Commit 3a4e3824 authored by conrad's avatar conrad
Browse files

Chase mallocs in comments.c, esp. _fs_comment_add and fs_strdup()

Towards Mozilla bug 468293
Adds FISH_SOUND_ERR_OUT_OF_MEMORY error return value, which can be
returned by fishsound_decode()

git-svn-id: http://svn.annodex.net/libfishsound/trunk@3851 8158c8cd-e7e1-0310-9fa4-c5954c97daef
parent 010e9c0a
......@@ -106,6 +106,9 @@ typedef enum _FishSoundError {
/** The requested operation is not suitable for this FishSound* handle */
FISH_SOUND_ERR_INVALID = -3,
/** Out of memory */
FISH_SOUND_ERR_OUT_OF_MEMORY = -4,
/** Functionality disabled at build time */
FISH_SOUND_ERR_DISABLED = -10,
......
......@@ -113,6 +113,7 @@ int fish_sound_set_decoded_float_ilv (FishSound * fsound,
* callback returning FISH_SOUND_STOP_ERR before any input bytes were consumed.
* This will occur when PCM is decoded from previously buffered input, and
* stopping is immediately requested.
* \retval FISH_SOUND_ERR_OUT_OF_MEMORY Out of memory
*/
long fish_sound_decode (FishSound * fsound, unsigned char * buf, long bytes);
......
......@@ -138,12 +138,23 @@ fs_comment_new (const char * name, const char * value)
FishSoundComment * comment;
if (!fs_comment_validate_byname (name, value)) return NULL;
/* Ensures that name != NULL, value != NULL, and validates strings */
comment = fs_malloc (sizeof (FishSoundComment));
if (comment == NULL) return NULL;
comment->name = fs_strdup (name);
if (comment->name == NULL) {
fs_free (comment);
return NULL;
}
comment->value = fs_strdup (value);
if (comment->value == NULL) {
fs_free (comment->name);
fs_free (comment);
return NULL;
}
return comment;
}
......@@ -169,16 +180,6 @@ fs_comment_cmp (const FishSoundComment * comment1, const FishSoundComment * comm
return 1;
}
/* Public API */
const char *
fish_sound_comment_get_vendor (FishSound * fsound)
{
if (fsound == NULL) return NULL;
return fsound->vendor;
}
int
fish_sound_comment_set_vendor (FishSound * fsound, const char * vendor_string)
{
......@@ -186,11 +187,22 @@ fish_sound_comment_set_vendor (FishSound * fsound, const char * vendor_string)
if (fsound->vendor) fs_free (fsound->vendor);
fsound->vendor = fs_strdup (vendor_string);
if ((fsound->vendor = fs_strdup (vendor_string)) == NULL)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
return 0;
}
/* Public API */
const char *
fish_sound_comment_get_vendor (FishSound * fsound)
{
if (fsound == NULL) return NULL;
return fsound->vendor;
}
const FishSoundComment *
fish_sound_comment_first (FishSound * fsound)
{
......@@ -269,11 +281,13 @@ fish_sound_comment_add (FishSound * fsound, FishSoundComment * comment)
if (!fs_comment_validate_byname (comment->name, comment->value))
return FISH_SOUND_ERR_COMMENT_INVALID;
new_comment = fs_comment_new (comment->name, comment->value);
if ((new_comment = fs_comment_new (comment->name, comment->value)) == NULL)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
_fs_comment_add (fsound, new_comment);
if (_fs_comment_add (fsound, new_comment) == NULL)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
return 0;
return FISH_SOUND_OK;
#else
return FISH_SOUND_ERR_DISABLED;
#endif
......@@ -294,9 +308,13 @@ fish_sound_comment_add_byname (FishSound * fsound, const char * name,
if (!fs_comment_validate_byname (name, value))
return FISH_SOUND_ERR_COMMENT_INVALID;
comment = fs_comment_new (name, value);
if ((comment = fs_comment_new (name, value)) == NULL)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
_fs_comment_add (fsound, comment);
if (_fs_comment_add (fsound, comment) == NULL)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
return FISH_SOUND_OK;
return 0;
......@@ -402,9 +420,14 @@ fish_sound_comments_decode (FishSound * fsound, unsigned char * comments,
if (c+len>end) return -1;
/* Vendor */
