/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim:set ts=2 sw=2 sts=2 et cindent: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <string.h>
#include "mozilla/EndianUtils.h"
#include "mozilla/ScopeExit.h"
#include "mozilla/TextUtils.h"
#include "mozilla/Utf8.h"
#include <stdint.h>
#include <algorithm>
#include <opus/opus.h>
#include <opus/opus_multistream.h>
#include "OggCodecState.h"
#include "OggRLBox.h"
#include "OpusParser.h"
#include "VideoUtils.h"
#include "XiphExtradata.h"
#include "nsDebug.h"
namespace mozilla {
extern LazyLogModule gMediaDecoderLog;
#define LOG(type, msg) MOZ_LOG(gMediaDecoderLog, type, msg)
using media::TimeUnit;
/** Decoder base class for Ogg-encapsulated streams. */
UniquePtr<OggCodecState> OggCodecState::Create(
rlbox_sandbox_ogg* aSandbox, tainted_opaque_ogg<ogg_page*> aPage,
uint32_t aSerial) {
NS_ASSERTION(sandbox_invoke(*aSandbox, ogg_page_bos, aPage)
.unverified_safe_because(RLBOX_SAFE_DEBUG_ASSERTION),
"Only call on BOS page!");
UniquePtr<OggCodecState> codecState;
tainted_ogg<ogg_page*> aPage_t = rlbox::from_opaque(aPage);
const char codec_reason[] =
"These conditions set the type of codec. Since we are relying on "
"ogg_page to determine the codec type, the library could lie about "
"this. We allow this as it does not directly allow renderer "
"vulnerabilities if this is incorrect.";
long body_len = aPage_t->body_len.unverified_safe_because(codec_reason);
if (body_len > 6 && rlbox::memcmp(*aSandbox, aPage_t->body + 1,
"vorbis", 6u)
.unverified_safe_because(codec_reason) == 0) {
codecState = MakeUnique<VorbisState>(aSandbox, aPage, aSerial);
}
else if (body_len > 8 &&
rlbox::memcmp(*aSandbox, aPage_t->body,
"OpusHead", 8u)
.unverified_safe_because(codec_reason) == 0) {
codecState = MakeUnique<OpusState>(aSandbox, aPage, aSerial);
}
else if (body_len > 8 &&
rlbox::memcmp(*aSandbox, aPage_t->body,
"fishead\0", 8u)
.unverified_safe_because(codec_reason) == 0) {
codecState = MakeUnique<SkeletonState>(aSandbox, aPage, aSerial);
}
else if (body_len > 5 &&
rlbox::memcmp(*aSandbox, aPage_t->body,
"\177FLAC", 5u)
.unverified_safe_because(codec_reason) == 0) {
codecState = MakeUnique<FlacState>(aSandbox, aPage, aSerial);
}
else {
// Can't use MakeUnique here, OggCodecState is protected.
codecState.reset(
new OggCodecState(aSandbox, aPage, aSerial,
false));
}
if (!codecState->OggCodecState::InternalInit()) {
codecState.reset();
}
return codecState;
}
OggCodecState::OggCodecState(rlbox_sandbox_ogg* aSandbox,
tainted_opaque_ogg<ogg_page*> aBosPage,
uint32_t aSerial,
bool aActive)
: mPacketCount(0),
mSerial(aSerial),
mActive(aActive),
mDoneReadingHeaders(!aActive),
mSandbox(aSandbox) {
MOZ_COUNT_CTOR(OggCodecState);
tainted_ogg<ogg_stream_state*> state =
mSandbox->malloc_in_sandbox<ogg_stream_state>();
MOZ_RELEASE_ASSERT(state != nullptr);
rlbox::memset(*mSandbox, state, 0,
sizeof(ogg_stream_state));
mState = state.to_opaque();
}
OggCodecState::~OggCodecState() {
MOZ_COUNT_DTOR(OggCodecState);
Reset();
#ifdef DEBUG
int ret =
#endif
sandbox_invoke(*mSandbox, ogg_stream_clear, mState)
.unverified_safe_because(RLBOX_SAFE_DEBUG_ASSERTION);
NS_ASSERTION(ret == 0,
"ogg_stream_clear failed");
mSandbox->free_in_sandbox(rlbox::from_opaque(mState));
tainted_ogg<ogg_stream_state*> nullval = nullptr;
mState = nullval.to_opaque();
}
nsresult OggCodecState::Reset() {
if (sandbox_invoke(*mSandbox, ogg_stream_reset, mState)
.unverified_safe_because(RLBOX_OGG_STATE_ASSERT_REASON) != 0) {
return NS_ERROR_FAILURE;
}
mPackets.Erase();
ClearUnstamped();
return NS_OK;
}
void OggCodecState::ClearUnstamped() { mUnstamped.Clear(); }
bool OggCodecState::InternalInit() {
int ret = sandbox_invoke(*mSandbox, ogg_stream_init, mState, mSerial)
.unverified_safe_because(RLBOX_OGG_STATE_ASSERT_REASON);
return ret == 0;
}
bool OggCodecState::IsValidVorbisTagName(nsCString& aName) {
// Tag names must consist of ASCII 0x20 through 0x7D,
// excluding 0x3D '=' which is the separator.
