avio: move ff_rewind_with_probe_data from avio.h to avio_internal.h
[ffmpeg.git] / libavcodec / h264_mp4toannexb_bsf.c
index af79fee..e7f2e7a 100644 (file)
@@ -1,4 +1,5 @@
 /*
+ * H.264 MP4 to Annex B byte stream format filter
  * Copyright (c) 2007 Benoit Fouet <benoit.fouet@free.fr>
  *
  * This file is part of FFmpeg.
 typedef struct H264BSFContext {
     uint8_t  length_size;
     uint8_t  first_idr;
-    uint8_t *sps_pps_data;
-    uint32_t size;
+    int      extradata_parsed;
 } H264BSFContext;
 
-static void alloc_and_copy(uint8_t **poutbuf,          int *poutbuf_size,
-                           const uint8_t *sps_pps, uint32_t sps_pps_size,
-                           const uint8_t *in,      uint32_t in_size) {
+static int alloc_and_copy(uint8_t **poutbuf,          int *poutbuf_size,
+                          const uint8_t *sps_pps, uint32_t sps_pps_size,
+                          const uint8_t *in,      uint32_t in_size) {
     uint32_t offset = *poutbuf_size;
     uint8_t nal_header_size = offset ? 3 : 4;
+    void *tmp;
 
     *poutbuf_size += sps_pps_size+in_size+nal_header_size;
-    *poutbuf = av_realloc(*poutbuf, *poutbuf_size);
+    tmp = av_realloc(*poutbuf, *poutbuf_size);
+    if (!tmp)
+        return AVERROR(ENOMEM);
+    *poutbuf = tmp;
     if (sps_pps)
         memcpy(*poutbuf+offset, sps_pps, sps_pps_size);
     memcpy(*poutbuf+sps_pps_size+nal_header_size+offset, in, in_size);
-    if (!offset)
+    if (!offset) {
         AV_WB32(*poutbuf+sps_pps_size, 1);
-    else {
+    else {
         (*poutbuf+offset+sps_pps_size)[0] = (*poutbuf+offset+sps_pps_size)[1] = 0;
         (*poutbuf+offset+sps_pps_size)[2] = 1;
     }
+
+    return 0;
 }
 
 static int h264_mp4toannexb_filter(AVBitStreamFilterContext *bsfc,
@@ -54,7 +60,9 @@ static int h264_mp4toannexb_filter(AVBitStreamFilterContext *bsfc,
                                    int keyframe) {
     H264BSFContext *ctx = bsfc->priv_data;
     uint8_t unit_type;
-    uint32_t nal_size, cumul_size = 0;
+    int32_t nal_size;
+    uint32_t cumul_size = 0;
+    const uint8_t *buf_end = buf + buf_size;
 
     /* nothing to filter */
     if (!avctx->extradata || avctx->extradata_size < 6) {
@@ -64,10 +72,10 @@ static int h264_mp4toannexb_filter(AVBitStreamFilterContext *bsfc,
     }
 
     /* retrieve sps and pps NAL units from extradata */
-    if (!ctx->sps_pps_data) {
+    if (!ctx->extradata_parsed) {
         uint16_t unit_size;
-        uint32_t total_size = 0;
-        uint8_t *out = NULL, unit_nb, sps_done = 0;
+        uint64_t total_size = 0;
+        uint8_t *out = NULL, unit_nb, sps_done = 0, sps_seen = 0, pps_seen = 0;
         const uint8_t *extradata = avctx->extradata+4;
         static const uint8_t nalu_header[4] = {0, 0, 0, 1};
 