nvalue = fs_strdup_len (c, len);
fish_sound_comment_set_vendor (fsound, nvalue);
if (nvalue) fs_free (nvalue);
if (len > 0) {
if ((nvalue = fs_strdup_len (c, len)) == NULL)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
if (fish_sound_comment_set_vendor (fsound, nvalue) == FISH_SOUND_ERR_OUT_OF_MEMORY)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
fs_free (nvalue);
}
#ifdef DEBUG
fwrite(c, 1, len, stderr); fputc ('\n', stderr);
#endif
......@@ -437,22 +460,33 @@ fish_sound_comments_decode (FishSound * fsound, unsigned char * comments,
value++;
n = c+len - value;
nvalue = fs_strdup_len (value, n);
if ((nvalue = fs_strdup_len (value, n)) == NULL)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
#ifdef DEBUG
printf ("fish_sound_comments_decode: %s -> %s (length %d)\n",
name, nvalue, n);
#endif
comment = fs_comment_new (name, nvalue);
_fs_comment_add (fsound, comment);
if ((comment = fs_comment_new (name, nvalue)) == NULL)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
if (_fs_comment_add (fsound, comment) == NULL)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
fs_free (nvalue);
} else {
#ifdef DEBUG
printf ("fish_sound_comments_decode: [%d] %s (no value)\n",
i, name, len);
#endif
nvalue = fs_strdup_len (name, len);
comment = fs_comment_new (nvalue, NULL);
_fs_comment_add (fsound, comment);
if ((nvalue = fs_strdup_len (name, len)) == NULL)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
if ((comment = fs_comment_new (nvalue, NULL)) == NULL)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
if (_fs_comment_add (fsound, comment) == NULL)
return FISH_SOUND_ERR_OUT_OF_MEMORY;
fs_free (nvalue);
}
......@@ -463,7 +497,7 @@ fish_sound_comments_decode (FishSound * fsound, unsigned char * comments,
printf ("fish_sound_comments_decode: done\n");
#endif
return 0;
return FISH_SOUND_OK;
}
long
......
......@@ -316,7 +316,10 @@ fs_flac_decode (FishSound * fsound, unsigned char * buf, long bytes)
#ifdef DEBUG
printf ("fs_flac_decode: got vorbiscomments len %d\n", len);
#endif
fish_sound_comments_decode (fsound, buf+4, len);
if (fish_sound_comments_decode (fsound, buf+4, len) == FISH_SOUND_ERR_OUT_OF_MEMORY) {
fi->packetno++;
return FISH_SOUND_ERR_OUT_OF_MEMORY;
}
}
memcpy(tmp, fi->buffer, fi->bufferlength);
......
......@@ -320,7 +320,10 @@ fs_speex_decode (FishSound * fsound, unsigned char * buf, long bytes)
} else if (fss->packetno == 1) {
/* Comments */
fish_sound_comments_decode (fsound, buf, bytes);
if (fish_sound_comments_decode (fsound, buf, bytes) == FISH_SOUND_ERR_OUT_OF_MEMORY) {
fss->packetno++;
return FISH_SOUND_ERR_OUT_OF_MEMORY;
}
} else if (fss->packetno <= 1+fss->extra_headers) {
/* Unknown extra headers */
} else {
......@@ -402,7 +405,10 @@ fs_speex_enc_headers (FishSound * fsound)
/* Allocate and create comments */
snprintf (vendor_string, 128, VENDOR_FORMAT, header.speex_version);
fish_sound_comment_set_vendor (fsound, vendor_string);
if (fish_sound_comment_set_vendor (fsound, vendor_string) == FISH_SOUND_ERR_OUT_OF_MEMORY) {
fs_free (header_buf);
return NULL;
}
comments_bytes = fish_sound_comments_encode (fsound, NULL, 0);
comments_buf = fs_malloc (comments_bytes);
if (comments_buf == NULL) {
......
......@@ -141,7 +141,10 @@ fs_vorbis_decode (FishSound * fsound, unsigned char * buf, long bytes)
* start of vorbiscomment packet. */
if (fsv->packetno == 1 && bytes > 7 && buf[0] == 0x03 &&
!strncmp ((char *)&buf[1], "vorbis", 6)) {
fish_sound_comments_decode (fsound, buf+7, bytes-7);
if (fish_sound_comments_decode (fsound, buf+7, bytes-7) == FISH_SOUND_ERR_OUT_OF_MEMORY) {
fsv->packetno++;
return FISH_SOUND_ERR_OUT_OF_MEMORY;
}
} else if (fsv->packetno == 2) {
vorbis_synthesis_init (&fsv->vd, &fsv->vi);
vorbis_block_init (&fsv->vd, &fsv->vb);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment