[pulseaudio-discuss] [PATCH 3/3] bluetooth: Fix usage of RTP structures in SBC codec
Pali Rohár
pali.rohar at gmail.com
Sun Jul 21 15:07:02 UTC 2019
Rename struct rtp_payload to rtp_sbc_payload as it is specific for SBC
codec payload.
Add proper checks for endianity in rtp.h header and use uint8_t type
where appropriated.
Field frame_count is only 4 bit number, so add checks to prevent overflow.
And because is_fragmented field is not parsed by decoder there is no
support for decoding fragmented SBC frames. So throw an error in this case.
---
src/modules/bluetooth/a2dp-codec-sbc.c | 35 ++++++++++++++------
src/modules/bluetooth/rtp.h | 58 +++++++++++++++++++---------------
2 files changed, 58 insertions(+), 35 deletions(-)
diff --git a/src/modules/bluetooth/a2dp-codec-sbc.c b/src/modules/bluetooth/a2dp-codec-sbc.c
index f57c7b01a..89c647fbe 100644
--- a/src/modules/bluetooth/a2dp-codec-sbc.c
+++ b/src/modules/bluetooth/a2dp-codec-sbc.c
@@ -485,9 +485,13 @@ static int reset(void *codec_info) {
static size_t get_block_size(void *codec_info, size_t link_mtu) {
struct sbc_info *sbc_info = (struct sbc_info *) codec_info;
- size_t rtp_size = sizeof(struct rtp_header) + sizeof(struct rtp_payload);
+ size_t rtp_size = sizeof(struct rtp_header) + sizeof(struct rtp_sbc_payload);
size_t frame_count = (link_mtu - rtp_size) / sbc_info->frame_length;
+ /* frame_count is only 4 bit number */
+ if (frame_count > 15)
+ frame_count = 15;
+
return frame_count * sbc_info->codesize;
}
@@ -514,14 +518,14 @@ static size_t reduce_encoder_bitrate(void *codec_info, size_t write_link_mtu) {
static size_t encode_buffer(void *codec_info, uint32_t timestamp, const uint8_t *input_buffer, size_t input_size, uint8_t *output_buffer, size_t output_size, size_t *processed) {
struct sbc_info *sbc_info = (struct sbc_info *) codec_info;
struct rtp_header *header;
- struct rtp_payload *payload;
+ struct rtp_sbc_payload *payload;
uint8_t *d;
const uint8_t *p;
size_t to_write, to_encode;
- unsigned frame_count;
+ uint8_t frame_count;
header = (struct rtp_header*) output_buffer;
- payload = (struct rtp_payload*) (output_buffer + sizeof(*header));
+ payload = (struct rtp_sbc_payload*) (output_buffer + sizeof(*header));
frame_count = 0;
@@ -531,7 +535,8 @@ static size_t encode_buffer(void *codec_info, uint32_t timestamp, const uint8_t
d = output_buffer + sizeof(*header) + sizeof(*payload);
to_write = output_size - sizeof(*header) - sizeof(*payload);
- while (PA_LIKELY(to_encode > 0 && to_write > 0)) {
+ /* frame_count is only 4 bit number */
+ while (PA_LIKELY(to_encode > 0 && to_write > 0 && frame_count < 15)) {
ssize_t written;
ssize_t encoded;
@@ -575,7 +580,7 @@ static size_t encode_buffer(void *codec_info, uint32_t timestamp, const uint8_t
}
/* write it to the fifo */
- memset(output_buffer, 0, sizeof(*header) + sizeof(*payload));
+ pa_memzero(output_buffer, sizeof(*header) + sizeof(*payload));
header->v = 2;
/* A2DP spec: "A payload type in the RTP dynamic range shall be chosen".
