[NUT-devel] [nut]: r147 - trunk/libnut/demuxer.c
ods15
subversion at mplayerhq.hu
Sat Sep 23 21:46:33 CEST 2006
Author: ods15
Date: Sat Sep 23 21:46:33 2006
New Revision: 147
Modified:
trunk/libnut/demuxer.c
Log:
more malloc paranoia
Modified: trunk/libnut/demuxer.c
==============================================================================
--- trunk/libnut/demuxer.c (original)
+++ trunk/libnut/demuxer.c Sat Sep 23 21:46:33 2006
@@ -205,6 +205,7 @@
if ((err = get_v(in, &tmp))) return err;
*len = tmp;
*buf = alloc->realloc(*buf, *len);
+ if (!*buf) return -ERR_OUT_OF_MEM;
if (get_data(in, *len, *buf) != *len) return buf_eof(in);
return 0;
}
@@ -247,7 +248,9 @@
if (nut->max_distance > 65536) nut->max_distance = 65536;
GET_V(tmp, nut->timebase_count);
+ ERROR(SIZE_MAX/sizeof(nut_timebase_t) < nut->timebase_count, -ERR_OUT_OF_MEM);
nut->tb = nut->alloc->realloc(nut->tb, nut->timebase_count * sizeof(nut_timebase_t));
+ ERROR(!nut->tb, -ERR_OUT_OF_MEM);
for (i = 0; i < nut->timebase_count; i++) {
GET_V(tmp, nut->tb[i].nom);
GET_V(tmp, nut->tb[i].den);
@@ -326,7 +329,7 @@
return err;
}
-static int add_syncpoint(nut_context_t * nut, syncpoint_t sp, uint64_t * pts, uint64_t * eor) {
+static int add_syncpoint(nut_context_t * nut, syncpoint_t sp, uint64_t * pts, uint64_t * eor, int * out) {
syncpoint_list_t * sl = &nut->syncpoints;
int i, j;
@@ -349,10 +352,18 @@
}
i++;
if (sl->len + 1 > sl->alloc_len) {
+ void * a, * b, * c;
sl->alloc_len += PREALLOC_SIZE/4;
- sl->s = nut->alloc->realloc(sl->s, sl->alloc_len * sizeof(syncpoint_t));
- sl->pts = nut->alloc->realloc(sl->pts, sl->alloc_len * nut->stream_count * sizeof(uint64_t));
- sl->eor = nut->alloc->realloc(sl->eor, sl->alloc_len * nut->stream_count * sizeof(uint64_t));
+ if (SIZE_MAX/sl->alloc_len < sizeof(syncpoint_t) ||
+ SIZE_MAX/sl->alloc_len < sizeof(uint64_t) * nut->stream_count)
+ return -ERR_OUT_OF_MEM;
+ a = nut->alloc->realloc(sl->s, sl->alloc_len * sizeof(syncpoint_t));
+ b = nut->alloc->realloc(sl->pts, sl->alloc_len * nut->stream_count * sizeof(uint64_t));
+ c = nut->alloc->realloc(sl->eor, sl->alloc_len * nut->stream_count * sizeof(uint64_t));
+ if (!a || !b || !c) return -ERR_OUT_OF_MEM;
+ sl->s = a;
+ sl->pts = b;
+ sl->eor = c;
}
memmove(sl->s + i + 1, sl->s + i, (sl->len - i) * sizeof(syncpoint_t));
memmove(sl->pts + (i + 1) * nut->stream_count, sl->pts + i * nut->stream_count, (sl->len - i) * nut->stream_count * sizeof(uint64_t));
@@ -365,7 +376,8 @@
sl->eor[i * nut->stream_count + j] = eor ? eor[j] : 0;
}
sl->len++;
- return i;
+ if (out) *out = i;
+ return 0;
}
static void set_global_pts(nut_context_t * nut, uint64_t pts) {
@@ -408,10 +420,10 @@
eor[i] = nut->sc[i].eor;
nut->sc[i].eor = 0;
}
- if (after_seek) add_syncpoint(nut, s, NULL, NULL);
+ if (after_seek) CHECK(add_syncpoint(nut, s, NULL, NULL, NULL));
else {
s.pts_valid = 1;
- i = add_syncpoint(nut, s, pts, eor);
+ CHECK(add_syncpoint(nut, s, pts, eor, &i));
nut->syncpoints.s[i - 1].seen_next = 1;
}
} /*else {
@@ -854,7 +866,7 @@
if (!nut->seek_status) seek_buf(nut->i, 0, SEEK_SET);
nut->seek_status = 1;
CHECK(find_syncpoint(nut, 0, &s, 0));
- add_syncpoint(nut, s, NULL, NULL);
+ CHECK(add_syncpoint(nut, s, NULL, NULL, NULL));
nut->seek_status = 0;
}
@@ -864,7 +876,7 @@
if (!nut->seek_status) seek_buf(nut->i, 0, SEEK_END);
nut->seek_status = 1;
CHECK(find_syncpoint(nut, 1, &s, 0));
- i = add_syncpoint(nut, s, NULL, NULL);
+ CHECK(add_syncpoint(nut, s, NULL, NULL, &i));
assert(i == sl->len-1);
sl->s[i].seen_next = 1;
nut->seek_status = 0;
@@ -960,7 +972,8 @@
lop = s.pts;
}
if (1/*nut->dopts.cache_syncpoints || sl->len == 2*/) {
- int tmp = add_syncpoint(nut, s, NULL, NULL);
+ int tmp;
+ CHECK(add_syncpoint(nut, s, NULL, NULL, &tmp));
if (!res) i = tmp;
}/* else if (sl->len == 3) {
if (s.pts > pts) {
@@ -1312,6 +1325,7 @@
case ERR_NOSTREAM_STARTCODE: return "Expected stream startcode not found.";
case ERR_BAD_EOF: return "Invalid forward_ptr!";
case ERR_VLC_TOO_LONG: return "VLC too long";
+ case ERR_OUT_OF_MEM: return "Out of memory";
}
return NULL;
}
More information about the NUT-devel
mailing list