Author: spyfeng Date: Tue Jul 27 16:46:26 2010 New Revision: 5867 Log: synchronize with ffmpeg/trunk because Ronald has modified it.
Modified: mms/mmst.c Modified: mms/mmst.c ============================================================================== --- mms/mmst.c Tue Jul 20 17:30:36 2010 (r5866) +++ mms/mmst.c Tue Jul 27 16:46:26 2010 (r5867) @@ -21,10 +21,10 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -/*References +/* References * MMS protocol specification: * [1]http://msdn.microsoft.com/en-us/library/cc234711(PROT.10).aspx - *asf specification. Revision 01.20.03. + * ASF specification. Revision 01.20.03. * [2]http://msdn.microsoft.com/en-us/library/bb643323.aspx */ @@ -170,8 +170,11 @@ static int send_command_packet(MMSContex // write it out. write_result= url_write(mms->mms_hd, mms->out_buffer, exact_length); if(write_result != exact_length) { - dprintf(NULL, "url_write returned: %d != %d\n", - write_result, exact_length); + av_log(NULL, AV_LOG_ERROR, + "Failed to write data of length %d: %d (%s)\n", + exact_length, write_result, + write_result < 0 ? strerror(write_result) : + "The server closed the connection"); return AVERROR_IO; } @@ -264,117 +267,132 @@ static MMSSCPacketType get_tcp_server_re MMSSCPacketType packet_type= -1; for(;;) { - if((read_result= url_read_complete(mms->mms_hd, mms->in_buffer, 8))==8) { - // handle command packet. - if(AV_RL32(mms->in_buffer + 4)==0xb00bface) { - mms->incoming_flags= mms->in_buffer[3]; - read_result= url_read_complete(mms->mms_hd, mms->in_buffer+8, 4); - if(read_result == 4) { - int length_remaining= AV_RL32(mms->in_buffer+8) + 4; - int hr; - - dprintf(NULL, "Length remaining is %d\n", length_remaining); - // read the rest of the packet. - if (length_remaining < 0 - || length_remaining > sizeof(mms->in_buffer) - 12) { - dprintf(NULL, "Incoming message len %d exceeds buffer len %d\n", - length_remaining, sizeof(mms->in_buffer) - 12); - return -1; - } - read_result = url_read_complete(mms->mms_hd, mms->in_buffer + 12, - length_remaining) ; - if (read_result == length_remaining) { - packet_type= AV_RL16(mms->in_buffer+36); - } else { - dprintf(NULL, "read for packet type failed%d!\n", read_result); - return -1; - } - hr = AV_RL32(mms->in_buffer + 40); - if (hr) { - dprintf(NULL, "The server side send back error code:0x%x\n", hr); - return -1; - } - } else { - dprintf(NULL, "read for length remaining failed%d!\n", read_result); - return -1; - } + read_result = url_read_complete(mms->mms_hd, mms->in_buffer, 8); + if (read_result != 8) { + if(read_result < 0) { + av_log(NULL, AV_LOG_ERROR, + "Error reading packet header: %d (%s)\n", + read_result, strerror(read_result)); + packet_type = SC_PKT_CANCEL; } else { - int length_remaining; - int packet_id_type; - int tmp; + av_log(NULL, AV_LOG_ERROR, + "The server closed the connection\n"); + packet_type = SC_PKT_NO_DATA; + } + return packet_type; + } - // note we cache the first 8 bytes, - // then fill up the buffer with the others - tmp = AV_RL16(mms->in_buffer + 6); - length_remaining = (tmp - 8) & 0xffff; - mms->incoming_packet_seq = AV_RL32(mms->in_buffer); - packet_id_type = mms->in_buffer[4]; - mms->incoming_flags = mms->in_buffer[5]; + // handle command packet. + if(AV_RL32(mms->in_buffer + 4)==0xb00bface) { + int length_remaining, hr; - if (length_remaining < 0 - || length_remaining > sizeof(mms->in_buffer) - 8) { - dprintf(NULL, "Incoming data len %d exceeds buffer len %d\n", - length_remaining, sizeof(mms->in_buffer)); - return -1; - } - mms->remaining_in_len = length_remaining; - mms->read_in_ptr = mms->in_buffer; - read_result= url_read_complete(mms->mms_hd, mms->in_buffer, length_remaining); - if(read_result != length_remaining) { - dprintf(NULL, "read_bytes result: %d asking for %d\n", - read_result, length_remaining); - return -1; - } else { - // if we successfully read