M4Err ReadESDUpdate(BitStream *bs, ESDescriptorUpdate *esdUp, u32 ComSize) { Descriptor *tmp; u32 tmpSize = 0, nbBits = 0; M4Err e = M4OK; if (! esdUp) return M4BadParam; esdUp->ODID = BS_ReadInt(bs, 10); nbBits += 10; //very tricky, we're at the bit level here... while (1) { e = ParseDescriptor(bs, &tmp, &tmpSize); if (e) return e; e = AddToESDUpdate(esdUp, tmp); if (e) return e; nbBits += ( tmpSize + GetSizeFieldSize(tmpSize) ) * 8; //our com is aligned, so nbBits is between (ComSize-1)*8 and ComSize*8 if ( ( (nbBits >(ComSize-1)*8) && (nbBits <= ComSize * 8)) || (nbBits > ComSize*8) ) { //this one is a security break break; } } if (nbBits > ComSize * 8) return M4ReadODCommandFailed; //Align our bitstream nbBits += BS_Align(bs); if (nbBits != ComSize *8) return M4ReadODCommandFailed; return e; }
GF_Err gf_odf_read_esd_update(GF_BitStream *bs, GF_ESDUpdate *esdUp, u32 gf_odf_size_command) { GF_Descriptor *tmp; u32 tmpSize = 0, nbBits = 0; GF_Err e = GF_OK; if (!esdUp) return GF_BAD_PARAM; esdUp->ODID = gf_bs_read_int(bs, 10); nbBits += 10; //very tricky, we're at the bit level here... while (1) { e = gf_odf_parse_descriptor(bs, &tmp, &tmpSize); if (e) return e; e = AddToESDUpdate(esdUp, tmp); if (e) return e; nbBits += (tmpSize + gf_odf_size_field_size(tmpSize)) * 8; //our com is aligned, so nbBits is between (gf_odf_size_command-1)*8 and gf_odf_size_command*8 if (((nbBits >(gf_odf_size_command - 1) * 8) && (nbBits <= gf_odf_size_command * 8)) || (nbBits > gf_odf_size_command * 8)) { //this one is a security break break; } } if (nbBits > gf_odf_size_command * 8) return GF_ODF_INVALID_COMMAND; //Align our bitstream nbBits += gf_bs_align(bs); if (nbBits != gf_odf_size_command * 8) return GF_ODF_INVALID_COMMAND; return e; }