/src/ffmpeg/libavformat/apngdec.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * APNG demuxer |
3 | | * Copyright (c) 2014 Benoit Fouet |
4 | | * |
5 | | * This file is part of FFmpeg. |
6 | | * |
7 | | * FFmpeg is free software; you can redistribute it and/or |
8 | | * modify it under the terms of the GNU Lesser General Public |
9 | | * License as published by the Free Software Foundation; either |
10 | | * version 2.1 of the License, or (at your option) any later version. |
11 | | * |
12 | | * FFmpeg is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
15 | | * Lesser General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU Lesser General Public |
18 | | * License along with FFmpeg; if not, write to the Free Software |
19 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
20 | | */ |
21 | | |
22 | | /** |
23 | | * @file |
24 | | * APNG demuxer. |
25 | | * @see https://wiki.mozilla.org/APNG_Specification |
26 | | * @see http://www.w3.org/TR/PNG |
27 | | */ |
28 | | |
29 | | #include "avformat.h" |
30 | | #include "avio_internal.h" |
31 | | #include "demux.h" |
32 | | #include "internal.h" |
33 | | #include "libavutil/imgutils.h" |
34 | | #include "libavutil/intreadwrite.h" |
35 | | #include "libavutil/mem.h" |
36 | | #include "libavutil/opt.h" |
37 | | #include "libavcodec/apng.h" |
38 | | #include "libavcodec/png.h" |
39 | | #include "libavcodec/bytestream.h" |
40 | | |
41 | | #define DEFAULT_APNG_FPS 15 |
42 | | |
43 | | typedef struct APNGDemuxContext { |
44 | | const AVClass *class; |
45 | | |
46 | | int max_fps; |
47 | | int default_fps; |
48 | | |
49 | | int pkt_duration; |
50 | | |
51 | | int is_key_frame; |
52 | | |
53 | | /* |
54 | | * loop options |
55 | | */ |
56 | | int ignore_loop; |
57 | | uint32_t num_frames; |
58 | | uint32_t num_play; |
59 | | uint32_t cur_loop; |
60 | | } APNGDemuxContext; |
61 | | |
62 | | /* |
63 | | * To be a valid APNG file, we mandate, in this order: |
64 | | * PNGSIG |
65 | | * IHDR |
66 | | * ... |
67 | | * acTL |
68 | | * ... |
69 | | * IDAT |
70 | | */ |
71 | | static int apng_probe(const AVProbeData *p) |
72 | 924k | { |
73 | 924k | GetByteContext gb; |
74 | 924k | int state = 0; |
75 | 924k | uint32_t len, tag; |
76 | | |
77 | 924k | bytestream2_init(&gb, p->buf, p->buf_size); |
78 | | |
79 | 924k | if (bytestream2_get_be64(&gb) != PNGSIG) |
80 | 919k | return 0; |
81 | | |
82 | 13.2k | for (;;) { |
83 | 13.2k | len = bytestream2_get_be32(&gb); |
84 | 13.2k | if (len > 0x7fffffff) |
85 | 436 | return 0; |
86 | | |
87 | 12.7k | tag = bytestream2_get_le32(&gb); |
88 | | /* we don't check IDAT size, as this is the last tag |
89 | | * we check, and it may be larger than the probe buffer */ |
90 | 12.7k | if (tag != MKTAG('I', 'D', 'A', 'T') && |
91 | 12.7k | len + 4 > bytestream2_get_bytes_left(&gb)) |
