Rename struct rtp_payload to rtp_sbc_payload as it is specific for SBC
codec payload.
Add proper checks for endianity in rtp.h header and use uint8_t type
where appropriated.
Field frame_count is only 4 bit number, so add checks to prevent overflow.
And because is_fragmented field is not parsed by decoder there is no
support for decoding fragmented SBC frames. So throw an error in this case.
---
src/modules/bluetooth/a2dp-codec-sbc.c | 35 ++--
src/modules/bluetooth/rtp.h| 58 +++---
2 files changed, 58 insertions(+), 35 deletions(-)
diff --git a/src/modules/bluetooth/a2dp-codec-sbc.c
b/src/modules/bluetooth/a2dp-codec-sbc.c
index f57c7b01a..89c647fbe 100644
--- a/src/modules/bluetooth/a2dp-codec-sbc.c
+++ b/src/modules/bluetooth/a2dp-codec-sbc.c
@@ -485,9 +485,13 @@ static int reset(void *codec_info) {
static size_t get_block_size(void *codec_info, size_t link_mtu) {
struct sbc_info *sbc_info = (struct sbc_info *) codec_info;
-size_t rtp_size = sizeof(struct rtp_header) + sizeof(struct rtp_payload);
+size_t rtp_size = sizeof(struct rtp_header) + sizeof(struct
rtp_sbc_payload);
size_t frame_count = (link_mtu - rtp_size) / sbc_info->frame_length;
+/* frame_count is only 4 bit number */
+if (frame_count > 15)
+frame_count = 15;
+
return frame_count * sbc_info->codesize;
}
@@ -514,14 +518,14 @@ static size_t reduce_encoder_bitrate(void *codec_info,
size_t write_link_mtu) {
static size_t encode_buffer(void *codec_info, uint32_t timestamp, const
uint8_t *input_buffer, size_t input_size, uint8_t *output_buffer, size_t
output_size, size_t *processed) {
struct sbc_info *sbc_info = (struct sbc_info *) codec_info;
struct rtp_header *header;
-struct rtp_payload *payload;
+struct rtp_sbc_payload *payload;
uint8_t *d;
const uint8_t *p;
size_t to_write, to_encode;
-unsigned frame_count;
+uint8_t frame_count;
header = (struct rtp_header*) output_buffer;
-payload = (struct rtp_payload*) (output_buffer + sizeof(*header));
+payload = (struct rtp_sbc_payload*) (output_buffer + sizeof(*header));
frame_count = 0;
@@ -531,7 +535,8 @@ static size_t encode_buffer(void *codec_info, uint32_t
timestamp, const uint8_t
d = output_buffer + sizeof(*header) + sizeof(*payload);
to_write = output_size - sizeof(*header) - sizeof(*payload);
-while (PA_LIKELY(to_encode > 0 && to_write > 0)) {
+/* frame_count is only 4 bit number */
+while (PA_LIKELY(to_encode > 0 && to_write > 0 && frame_count < 15)) {
ssize_t written;
ssize_t encoded;
@@ -575,7 +580,7 @@ static size_t encode_buffer(void *codec_info, uint32_t
timestamp, const uint8_t
}
/* write it to the fifo */
-memset(output_buffer, 0, sizeof(*header) + sizeof(*payload));
+pa_memzero(output_buffer, sizeof(*header) + sizeof(*payload));
header->v = 2;
/* A2DP spec: "A payload type in the RTP dynamic range shall be chosen".
@@ -596,13 +601,23 @@ static size_t decode_buffer(void *codec_info, const
uint8_t *input_buffer, size_
struct sbc_info *sbc_info = (struct sbc_info *) codec_info;
struct rtp_header *header;
-struct rtp_payload *payload;
+struct rtp_sbc_payload *payload;
const uint8_t *p;
uint8_t *d;
size_t to_write, to_decode;
+uint8_t frame_count;
header = (struct rtp_header *) input_buffer;
-payload = (struct rtp_payload*) (input_buffer + sizeof(*header));
+payload = (struct rtp_sbc_payload*) (input_buffer + sizeof(*header));
+
+frame_count = payload->frame_count;
+
+/* TODO: Add support for decoding fragmented SBC frames */
+if (payload->is_fragmented) {
+pa_log_error("Unsupported fragmented SBC frame");
+*processed = 0;
+return 0;
+}
p = input_buffer + sizeof(*header) + sizeof(*payload);
to_decode = input_size - sizeof(*header) - sizeof(*payload);
@@ -610,7 +625,7 @@ static size_t decode_buffer(void *codec_info, const uint8_t
*input_buffer, size_
d = output_buffer;
to_write = output_size;
-while (PA_LIKELY(to_decode > 0 && to_write > 0)) {
+while (PA_LIKELY(to_decode > 0 && to_write > 0 && frame_count > 0)) {
size_t written;
ssize_t decoded;
@@ -638,6 +653,8 @@ static size_t decode_buffer(void *codec_info, const uint8_t
*input_buffer, size_
d += written;
to_write -= written;
+
+frame_count--;
}
*processed = p - input_buffer;
diff --git a/src/modules/bluetooth/rtp.h b/src/modules/bluetooth/rtp.h
index 20694c1e1..813d9e390 100644
--- a/src/modules/bluetooth/rtp.h
+++ b/src/modules/bluetooth/rtp.h
@@ -3,6 +3,7 @@
* BlueZ - Bluetooth protocol stack for Linux
*
* Copyright (C) 2004-2010 Marcel Holtmann
+ * Copyright (C) 2019 Pali Rohár
*
*
* This library is free software; you can redistribute it and/or
@@ -19,16 +20,20 @@
* Li