everything. - if(packet_id_type == mms->header_packet_id) { - packet_type = SC_PKT_ASF_HEADER; - // Store the asf header - if(!mms->header_parsed) { - void *p = av_realloc(mms->asf_header, - mms->asf_header_size - + mms->remaining_in_len); - if (!p) { - av_freep(&mms->asf_header); - return AVERROR(ENOMEM); - } - mms->asf_header = p; - memcpy(mms->asf_header + mms->asf_header_size, - mms->read_in_ptr, - mms->remaining_in_len); - mms->asf_header_size += mms->remaining_in_len; - } - // 0x04 means asf header is sent in multiple packets. - if (mms->incoming_flags == 0x04) - continue; - } else if(packet_id_type == mms->packet_id) { - packet_type = SC_PKT_ASF_MEDIA; - } else { - dprintf(NULL, "packet id type %d is old.", packet_id_type); - continue; - } - } + mms->incoming_flags= mms->in_buffer[3]; + read_result= url_read_complete(mms->mms_hd, mms->in_buffer+8, 4); + if(read_result != 4) { + av_log(NULL, AV_LOG_ERROR, + "Reading command packet length failed: %d (%s)\n", + read_result, + read_result < 0 ? strerror(read_result) : + "The server closed the connection"); + return read_result < 0 ? read_result : AVERROR_IO; } - // preprocess some packet type - if(packet_type == SC_PKT_KEEPALIVE) { - send_keepalive_packet(mms); - continue; - } else if(packet_type == SC_PKT_STREAM_CHANGING) { - handle_packet_stream_changing_type(mms); - } else if(packet_type == SC_PKT_ASF_MEDIA) { - pad_media_packet(mms); + length_remaining= AV_RL32(mms->in_buffer+8) + 4; + dprintf(NULL, "Length remaining is %d\n", length_remaining); + // read the rest of the packet. + if (length_remaining < 0 + || length_remaining > sizeof(mms->in_buffer) - 12) { + av_log(NULL, AV_LOG_ERROR, + "Incoming packet length %d exceeds bufsize %zu\n", + length_remaining, sizeof(mms->in_buffer) - 12); + return AVERROR_INVALIDDATA; + } + read_result = url_read_complete(mms->mms_hd, mms->in_buffer + 12, + length_remaining) ; + if (read_result != length_remaining) { + av_log(NULL, AV_LOG_ERROR, + "Reading pkt data (length=%d) failed: %d (%s)\n", + length_remaining, read_result, + read_result < 0 ? strerror(read_result) : + "The server closed the connection"); + return read_result < 0 ? read_result : AVERROR_IO; + } + packet_type= AV_RL16(mms->in_buffer+36); + hr = AV_RL32(mms->in_buffer + 40); + if (hr) { + av_log(NULL, AV_LOG_ERROR, + "Server sent an error status code: 0x%08x\n", hr); + return AVERROR_UNKNOWN; } - return packet_type; } else { - if(read_result<0) { - dprintf(NULL, "Read error (or cancelled) returned %d!\n", read_result); - packet_type = SC_PKT_CANCEL; + int length_remaining; + int packet_id_type; + int tmp; + + // note we cache the first 8 bytes, + // then fill up the buffer with the others + tmp = AV_RL16(mms->in_buffer + 6); + length_remaining = (tmp - 8) & 0xffff; + mms->incoming_packet_seq = AV_RL32(mms->in_buffer); + packet_id_type = mms->in_buffer[4]; + mms->incoming_flags = mms->in_buffer[5]; + + if (length_remaining < 0 + || length_remaining > sizeof(mms->in_buffer) - 8) { + av_log(NULL, AV_LOG_ERROR, + "Data length %d is invalid or too large (max=%zu)\n", + length_remaining, sizeof(mms->in_buffer)); + return AVERROR_INVALIDDATA; + } + mms->remaining_in_len = length_remaining; + mms->read_in_ptr = mms->in_buffer; + read_result= url_read_complete(mms->mms_hd, mms->in_buffer, length_remaining); + if(read_result != length_remaining) { + av_log(NULL, AV_LOG_ERROR, + "Failed to read packet data of size %d: %d (%s)\n", + length_remaining, read_result, + read_result < 0 ? strerror(read_result) : + "The server closed the connection"); + return read_result < 0 ? read_result : AVERROR_IO; + } + + // if we successfully read everything. + if(packet_id_type == mms->header_packet_id) { + packet_type = SC_PKT_ASF_HEADER; + // Store the asf header + if(!mms->header_parsed) { + void *p = av_realloc(mms->asf_header, + mms->asf_header_size + mms->remaining_in_len); + if (!p) { + av_freep(&mms->asf_header); + return AVERROR(ENOMEM); + } + mms->asf_header = p; + memcpy(mms->asf_header + mms->asf_header_size, + mms->read_in_ptr, mms->remaining_in_len); + mms->asf_header_size += mms->remaining_in_len; + } + // 0x04 means asf header is sent in multiple packets. + if (mms->incoming_flags == 0x04) + continue; + } else if(packet_id_type == mms->packet_id) { + packet_type = SC_PKT_ASF_MEDIA; } else { - dprintf(NULL, "Read result of zero?!