92 | 3.95k | return 0; |
93 | | |
94 | 8.80k | switch (tag) { |
95 | 375 | case MKTAG('I', 'H', 'D', 'R'): |
96 | 375 | if (len != 13) |
97 | 15 | return 0; |
98 | 360 | if (av_image_check_size(bytestream2_get_be32(&gb), bytestream2_get_be32(&gb), 0, NULL)) |
99 | 79 | return 0; |
100 | 281 | bytestream2_skip(&gb, 9); |
101 | 281 | state++; |
102 | 281 | break; |
103 | 179 | case MKTAG('a', 'c', 'T', 'L'): |
104 | 179 | if (state != 1 || |
105 | 179 | len != 8 || |
106 | 179 | bytestream2_get_be32(&gb) == 0) /* 0 is not a valid value for number of frames */ |
107 | 52 | return 0; |
108 | 127 | bytestream2_skip(&gb, 8); |
109 | 127 | state++; |
110 | 127 | break; |
111 | 125 | case MKTAG('I', 'D', 'A', 'T'): |
112 | 125 | if (state != 2) |
113 | 28 | return 0; |
114 | 97 | goto end; |
115 | 8.12k | default: |
116 | | /* skip other tags */ |
117 | 8.12k | bytestream2_skip(&gb, len + 4); |
118 | 8.12k | break; |
119 | 8.80k | } |
120 | 8.80k | } |
121 | | |
122 | 97 | end: |
123 | 97 | return AVPROBE_SCORE_MAX; |
124 | 4.66k | } |
125 | | |
126 | | static int append_extradata(AVCodecParameters *par, AVIOContext *pb, int len) |
127 | 10.3k | { |
128 | 10.3k | int previous_size = par->extradata_size; |
129 | 10.3k | int new_size, ret; |
130 | 10.3k | uint8_t *new_extradata; |
131 | | |
132 | 10.3k | if (len > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE - previous_size) |
133 | 4 | return AVERROR_INVALIDDATA; |
134 | | |
135 | 10.2k | new_size = previous_size + len; |
136 | 10.2k | new_extradata = av_realloc(par->extradata, new_size + AV_INPUT_BUFFER_PADDING_SIZE); |
137 | 10.2k | if (!new_extradata) |
138 | 0 | return AVERROR(ENOMEM); |
139 | 10.2k | memset(new_extradata + new_size, 0, AV_INPUT_BUFFER_PADDING_SIZE); |
140 | 10.2k | par->extradata = new_extradata; |
141 | 10.2k | par->extradata_size = new_size; |
142 | | |
143 | 10.2k | if ((ret = ffio_read_size(pb, par->extradata + previous_size, len)) < 0) |
144 | 216 | return ret; |
145 | | |
146 | 10.0k | return previous_size; |
147 | 10.2k | } |
148 | | |
149 | | static int apng_read_header(AVFormatContext *s) |
150 | 7.88k | { |
151 | 7.88k | APNGDemuxContext *ctx = s->priv_data; |
152 | 7.88k | AVIOContext *pb = s->pb; |
153 | 7.88k | uint32_t len, tag; |
154 | 7.88k | AVStream *st; |
155 | 7.88k | int acTL_found = 0; |
156 | 7.88k | int64_t ret; |
157 | | |
158 | | /* verify PNGSIG */ |
159 | 7.88k | if (avio_rb64(pb) != PNGSIG) |
160 | 5.09k | return AVERROR_INVALIDDATA; |
161 | | |
162 | | /* parse IHDR (must be first chunk) */ |
163 | 2.78k | len = avio_rb32(pb); |
164 | 2.78k | tag = avio_rl32(pb); |
165 | 2.78k | if (len != 13 || tag != MKTAG('I', 'H', 'D', 'R')) |
166 | 96 | return AVERROR_INVALIDDATA; |
167 | | |
168 | 2.68k | st = avformat_new_stream(s, NULL); |
