mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-01-08 13:22:53 +02:00
cf21323dd4
Fixes: Timeout
Fixes: 10966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADU_fuzzer-5348695024336896
Fixes: 10969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5691669402877952
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit df91af140c
)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
137 lines
4.6 KiB
C
137 lines
4.6 KiB
C
/*
|
|
* MPEG Audio parser
|
|
* Copyright (c) 2003 Fabrice Bellard
|
|
* Copyright (c) 2003 Michael Niedermayer
|
|
*
|
|
* This file is part of FFmpeg.
|
|
*
|
|
* FFmpeg is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* FFmpeg is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with FFmpeg; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
#include "parser.h"
|
|
#include "mpegaudiodecheader.h"
|
|
#include "libavutil/common.h"
|
|
#include "libavformat/id3v1.h" // for ID3v1_TAG_SIZE
|
|
|
|
typedef struct MpegAudioParseContext {
|
|
ParseContext pc;
|
|
int frame_size;
|
|
uint32_t header;
|
|
int header_count;
|
|
int no_bitrate;
|
|
} MpegAudioParseContext;
|
|
|
|
#define MPA_HEADER_SIZE 4
|
|
|
|
/* header + layer + bitrate + freq + lsf/mpeg25 */
|
|
#define SAME_HEADER_MASK \
|
|
(0xffe00000 | (3 << 17) | (3 << 10) | (3 << 19))
|
|
|
|
static int mpegaudio_parse(AVCodecParserContext *s1,
|
|
AVCodecContext *avctx,
|
|
const uint8_t **poutbuf, int *poutbuf_size,
|
|
const uint8_t *buf, int buf_size)
|
|
{
|
|
MpegAudioParseContext *s = s1->priv_data;
|
|
ParseContext *pc = &s->pc;
|
|
uint32_t state= pc->state;
|
|
int i;
|
|
int next= END_NOT_FOUND;
|
|
int flush = !buf_size;
|
|
|
|
for(i=0; i<buf_size; ){
|
|
if(s->frame_size){
|
|
int inc= FFMIN(buf_size - i, s->frame_size);
|
|
i += inc;
|
|
s->frame_size -= inc;
|
|
state = 0;
|
|
|
|
if(!s->frame_size){
|
|
next= i;
|
|
break;
|
|
}
|
|
}else{
|
|
while(i<buf_size){
|
|
int ret, sr, channels, bit_rate, frame_size;
|
|
enum AVCodecID codec_id = avctx->codec_id;
|
|
|
|
state= (state<<8) + buf[i++];
|
|
|
|
ret = avpriv_mpa_decode_header2(state, &sr, &channels, &frame_size, &bit_rate, &codec_id);
|
|
if (ret < 4) {
|
|
if (i > 4)
|
|
s->header_count = -2;
|
|
} else {
|
|
int header_threshold = avctx->codec_id != AV_CODEC_ID_NONE && avctx->codec_id != codec_id;
|
|
if((state&SAME_HEADER_MASK) != (s->header&SAME_HEADER_MASK) && s->header)
|
|
s->header_count= -3;
|
|
s->header= state;
|
|
s->header_count++;
|
|
s->frame_size = ret-4;
|
|
|
|
if (s->header_count > header_threshold) {
|
|
avctx->sample_rate= sr;
|
|
avctx->channels = channels;
|
|
s1->duration = frame_size;
|
|
avctx->codec_id = codec_id;
|
|
if (s->no_bitrate || !avctx->bit_rate) {
|
|
s->no_bitrate = 1;
|
|
avctx->bit_rate += (bit_rate - avctx->bit_rate) / (s->header_count - header_threshold);
|
|
}
|
|
}
|
|
|
|
if (s1->flags & PARSER_FLAG_COMPLETE_FRAMES) {
|
|
s->frame_size = 0;
|
|
next = buf_size;
|
|
} else if (codec_id == AV_CODEC_ID_MP3ADU) {
|
|
avpriv_report_missing_feature(avctx,
|
|
"MP3ADU full parser");
|
|
*poutbuf = NULL;
|
|
*poutbuf_size = 0;
|
|
return buf_size; /* parsers must not return error codes */
|
|
}
|
|
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
pc->state= state;
|
|
if (ff_combine_frame(pc, next, &buf, &buf_size) < 0) {
|
|
*poutbuf = NULL;
|
|
*poutbuf_size = 0;
|
|
return buf_size;
|
|
}
|
|
|
|
if (flush && buf_size >= ID3v1_TAG_SIZE && memcmp(buf, "TAG", 3) == 0) {
|
|
*poutbuf = NULL;
|
|
*poutbuf_size = 0;
|
|
return next;
|
|
}
|
|
|
|
*poutbuf = buf;
|
|
*poutbuf_size = buf_size;
|
|
return next;
|
|
}
|
|
|
|
|
|
AVCodecParser ff_mpegaudio_parser = {
|
|
.codec_ids = { AV_CODEC_ID_MP1, AV_CODEC_ID_MP2, AV_CODEC_ID_MP3, AV_CODEC_ID_MP3ADU },
|
|
.priv_data_size = sizeof(MpegAudioParseContext),
|
|
.parser_parse = mpegaudio_parse,
|
|
.parser_close = ff_parse_close,
|
|
};
|