Commit d22136ba authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

Bunch of MP5 allocation failure checks

parent 310a72b6
......@@ -104,12 +104,13 @@
}
#define MP4_READBOX_EXIT( i_code ) \
free( p_buff ); \
if( i_read < 0 ) \
do \
{ \
msg_Warn( p_stream, "Not enough data" ); \
} \
return( i_code )
free( p_buff ); \
if( i_read < 0 ) \
msg_Warn( p_stream, "Not enough data" ); \
return( i_code ); \
} while (0)
/* Some assumptions:
......@@ -369,7 +370,6 @@ static int MP4_ReadBoxSkip( stream_t *p_stream, MP4_Box_t *p_box )
static int MP4_ReadBox_ftyp( stream_t *p_stream, MP4_Box_t *p_box )
{
unsigned code = 0;
MP4_READBOX_ENTER( MP4_Box_data_ftyp_t );
MP4_GETFOURCC( p_box->data.p_ftyp->i_major_brand );
......@@ -383,7 +383,7 @@ static int MP4_ReadBox_ftyp( stream_t *p_stream, MP4_Box_t *p_box )
sizeof(uint32_t));
if( tab == NULL )
goto error;
MP4_READBOX_EXIT( 0 );
for( i =0; i < p_box->data.p_ftyp->i_compatible_brands_count; i++ )
{
......@@ -394,10 +394,8 @@ static int MP4_ReadBox_ftyp( stream_t *p_stream, MP4_Box_t *p_box )
{
p_box->data.p_ftyp->i_compatible_brands = NULL;
}
code = 1;
error:
MP4_READBOX_EXIT( code );
MP4_READBOX_EXIT( 1 );
}
static void MP4_FreeBox_ftyp( MP4_Box_t *p_box )
......@@ -598,7 +596,6 @@ static int MP4_ReadBox_mdhd( stream_t *p_stream, MP4_Box_t *p_box )
static int MP4_ReadBox_hdlr( stream_t *p_stream, MP4_Box_t *p_box )
{
int32_t i_reserved;
int code = 0;
MP4_READBOX_ENTER( MP4_Box_data_hdlr_t );
......@@ -616,7 +613,7 @@ static int MP4_ReadBox_hdlr( stream_t *p_stream, MP4_Box_t *p_box )
{
uint8_t *psz = p_box->data.p_hdlr->psz_name = malloc( i_read + 1 );
if( psz == NULL )
goto error;
MP4_READBOX_EXIT( 0 );
/* Yes, I love .mp4 :( */
if( p_box->data.p_hdlr->i_predefined == VLC_FOURCC( 'm', 'h', 'l', 'r' ) )
......@@ -643,10 +640,7 @@ static int MP4_ReadBox_hdlr( stream_t *p_stream, MP4_Box_t *p_box )
p_box->data.p_hdlr->psz_name );
#endif
code = 1;
error:
MP4_READBOX_EXIT( code );
MP4_READBOX_EXIT( 1 );
}
static void MP4_FreeBox_hdlr( MP4_Box_t *p_box )
......@@ -793,7 +787,7 @@ static void MP4_FreeBox_stts( MP4_Box_t *p_box )
static int MP4_ReadBox_stts( stream_t *p_stream, MP4_Box_t *p_box )
{
unsigned int i, code = 0;
unsigned int i;
MP4_READBOX_ENTER( MP4_Box_data_stts_t );
MP4_GETVERSIONFLAGS( p_box->data.p_stts );
......@@ -807,7 +801,7 @@ static int MP4_ReadBox_stts( stream_t *p_stream, MP4_Box_t *p_box )
|| p_box->data.p_stts->i_sample_delta == NULL )
{
MP4_FreeBox_stts( p_box );
goto error;
MP4_READBOX_EXIT( 0 );
}
for( i = 0; (i < p_box->data.p_stts->i_entry_count )&&( i_read >=8 ); i++ )
......@@ -821,9 +815,7 @@ static int MP4_ReadBox_stts( stream_t *p_stream, MP4_Box_t *p_box )
p_box->data.p_stts->i_entry_count );
#endif
code = 1;
error:
MP4_READBOX_EXIT( code );
MP4_READBOX_EXIT( 1 );
}
......@@ -835,7 +827,7 @@ static void MP4_FreeBox_ctts( MP4_Box_t *p_box )