169 | 2.68k | if (!st) |
170 | 0 | return AVERROR(ENOMEM); |
171 | | |
172 | | /* set the timebase to something large enough (1/100,000 of second) |
173 | | * to hopefully cope with all sane frame durations */ |
174 | 2.68k | avpriv_set_pts_info(st, 64, 1, 100000); |
175 | 2.68k | st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO; |
176 | 2.68k | st->codecpar->codec_id = AV_CODEC_ID_APNG; |
177 | 2.68k | st->codecpar->width = avio_rb32(pb); |
178 | 2.68k | st->codecpar->height = avio_rb32(pb); |
179 | 2.68k | if ((ret = av_image_check_size(st->codecpar->width, st->codecpar->height, 0, s)) < 0) |
180 | 154 | return ret; |
181 | | |
182 | | /* extradata will contain every chunk up to the first fcTL (excluded) */ |
183 | 2.53k | ret = ff_alloc_extradata(st->codecpar, len + 12); |
184 | 2.53k | if (ret < 0) |
185 | 0 | return ret; |
186 | 2.53k | AV_WB32(st->codecpar->extradata, len); |
187 | 2.53k | AV_WL32(st->codecpar->extradata+4, tag); |
188 | 2.53k | AV_WB32(st->codecpar->extradata+8, st->codecpar->width); |
189 | 2.53k | AV_WB32(st->codecpar->extradata+12, st->codecpar->height); |
190 | 2.53k | if ((ret = ffio_read_size(pb, st->codecpar->extradata + 16, 9)) < 0) |
191 | 17 | return ret; |
192 | | |
193 | 12.5k | while (1) { |
194 | 12.5k | if (acTL_found && ctx->num_play != 1) { |
195 | 1.21k | int64_t size = avio_size(pb); |
196 | 1.21k | int64_t offset = avio_tell(pb); |
197 | 1.21k | if (size < 0) { |
198 | 36 | return size; |
199 | 1.18k | } else if (offset < 0) { |
200 | 0 | return offset; |
201 | 1.18k | } else if ((ret = ffio_ensure_seekback(pb, size - offset)) < 0) { |
202 | 481 | av_log(s, AV_LOG_WARNING, "Could not ensure seekback, will not loop\n"); |
203 | 481 | ctx->num_play = 1; |
204 | 481 | } |
205 | 1.21k | } |
206 | 12.5k | if ((ctx->num_play == 1 || !acTL_found) && |
207 | 12.5k | ((ret = ffio_ensure_seekback(pb, 4 /* len */ + 4 /* tag */)) < 0)) |
208 | 0 | return ret; |
209 | | |
210 | 12.5k | len = avio_rb32(pb); |
211 | 12.5k | if (len > INT_MAX - 12) |
212 | 18 | return AVERROR_INVALIDDATA; |
213 | | |
214 | 12.5k | tag = avio_rl32(pb); |
215 | 12.5k | switch (tag) { |
216 | 2.57k | case MKTAG('a', 'c', 'T', 'L'): |
217 | 2.57k | if ((ret = avio_seek(pb, -8, SEEK_CUR)) < 0 || |
218 | 2.57k | (ret = append_extradata(st->codecpar, pb, len + 12)) < 0) |
219 | 30 | return ret; |
220 | 2.54k | acTL_found = 1; |
221 | 2.54k | ctx->num_frames = AV_RB32(st->codecpar->extradata + ret + 8); |
222 | 2.54k | ctx->num_play = AV_RB32(st->codecpar->extradata + ret + 12); |
223 | 2.54k | av_log(s, AV_LOG_DEBUG, "num_frames: %"PRIu32", num_play: %"PRIu32"\n", |
224 | 2.54k | ctx->num_frames, ctx->num_play); |
225 | 2.54k | break; |
226 | 2.16k | case MKTAG('f', 'c', 'T', 'L'): |
227 | 2.16k | if (!acTL_found || len != APNG_FCTL_CHUNK_SIZE) { |
