Merge "Signal an error when encountering a malformed .ts stream."
diff --git a/media/libstagefright/mpeg2ts/ATSParser.cpp b/media/libstagefright/mpeg2ts/ATSParser.cpp
index 017d01c..e13464e 100644
--- a/media/libstagefright/mpeg2ts/ATSParser.cpp
+++ b/media/libstagefright/mpeg2ts/ATSParser.cpp
@@ -89,7 +89,7 @@
unsigned pid() const { return mElementaryPID; }
void setPID(unsigned pid) { mElementaryPID = pid; }
- void parse(
+ status_t parse(
unsigned payload_unit_start_indicator,
ABitReader *br);
@@ -114,8 +114,8 @@
ElementaryStreamQueue *mQueue;
- void flush();
- void parsePES(ABitReader *br);
+ status_t flush();
+ status_t parsePES(ABitReader *br);
void onPayloadData(
unsigned PTS_DTS_flags, uint64_t PTS, uint64_t DTS,
@@ -159,7 +159,7 @@
return false;
}
- mStreams.editValueAt(index)->parse(
+ *err = mStreams.editValueAt(index)->parse(
payload_unit_start_indicator, br);
return true;
@@ -438,10 +438,10 @@
mQueue = NULL;
}
-void ATSParser::Stream::parse(
+status_t ATSParser::Stream::parse(
unsigned payload_unit_start_indicator, ABitReader *br) {
if (mQueue == NULL) {
- return;
+ return OK;
}
if (payload_unit_start_indicator) {
@@ -450,14 +450,18 @@
// of a PES packet that we never saw the start of and assuming
// we have a a complete PES packet.
- flush();
+ status_t err = flush();
+
+ if (err != OK) {
+ return err;
+ }
}
mPayloadStarted = true;
}
if (!mPayloadStarted) {
- return;
+ return OK;
}
size_t payloadSizeBits = br->numBitsLeft();
@@ -478,6 +482,8 @@
memcpy(mBuffer->data() + mBuffer->size(), br->data(), payloadSizeBits / 8);
mBuffer->setRange(0, mBuffer->size() + payloadSizeBits / 8);
+
+ return OK;
}
void ATSParser::Stream::signalDiscontinuity(
@@ -526,7 +532,7 @@
}
}
-void ATSParser::Stream::parsePES(ABitReader *br) {
+status_t ATSParser::Stream::parsePES(ABitReader *br) {
unsigned packet_startcode_prefix = br->getBits(24);
LOGV("packet_startcode_prefix = 0x%08x", packet_startcode_prefix);
@@ -534,7 +540,8 @@
if (packet_startcode_prefix != 1) {
LOGV("Supposedly payload_unit_start=1 unit does not start "
"with startcode.");
- return;
+
+ return ERROR_MALFORMED;
}
CHECK_EQ(packet_startcode_prefix, 0x000001u);
@@ -661,6 +668,14 @@
unsigned dataLength =
PES_packet_length - 3 - PES_header_data_length;
+ if (br->numBitsLeft() < dataLength * 8) {
+ LOGE("PES packet does not carry enough data to contain "
+ "payload. (numBitsLeft = %d, required = %d)",
+ br->numBitsLeft(), dataLength * 8);
+
+ return ERROR_MALFORMED;
+ }
+
CHECK_GE(br->numBitsLeft(), dataLength * 8);
onPayloadData(
@@ -684,19 +699,24 @@
CHECK_NE(PES_packet_length, 0u);
br->skipBits(PES_packet_length * 8);
}
+
+ return OK;
}
-void ATSParser::Stream::flush() {
+status_t ATSParser::Stream::flush() {
if (mBuffer->size() == 0) {
- return;
+ return OK;
}
LOGV("flushing stream 0x%04x size = %d", mElementaryPID, mBuffer->size());
ABitReader br(mBuffer->data(), mBuffer->size());
- parsePES(&br);
+
+ status_t err = parsePES(&br);
mBuffer->setRange(0, 0);
+
+ return err;
}
void ATSParser::Stream::onPayloadData(