static int MP4_ReadBox_ctts( stream_t *p_stream, MP4_Box_t *p_box )
{
unsigned int i, code = 0;
unsigned int i;
MP4_READBOX_ENTER( MP4_Box_data_ctts_t );
MP4_GETVERSIONFLAGS( p_box->data.p_ctts );
......@@ -850,7 +842,7 @@ static int MP4_ReadBox_ctts( stream_t *p_stream, MP4_Box_t *p_box )
|| ( p_box->data.p_ctts->i_sample_offset == NULL ) )
{
MP4_FreeBox_ctts( p_box );
goto error;
MP4_READBOX_EXIT( 0 );
}
for( i = 0; (i < p_box->data.p_ctts->i_entry_count )&&( i_read >=8 ); i++ )
......@@ -858,15 +850,13 @@ static int MP4_ReadBox_ctts( stream_t *p_stream, MP4_Box_t *p_box )
MP4_GET4BYTES( p_box->data.p_ctts->i_sample_count[i] );
MP4_GET4BYTES( p_box->data.p_ctts->i_sample_offset[i] );
}
code = 1;
#ifdef MP4_VERBOSE
msg_Dbg( p_stream, "read box: \"ctts\" entry-count %d",
p_box->data.p_ctts->i_entry_count );
#endif
error:
MP4_READBOX_EXIT( code );
MP4_READBOX_EXIT( 1 );
}
......@@ -1145,8 +1135,10 @@ static int MP4_ReadBox_sample_soun( stream_t *p_stream, MP4_Box_t *p_box )
*/
if( i_read > 0 )
{
p_box->data.p_sample_soun->i_qt_description = i_read;
p_box->data.p_sample_soun->p_qt_description = malloc( i_read );
if( p_box->data.p_sample_soun->p_qt_description == NULL )
MP4_READBOX_EXIT( 0 );
p_box->data.p_sample_soun->i_qt_description = i_read;
memcpy( p_box->data.p_sample_soun->p_qt_description, p_peek, i_read );
}
else
......@@ -1245,6 +1237,8 @@ static int MP4_ReadBox_sample_soun( stream_t *p_stream, MP4_Box_t *p_box )
free( p_box->data.p_sample_soun->p_qt_description );
p_box->data.p_sample_soun->p_qt_description = malloc( i_read );
if( p_box->data.p_sample_soun->p_qt_description == NULL )
MP4_READBOX_EXIT( 0 );
p_box->data.p_sample_soun->i_qt_description = i_read;
memcpy( p_box->data.p_sample_soun->p_qt_description, p_peek, i_read );
}
......@@ -1298,8 +1292,10 @@ int MP4_ReadBox_sample_vide( stream_t *p_stream, MP4_Box_t *p_box )
*/
if( i_read > 0 )
{
p_box->data.p_sample_vide->i_qt_image_description = i_read;
p_box->data.p_sample_vide->p_qt_image_description = malloc( i_read );
if( p_box->data.p_sample_vide->p_qt_image_description == NULL )
MP4_READBOX_EXIT( 0 );
p_box->data.p_sample_vide->i_qt_image_description = i_read;
memcpy( p_box->data.p_sample_vide->p_qt_image_description,
p_peek, i_read );
}
......@@ -1485,6 +1481,8 @@ static int MP4_ReadBox_stsz( stream_t *p_stream, MP4_Box_t *p_box )
p_box->data.p_stsz->i_entry_size =
calloc( p_box->data.p_stsz->i_sample_count, sizeof(uint32_t) );
if( p_box->data.p_stsz->i_entry_size == NULL )
MP4_READBOX_EXIT( 0 );
if( !p_box->data.p_stsz->i_sample_size )
{
......@@ -1508,6 +1506,13 @@ static void MP4_FreeBox_stsz( MP4_Box_t *p_box )
FREENULL( p_box->data.p_stsz->i_entry_size );
}
static void MP4_FreeBox_stsc( MP4_Box_t *p_box )
{
FREENULL( p_box->data.p_stsc->i_first_chunk );
FREENULL( p_box->data.p_stsc->i_samples_per_chunk );
FREENULL( p_box->data.p_stsc->i_sample_description_index );
}