228 | 6 | return AVERROR_INVALIDDATA; |
229 | 6 | } |
230 | 2.15k | if ((ret = avio_seek(pb, -8, SEEK_CUR)) < 0) |
231 | 1 | return ret; |
232 | 2.15k | return 0; |
233 | 7.80k | default: |
234 | 7.80k | if ((ret = avio_seek(pb, -8, SEEK_CUR)) < 0 || |
235 | 7.80k | (ret = append_extradata(st->codecpar, pb, len + 12)) < 0) |
236 | 266 | return ret; |
237 | 12.5k | } |
238 | 12.5k | } |
239 | 2.51k | } |
240 | | |
241 | | static int decode_fctl_chunk(AVFormatContext *s, APNGDemuxContext *ctx, AVPacket *pkt) |
242 | 46.8k | { |
243 | 46.8k | uint32_t sequence_number, width, height, x_offset, y_offset; |
244 | 46.8k | uint16_t delay_num, delay_den; |
245 | 46.8k | uint8_t dispose_op, blend_op; |
246 | | |
247 | 46.8k | sequence_number = avio_rb32(s->pb); |
248 | 46.8k | width = avio_rb32(s->pb); |
249 | 46.8k | height = avio_rb32(s->pb); |
250 | 46.8k | x_offset = avio_rb32(s->pb); |
251 | 46.8k | y_offset = avio_rb32(s->pb); |
252 | 46.8k | delay_num = avio_rb16(s->pb); |
253 | 46.8k | delay_den = avio_rb16(s->pb); |
254 | 46.8k | dispose_op = avio_r8(s->pb); |
255 | 46.8k | blend_op = avio_r8(s->pb); |
256 | 46.8k | avio_skip(s->pb, 4); /* crc */ |
257 | | |
258 | | /* default is hundredths of seconds */ |
259 | 46.8k | if (!delay_den) |
260 | 1.62k | delay_den = 100; |
261 | 46.8k | if (!delay_num || (ctx->max_fps && delay_den / delay_num > ctx->max_fps)) { |
262 | 1.69k | delay_num = 1; |
263 | 1.69k | delay_den = ctx->default_fps; |
264 | 1.69k | } |
265 | 46.8k | ctx->pkt_duration = av_rescale_q(delay_num, |
266 | 46.8k | (AVRational){ 1, delay_den }, |
267 | 46.8k | s->streams[0]->time_base); |
268 | | |
269 | 46.8k | av_log(s, AV_LOG_DEBUG, "%s: " |
270 | 46.8k | "sequence_number: %"PRId32", " |
271 | 46.8k | "width: %"PRIu32", " |
272 | 46.8k | "height: %"PRIu32", " |
273 | 46.8k | "x_offset: %"PRIu32", " |
274 | 46.8k | "y_offset: %"PRIu32", " |
275 | 46.8k | "delay_num: %"PRIu16", " |
276 | 46.8k | "delay_den: %"PRIu16", " |
277 | 46.8k | "dispose_op: %d, " |
278 | 46.8k | "blend_op: %d\n", |
279 | 46.8k | __func__, |
280 | 46.8k | sequence_number, |
281 | 46.8k | width, |
282 | 46.8k | height, |
283 | 46.8k | x_offset, |
284 | 46.8k | y_offset, |
285 | 46.8k | delay_num, |
286 | 46.8k | delay_den, |
287 | 46.8k | dispose_op, |
288 | 46.8k | blend_op); |
289 | | |
290 | 46.8k | if (width != s->streams[0]->codecpar->width || |
291 | 46.8k | height != s->streams[0]->codecpar->height || |
292 | 46.8k | x_offset != 0 || |
293 | 46.8k | y_offset != 0) { |
294 | 13.6k | if (sequence_number == 0 || |
295 | 13.6k | x_offset >= s->streams[0]->codecpar->width || |
296 | 13.6k | width > s->streams[0]->codecpar->width - x_offset || |
297 | 13.6k | y_offset >= s->streams[0]->codecpar->height || |
298 | 13.6k | height > s->streams[0]->codecpar->height - y_offset) |
