[v12,03/13] bluetooth: Fix usage of RTP structures in SBC codec

Submitted by Pali Rohár on July 5, 2019, 1:02 p.m.

Details

Message ID 20190705130226.5496-4-pali.rohar@gmail.com
State Accepted
Commit 9e70d0520182700b66438bebacb4570b7c56aa59
Headers show
Series "New API for Bluetooth A2DP codecs" ( rev: 97 96 95 94 93 92 91 90 89 88 87 86 85 ) in PulseAudio

Not browsing as part of any series.

Commit Message

Pali Rohár July 5, 2019, 1:02 p.m.
Rename struct rtp_payload to rtp_sbc_payload as it is specific for SBC
codec payload.

Add proper checks for endianity in rtp.h header and use uint8_t type
where appropriated.

Field frame_count is only 4 bit number, so add checks to prevent overflow.

And because is_fragmented field is not parsed by decoder there is no
support for decoding fragmented SBC frames. So throw an error in this case.
---
 src/modules/bluetooth/a2dp-codec-sbc.c | 35 ++++++++++++++------
 src/modules/bluetooth/rtp.h            | 58 +++++++++++++++++++---------------
 2 files changed, 58 insertions(+), 35 deletions(-)

Patch hide | download patch | download mbox

diff --git a/src/modules/bluetooth/a2dp-codec-sbc.c b/src/modules/bluetooth/a2dp-codec-sbc.c
index f57c7b01a..89c647fbe 100644
--- a/src/modules/bluetooth/a2dp-codec-sbc.c
+++ b/src/modules/bluetooth/a2dp-codec-sbc.c
@@ -485,9 +485,13 @@  static int reset(void *codec_info) {
 
 static size_t get_block_size(void *codec_info, size_t link_mtu) {
     struct sbc_info *sbc_info = (struct sbc_info *) codec_info;
-    size_t rtp_size = sizeof(struct rtp_header) + sizeof(struct rtp_payload);
+    size_t rtp_size = sizeof(struct rtp_header) + sizeof(struct rtp_sbc_payload);
     size_t frame_count = (link_mtu - rtp_size) / sbc_info->frame_length;
 
+    /* frame_count is only 4 bit number */
+    if (frame_count > 15)
+        frame_count = 15;
+
     return frame_count * sbc_info->codesize;
 }
 
@@ -514,14 +518,14 @@  static size_t reduce_encoder_bitrate(void *codec_info, size_t write_link_mtu) {
 static size_t encode_buffer(void *codec_info, uint32_t timestamp, const uint8_t *input_buffer, size_t input_size, uint8_t *output_buffer, size_t output_size, size_t *processed) {
     struct sbc_info *sbc_info = (struct sbc_info *) codec_info;
     struct rtp_header *header;
-    struct rtp_payload *payload;
+    struct rtp_sbc_payload *payload;
     uint8_t *d;
     const uint8_t *p;
     size_t to_write, to_encode;
-    unsigned frame_count;
+    uint8_t frame_count;
 
     header = (struct rtp_header*) output_buffer;
-    payload = (struct rtp_payload*) (output_buffer + sizeof(*header));
+    payload = (struct rtp_sbc_payload*) (output_buffer + sizeof(*header));
 
     frame_count = 0;
 
@@ -531,7 +535,8 @@  static size_t encode_buffer(void *codec_info, uint32_t timestamp, const uint8_t
     d = output_buffer + sizeof(*header) + sizeof(*payload);
     to_write = output_size - sizeof(*header) - sizeof(*payload);
 
-    while (PA_LIKELY(to_encode > 0 && to_write > 0)) {
+    /* frame_count is only 4 bit number */
+    while (PA_LIKELY(to_encode > 0 && to_write > 0 && frame_count < 15)) {
         ssize_t written;
         ssize_t encoded;
 
@@ -575,7 +580,7 @@  static size_t encode_buffer(void *codec_info, uint32_t timestamp, const uint8_t
     }
 
     /* write it to the fifo */
-    memset(output_buffer, 0, sizeof(*header) + sizeof(*payload));
+    pa_memzero(output_buffer, sizeof(*header) + sizeof(*payload));
     header->v = 2;
 
     /* A2DP spec: "A payload type in the RTP dynamic range shall be chosen".
@@ -596,13 +601,23 @@  static size_t decode_buffer(void *codec_info, const uint8_t *input_buffer, size_
     struct sbc_info *sbc_info = (struct sbc_info *) codec_info;
 
     struct rtp_header *header;
-    struct rtp_payload *payload;
+    struct rtp_sbc_payload *payload;
     const uint8_t *p;
     uint8_t *d;
     size_t to_write, to_decode;
+    uint8_t frame_count;
 
     header = (struct rtp_header *) input_buffer;
-    payload = (struct rtp_payload*) (input_buffer + sizeof(*header));
+    payload = (struct rtp_sbc_payload*) (input_buffer + sizeof(*header));
+
+    frame_count = payload->frame_count;
+
+    /* TODO: Add support for decoding fragmented SBC frames */
+    if (payload->is_fragmented) {
+        pa_log_error("Unsupported fragmented SBC frame");
+        *processed = 0;
+        return 0;
+    }
 
     p = input_buffer + sizeof(*header) + sizeof(*payload);
     to_decode = input_size - sizeof(*header) - sizeof(*payload);
@@ -610,7 +625,7 @@  static size_t decode_buffer(void *codec_info, const uint8_t *input_buffer, size_
     d = output_buffer;
     to_write = output_size;
 
