From patchwork Wed Jul  8 12:54:54 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Zane van Iperen <zane@zanevaniperen.com>
X-Patchwork-Id: 20875
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 5776B44BC45
	for <patchwork@ffaux-bg.ffmpeg.org>; Wed,  8 Jul 2020 15:55:08 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3AF5468ACB2;
	Wed,  8 Jul 2020 15:55:08 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-40134.protonmail.ch (mail-40134.protonmail.ch
 [185.70.40.134])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6BC88689C71
 for <ffmpeg-devel@ffmpeg.org>; Wed,  8 Jul 2020 15:55:01 +0300 (EEST)
Date: Wed, 08 Jul 2020 12:54:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zanevaniperen.com;
 s=protonmail; t=1594212900;
 bh=SsrlklTFl2Wk4PI01nSsQOQku1J/BBNx3EgsWCGoycc=;
 h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
 b=poOi4kMPPoZ+K3SyXkBL0KuUvlUBMd2HQa15x+OW6uX+UT05luQS0rh/tyI28NpQi
 DqwtLo6YJg5Tz14oQ0zCm6qYuh4Eb9tEiy3DYRO4ktBgu+4j8alXVb5JIILh/kgdDp
 Y8W0/V/z0JIkkEMRD2OKOC/Vj9NdaBH/eSZRwOsw=
To: ffmpeg-devel@ffmpeg.org
From: Zane van Iperen <zane@zanevaniperen.com>
Message-ID: <20200708125433.238118-2-zane@zanevaniperen.com>
In-Reply-To: <20200708125433.238118-1-zane@zanevaniperen.com>
References: <20200708125433.238118-1-zane@zanevaniperen.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-1.2 required=7.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mail.protonmail.ch
Subject: [FFmpeg-devel] [PATCH v6 1/7] avformat/apm: read header correctly
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Zane van Iperen <zane@zanevaniperen.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

The leading WAVEFORMATEX in .APM files is malformed:
* The nAvgBytesPerSec field is wrong, and
* sizeof(cbSize) is 4 instead of 2.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
---
 libavformat/Makefile |  2 +-
 libavformat/apm.c    | 50 ++++++++++++++++++++++++++++----------------
 2 files changed, 33 insertions(+), 19 deletions(-)

diff --git a/libavformat/Makefile b/libavformat/Makefile
index 26af859a28..a4113fe644 100644
--- a/libavformat/Makefile
+++ b/libavformat/Makefile
@@ -93,7 +93,7 @@ OBJS-$(CONFIG_AMRWB_DEMUXER)             += amr.o
 OBJS-$(CONFIG_ANM_DEMUXER)               += anm.o
 OBJS-$(CONFIG_APC_DEMUXER)               += apc.o
 OBJS-$(CONFIG_APE_DEMUXER)               += ape.o apetag.o img2.o
-OBJS-$(CONFIG_APM_DEMUXER)               += apm.o riffdec.o
+OBJS-$(CONFIG_APM_DEMUXER)               += apm.o
 OBJS-$(CONFIG_APNG_DEMUXER)              += apngdec.o
 OBJS-$(CONFIG_APNG_MUXER)                += apngenc.o
 OBJS-$(CONFIG_APTX_DEMUXER)              += aptxdec.o rawdec.o
diff --git a/libavformat/apm.c b/libavformat/apm.c
index dc59c16562..4158b81457 100644
--- a/libavformat/apm.c
+++ b/libavformat/apm.c
@@ -21,12 +21,12 @@
  */
 #include "avformat.h"
 #include "internal.h"
-#include "riff.h"
 #include "libavutil/internal.h"
 #include "libavutil/intreadwrite.h"
 
-#define APM_FILE_HEADER_SIZE    20
-#define APM_VS12_CHUNK_SIZE     76
+#define APM_FILE_HEADER_SIZE    18
+#define APM_FILE_EXTRADATA_SIZE 80
+
 #define APM_MAX_READ_SIZE       4096
 