uint32_t length = aName.Length();
const char* data = aName.Data();
for (uint32_t i = 0; i < length; i++) {
if (data[i] < 0x20 || data[i] > 0x7D || data[i] ==
'=') {
return false;
}
}
return true;
}
bool OggCodecState::AddVorbisComment(UniquePtr<MetadataTags>& aTags,
const char* aComment, uint32_t aLength) {
const char* div = (
const char*)memchr(aComment,
'=', aLength);
if (!div) {
LOG(LogLevel::Debug, (
"Skipping comment: no separator"));
return false;
}
nsCString key = nsCString(aComment, div - aComment);
if (!IsValidVorbisTagName(key)) {
LOG(LogLevel::Debug, (
"Skipping comment: invalid tag name"));
return false;
}
uint32_t valueLength = aLength - (div - aComment);
nsCString value = nsCString(div + 1, valueLength);
if (!IsUtf8(value)) {
LOG(LogLevel::Debug, (
"Skipping comment: invalid UTF-8 in value"));
return false;
}
aTags->InsertOrUpdate(key, value);
return true;
}
bool OggCodecState::SetCodecSpecificConfig(MediaByteBuffer* aBuffer,
OggPacketQueue& aHeaders) {
nsTArray<
const unsigned char*> headers;
nsTArray<size_t> headerLens;
for (size_t i = 0; i < aHeaders.Length(); i++) {
headers.AppendElement(aHeaders[i]->packet);
headerLens.AppendElement(aHeaders[i]->bytes);
}
// Save header packets for the decoder
if (!XiphHeadersToExtradata(aBuffer, headers, headerLens)) {
return false;
}
aHeaders.Erase();
return true;
}
void VorbisState::RecordVorbisPacketSamples(ogg_packet* aPacket,
long aSamples) {
#ifdef VALIDATE_VORBIS_SAMPLE_CALCULATION
mVorbisPacketSamples[aPacket] = aSamples;
#endif
}
void VorbisState::ValidateVorbisPacketSamples(ogg_packet* aPacket,
long aSamples) {
#ifdef VALIDATE_VORBIS_SAMPLE_CALCULATION
NS_ASSERTION(mVorbisPacketSamples[aPacket] == aSamples,
"Decoded samples for Vorbis packet don't match expected!");
mVorbisPacketSamples.erase(aPacket);
#endif
}
void VorbisState::AssertHasRecordedPacketSamples(ogg_packet* aPacket) {
#ifdef VALIDATE_VORBIS_SAMPLE_CALCULATION
NS_ASSERTION(mVorbisPacketSamples.count(aPacket) == 1,
"Must have recorded packet samples");
#endif
}
// Clone the given packet from memory accessible to the sandboxed libOgg to
// memory accessible only to the Firefox renderer
static OggPacketPtr CloneOutOfSandbox(tainted_ogg<ogg_packet*> aPacket) {
ogg_packet* clone =
aPacket.copy_and_verify([](std::unique_ptr<tainted_ogg<ogg_packet>> val) {
const char packet_reason[] =
"Packets have no guarantees on what data they hold. The renderer's "
"safety is not compromised even if packets return garbage data.";
ogg_packet* p =
new ogg_packet();
p->bytes = val->bytes.unverified_safe_because(packet_reason);
p->b_o_s = val->b_o_s.unverified_safe_because(packet_reason);
p->e_o_s = val->e_o_s.unverified_safe_because(packet_reason);
p->granulepos = val->granulepos.unverified_safe_because(packet_reason);
p->packetno = val->packetno.unverified_safe_because(packet_reason);
if (p->bytes == 0) {
p->packet = nullptr;
}
else {
p->packet = val->packet.copy_and_verify_range(
[](std::unique_ptr<
unsigned char[]> packet) {
return packet.release();
},
p->bytes);
}
return p;
});
return OggPacketPtr(clone);
}
void OggPacketQueue::Append(OggPacketPtr aPacket) {
nsDeque::Push(aPacket.release());
}
bool OggCodecState::IsPacketReady() {
return !mPackets.IsEmpty(); }
OggPacketPtr OggCodecState::PacketOut() {
if (mPackets.IsEmpty()) {
return nullptr;
}
return mPackets.PopFront();
}
ogg_packet* OggCodecState::PacketPeek() {
if (mPackets.IsEmpty()) {
return nullptr;
}
return mPackets.PeekFront();
}
void OggCodecState::PushFront(OggPacketQueue&& aOther) {
while (!aOther.IsEmpty()) {
mPackets.PushFront(aOther.Pop());
}
}
already_AddRefed<MediaRawData> OggCodecState::PacketOutAsMediaRawData() {
OggPacketPtr packet = PacketOut();
if (!packet) {
return nullptr;
}
NS_ASSERTION(
!IsHeader(packet.get()),
"PacketOutAsMediaRawData can only be called on non-header packets");
RefPtr<MediaRawData> sample =
new MediaRawData(packet->packet, packet->bytes);
if (packet->bytes && !sample->Data()) {
// OOM.
return nullptr;
}
TimeUnit endTimestamp = Time(packet->granulepos);
NS_ASSERTION(endTimestamp.IsPositiveOrZero(),
"timestamp invalid");
TimeUnit duration = PacketDuration(packet.get());
if (!duration.IsValid() || !duration.IsPositiveOrZero()) {
NS_WARNING(
nsPrintfCString(
"duration invalid! (%s)", duration.ToString().get())
.get());
duration = TimeUnit::Zero(endTimestamp);
}
sample->mTimecode = Time(packet->granulepos);
sample->mTime = endTimestamp - duration;
sample->mDuration = duration;
sample->mKeyframe = IsKeyframe(packet.get());
sample->mEOS = packet->e_o_s;
return sample.forget();
}
nsresult OggCodecState::PageIn(tainted_opaque_ogg<ogg_page*> aPage) {
if (!mActive) {
return NS_OK;
}
NS_ASSERTION((rlbox::sandbox_static_cast<uint32_t>(sandbox_invoke(
*mSandbox, ogg_page_serialno, aPage)) == mSerial)
.unverified_safe_because(RLBOX_OGG_PAGE_SERIAL_REASON),
"Page must be for this stream!");
if (sandbox_invoke(*mSandbox, ogg_stream_pagein, mState, aPage)
.unverified_safe_because(RLBOX_OGG_STATE_ASSERT_REASON) == -1) {
return NS_ERROR_FAILURE;
}
int r;
tainted_ogg<ogg_packet*> packet = mSandbox->malloc_in_sandbox<ogg_packet>();
if (!packet) {
return NS_ERROR_OUT_OF_MEMORY;
}
auto clean_packet = MakeScopeExit([&] { mSandbox->free_in_sandbox(packet); });
do {
r = sandbox_invoke(*mSandbox, ogg_stream_packetout, mState, packet)
.unverified_safe_because(RLBOX_OGG_STATE_ASSERT_REASON);
if (r == 1) {
mPackets.Append(CloneOutOfSandbox(packet));
}
}
while (r != 0);
if (sandbox_invoke(*mSandbox, ogg_stream_check, mState)
.unverified_safe_because(RLBOX_OGG_STATE_ASSERT_REASON)) {
NS_WARNING(
"Unrecoverable error in ogg_stream_packetout");
return NS_ERROR_FAILURE;
}
return NS_OK;
}
nsresult OggCodecState::PacketOutUntilGranulepos(
bool& aFoundGranulepos) {
tainted_ogg<
int> r;
aFoundGranulepos =
false;
// Extract packets from the sync state until either no more packets
// come out, or we get a data packet with non -1 granulepos.
tainted_ogg<ogg_packet*> packet = mSandbox->malloc_in_sandbox<ogg_packet>();
if (!packet) {
return NS_ERROR_OUT_OF_MEMORY;
}
auto clean_packet = MakeScopeExit([&] { mSandbox->free_in_sandbox(packet); });
do {
r = sandbox_invoke(*mSandbox, ogg_stream_packetout, mState, packet);
if (r.unverified_safe_because(RLBOX_OGG_STATE_ASSERT_REASON) == 1) {
OggPacketPtr clone = CloneOutOfSandbox(packet);
if (IsHeader(clone.get())) {
// Header packets go straight into the packet queue.
mPackets.Append(std::move(clone));
}
else {
// We buffer data packets until we encounter a granulepos. We'll
// then use the granulepos to figure out the granulepos of the
// preceeding packets.
aFoundGranulepos = clone.get()->granulepos > 0;
mUnstamped.AppendElement(std::move(clone));
}
}
}
while (r.unverified_safe_because(RLBOX_OGG_STATE_ASSERT_REASON) != 0 &&
!aFoundGranulepos);
if (sandbox_invoke(*mSandbox, ogg_stream_check, mState)
.unverified_safe_because(RLBOX_OGG_STATE_ASSERT_REASON)) {
NS_WARNING(
"Unrecoverable error in ogg_stream_packetout");
return NS_ERROR_FAILURE;
}
return NS_OK;
}
nsresult VorbisState::Reset() {
nsresult res = NS_OK;
if (mActive && vorbis_synthesis_restart(&mDsp) != 0) {
res = NS_ERROR_FAILURE;
}
mHeaders.Erase();
if (NS_FAILED(OggCodecState::Reset())) {
return NS_ERROR_FAILURE;
}
mGranulepos = 0;
mPrevVorbisBlockSize = 0;
return res;
}
VorbisState::VorbisState(rlbox_sandbox_ogg* aSandbox,
tainted_opaque_ogg<ogg_page*> aBosPage,
uint32_t aSerial)
: OggCodecState(aSandbox, aBosPage, aSerial,
true),
mPrevVorbisBlockSize(0),
mGranulepos(0) {
MOZ_COUNT_CTOR(VorbisState);
vorbis_info_init(&mVorbisInfo);
vorbis_comment_init(&mComment);
memset(&mDsp, 0,
sizeof(vorbis_dsp_state));
memset(&mBlock, 0,
sizeof(vorbis_block));
}
VorbisState::~VorbisState() {
MOZ_COUNT_DTOR(VorbisState);
Reset();
vorbis_block_clear(&mBlock);
vorbis_dsp_clear(&mDsp);
vorbis_info_clear(&mVorbisInfo);
vorbis_comment_clear(&mComment);
}
bool VorbisState::DecodeHeader(OggPacketPtr aPacket) {
ogg_packet* packet = aPacket.get();
// Will be owned by mHeaders.
mHeaders.Append(std::move(aPacket));
mPacketCount++;
int ret = vorbis_synthesis_headerin(&mVorbisInfo, &mComment, packet);
// We must determine when we've read the last header packet.