static int MP4_ReadBox_stsc( stream_t *p_stream, MP4_Box_t *p_box )
{
unsigned int i;
......@@ -1524,6 +1529,13 @@ static int MP4_ReadBox_stsc( stream_t *p_stream, MP4_Box_t *p_box )
calloc( p_box->data.p_stsc->i_entry_count, sizeof(uint32_t) );
p_box->data.p_stsc->i_sample_description_index =
calloc( p_box->data.p_stsc->i_entry_count, sizeof(uint32_t) );
if( p_box->data.p_stsc->i_first_chunk == NULL
|| p_box->data.p_stsc->i_samples_per_chunk == NULL
|| p_box->data.p_stsc->i_sample_description_index == NULL )
{
MP4_FreeBox_stsc( p_box );
MP4_READBOX_EXIT( 0 );
}
for( i = 0; (i < p_box->data.p_stsc->i_entry_count )&&( i_read >= 12 );i++ )
{
......@@ -1540,13 +1552,6 @@ static int MP4_ReadBox_stsc( stream_t *p_stream, MP4_Box_t *p_box )
MP4_READBOX_EXIT( 1 );
}
static void MP4_FreeBox_stsc( MP4_Box_t *p_box )
{
FREENULL( p_box->data.p_stsc->i_first_chunk );
FREENULL( p_box->data.p_stsc->i_samples_per_chunk );
FREENULL( p_box->data.p_stsc->i_sample_description_index );
}
static int MP4_ReadBox_stco_co64( stream_t *p_stream, MP4_Box_t *p_box )
{
unsigned int i;
......@@ -1559,6 +1564,8 @@ static int MP4_ReadBox_stco_co64( stream_t *p_stream, MP4_Box_t *p_box )
p_box->data.p_co64->i_chunk_offset =
calloc( p_box->data.p_co64->i_entry_count, sizeof(uint64_t) );
if( p_box->data.p_co64->i_chunk_offset == NULL )
MP4_READBOX_EXIT( 0 );
for( i = 0; i < p_box->data.p_co64->i_entry_count; i++ )
{
......@@ -1605,6 +1612,8 @@ static int MP4_ReadBox_stss( stream_t *p_stream, MP4_Box_t *p_box )
p_box->data.p_stss->i_sample_number =
calloc( p_box->data.p_stss->i_entry_count, sizeof(uint32_t) );
if( p_box->data.p_stss->i_sample_number == NULL )
MP4_READBOX_EXIT( 0 );
for( i = 0; (i < p_box->data.p_stss->i_entry_count )&&( i_read >= 4 ); i++ )
{
......@@ -1627,6 +1636,12 @@ static void MP4_FreeBox_stss( MP4_Box_t *p_box )
FREENULL( p_box->data.p_stss->i_sample_number );
}
static void MP4_FreeBox_stsh( MP4_Box_t *p_box )
{
FREENULL( p_box->data.p_stsh->i_shadowed_sample_number );
FREENULL( p_box->data.p_stsh->i_sync_sample_number );
}
static int MP4_ReadBox_stsh( stream_t *p_stream, MP4_Box_t *p_box )
{
unsigned int i;
......@@ -1640,10 +1655,15 @@ static int MP4_ReadBox_stsh( stream_t *p_stream, MP4_Box_t *p_box )
p_box->data.p_stsh->i_shadowed_sample_number =
calloc( p_box->data.p_stsh->i_entry_count, sizeof(uint32_t) );
p_box->data.p_stsh->i_sync_sample_number =
calloc( p_box->data.p_stsh->i_entry_count, sizeof(uint32_t) );
if( p_box->data.p_stsh->i_shadowed_sample_number == NULL
|| p_box->data.p_stsh->i_sync_sample_number == NULL )
{
MP4_FreeBox_stsh( p_box );
MP4_READBOX_EXIT( 0 );
}
for( i = 0; (i < p_box->data.p_stss->i_entry_count )&&( i_read >= 8 ); i++ )
{
......@@ -1659,12 +1679,6 @@ static int MP4_ReadBox_stsh( stream_t *p_stream, MP4_Box_t *p_box )
MP4_READBOX_EXIT( 1 );
}
static void MP4_FreeBox_stsh( MP4_Box_t *p_box )
{