299 | 850 | return AVERROR_INVALIDDATA; |
300 | 12.7k | ctx->is_key_frame = 0; |
301 | 33.2k | } else { |
302 | 33.2k | if (sequence_number == 0 && dispose_op == APNG_DISPOSE_OP_PREVIOUS) |
303 | 1 | dispose_op = APNG_DISPOSE_OP_BACKGROUND; |
304 | 33.2k | ctx->is_key_frame = dispose_op == APNG_DISPOSE_OP_BACKGROUND || |
305 | 33.2k | blend_op == APNG_BLEND_OP_SOURCE; |
306 | 33.2k | } |
307 | | |
308 | 46.0k | return 0; |
309 | 46.8k | } |
310 | | |
311 | | static int apng_read_packet(AVFormatContext *s, AVPacket *pkt) |
312 | 49.2k | { |
313 | 49.2k | APNGDemuxContext *ctx = s->priv_data; |
314 | 49.2k | int64_t ret; |
315 | 49.2k | int64_t size; |
316 | 49.2k | AVIOContext *pb = s->pb; |
317 | 49.2k | uint32_t len, tag; |
318 | | |
319 | | /* |
320 | | * fcTL chunk length, in bytes: |
321 | | * 4 (length) |
322 | | * 4 (tag) |
323 | | * 26 (actual chunk) |
324 | | * 4 (crc) bytes |
325 | | * and needed next: |
326 | | * 4 (length) |
327 | | * 4 (tag (must be fdAT or IDAT)) |
328 | | */ |
329 | | /* if num_play is not 1, then the seekback is already guaranteed */ |
330 | 49.2k | if (ctx->num_play == 1 && (ret = ffio_ensure_seekback(pb, 46)) < 0) |
331 | 0 | return ret; |
332 | | |
333 | 49.2k | len = avio_rb32(pb); |
334 | 49.2k | tag = avio_rl32(pb); |
335 | | |
336 | 49.2k | if (avio_feof(pb)) |
337 | 1.39k | return AVERROR_EOF; |
338 | | |
339 | 47.8k | switch (tag) { |
340 | 47.0k | case MKTAG('f', 'c', 'T', 'L'): |
341 | 47.0k | if (len != APNG_FCTL_CHUNK_SIZE) |
342 | 149 | return AVERROR_INVALIDDATA; |
343 | | |
344 | 46.8k | if ((ret = decode_fctl_chunk(s, ctx, pkt)) < 0) |
345 | 850 | return ret; |
346 | | |
347 | | /* fcTL may be followed by other chunks before fdAT or IDAT */ |
348 | 46.0k | len = avio_rb32(pb); |
349 | 46.0k | tag = avio_rl32(pb); |
350 | 46.0k | if (len > 0x7fffffff) |
351 | 13 | return AVERROR_INVALIDDATA; |
352 | | |
353 | | /* check for empty frame */ |
354 | 46.0k | if (tag == MKTAG('f', 'c', 'T', 'L') || |
355 | 46.0k | tag == MKTAG('I', 'E', 'N', 'D')) |
356 | 2 | return AVERROR_INVALIDDATA; |
357 | | |
358 | 46.0k | size = 38 /* fcTL */ + 8 /* len, tag */ + len + 4 /* crc */; |
359 | 46.0k | if (size > INT_MAX) |
360 | 3 | return AVERROR(EINVAL); |
361 | | |
362 | 45.9k | if ((ret = avio_seek(pb, -46, SEEK_CUR)) < 0 || |
363 | 45.9k | (ret = av_append_packet(pb, pkt, size)) < 0) |
364 | 278 | return ret; |
365 | | |
366 | 45.7k | if (ctx->num_play == 1 && (ret = ffio_ensure_seekback(pb, 8)) < 0) |
367 | 0 | return ret; |
368 | | |
369 | 45.7k | len = avio_rb32(pb); |
370 | 45.7k | tag = avio_rl32(pb); |
371 | 51.2k | while (tag && |
372 | 51.2k | tag != MKTAG('f', 'c', 'T', 'L') && |
373 | 51.2k | tag != MKTAG('I', 'E', 'N', 'D')) { |
374 | 5.60k | if (len > 0x7fffffff) |
375 | 59 | return AVERROR_INVALIDDATA; |