// vorbis_synthesis_headerin() does not tell us when it's read the last
// header, so we must keep track of the headers externally.
//
// There are 3 header packets, the Identification, Comment, and Setup
// headers, which must be in that order. If they're out of order, the file
// is invalid. If we've successfully read a header, and it's the setup
// header, then we're done reading headers. The first byte of each packet
// determines it's type as follows:
// 0x1 -> Identification header
// 0x3 -> Comment header
// 0x5 -> Setup header
// For more details of the Vorbis/Ogg containment scheme, see the Vorbis I
// Specification, Chapter 4, Codec Setup and Packet Decode:
// http://www.xiph.org/vorbis/doc/Vorbis_I_spec.html#x1-580004
bool isSetupHeader = packet->bytes > 0 && packet->packet[0] == 0x5;
if (ret < 0 || mPacketCount > 3) {
// We've received an error, or the first three packets weren't valid
// header packets. Assume bad input. Our caller will deactivate the
// bitstream.
return false;
}
if (!ret && isSetupHeader && mPacketCount == 3) {
// Successfully read the three header packets.
// The bitstream remains active.
mDoneReadingHeaders =
true;
}
return true;
}
bool VorbisState::Init() {
if (!mActive) {
return false;
}
int ret = vorbis_synthesis_init(&mDsp, &mVorbisInfo);
if (ret != 0) {
NS_WARNING(
"vorbis_synthesis_init() failed initializing vorbis bitstream");
return mActive =
false;
}
ret = vorbis_block_init(&mDsp, &mBlock);
if (ret != 0) {
NS_WARNING(
"vorbis_block_init() failed initializing vorbis bitstream");
if (mActive) {
vorbis_dsp_clear(&mDsp);
}
return mActive =
false;
}
nsTArray<
const unsigned char*> headers;
nsTArray<size_t> headerLens;
for (size_t i = 0; i < mHeaders.Length(); i++) {
headers.AppendElement(mHeaders[i]->packet);
headerLens.AppendElement(mHeaders[i]->bytes);
}
// Save header packets for the decoder
VorbisCodecSpecificData vorbisCodecSpecificData{};
if (!XiphHeadersToExtradata(vorbisCodecSpecificData.mHeadersBinaryBlob,
headers, headerLens)) {
return mActive =
false;
}
mHeaders.Erase();
mInfo.mMimeType =
"audio/vorbis"_ns;
mInfo.mRate = mVorbisInfo.rate;
mInfo.mChannels = mVorbisInfo.channels;
mInfo.mBitDepth = 16;
mInfo.mCodecSpecificConfig =
AudioCodecSpecificVariant{std::move(vorbisCodecSpecificData)};
return true;
}
TimeUnit VorbisState::Time(int64_t aGranulepos) {
if (!mActive) {
return TimeUnit::Invalid();
}
return VorbisState::Time(&mVorbisInfo, aGranulepos);
}
TimeUnit VorbisState::Time(vorbis_info* aInfo, int64_t aGranulepos) {
if (aGranulepos == -1 || aInfo->rate == 0) {
return TimeUnit::Invalid();
}
return TimeUnit(aGranulepos, aInfo->rate);
}
TimeUnit VorbisState::PacketDuration(ogg_packet* aPacket) {
if (!mActive) {
return TimeUnit::Invalid();
}
if (aPacket->granulepos == -1) {
return TimeUnit::Invalid();
}
// @FIXME store these in a more stable place
if (mVorbisPacketSamples.count(aPacket) == 0) {
// We haven't seen this packet, don't know its size?
return TimeUnit::Invalid();
}
long samples = mVorbisPacketSamples[aPacket];
return Time(samples);
}
bool VorbisState::IsHeader(ogg_packet* aPacket) {
// The first byte in each Vorbis header packet is either 0x01, 0x03, or 0x05,
// i.e. the first bit is odd. Audio data packets have their first bit as 0x0.
// Any packet with its first bit set cannot be a data packet, it's a
// (possibly invalid) header packet.
// See: http://xiph.org/vorbis/doc/Vorbis_I_spec.html#x1-610004.2.1
return aPacket->bytes > 0 ? (aPacket->packet[0] & 0x1) :
false;
}
UniquePtr<MetadataTags> VorbisState::GetTags() {
NS_ASSERTION(mComment.user_comments,
"no vorbis comment strings!");
NS_ASSERTION(mComment.comment_lengths,
"no vorbis comment lengths!");
auto tags = MakeUnique<MetadataTags>();
for (
int i = 0; i < mComment.comments; i++) {
AddVorbisComment(tags, mComment.user_comments[i],
mComment.comment_lengths[i]);
}
return tags;
}
nsresult VorbisState::PageIn(tainted_opaque_ogg<ogg_page*> aPage) {
if (!mActive) {
return NS_OK;
}
NS_ASSERTION((rlbox::sandbox_static_cast<uint32_t>(sandbox_invoke(
*mSandbox, ogg_page_serialno, aPage)) == mSerial)
.unverified_safe_because(RLBOX_OGG_PAGE_SERIAL_REASON),
"Page must be for this stream!");
if (sandbox_invoke(*mSandbox, ogg_stream_pagein, mState, aPage)
.unverified_safe_because(RLBOX_OGG_STATE_ASSERT_REASON) == -1) {
return NS_ERROR_FAILURE;
}
bool foundGp;
nsresult res = PacketOutUntilGranulepos(foundGp);
if (NS_FAILED(res)) {
return res;
}
if (foundGp && mDoneReadingHeaders) {
// We've found a packet with a granulepos, and we've loaded our metadata
// and initialized our decoder. Determine granulepos of buffered packets.
ReconstructVorbisGranulepos();
for (uint32_t i = 0; i < mUnstamped.Length(); ++i) {
OggPacketPtr packet = std::move(mUnstamped[i]);
AssertHasRecordedPacketSamples(packet.get());
NS_ASSERTION(!IsHeader(packet.get()),
"Don't try to recover header packet gp");
NS_ASSERTION(packet->granulepos != -1,
"Packet must have gp by now");
mPackets.Append(std::move(packet));
}
mUnstamped.Clear();
}
return NS_OK;
}
void VorbisState::ReconstructVorbisGranulepos() {
// The number of samples in a Vorbis packet is:
// window_blocksize(previous_packet)/4+window_blocksize(current_packet)/4
// See: http://xiph.org/vorbis/doc/Vorbis_I_spec.html#x1-230001.3.2
// So we maintain mPrevVorbisBlockSize, the block size of the last packet
// encountered. We also maintain mGranulepos, which is the granulepos of
// the last encountered packet. This enables us to give granulepos to
// packets when the last packet in mUnstamped doesn't have a granulepos
// (for example if the stream was truncated).
