportDec_InBandConfig(HANDLE_TRANSPORTDEC hTp, for (int i = 0; i < 2; i++) { if (i > 0) { - FDKpushBack(hBs, newConfigLength * 8 - FDKgetValidBits(hBs)); + FDKpushBack(hBs, + (INT)newConfigLength * 8 - (INT)FDKgetValidBits(hBs)); configMode = AC_CM_ALLOC_MEM; } /* config transport decoder */ @@ -663,10 +664,14 @@ TRANSPORTDEC_ERROR transportDec_FillData(const HANDLE_TRANSPORTDEC hTp, if (*pBytesValid == 0) { /* nothing to do */ return TRANSPORTDEC_OK; - } - - if (hTp->numberOfRawDataBlocks <= 0) { + } else { + const int bytesValid = *pBytesValid; FDKfeedBuffer(hBs, pBuffer, bufferSize, pBytesValid); + + if (hTp->numberOfRawDataBlocks > 0) { + hTp->globalFramePos += (bytesValid - *pBytesValid) * 8; + hTp->accessUnitAnchor[layer] = FDKgetValidBits(hBs); + } } } @@ -924,6 +929,11 @@ static TRANSPORTDEC_ERROR transportDec_readHeader( } } } + /* if an error is detected terminate config parsing to avoid that an + * invalid config is accepted in the second pass */ + if (err != TRANSPORTDEC_OK) { + break; + } } } else { /* Reset CRC because the next bits are the beginning of a @@ -976,6 +986,9 @@ static TRANSPORTDEC_ERROR transportDec_readHeader( CLatmDemux_GetNrOfSubFrames(&hTp->parser.latm); if (hTp->transportFmt == TT_MP4_LOAS) { syncLayerFrameBits -= startPos - (INT)FDKgetValidBits(hBs) - (13); + if (syncLayerFrameBits <= 0) { + err = TRANSPORTDEC_SYNC_ERROR; + } } } } else { @@ -1151,6 +1164,11 @@ static TRANSPORTDEC_ERROR synchronization(HANDLE_TRANSPORTDEC hTp, &rawDataBlockLength, &fTraverseMoreFrames, &syncLayerFrameBits, &fConfigFound, &headerBits); + if (headerBits > bitsAvail) { + err = (headerBits < (INT)hBs->hBitBuf.bufBits) + ? TRANSPORTDEC_NOT_ENOUGH_BITS + : TRANSPORTDEC_SYNC_ERROR; + } if (TPDEC_IS_FATAL_ERROR(err)) { /* Rewind - TPDEC_SYNCSKIP, in order to look for a synch one bit ahead * next time. Ensure that the bit amount lands at a multiple of @@ -1181,8 +1199,6 @@ static TRANSPORTDEC_ERROR synchronization(HANDLE_TRANSPORTDEC hTp, } if (err == TRANSPORTDEC_NOT_ENOUGH_BITS) { - /* Enforce reading of new data */ - hTp->numberOfRawDataBlocks = 0; break; } @@ -1263,8 +1279,9 @@ static TRANSPORTDEC_ERROR synchronization(HANDLE_TRANSPORTDEC hTp, if (!(hTp->flags & (TPDEC_LOST_FRAMES_PENDING | TPDEC_IGNORE_BUFFERFULLNESS | TPDEC_SYNCOK)) && err == TRANSPORTDEC_OK) { - err = additionalHoldOffNeeded(hTp, transportDec_GetBufferFullness(hTp), - FDKgetValidBits(hBs) - syncLayerFrameBits); + err = + additionalHoldOffNeeded(hTp, transportDec_GetBufferFullness(hTp), + (INT)FDKgetValidBits(hBs) - syncLayerFrameBits); if (err == TRANSPORTDEC_NOT_ENOUGH_BITS) { hTp->holdOffFrames++; } @@ -1273,7 +1290,9 @@ static TRANSPORTDEC_ERROR synchronization(HANDLE_TRANSPORTDEC hTp, /* Rewind for retry because of not enough bits */ if (err == TRANSPORTDEC_NOT_ENOUGH_BITS) { FDKpushBack(hBs, headerBits); + hTp->numberOfRawDataBlocks = numRawDataBlocksPrevious; headerBits = 0; + rawDataBlockLength = rawDataBlockLengthPrevious; } else { /* reset hold off frame counter */ hTp->holdOffFrames = 0; @@ -1460,7 +1479,7 @@ TRANSPORTDEC_ERROR transportDec_ReadAccessUnit(const HANDLE_TRANSPORTDEC hTp, for (i = 0; i < 2; i++) { if (i > 0) { - FDKpushBack(hBs, bsStart - FDKgetValidBits(hBs)); + FDKpushBack(hBs, bsStart - (INT)FDKgetValidBits(hBs)); configMode = AC_CM_ALLOC_MEM; } |