@@ -81,17 +89,31 @@ static int h264_mp4toannexb_filter(AVBitStreamFilterContext *bsfc,
         if (!unit_nb) {
             unit_nb = *extradata++; /* number of pps unit(s) */
             sps_done++;
+
+            if (unit_nb)
+                pps_seen = 1;
         }
+        else
+        {
+            sps_seen = 1;
+        }
+
         while (unit_nb--) {
+            void *tmp;
+
             unit_size = AV_RB16(extradata);
             total_size += unit_size+4;
-            if (extradata+2+unit_size > avctx->extradata+avctx->extradata_size) {
+            if (total_size > INT_MAX - FF_INPUT_BUFFER_PADDING_SIZE ||
+                extradata+2+unit_size > avctx->extradata+avctx->extradata_size) {
                 av_free(out);
                 return AVERROR(EINVAL);
             }
-            out = av_realloc(out, total_size);
-            if (!out)
+            tmp = av_realloc(out, total_size + FF_INPUT_BUFFER_PADDING_SIZE);
+            if (!tmp) {
+                av_free(out);
                 return AVERROR(ENOMEM);
+            }
+            out = tmp;
             memcpy(out+total_size-unit_size-4, nalu_header, 4);
             memcpy(out+total_size-unit_size,   extradata+2, unit_size);
             extradata += 2+unit_size;
@@ -100,35 +122,52 @@ static int h264_mp4toannexb_filter(AVBitStreamFilterContext *bsfc,
                 unit_nb = *extradata++; /* number of pps unit(s) */
         }
 
-        ctx->sps_pps_data = out;
-        ctx->size = total_size;
-        ctx->first_idr = 1;
+        if(out)
+            memset(out + total_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
+
+        if (!sps_seen)
+            av_log(avctx, AV_LOG_WARNING, "Warning: SPS NALU missing or invalid. The resulting stream may not play.\n");
+        if (!pps_seen)
+            av_log(avctx, AV_LOG_WARNING, "Warning: PPS NALU missing or invalid. The resulting stream may not play.\n");
+
+        av_free(avctx->extradata);
+        avctx->extradata      = out;
+        avctx->extradata_size = total_size;
+        ctx->first_idr        = 1;
+        ctx->extradata_parsed = 1;
     }
 
     *poutbuf_size = 0;
     *poutbuf = NULL;
     do {
-        if (ctx->length_size == 1)
+        if (buf + ctx->length_size > buf_end)
+            goto fail;
+
+        if (ctx->length_size == 1) {
             nal_size = buf[0];
-        else if (ctx->length_size == 2)
+        } else if (ctx->length_size == 2) {
             nal_size = AV_RB16(buf);
-        else
+        else
             nal_size = AV_RB32(buf);
 
         buf += ctx->length_size;
         unit_type = *buf & 0x1f;
 
+        if (buf + nal_size > buf_end || nal_size < 0)
+            goto fail;
+
         /* prepend only to the first type 5 NAL unit of an IDR picture */
         if (ctx->first_idr && unit_type == 5) {
-            alloc_and_copy(poutbuf, poutbuf_size,
-                           ctx->sps_pps_data, ctx->size,
-                           buf, nal_size);
+            if (alloc_and_copy(poutbuf, poutbuf_size,
+                               avctx->extradata, avctx->extradata_size,
+                               buf, nal_size) < 0)
+                goto fail;
             ctx->first_idr = 0;
-        }
-        else {
-            alloc_and_copy(poutbuf, poutbuf_size,
-                           NULL, 0,
-                           buf, nal_size);
+        } else {
+            if (alloc_and_copy(poutbuf, poutbuf_size,
+                               NULL, 0,
+                               buf, nal_size) < 0)
+                goto fail;
             if (!ctx->first_idr && unit_type == 1)
                 ctx->first_idr = 1;
         }
@@ -138,18 +177,16 @@ static int h264_mp4toannexb_filter(AVBitStreamFilterContext *bsfc,
     } while (cumul_size < buf_size);
 
     return 1;
-}
 
-static void h264_mp4toannexb_close(AVBitStreamFilterContext *bsfc)
-{
-    H264BSFContext *ctx = bsfc->priv_data;
-    av_freep(&ctx->sps_pps_data);
+fail:
+    av_freep(poutbuf);
+    *poutbuf_size = 0;
+    return AVERROR(EINVAL);
 }
 
-AVBitStreamFilter h264_mp4toannexb_bsf = {
+AVBitStreamFilter ff_h264_mp4toannexb_bsf = {
     "h264_mp4toannexb",
     sizeof(H264BSFContext),
     h264_mp4toannexb_filter,
-    h264_mp4toannexb_close,
 };