//
// We validate our prediction of the number of samples decoded when
// VALIDATE_VORBIS_SAMPLE_CALCULATION is defined by recording the predicted
// number of samples, and verifing we extract that many when decoding
// each packet.
NS_ASSERTION(mUnstamped.Length() > 0,
"Length must be > 0");
auto& last = mUnstamped.LastElement();
NS_ASSERTION(last->e_o_s || last->granulepos >= 0,
"Must know last granulepos!");
if (mUnstamped.Length() == 1) {
auto& packet = mUnstamped[0];
long blockSize = vorbis_packet_blocksize(&mVorbisInfo, packet.get());
if (blockSize < 0) {
// On failure vorbis_packet_blocksize returns < 0. If we've got
// a bad packet, we just assume that decode will have to skip this
// packet, i.e. assume 0 samples are decodable from this packet.
blockSize = 0;
mPrevVorbisBlockSize = 0;
}
long samples = mPrevVorbisBlockSize / 4 + blockSize / 4;
mPrevVorbisBlockSize = blockSize;
if (packet->granulepos == -1) {
packet->granulepos = mGranulepos + samples;
}
// Account for a partial last frame
if (packet->e_o_s && packet->granulepos >= mGranulepos) {
samples = packet->granulepos - mGranulepos;
}
mGranulepos = packet->granulepos;
RecordVorbisPacketSamples(packet.get(), samples);
return;
}
bool unknownGranulepos = last->granulepos == -1;
int64_t totalSamples = 0;
for (int32_t i = AssertedCast<int32_t>(mUnstamped.Length() - 1); i > 0; i--) {
auto& packet = mUnstamped[i];
auto& prev = mUnstamped[i - 1];
ogg_int64_t granulepos = packet->granulepos;
NS_ASSERTION(granulepos != -1,
"Must know granulepos!");
long prevBlockSize = vorbis_packet_blocksize(&mVorbisInfo, prev.get());
long blockSize = vorbis_packet_blocksize(&mVorbisInfo, packet.get());
if (blockSize < 0 || prevBlockSize < 0) {
// On failure vorbis_packet_blocksize returns < 0. If we've got
// a bad packet, we just assume that decode will have to skip this
// packet, i.e. assume 0 samples are decodable from this packet.
blockSize = 0;
prevBlockSize = 0;
}
long samples = prevBlockSize / 4 + blockSize / 4;
totalSamples += samples;
prev->granulepos = granulepos - samples;
RecordVorbisPacketSamples(packet.get(), samples);
}
if (unknownGranulepos) {
for (uint32_t i = 0; i < mUnstamped.Length(); i++) {
mUnstamped[i]->granulepos += mGranulepos + totalSamples + 1;
}
}
auto& first = mUnstamped[0];
long blockSize = vorbis_packet_blocksize(&mVorbisInfo, first.get());
if (blockSize < 0) {
mPrevVorbisBlockSize = 0;
blockSize = 0;
}
long samples = (mPrevVorbisBlockSize == 0)
? 0
: mPrevVorbisBlockSize / 4 + blockSize / 4;
int64_t start = first->granulepos - samples;
RecordVorbisPacketSamples(first.get(), samples);
if (last->e_o_s && start < mGranulepos) {
// We've calculated that there are more samples in this page than its
// granulepos claims, and it's the last page in the stream. This is legal,
// and we will need to prune the trailing samples when we come to decode it.
// We must correct the timestamps so that they follow the last Vorbis page's
// samples.
int64_t pruned = mGranulepos - start;
for (uint32_t i = 0; i < mUnstamped.Length() - 1; i++) {
mUnstamped[i]->granulepos += pruned;
}
#ifdef VALIDATE_VORBIS_SAMPLE_CALCULATION
mVorbisPacketSamples[last.get()] -= pruned;
#endif
}
mPrevVorbisBlockSize = vorbis_packet_blocksize(&mVorbisInfo, last.get());
mPrevVorbisBlockSize = std::max(
static_cast<
long>(0), mPrevVorbisBlockSize);
mGranulepos = last->granulepos;
}
OpusState::OpusState(rlbox_sandbox_ogg* aSandbox,
tainted_opaque_ogg<ogg_page*> aBosPage, uint32_t aSerial)
: OggCodecState(aSandbox, aBosPage, aSerial,
true),
mParser(nullptr),
mDecoder(nullptr),
mPrevPacketGranulepos(0),
mPrevPageGranulepos(0) {
MOZ_COUNT_CTOR(OpusState);
}
OpusState::~OpusState() {
MOZ_COUNT_DTOR(OpusState);
Reset();
if (mDecoder) {
opus_multistream_decoder_destroy(mDecoder);
mDecoder = nullptr;
}
}
nsresult OpusState::Reset() {
return Reset(
false); }
nsresult OpusState::Reset(
bool aStart) {
nsresult res = NS_OK;
if (mActive && mDecoder) {
// Reset the decoder.
opus_multistream_decoder_ctl(mDecoder, OPUS_RESET_STATE);
// This lets us distinguish the first page being the last page vs. just
// not having processed the previous page when we encounter the last page.
mPrevPageGranulepos = aStart ? 0 : -1;
mPrevPacketGranulepos = aStart ? 0 : -1;
}
// Clear queued data.
if (NS_FAILED(OggCodecState::Reset())) {
return NS_ERROR_FAILURE;
}
LOG(LogLevel::Debug, (
"Opus decoder reset"));
return res;
}
bool OpusState::Init(
void) {
if (!mActive) {
return false;
}
int error;
NS_ASSERTION(mDecoder == nullptr,
"leaking OpusDecoder");
mDecoder = opus_multistream_decoder_create(
mParser->mRate, mParser->mChannels, mParser->mStreams,
mParser->mCoupledStreams, mParser->mMappingTable, &error);
mInfo.mMimeType =
"audio/opus"_ns;
mInfo.mRate = mParser->mRate;
mInfo.mChannels = mParser->mChannels;
mInfo.mBitDepth = 16;
// Save preskip & the first header packet for the Opus decoder
OpusCodecSpecificData opusData;
opusData.mContainerCodecDelayFrames = mParser->mPreSkip;
if (!mHeaders.PeekFront()) {
return false;
}
opusData.mHeadersBinaryBlob->AppendElements(mHeaders.PeekFront()->packet,
mHeaders.PeekFront()->bytes);
mInfo.mCodecSpecificConfig = AudioCodecSpecificVariant{std::move(opusData)};
mHeaders.Erase();
LOG(LogLevel::Debug, (
"Opus decoder init"));
return error == OPUS_OK;
}
bool OpusState::DecodeHeader(OggPacketPtr aPacket) {
switch (mPacketCount++) {
// Parse the id header.
case 0:
mParser = MakeUnique<OpusParser>();
if (!mParser->DecodeHeader(aPacket->packet, aPacket->bytes)) {
return false;
}
mHeaders.Append(std::move(aPacket));
break;
// Parse the metadata header.