-    while (PA_LIKELY(to_decode > 0 && to_write > 0)) {
+    while (PA_LIKELY(to_decode > 0 && to_write > 0 && frame_count > 0)) {
         size_t written;
         ssize_t decoded;
 
@@ -638,6 +653,8 @@  static size_t decode_buffer(void *codec_info, const uint8_t *input_buffer, size_
 
         d += written;
         to_write -= written;
+
+        frame_count--;
     }
 
     *processed = p - input_buffer;
diff --git a/src/modules/bluetooth/rtp.h b/src/modules/bluetooth/rtp.h
index 20694c1e1..813d9e390 100644
--- a/src/modules/bluetooth/rtp.h
+++ b/src/modules/bluetooth/rtp.h
@@ -3,6 +3,7 @@ 
  *  BlueZ - Bluetooth protocol stack for Linux
  *
  *  Copyright (C) 2004-2010  Marcel Holtmann <marcel@holtmann.org>
+ *  Copyright (C) 2019       Pali Rohár <pali.rohar@gmail.com>
  *
  *
  *  This library is free software; you can redistribute it and/or
@@ -19,16 +20,20 @@ 
  *  License along with this library; if not, see <http://www.gnu.org/licenses/>.
  */
 
-#if __BYTE_ORDER == __LITTLE_ENDIAN
+#include <endian.h>
+#include <stdint.h>
+
+#if defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
+	__BYTE_ORDER == __LITTLE_ENDIAN
 
 struct rtp_header {
-	unsigned cc:4;
-	unsigned x:1;
-	unsigned p:1;
-	unsigned v:2;
+	uint8_t cc:4;
+	uint8_t x:1;
+	uint8_t p:1;
+	uint8_t v:2;
 
-	unsigned pt:7;
-	unsigned m:1;
+	uint8_t pt:7;
+	uint8_t m:1;
 
 	uint16_t sequence_number;
 	uint32_t timestamp;
@@ -36,24 +41,25 @@  struct rtp_header {
 	uint32_t csrc[0];
 } __attribute__ ((packed));
 
-struct rtp_payload {
-	unsigned frame_count:4;
-	unsigned rfa0:1;
-	unsigned is_last_fragment:1;
-	unsigned is_first_fragment:1;
-	unsigned is_fragmented:1;
+struct rtp_sbc_payload {
+	uint8_t frame_count:4;
+	uint8_t rfa0:1;
+	uint8_t is_last_fragment:1;
+	uint8_t is_first_fragment:1;
+	uint8_t is_fragmented:1;
 } __attribute__ ((packed));
 
-#elif __BYTE_ORDER == __BIG_ENDIAN
+#elif defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
+	__BYTE_ORDER == __BIG_ENDIAN
 
 struct rtp_header {
-	unsigned v:2;
-	unsigned p:1;
-	unsigned x:1;
-	unsigned cc:4;
+	uint8_t v:2;
+	uint8_t p:1;
+	uint8_t x:1;
+	uint8_t cc:4;
 
-	unsigned m:1;
-	unsigned pt:7;
+	uint8_t m:1;
+	uint8_t pt:7;
 
 	uint16_t sequence_number;
 	uint32_t timestamp;
@@ -61,12 +67,12 @@  struct rtp_header {
 	uint32_t csrc[0];
 } __attribute__ ((packed));
 
-struct rtp_payload {
-	unsigned is_fragmented:1;
-	unsigned is_first_fragment:1;
-	unsigned is_last_fragment:1;
-	unsigned rfa0:1;
-	unsigned frame_count:4;
+struct rtp_sbc_payload {
+	uint8_t is_fragmented:1;
+	uint8_t is_first_fragment:1;
+	uint8_t is_last_fragment:1;
+	uint8_t rfa0:1;
+	uint8_t frame_count:4;
 } __attribute__ ((packed));
 
 #else

Comments

On Fri, 2019-07-05 at 15:02 +0200, Pali Rohár wrote:
> Rename struct rtp_payload to rtp_sbc_payload as it is specific for SBC
> codec payload.
> 
> Add proper checks for endianity in rtp.h header and use uint8_t type
> where appropriated.
> 
> Field frame_count is only 4 bit number, so add checks to prevent overflow.
> 
> And because is_fragmented field is not parsed by decoder there is no
> support for decoding fragmented SBC frames. So throw an error in this case.
> ---
>  src/modules/bluetooth/a2dp-codec-sbc.c | 35 ++++++++++++++------
>  src/modules/bluetooth/rtp.h            | 58 +++++++++++++++++++---------------
>  2 files changed, 58 insertions(+), 35 deletions(-)

Looks good to me.