 #define APM_TAG_CODEC           0x2000
@@ -51,6 +51,7 @@ typedef struct APMVS12Chunk {
     uint32_t    unk2;
     APMState    state;
     uint32_t    pad[7];
+    uint32_t    data;
 } APMVS12Chunk;
 
 static void apm_parse_vs12(APMVS12Chunk *vs12, const uint8_t *buf)
@@ -71,6 +72,8 @@ static void apm_parse_vs12(APMVS12Chunk *vs12, const uint8_t *buf)
 
     for (int i = 0; i < FF_ARRAY_ELEMS(vs12->pad); i++)
         vs12->pad[i]            = AV_RL32(buf + 48 + (i * 4));
+
+    vs12->data                  = AV_RL32(buf + 76);
 }
 
 static int apm_probe(const AVProbeData *p)
@@ -95,24 +98,37 @@ static int apm_read_header(AVFormatContext *s)
     int64_t ret;
     AVStream *st;
     APMVS12Chunk vs12;
-    uint8_t buf[APM_VS12_CHUNK_SIZE];
+    uint8_t buf[APM_FILE_EXTRADATA_SIZE];
 
     if (!(st = avformat_new_stream(s, NULL)))
         return AVERROR(ENOMEM);
 
-    /* The header starts with a WAVEFORMATEX */
-    if ((ret = ff_get_wav_header(s, s->pb, st->codecpar, APM_FILE_HEADER_SIZE, 0)) < 0)
+    /*
+     * This is 98% a WAVEFORMATEX, but there's something screwy with the extradata
+     * that ff_get_wav_header() can't (and shouldn't) handle properly.
+     */
+    if (avio_rl16(s->pb) != APM_TAG_CODEC)
+        return AVERROR_INVALIDDATA;
+
+    st->codecpar->channels              = avio_rl16(s->pb);
+    st->codecpar->sample_rate           = avio_rl32(s->pb);
+
+    /* Skip the bitrate, it's usually wrong anyway. */
+    if ((ret = avio_skip(s->pb, 4)) < 0)
         return ret;
 
-    if (st->codecpar->bits_per_coded_sample != 4)
+    st->codecpar->block_align           = avio_rl16(s->pb);
+    st->codecpar->bits_per_coded_sample = avio_rl16(s->pb);
+
+    if (avio_rl32(s->pb) != APM_FILE_EXTRADATA_SIZE)
         return AVERROR_INVALIDDATA;
 
-    if (st->codecpar->codec_tag != APM_TAG_CODEC)
+    /* I've never seen files greater than this. */
+    if (st->codecpar->sample_rate > 44100)
         return AVERROR_INVALIDDATA;
 
-    /* ff_get_wav_header() does most of the work, but we need to fix a few things. */
-    st->codecpar->codec_id              = AV_CODEC_ID_ADPCM_IMA_APM;
-    st->codecpar->codec_tag             = 0;
+    if (st->codecpar->bits_per_coded_sample != 4)
+        return AVERROR_INVALIDDATA;
 
     if (st->codecpar->channels == 2)
         st->codecpar->channel_layout    = AV_CH_LAYOUT_STEREO;
@@ -121,31 +137,29 @@ static int apm_read_header(AVFormatContext *s)
     else
         return AVERROR_INVALIDDATA;
 
+    st->codecpar->codec_type            = AVMEDIA_TYPE_AUDIO;
+    st->codecpar->codec_id              = AV_CODEC_ID_ADPCM_IMA_APM;
     st->codecpar->format                = AV_SAMPLE_FMT_S16;
     st->codecpar->bits_per_raw_sample   = 16;
     st->codecpar->bit_rate              = st->codecpar->channels *
                                           st->codecpar->sample_rate *
                                           st->codecpar->bits_per_coded_sample;
 
-    if ((ret = avio_read(s->pb, buf, APM_VS12_CHUNK_SIZE)) < 0)
+    if ((ret = avio_read(s->pb, buf, APM_FILE_EXTRADATA_SIZE)) < 0)
         return ret;
-    else if (ret != APM_VS12_CHUNK_SIZE)
+    else if (ret != APM_FILE_EXTRADATA_SIZE)
         return AVERROR(EIO);
 
     apm_parse_vs12(&vs12, buf);
 
-    if (vs12.magic != APM_TAG_VS12) {
+    if (vs12.magic != APM_TAG_VS12 || vs12.data != APM_TAG_DATA)
         return AVERROR_INVALIDDATA;
-    }
 
     if (vs12.state.has_saved) {
         avpriv_request_sample(s, "Saved Samples");
         return AVERROR_PATCHWELCOME;
     }
 
-    if (avio_rl32(s->pb) != APM_TAG_DATA)
-        return AVERROR_INVALIDDATA;
-
     if ((ret = ff_alloc_extradata(st->codecpar, 16)) < 0)
         return ret;