case 1:
if (!mParser->DecodeTags(aPacket->packet, aPacket->bytes)) {
return false;
}
break;
// We made it to the first data packet (which includes reconstructing
// timestamps for it in PageIn). Success!
default:
mDoneReadingHeaders =
true;
// Put it back on the queue so we can decode it.
mPackets.PushFront(std::move(aPacket));
break;
}
return true;
}
/* Construct and return a tags hashmap from our internal array */
UniquePtr<MetadataTags> OpusState::GetTags() {
auto tags = MakeUnique<MetadataTags>();
for (uint32_t i = 0; i < mParser->mTags.Length(); i++) {
AddVorbisComment(tags, mParser->mTags[i].Data(),
mParser->mTags[i].Length());
}
return tags;
}
/* Return the timestamp (in microseconds) equivalent to a granulepos. */
TimeUnit OpusState::Time(int64_t aGranulepos) {
if (!mActive) {
return TimeUnit::Invalid();
}
return Time(mParser->mPreSkip, aGranulepos);
}
TimeUnit OpusState::Time(
int aPreSkip, int64_t aGranulepos) {
if (aGranulepos < 0) {
return TimeUnit::Invalid();
}
int64_t offsetGranulePos = aGranulepos - aPreSkip;
// Ogg Opus always runs at a granule rate of 48 kHz.
return TimeUnit(offsetGranulePos, 48000);
}
bool OpusState::IsHeader(ogg_packet* aPacket) {
return aPacket->bytes >= 16 && (!memcmp(aPacket->packet,
"OpusHead", 8) ||
!memcmp(aPacket->packet,
"OpusTags", 8));
}
nsresult OpusState::PageIn(tainted_opaque_ogg<ogg_page*> aPage) {
if (!mActive) {
return NS_OK;
}
NS_ASSERTION((rlbox::sandbox_static_cast<uint32_t>(sandbox_invoke(
*mSandbox, ogg_page_serialno, aPage)) == mSerial)
.unverified_safe_because(RLBOX_OGG_PAGE_SERIAL_REASON),
"Page must be for this stream!");
if (sandbox_invoke(*mSandbox, ogg_stream_pagein, mState, aPage)
.unverified_safe_because(RLBOX_OGG_STATE_ASSERT_REASON) == -1) {
return NS_ERROR_FAILURE;
}
bool haveGranulepos;
nsresult rv = PacketOutUntilGranulepos(haveGranulepos);
if (NS_FAILED(rv) || !haveGranulepos || mPacketCount < 2) {
return rv;
}
if (!ReconstructOpusGranulepos()) {
return NS_ERROR_FAILURE;
}
for (uint32_t i = 0; i < mUnstamped.Length(); i++) {
OggPacketPtr packet = std::move(mUnstamped[i]);
NS_ASSERTION(!IsHeader(packet.get()),
"Don't try to play a header packet");
NS_ASSERTION(packet->granulepos != -1,
"Packet should have a granulepos");
mPackets.Append(std::move(packet));
}
mUnstamped.Clear();
return NS_OK;
}
// Helper method to return the change in granule position due to an Opus packet
// (as distinct from the number of samples in the packet, which depends on the
// decoder rate). It should work with a multistream Opus file, and continue to
// work should we ever allow the decoder to decode at a rate other than 48 kHz.
// It even works before we've created the actual Opus decoder.
static int GetOpusDeltaGP(ogg_packet* packet) {
int nframes;
nframes = opus_packet_get_nb_frames(packet->packet,
AssertedCast<int32_t>(packet->bytes));
if (nframes > 0) {
return nframes * opus_packet_get_samples_per_frame(packet->packet, 48000);
}
NS_WARNING(
"Invalid Opus packet.");
return 0;
}
TimeUnit OpusState::PacketDuration(ogg_packet* aPacket) {
return TimeUnit(GetOpusDeltaGP(aPacket), 48000);
}
bool OpusState::ReconstructOpusGranulepos(
void) {
NS_ASSERTION(mUnstamped.Length() > 0,
"Must have unstamped packets");
NS_ASSERTION(mUnstamped.LastElement()->e_o_s ||
mUnstamped.LastElement()->granulepos > 0,
"Must know last granulepos!");
int64_t gp;
// If this is the last page, and we've seen at least one previous page (or
// this is the first page)...
if (mUnstamped.LastElement()->e_o_s) {
auto& last = mUnstamped.LastElement();
if (mPrevPageGranulepos != -1) {
// If this file only has one page and the final granule position is
// smaller than the pre-skip amount, we MUST reject the stream.
if (!mDoneReadingHeaders && last->granulepos < mParser->mPreSkip) {
return false;
}
int64_t last_gp = last->granulepos;
gp = mPrevPageGranulepos;
// Loop through the packets forwards, adding the current packet's
// duration to the previous granulepos to get the value for the
// current packet.
for (uint32_t i = 0; i < mUnstamped.Length() - 1; ++i) {
auto& packet = mUnstamped[i];
int offset = GetOpusDeltaGP(packet.get());
// Check for error (negative offset) and overflow.
if (offset >= 0 && gp <= INT64_MAX - offset) {
gp += offset;
if (gp >= last_gp) {
NS_WARNING(
"Opus end trimming removed more than a full packet.");
// We were asked to remove a full packet's worth of data or more.
// Encoders SHOULD NOT produce streams like this, but we'll handle
// it for them anyway.
gp = last_gp;
mUnstamped.RemoveLastElements(mUnstamped.Length() - (i + 1));
packet->e_o_s = 1;
}
}
packet->granulepos = gp;
}
mPrevPageGranulepos = last_gp;
return true;
}
NS_WARNING(
"No previous granule position to use for Opus end trimming.");
// If we don't have a previous granule position, fall through.
// We simply won't trim any samples from the end.
// TODO: Are we guaranteed to have seen a previous page if there is one?
}
auto& last = mUnstamped.LastElement();
gp = last->granulepos;
// Loop through the packets backwards, subtracting the next
// packet's duration from its granulepos to get the value
// for the current packet.
for (uint32_t i = mUnstamped.Length() - 1; i > 0; i--) {
int offset = GetOpusDeltaGP(mUnstamped[i].get());
// Check for error (negative offset) and overflow.
if (offset >= 0) {
if (offset <= gp) {
gp -= offset;
}
else {
// If the granule position of the first data page is smaller than the
// number of decodable audio samples on that page, then we MUST reject
// the stream.
if (!mDoneReadingHeaders)
return false;
// It's too late to reject the stream.
// If we get here, this almost certainly means the file has screwed-up
// timestamps somewhere after the first page.
NS_WARNING(
"Clamping negative Opus granulepos to zero.");
gp = 0;
}
}
mUnstamped[i - 1]->granulepos = gp;
}
// Check to make sure the first granule position is at least as large as the
// total number of samples decodable from the first page with completed
// packets. This requires looking at the duration of the first packet, too.
// We MUST reject such streams.
if (!mDoneReadingHeaders && GetOpusDeltaGP(mUnstamped[0].get()) > gp) {
return false;
}
mPrevPageGranulepos = last->granulepos;
return true;
}
already_AddRefed<MediaRawData> OpusState::PacketOutAsMediaRawData() {
ogg_packet* packet = PacketPeek();
if (!packet) {
return nullptr;
}
uint32_t frames = 0;
const int64_t endFrame = packet->granulepos;
if (packet->e_o_s) {
frames = GetOpusDeltaGP(packet);
}
RefPtr<MediaRawData> data = OggCodecState::PacketOutAsMediaRawData();
if (!data) {
return nullptr;
}
if (data->mEOS && mPrevPacketGranulepos != -1) {
// If this is the last packet, perform end trimming.
int64_t startFrame = mPrevPacketGranulepos;
frames -= std::max<int64_t>(
0, std::min(endFrame - startFrame,
static_cast<int64_t>(frames)));
TimeUnit toTrim = TimeUnit(frames, 48000);
LOG(LogLevel::Debug,
(
"Trimming last opus packet: [%s, %s] to [%s, %s]",
data->mTime.ToString().get(), data->GetEndTime().ToString().get(),
data->mTime.ToString().get(),
(data->mTime + data->mDuration - toTrim).ToString().get()));
data->mOriginalPresentationWindow =
Some(media::TimeInterval{data->mTime, data->mTime + data->mDuration});
data->mDuration -= toTrim;
if (data->mDuration.IsNegative()) {
data->mDuration = TimeUnit::Zero(data->mTime);
}
}
// Save this packet's granule position in case we need to perform end
// trimming on the next packet.
mPrevPacketGranulepos = endFrame;
return data.forget();
}
FlacState::FlacState(rlbox_sandbox_ogg* aSandbox,
tainted_opaque_ogg<ogg_page*> aBosPage, uint32_t aSerial)
: OggCodecState(aSandbox, aBosPage, aSerial,
true) {}
bool FlacState::DecodeHeader(OggPacketPtr aPacket) {
if (mParser.DecodeHeaderBlock(aPacket->packet, aPacket->bytes).isErr()) {
return false;
}
if (mParser.HasFullMetadata()) {
mDoneReadingHeaders =
true;
}
return true;
}
TimeUnit FlacState::Time(int64_t aGranulepos) {
if (!mParser.mInfo.IsValid()) {
return TimeUnit::Invalid();
}
return TimeUnit(aGranulepos, mParser.mInfo.mRate);
}
TimeUnit FlacState::PacketDuration(ogg_packet* aPacket) {
return TimeUnit(mParser.BlockDuration(aPacket->packet, aPacket->bytes),
mParser.mInfo.mRate);
}
bool FlacState::IsHeader(ogg_packet* aPacket) {
auto res = mParser.IsHeaderBlock(aPacket->packet, aPacket->bytes);
return res.isOk() ? res.unwrap() :
false;
}
nsresult FlacState::PageIn(tainted_opaque_ogg<ogg_page*> aPage) {
if (!mActive) {
return NS_OK;
}
NS_ASSERTION((rlbox::sandbox_static_cast<uint32_t>(sandbox_invoke(
*mSandbox, ogg_page_serialno, aPage)) == mSerial)
.unverified_safe_because(RLBOX_OGG_PAGE_SERIAL_REASON),
"Page must be for this stream!");
if (sandbox_invoke(*mSandbox, ogg_stream_pagein, mState, aPage)
.unverified_safe_because(RLBOX_OGG_STATE_ASSERT_REASON) == -1) {
return NS_ERROR_FAILURE;
}
bool foundGp;
nsresult res = PacketOutUntilGranulepos(foundGp);
if (NS_FAILED(res)) {
return res;
}
if (foundGp && mDoneReadingHeaders) {
// We've found a packet with a granulepos, and we've loaded our metadata
// and initialized our decoder. Determine granulepos of buffered packets.
ReconstructFlacGranulepos();
for (uint32_t i = 0; i < mUnstamped.Length(); ++i) {
OggPacketPtr packet = std::move(mUnstamped[i]);
NS_ASSERTION(!IsHeader(packet.get()),
"Don't try to recover header packet gp");
NS_ASSERTION(packet->granulepos != -1,
"Packet must have gp by now");
mPackets.Append(std::move(packet));
}
mUnstamped.Clear();
}
return NS_OK;
}
// Return a hash table with tag metadata.
UniquePtr<MetadataTags> FlacState::GetTags() {
return mParser.GetTags(); }
const TrackInfo* FlacState::GetInfo()
const {
return &mParser.mInfo; }
bool FlacState::ReconstructFlacGranulepos(
void) {
NS_ASSERTION(mUnstamped.Length() > 0,
"Must have unstamped packets");
auto& last = mUnstamped.LastElement();
NS_ASSERTION(last->e_o_s || last->granulepos > 0,
"Must know last granulepos!");
int64_t gp;
gp = last->granulepos;
// Loop through the packets backwards, subtracting the next
// packet's duration from its granulepos to get the value
// for the current packet.
for (uint32_t i = mUnstamped.Length() - 1; i > 0; i--) {
int64_t offset =
mParser.BlockDuration(mUnstamped[i]->packet, mUnstamped[i]->bytes);
// Check for error (negative offset) and overflow.
if (offset >= 0) {
if (offset <= gp) {
gp -= offset;
}
else {
// If the granule position of the first data page is smaller than the
// number of decodable audio samples on that page, then we MUST reject
// the stream.
if (!mDoneReadingHeaders) {
return false;
}
// It's too late to reject the stream.
// If we get here, this almost certainly means the file has screwed-up
// timestamps somewhere after the first page.
NS_WARNING(
"Clamping negative granulepos to zero.");
gp = 0;
}
}
mUnstamped[i - 1]->granulepos = gp;
}
return true;
}
SkeletonState::SkeletonState(rlbox_sandbox_ogg* aSandbox,
tainted_opaque_ogg<ogg_page*> aBosPage,
uint32_t aSerial)
: OggCodecState(aSandbox, aBosPage, aSerial,
true),
mVersion(0),
mPresentationTime(0),
mLength(0) {
MOZ_COUNT_CTOR(SkeletonState);
}
SkeletonState::~SkeletonState() { MOZ_COUNT_DTOR(SkeletonState); }
// Support for Ogg Skeleton 4.0, as per specification at:
// http://wiki.xiph.org/Ogg_Skeleton_4
// Minimum length in bytes of a Skeleton header packet.
static const long SKELETON_MIN_HEADER_LEN = 28;
static const long SKELETON_4_0_MIN_HEADER_LEN = 80;
// Minimum length in bytes of a Skeleton 4.0 index packet.
static const long SKELETON_4_0_MIN_INDEX_LEN = 42;
// Minimum length in bytes of a Skeleton 3.0/4.0 Fisbone packet.
static const long SKELETON_MIN_FISBONE_LEN = 52;
// Minimum possible size of a compressed index keypoint.
static const size_t MIN_KEY_POINT_SIZE = 2;
// Byte offset of the major and minor version numbers in the
// Ogg Skeleton 4.0 header packet.
static const size_t SKELETON_VERSION_MAJOR_OFFSET = 8;
static const size_t SKELETON_VERSION_MINOR_OFFSET = 10;
// Byte-offsets of the presentation time numerator and denominator
static const size_t SKELETON_PRESENTATION_TIME_NUMERATOR_OFFSET = 12;
static const size_t SKELETON_PRESENTATION_TIME_DENOMINATOR_OFFSET = 20;
// Byte-offsets of the length of file field in the Skeleton 4.0 header packet.
static const size_t SKELETON_FILE_LENGTH_OFFSET = 64;
// Byte-offsets of the fields in the Skeleton index packet.
static const size_t INDEX_SERIALNO_OFFSET = 6;
static const size_t INDEX_NUM_KEYPOINTS_OFFSET = 10;
static const size_t INDEX_TIME_DENOM_OFFSET = 18;
static const size_t INDEX_FIRST_NUMER_OFFSET = 26;
static const size_t INDEX_LAST_NUMER_OFFSET = 34;
static const size_t INDEX_KEYPOINT_OFFSET = 42;
// Byte-offsets of the fields in the Skeleton Fisbone packet.
static const size_t FISBONE_MSG_FIELDS_OFFSET = 8;
static const size_t FISBONE_SERIALNO_OFFSET = 12;
static bool IsSkeletonBOS(ogg_packet* aPacket) {
static_assert(SKELETON_MIN_HEADER_LEN >= 8,
"Minimum length of skeleton BOS header incorrect");
return aPacket->bytes >= SKELETON_MIN_HEADER_LEN &&
memcmp(
reinterpret_cast<
char*>(aPacket->packet),
"fishead", 8) == 0;
}
static bool IsSkeletonIndex(ogg_packet* aPacket) {
static_assert(SKELETON_4_0_MIN_INDEX_LEN >= 5,
"Minimum length of skeleton index header incorrect");
return aPacket->bytes >= SKELETON_4_0_MIN_INDEX_LEN &&
memcmp(
reinterpret_cast<
char*>(aPacket->packet),
"index", 5) == 0;
}
static bool IsSkeletonFisbone(ogg_packet* aPacket) {
static_assert(SKELETON_MIN_FISBONE_LEN >= 8,
"Minimum length of skeleton fisbone header incorrect");
return aPacket->bytes >= SKELETON_MIN_FISBONE_LEN &&
memcmp(
reinterpret_cast<
char*>(aPacket->packet),
"fisbone", 8) == 0;
}
// Reads a variable length encoded integer at p. Will not read
// past aLimit. Returns pointer to character after end of integer.
static const unsigned char* ReadVariableLengthInt(
const unsigned char* p,
const unsigned char* aLimit,
int64_t& n) {
int shift = 0;
int64_t byte = 0;
n = 0;
while (p < aLimit && (byte & 0x80) != 0x80 && shift < 57) {
byte =
static_cast<int64_t>(*p);
n |= ((byte & 0x7f) << shift);
shift += 7;
p++;
}
return p;
}
bool SkeletonState::DecodeIndex(ogg_packet* aPacket) {
NS_ASSERTION(aPacket->bytes >= SKELETON_4_0_MIN_INDEX_LEN,
"Index must be at least minimum size");
if (!mActive) {
return false;
}
uint32_t serialno =
LittleEndian::readUint32(aPacket->packet + INDEX_SERIALNO_OFFSET);
int64_t numKeyPoints =
LittleEndian::readInt64(aPacket->packet + INDEX_NUM_KEYPOINTS_OFFSET);
TimeUnit endTime = TimeUnit::Zero();
TimeUnit startTime = TimeUnit::Zero();
const unsigned char* p = aPacket->packet;
int64_t timeDenom =
LittleEndian::readInt64(aPacket->packet + INDEX_TIME_DENOM_OFFSET);
if (timeDenom == 0) {
LOG(LogLevel::Debug, (
"Ogg Skeleton Index packet for stream %u has 0 "
"timestamp denominator.",
serialno));
return (mActive =
false);
}
// Extract the start time.
int64_t timeRawInt = LittleEndian::readInt64(p + INDEX_FIRST_NUMER_OFFSET);
startTime = TimeUnit(timeRawInt, timeDenom);
// Extract the end time.
timeRawInt = LittleEndian::readInt64(p + INDEX_LAST_NUMER_OFFSET);
endTime = TimeUnit(timeRawInt, timeDenom);
// Check the numKeyPoints value read, ensure we're not going to run out of
// memory while trying to decode the index packet.
CheckedInt64 minPacketSize =
(CheckedInt64(numKeyPoints) * MIN_KEY_POINT_SIZE) + INDEX_KEYPOINT_OFFSET;
if (!minPacketSize.isValid()) {
return (mActive =
false);
}
int64_t sizeofIndex =
AssertedCast<int64_t>(aPacket->bytes - INDEX_KEYPOINT_OFFSET);
int64_t maxNumKeyPoints =
AssertedCast<int64_t>(sizeofIndex / MIN_KEY_POINT_SIZE);
if (aPacket->bytes < minPacketSize.value() ||
numKeyPoints > maxNumKeyPoints || numKeyPoints < 0) {
// Packet size is less than the theoretical minimum size, or the packet is
// claiming to store more keypoints than it's capable of storing. This means
// that the numKeyPoints field is too large or small for the packet to
// possibly contain as many packets as it claims to, so the numKeyPoints
// field is possibly malicious. Don't try decoding this index, we may run
// out of memory.
LOG(LogLevel::Debug, (
"Possibly malicious number of key points reported "
"(%" PRId64
") in index packet for stream %u.",
numKeyPoints, serialno));
return (mActive =
false);
}
UniquePtr<nsKeyFrameIndex> keyPoints(
new nsKeyFrameIndex(startTime, endTime));
p = aPacket->packet + INDEX_KEYPOINT_OFFSET;
const unsigned char* limit = aPacket->packet + aPacket->bytes;
int64_t numKeyPointsRead = 0;
CheckedInt64 offset = 0;
TimeUnit time = TimeUnit::Zero();
while (p < limit && numKeyPointsRead < numKeyPoints) {
int64_t delta = 0;
p = ReadVariableLengthInt(p, limit, delta);
offset += delta;
if (p == limit || !offset.isValid() || offset.value() > mLength ||
offset.value() < 0) {
return (mActive =
false);
}
p = ReadVariableLengthInt(p, limit, delta);
time += TimeUnit(delta, timeDenom);
if (!time.IsValid() || time > endTime || time < startTime) {
return (mActive =
false);
}
keyPoints->Add(offset.value(), time);
numKeyPointsRead++;
}
uint32_t keyPointsRead = keyPoints->Length();
if (keyPointsRead > 0) {
mIndex.InsertOrUpdate(serialno, std::move(keyPoints));
}
LOG(LogLevel::Debug, (
"Loaded %d keypoints for Skeleton on stream %u",
keyPointsRead, serialno));
return true;
}
nsresult SkeletonState::IndexedSeekTargetForTrack(uint32_t aSerialno,
const TimeUnit& aTarget,
nsKeyPoint& aResult) {
nsKeyFrameIndex* index = nullptr;
mIndex.Get(aSerialno, &index);
if (!index || index->Length() == 0 || aTarget < index->mStartTime ||
aTarget > index->mEndTime) {
return NS_ERROR_FAILURE;
}
// Binary search to find the last key point with time less than target.
uint32_t start = 0;
uint32_t end = index->Length() - 1;
while (end > start) {
uint32_t mid = start + ((end - start + 1) >> 1);
if (index->Get(mid).mTime == aTarget) {
start = mid;
break;
}
if (index->Get(mid).mTime < aTarget) {
start = mid;
}
else {
end = mid - 1;
}
}
aResult = index->Get(start);
NS_ASSERTION(aResult.mTime <= aTarget,
"Result should have time <= target");
return NS_OK;
}
nsresult SkeletonState::IndexedSeekTarget(
const TimeUnit& aTarget,
nsTArray<uint32_t>& aTracks,
nsSeekTarget& aResult) {
if (!mActive || mVersion < SKELETON_VERSION(4, 0)) {
return NS_ERROR_FAILURE;
}
// Loop over all requested tracks' indexes, and get the keypoint for that
// seek target. Record the keypoint with the lowest offset, this will be
// our seek result. User must seek to the one with lowest offset to ensure we
// pass "keyframes" on all tracks when we decode forwards to the seek target.
nsSeekTarget r;
for (uint32_t i = 0; i < aTracks.Length(); i++) {
nsKeyPoint k;
if (NS_SUCCEEDED(IndexedSeekTargetForTrack(aTracks[i], aTarget, k)) &&
k.mOffset < r.mKeyPoint.mOffset) {
r.mKeyPoint = k;
r.mSerial = aTracks[i];
}
}
if (r.IsNull()) {
return NS_ERROR_FAILURE;
}
LOG(LogLevel::Debug, (
"Indexed seek target for time %s is offset %" PRId64,
aTarget.ToString().get(), r.mKeyPoint.mOffset));
aResult = r;
return NS_OK;
}
nsresult SkeletonState::GetDuration(
const nsTArray<uint32_t>& aTracks,
TimeUnit& aDuration) {
if (!mActive || mVersion < SKELETON_VERSION(4, 0) || !HasIndex() ||
aTracks.Length() == 0) {
return NS_ERROR_FAILURE;
}
TimeUnit endTime = TimeUnit::FromNegativeInfinity();
TimeUnit startTime = TimeUnit::FromInfinity();
for (uint32_t i = 0; i < aTracks.Length(); i++) {
nsKeyFrameIndex* index = nullptr;
mIndex.Get(aTracks[i], &index);
if (!index) {
// Can't get the timestamps for one of the required tracks, fail.
return NS_ERROR_FAILURE;
}
if (index->mEndTime > endTime) {
endTime = index->mEndTime;
}
if (index->mStartTime < startTime) {
startTime = index->mStartTime;
}
}
NS_ASSERTION(endTime > startTime,
"Duration must be positive");
aDuration = endTime - startTime;
return aDuration.IsValid() ? NS_OK : NS_ERROR_FAILURE;
}
bool SkeletonState::DecodeFisbone(ogg_packet* aPacket) {
if (aPacket->bytes <
static_cast<
long>(FISBONE_MSG_FIELDS_OFFSET + 4)) {
return false;
}
uint32_t offsetMsgField =
LittleEndian::readUint32(aPacket->packet + FISBONE_MSG_FIELDS_OFFSET);
if (aPacket->bytes <
static_cast<
long>(FISBONE_SERIALNO_OFFSET + 4)) {
return false;
}
uint32_t serialno =
LittleEndian::readUint32(aPacket->packet + FISBONE_SERIALNO_OFFSET);
CheckedUint32 checked_fields_pos =
CheckedUint32(FISBONE_MSG_FIELDS_OFFSET) + offsetMsgField;
if (!checked_fields_pos.isValid() ||
aPacket->bytes <
static_cast<int64_t>(checked_fields_pos.value())) {
return false;
}
int64_t msgLength = aPacket->bytes - checked_fields_pos.value();
char* msgProbe = (
char*)aPacket->packet + checked_fields_pos.value();
char* msgHead = msgProbe;
UniquePtr<MessageField> field(
new MessageField());
const static FieldPatternType kFieldTypeMaps[] = {
{
"Content-Type:", eContentType},
{
"Role:", eRole},
{
"Name:", eName},
{
"Language:", eLanguage},
{
"Title:", eTitle},
{
"Display-hint:", eDisplayHint},
{
"Altitude:", eAltitude},
{
"TrackOrder:", eTrackOrder},
{
"Track dependencies:", eTrackDependencies}};
bool isContentTypeParsed =
false;
while (msgLength > 1) {
if (*msgProbe ==
'\r' && *(msgProbe + 1) ==
'\n') {
nsAutoCString strMsg(msgHead, msgProbe - msgHead);
for (size_t i = 0; i < std::size(kFieldTypeMaps); i++) {
if (strMsg.Find(kFieldTypeMaps[i].mPatternToRecognize) != -1) {
// The content of message header fields follows [RFC2822], and the
// mandatory message field must be encoded in US-ASCII, others
// must be be encoded in UTF-8. "Content-Type" must come first
// for all of message header fields.
// See
// http://svn.annodex.net/standards/draft-pfeiffer-oggskeleton-current.txt.
if (i != 0 && !isContentTypeParsed) {
return false;
}
if ((i == 0 && IsAscii(strMsg)) || (i != 0 && IsUtf8(strMsg))) {
EMsgHeaderType eHeaderType = kFieldTypeMaps[i].mMsgHeaderType;
Unused << field->mValuesStore.LookupOrInsertWith(
eHeaderType, [i, msgHead, msgProbe]() {
uint32_t nameLen =
strlen(kFieldTypeMaps[i].mPatternToRecognize);
return MakeUnique<nsCString>(msgHead + nameLen,
msgProbe - msgHead - nameLen);
});
isContentTypeParsed = i == 0 ?
true : isContentTypeParsed;
}
break;
}
}
msgProbe += 2;
msgLength -= 2;
msgHead = msgProbe;
continue;
}
msgLength--;
msgProbe++;
}
return mMsgFieldStore.WithEntryHandle(serialno, [&](
auto&& entry)
{
if (entry) {
// mMsgFieldStore has an entry for serialno already.
return false;
}
entry.Insert(std::move(field));
return true;
});
}
bool SkeletonState::DecodeHeader(OggPacketPtr aPacket) {
if (IsSkeletonBOS(aPacket.get())) {
uint16_t verMajor = LittleEndian::readUint16(aPacket->packet +
SKELETON_VERSION_MAJOR_OFFSET);
uint16_t verMinor = LittleEndian::readUint16(aPacket->packet +
SKELETON_VERSION_MINOR_OFFSET);
// Read the presentation time. We read this before the version check as the
// presentation time exists in all versions.
int64_t n = LittleEndian::readInt64(
aPacket->packet + SKELETON_PRESENTATION_TIME_NUMERATOR_OFFSET);
int64_t d = LittleEndian::readInt64(
aPacket->packet + SKELETON_PRESENTATION_TIME_DENOMINATOR_OFFSET);
mPresentationTime = d == 0 ? 0
: AssertedCast<int64_t>(static_cast<float>(n) /
static_cast<float>(d)) *
USECS_PER_S;
mVersion = SKELETON_VERSION(verMajor, verMinor);
// We can only care to parse Skeleton version 4.0+.
if (mVersion < SKELETON_VERSION(4, 0) ||
mVersion >= SKELETON_VERSION(5, 0) ||
aPacket->bytes < SKELETON_4_0_MIN_HEADER_LEN) {
return false;
}
// Extract the segment length.
mLength =
LittleEndian::readInt64(aPacket->packet + SKELETON_FILE_LENGTH_OFFSET);
LOG(LogLevel::Debug, ("Skeleton segment length: %" PRId64, mLength));
// Initialize the serialno-to-index map.
return true;
}
if (IsSkeletonIndex(aPacket.get()) && mVersion >= SKELETON_VERSION(4, 0)) {
return DecodeIndex(aPacket.get());
}
if (IsSkeletonFisbone(aPacket.get())) {
return DecodeFisbone(aPacket.get());
}
if (aPacket->e_o_s) {
mDoneReadingHeaders = true;
}
return true;
}
#undef LOG
} // namespace mozilla