\n"); - packet_type = SC_PKT_NO_DATA; + dprintf(NULL, "packet id type %d is old.", packet_id_type); + continue; } - return packet_type; } + + // preprocess some packet type + if(packet_type == SC_PKT_KEEPALIVE) { + send_keepalive_packet(mms); + continue; + } else if(packet_type == SC_PKT_STREAM_CHANGING) { + handle_packet_stream_changing_type(mms); + } else if(packet_type == SC_PKT_ASF_MEDIA) { + pad_media_packet(mms); + } + return packet_type; } } @@ -392,8 +410,10 @@ static int mms_safe_send_recv(MMSContext } if ((type = get_tcp_server_response(mms)) != expect_type) { - dprintf(NULL,"Unexpected packet type %d with type %d\n", type, expect_type); - return -1; + av_log(NULL, AV_LOG_ERROR, + "Corrupt stream (unexpected packet type 0x%x, expected 0x%x)\n", + type, expect_type); + return AVERROR_INVALIDDATA; } else { return 0; } @@ -446,8 +466,12 @@ static int asf_header_parser(MMSContext mms->stream_num = 0; if (mms->asf_header_size < sizeof(ff_asf_guid) * 2 + 22 || - memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) - return -1; + memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) { + av_log(NULL, AV_LOG_ERROR, + "Corrupt stream (invalid ASF header, size=%d)\n", + mms->asf_header_size); + return AVERROR_INVALIDDATA; + } end = mms->asf_header + mms->asf_header_size; @@ -455,17 +479,20 @@ static int asf_header_parser(MMSContext while(end - p >= sizeof(ff_asf_guid) + 8) { uint64_t chunksize = AV_RL64(p + sizeof(ff_asf_guid)); if (!chunksize || chunksize > end - p) { - dprintf(NULL, "chunksize is exceptional value:%"PRId64"!\n", chunksize); - return -1; + av_log(NULL, AV_LOG_ERROR, + "Corrupt stream (header chunksize %"PRId64" is invalid)\n", + chunksize); + return AVERROR_INVALIDDATA; } if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) { /* read packet size */ if (end - p > sizeof(ff_asf_guid) * 2 + 68) { mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64); if (mms->asf_packet_len <= 0 || mms->asf_packet_len > sizeof(mms->in_buffer)) { - dprintf(NULL,"Too large packet len:%d" - " may overwrite in_buffer when padding", mms->asf_packet_len); - return -1; + av_log(NULL, AV_LOG_ERROR, + "Corrupt stream (too large pkt_len %d)\n", + mms->asf_packet_len); + return AVERROR_INVALIDDATA; } } } else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) { @@ -479,8 +506,9 @@ static int asf_header_parser(MMSContext mms->streams[mms->stream_num].id = stream_id; mms->stream_num++; } else { - dprintf(NULL, "Too many streams.\n"); - return -1; + av_log(NULL, AV_LOG_ERROR, + "Corrupt stream (too many A/V streams)\n"); + return AVERROR_INVALIDDATA; } } else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) { chunksize = 46; // see references [2] section 3.4. This should be set 46. @@ -546,9 +574,9 @@ static int read_mms_packet(MMSContext *m int err = mms_safe_send_recv(mms, NULL, SC_PKT_ASF_MEDIA); if (err == 0) { if(mms->remaining_in_len>mms->asf_packet_len) { - dprintf(NULL, "Incoming packet" - "larger than the asf packet size stated (%d>%d)\n", - mms->remaining_in_len, mms->asf_packet_len); + av_log(NULL, AV_LOG_ERROR, + "Incoming pktlen %d is larger than ASF pktsize %d\n", + mms->remaining_in_len, mms->asf_packet_len); result= AVERROR_IO; } else { // copy the data to the packet buffer. _______________________________________________ FFmpeg-soc mailing list [email protected] https://lists.mplayerhq.hu/mailman/listinfo/ffmpeg-soc