@@ -596,13 +601,23 @@ static size_t decode_buffer(void *codec_info, const uint8_t *input_buffer, size_
struct sbc_info *sbc_info = (struct sbc_info *) codec_info;
struct rtp_header *header;
- struct rtp_payload *payload;
+ struct rtp_sbc_payload *payload;
const uint8_t *p;
uint8_t *d;
size_t to_write, to_decode;
+ uint8_t frame_count;
header = (struct rtp_header *) input_buffer;
- payload = (struct rtp_payload*) (input_buffer + sizeof(*header));
+ payload = (struct rtp_sbc_payload*) (input_buffer + sizeof(*header));
+
+ frame_count = payload->frame_count;
+
+ /* TODO: Add support for decoding fragmented SBC frames */
+ if (payload->is_fragmented) {
+ pa_log_error("Unsupported fragmented SBC frame");
+ *processed = 0;
+ return 0;
+ }
p = input_buffer + sizeof(*header) + sizeof(*payload);
to_decode = input_size - sizeof(*header) - sizeof(*payload);
@@ -610,7 +625,7 @@ static size_t decode_buffer(void *codec_info, const uint8_t *input_buffer, size_
d = output_buffer;
to_write = output_size;
- while (PA_LIKELY(to_decode > 0 && to_write > 0)) {
+ while (PA_LIKELY(to_decode > 0 && to_write > 0 && frame_count > 0)) {
size_t written;
ssize_t decoded;
@@ -638,6 +653,8 @@ static size_t decode_buffer(void *codec_info, const uint8_t *input_buffer, size_
d += written;
to_write -= written;
+
+ frame_count--;
}
*processed = p - input_buffer;
diff --git a/src/modules/bluetooth/rtp.h b/src/modules/bluetooth/rtp.h
index 20694c1e1..813d9e390 100644
--- a/src/modules/bluetooth/rtp.h
+++ b/src/modules/bluetooth/rtp.h
@@ -3,6 +3,7 @@
* BlueZ - Bluetooth protocol stack for Linux
*
* Copyright (C) 2004-2010 Marcel Holtmann <marcel at holtmann.org>
+ * Copyright (C) 2019 Pali Rohár <pali.rohar at gmail.com>
*
*
* This library is free software; you can redistribute it and/or
@@ -19,16 +20,20 @@
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
-#if __BYTE_ORDER == __LITTLE_ENDIAN
+#include <endian.h>
+#include <stdint.h>
+
+#if defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
+ __BYTE_ORDER == __LITTLE_ENDIAN
struct rtp_header {
- unsigned cc:4;
- unsigned x:1;
- unsigned p:1;
- unsigned v:2;
+ uint8_t cc:4;
+ uint8_t x:1;
+ uint8_t p:1;
+ uint8_t v:2;
- unsigned pt:7;
- unsigned m:1;
+ uint8_t pt:7;
+ uint8_t m:1;
uint16_t sequence_number;
uint32_t timestamp;
@@ -36,24 +41,25 @@ struct rtp_header {
uint32_t csrc[0];
} __attribute__ ((packed));
-struct rtp_payload {
- unsigned frame_count:4;
- unsigned rfa0:1;
- unsigned is_last_fragment:1;
- unsigned is_first_fragment:1;
- unsigned is_fragmented:1;
+struct rtp_sbc_payload {
+ uint8_t frame_count:4;
+ uint8_t rfa0:1;
+ uint8_t is_last_fragment:1;
+ uint8_t is_first_fragment:1;
+ uint8_t is_fragmented:1;
} __attribute__ ((packed));
-#elif __BYTE_ORDER == __BIG_ENDIAN
+#elif defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
+ __BYTE_ORDER == __BIG_ENDIAN
struct rtp_header {
- unsigned v:2;
- unsigned p:1;
- unsigned x:1;
- unsigned cc:4;
+ uint8_t v:2;
+ uint8_t p:1;
+ uint8_t x:1;
+ uint8_t cc:4;
- unsigned m:1;
- unsigned pt:7;
+ uint8_t m:1;
+ uint8_t pt:7;
uint16_t sequence_number;
uint32_t timestamp;
@@ -61,12 +67,12 @@ struct rtp_header {
uint32_t csrc[0];
} __attribute__ ((packed));
-struct rtp_payload {
- unsigned is_fragmented:1;
- unsigned is_first_fragment:1;
- unsigned is_last_fragment:1;
- unsigned rfa0:1;
- unsigned frame_count:4;
+struct rtp_sbc_payload {
+ uint8_t is_fragmented:1;
+ uint8_t is_first_fragment:1;
+ uint8_t is_last_fragment:1;
+ uint8_t rfa0:1;
+ uint8_t frame_count:4;
} __attribute__ ((packed));
#else
--
2.11.0
More information about the pulseaudio-discuss
mailing list