376 | 5.54k | if ((ret = avio_seek(pb, -8, SEEK_CUR)) < 0 || |
377 | 5.54k | (ret = av_append_packet(pb, pkt, len + 12)) < 0) |
378 | 16 | return ret; |
379 | 5.53k | if (ctx->num_play == 1 && (ret = ffio_ensure_seekback(pb, 8)) < 0) |
380 | 0 | return ret; |
381 | 5.53k | len = avio_rb32(pb); |
382 | 5.53k | tag = avio_rl32(pb); |
383 | 5.53k | } |
384 | 45.6k | if ((ret = avio_seek(pb, -8, SEEK_CUR)) < 0) |
385 | 285 | return ret; |
386 | | |
387 | 45.3k | if (ctx->is_key_frame) |
388 | 32.7k | pkt->flags |= AV_PKT_FLAG_KEY; |
389 | 45.3k | pkt->pts = pkt->dts = AV_NOPTS_VALUE; |
390 | 45.3k | pkt->duration = ctx->pkt_duration; |
391 | 45.3k | return ret; |
392 | 11 | case MKTAG('I', 'E', 'N', 'D'): |
393 | 11 | ctx->cur_loop++; |
394 | 11 | if (ctx->ignore_loop || ctx->num_play >= 1 && ctx->cur_loop == ctx->num_play) { |
395 | 11 | avio_seek(pb, -8, SEEK_CUR); |
396 | 11 | return AVERROR_EOF; |
397 | 11 | } |
398 | 0 | if ((ret = avio_seek(pb, s->streams[0]->codecpar->extradata_size + 8, SEEK_SET)) < 0) |
399 | 0 | return ret; |
400 | 0 | return 0; |
401 | 841 | default: |
402 | 841 | avpriv_request_sample(s, "In-stream tag=%s (0x%08"PRIX32") len=%"PRIu32, |
403 | 841 | av_fourcc2str(tag), tag, len); |
404 | 841 | avio_skip(pb, len + 4); |
405 | 47.8k | } |
406 | | |
407 | | /* Handle the unsupported yet cases */ |
408 | 841 | return AVERROR_PATCHWELCOME; |
409 | 47.8k | } |
410 | | |
411 | | static const AVOption options[] = { |
412 | | { "ignore_loop", "ignore loop setting" , offsetof(APNGDemuxContext, ignore_loop), |
413 | | AV_OPT_TYPE_BOOL, { .i64 = 1 } , 0, 1 , AV_OPT_FLAG_DECODING_PARAM }, |
414 | | { "max_fps" , "maximum framerate (0 is no limit)" , offsetof(APNGDemuxContext, max_fps), |
415 | | AV_OPT_TYPE_INT, { .i64 = 0 }, 0, INT_MAX, AV_OPT_FLAG_DECODING_PARAM }, |
416 | | { "default_fps", "default framerate (0 is as fast as possible)", offsetof(APNGDemuxContext, default_fps), |
417 | | AV_OPT_TYPE_INT, { .i64 = DEFAULT_APNG_FPS }, 0, INT_MAX, AV_OPT_FLAG_DECODING_PARAM }, |
418 | | { NULL }, |
419 | | }; |
420 | | |
421 | | static const AVClass demuxer_class = { |
422 | | .class_name = "APNG demuxer", |
423 | | .item_name = av_default_item_name, |
424 | | .option = options, |
425 | | .version = LIBAVUTIL_VERSION_INT, |
426 | | .category = AV_CLASS_CATEGORY_DEMUXER, |
427 | | }; |
428 | | |
429 | | const FFInputFormat ff_apng_demuxer = { |
430 | | .p.name = "apng", |
431 | | .p.long_name = NULL_IF_CONFIG_SMALL("Animated Portable Network Graphics"), |
432 | | .p.flags = AVFMT_GENERIC_INDEX, |
433 | | .p.priv_class = &demuxer_class, |
434 | | .priv_data_size = sizeof(APNGDemuxContext), |
435 | | .read_probe = apng_probe, |
436 | | .read_header = apng_read_header, |
437 | | .read_packet = apng_read_packet, |
438 | | }; |