FREENULL( p_box->data.p_stsh->i_shadowed_sample_number );
FREENULL( p_box->data.p_stsh->i_sync_sample_number );
}
static int MP4_ReadBox_stdp( stream_t *p_stream, MP4_Box_t *p_box )
{
......@@ -1696,9 +1710,16 @@ static void MP4_FreeBox_stdp( MP4_Box_t *p_box )
FREENULL( p_box->data.p_stdp->i_priority );
}
static void MP4_FreeBox_padb( MP4_Box_t *p_box )
{
FREENULL( p_box->data.p_padb->i_reserved1 );
FREENULL( p_box->data.p_padb->i_pad2 );
FREENULL( p_box->data.p_padb->i_reserved2 );
FREENULL( p_box->data.p_padb->i_pad1 );
}
static int MP4_ReadBox_padb( stream_t *p_stream, MP4_Box_t *p_box )
{
int code = 0;
unsigned int i;
uint32_t count;
......@@ -1706,7 +1727,6 @@ static int MP4_ReadBox_padb( stream_t *p_stream, MP4_Box_t *p_box )
MP4_GETVERSIONFLAGS( p_box->data.p_padb );
MP4_GET4BYTES( p_box->data.p_padb->i_sample_count );
count = (p_box->data.p_padb->i_sample_count + 1) / 2;
......@@ -1714,11 +1734,19 @@ static int MP4_ReadBox_padb( stream_t *p_stream, MP4_Box_t *p_box )
p_box->data.p_padb->i_pad2 = calloc( count, sizeof(uint16_t) );
p_box->data.p_padb->i_reserved2 = calloc( count, sizeof(uint16_t) );
p_box->data.p_padb->i_pad1 = calloc( count, sizeof(uint16_t) );
if( p_box->data.p_padb->i_reserved1 == NULL
|| p_box->data.p_padb->i_pad2 == NULL
|| p_box->data.p_padb->i_reserved2 == NULL
|| p_box->data.p_padb->i_pad1 == NULL )
{
MP4_FreeBox_padb( p_box );
MP4_READBOX_EXIT( 0 );
}
for( i = 0; i < i_read / 2 ; i++ )
{
if( i >= count )
goto error;
MP4_READBOX_EXIT( 0 );
p_box->data.p_padb->i_reserved1[i] = ( (*p_peek) >> 7 )&0x01;
p_box->data.p_padb->i_pad2[i] = ( (*p_peek) >> 4 )&0x07;
p_box->data.p_padb->i_reserved1[i] = ( (*p_peek) >> 3 )&0x01;
......@@ -1732,17 +1760,15 @@ static int MP4_ReadBox_padb( stream_t *p_stream, MP4_Box_t *p_box )
i_read / 2 );
#endif
code = 1;
error:
MP4_READBOX_EXIT( code );
MP4_READBOX_EXIT( 1 );
}
static void MP4_FreeBox_padb( MP4_Box_t *p_box )
static void MP4_FreeBox_elst( MP4_Box_t *p_box )
{
FREENULL( p_box->data.p_padb->i_reserved1 );
FREENULL( p_box->data.p_padb->i_pad2 );
FREENULL( p_box->data.p_padb->i_reserved2 );
FREENULL( p_box->data.p_padb->i_pad1 );
FREENULL( p_box->data.p_elst->i_segment_duration );
FREENULL( p_box->data.p_elst->i_media_time );
FREENULL( p_box->data.p_elst->i_media_rate_integer );
FREENULL( p_box->data.p_elst->i_media_rate_fraction );
}
static int MP4_ReadBox_elst( stream_t *p_stream, MP4_Box_t *p_box )
......@@ -1762,8 +1788,16 @@ static int MP4_ReadBox_elst( stream_t *p_stream, MP4_Box_t *p_box )
calloc( p_box->data.p_elst->i_entry_count, sizeof(uint64_t) );
p_box->data.p_elst->i_media_rate_integer =
calloc( p_box->data.p_elst->i_entry_count, sizeof(uint16_t) );
p_box->data.p_elst->i_media_rate_fraction=
p_box->data.p_elst->i_media_rate_fraction =
calloc( p_box->data.p_elst->i_entry_count, sizeof(uint16_t) );
if( p_box->data.p_elst->i_segment_duration == NULL
|| p_box->data.p_elst->i_media_time == NULL
|| p_box->data.p_elst->i_media_rate_integer == NULL
|| p_box->data.p_elst->i_media_rate_fraction == NULL )
{
MP4_FreeBox_elst( p_box );
MP4_READBOX_EXIT( 0 );
}
for( i = 0; i < p_box->data.p_elst->i_entry_count; i++ )
......@@ -1795,14 +1829,6 @@ static int MP4_ReadBox_elst( stream_t *p_stream, MP4_Box_t *p_box )
MP4_READBOX_EXIT( 1 );
}
static void MP4_FreeBox_elst( MP4_Box_t *p_box )
{
FREENULL( p_box->data.p_elst->i_segment_duration );
FREENULL( p_box->data.p_elst->i_media_time );
FREENULL( p_box->data.p_elst->i_media_rate_integer );
FREENULL( p_box->data.p_elst->i_media_rate_fraction );
}
static int MP4_ReadBox_cprt( stream_t *p_stream, MP4_Box_t *p_box )
{
unsigned int i_language;
......@@ -2023,6 +2049,8 @@ static int MP4_ReadBox_rdrf( stream_t *p_stream, MP4_Box_t *p_box )
{
uint32_t i;
p_box->data.p_rdrf->psz_ref = malloc( i_len );
if( p_box->data.p_rdrf->psz_ref == NULL )
MP4_READBOX_EXIT( 0 );
i_len--;
for( i = 0; i < i_len; i++ )
......@@ -2164,6 +2192,8 @@ static int MP4_ReadBox_0xa9xxx( stream_t *p_stream, MP4_Box_t *p_box )
if( i_length >= i_read ) i_length = i_read + 1;
p_box->data.p_0xa9xxx->psz_text = malloc( i_length );
if( p_box->data.p_0xa9xxx->psz_text == NULL )
MP4_READBOX_EXIT( 0 );
i_length--;
memcpy( p_box->data.p_0xa9xxx->psz_text,
......@@ -2201,6 +2231,8 @@ static int MP4_ReadBox_0xa9xxx( stream_t *p_stream, MP4_Box_t *p_box )
// the rest is the text
i_data_len -= 12;
p_box->data.p_0xa9xxx->psz_text = malloc( i_data_len + 1 );
if( p_box->data.p_0xa9xxx->psz_text == NULL )
MP4_READBOX_EXIT( 0 );
memcpy( p_box->data.p_0xa9xxx->psz_text,
p_peek, i_data_len );
......@@ -2304,7 +2336,9 @@ static int MP4_ReadBox_tref_generic( stream_t *p_stream, MP4_Box_t *p_box )
p_box->data.p_tref_generic->i_track_ID = NULL;
p_box->data.p_tref_generic->i_entry_count = i_read / sizeof(uint32_t);
if( p_box->data.p_tref_generic->i_entry_count > 0 )
p_box->data.p_tref_generic->i_track_ID = malloc( p_box->data.p_tref_generic->i_entry_count * sizeof(uint32_t) );
p_box->data.p_tref_generic->i_track_ID = calloc( p_box->data.p_tref_generic->i_entry_count, sizeof(uint32_t) );
if( p_box->data.p_tref_generic->i_track_ID == NULL )
MP4_READBOX_EXIT( 0 );
for( i = 0; i < p_box->data.p_tref_generic->i_entry_count; i++ )
{
......@@ -2595,6 +2629,9 @@ static MP4_Box_t *MP4_ReadBox( stream_t *p_stream, MP4_Box_t *p_father )
MP4_Box_t *p_box = malloc( sizeof( MP4_Box_t ) );
unsigned int i_index;
if( p_box == NULL )
return NULL;
if( !MP4_ReadBoxCommon( p_stream, p_box ) )
{
msg_Warn( p_stream, "cannot read one box" );
......@@ -2698,6 +2735,9 @@ MP4_Box_t *MP4_BoxGetRoot( stream_t *s )
int i_result;
p_root = malloc( sizeof( MP4_Box_t ) );
if( p_root == NULL )
return NULL;
p_root->i_pos = 0;
p_root->i_type = VLC_FOURCC( 'r', 'o', 'o', 't' );
p_root->i_shortsize = 1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment