wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1216845 - Check fallible allocations - r=rillian

Browse Source 
- Made externally-sized 'new' allocations fallible.
- Check return value of every new(fallible)/malloc/realloc.
- Consistently return -ENOMEM when allocations fail.
- MPEG4Extractor::getTrack() and getMetaData() can return null (because of
  failed parse or failed alloc); added missing checks in callers.

Note: Some allocs in the 2nd half of MPEG4Extractor have not been touched, as
they are in unused code to be removed in bug 1210319.
This commit is contained in:
Gerald Squelart 2015-11-11 12:37:53 +01:00
parent aac569f6bf
commit 73541bfbc0
2 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
media/libstagefright/binding/MP4Metadata.cpp
View File

@ -102,8 +102,10 @@ MP4Metadata::MP4Metadata(Stream* aSource)
mPrivate->mMetadataExtractor->flags() & MediaExtractor::CAN_SEEK;
sp<MetaData> metaData = mPrivate->mMetadataExtractor->getMetaData();
if (metaData.get()) {
UpdateCrypto(metaData.get());
}
}
MP4Metadata::~MP4Metadata()
{
@ -317,6 +319,9 @@ MP4Metadata::GetTrackNumber(mozilla::TrackID aTrackID)
size_t numTracks = mPrivate->mMetadataExtractor->countTracks();
for (size_t i = 0; i < numTracks; i++) {
sp<MetaData> metaData = mPrivate->mMetadataExtractor->getTrackMetaData(i);
if (!metaData.get()) {
continue;
}
int32_t value;
if (metaData->findInt32(kKeyTrackID, &value) && value == aTrackID) {
return i;

29
media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp
View File

@ -420,7 +420,7 @@ uint32_t MPEG4Extractor::flags() const {
sp<MetaData> MPEG4Extractor::getMetaData() {
status_t err;
if ((err = readMetaData()) != OK) {
return new MetaData;
return NULL;
}
return mFileMetaData;
@ -522,7 +522,7 @@ status_t MPEG4Extractor::readMetaData() {
if (psshsize) {
char *buf = (char*)malloc(psshsize);
if (!buf) {
return ERROR_MALFORMED;
return -ENOMEM;
}
char *ptr = buf;
for (size_t i = 0; i < mPssh.Length(); i++) {
@ -686,7 +686,10 @@ status_t MPEG4Extractor::parseDrmSINF(off64_t *offset, off64_t data_offset) {
return ERROR_MALFORMED;
}
sinf->len = dataLen - 3;
sinf->IPMPData = new char[sinf->len];
sinf->IPMPData = new (fallible) char[sinf->len];
if (!sinf->IPMPData) {
return -ENOMEM;
}
if (mDataSource->readAt(data_offset + 2, sinf->IPMPData, sinf->len) < sinf->len) {
return ERROR_IO;
@ -1147,7 +1150,10 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
// Copy the contents of the box (including header) verbatim.
pssh.datalen = chunk_data_size + 8;
pssh.data = new uint8_t[pssh.datalen];
pssh.data = new (fallible) uint8_t[pssh.datalen];
if (!pssh.data) {
return -ENOMEM;
}
if (mDataSource->readAt(data_offset - 8, pssh.data, pssh.datalen) < pssh.datalen) {
return ERROR_IO;
}
@ -1763,7 +1769,10 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
return ERROR_MALFORMED;
}
sp<ABuffer> buffer = new ABuffer(chunk_data_size);
sp<ABuffer> buffer = new (fallible) ABuffer(chunk_data_size);
if (!buffer.get()) {
return -ENOMEM;
}
if (mDataSource->readAt(
data_offset, buffer->data(), chunk_data_size) < chunk_data_size) {
@ -1997,7 +2006,10 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
if (size >= kMAX_ALLOCATION - chunk_size) {
return ERROR_MALFORMED;
}
uint8_t *buffer = new uint8_t[size + chunk_size];
uint8_t *buffer = new (fallible) uint8_t[size + chunk_size];
if (!buffer) {
return -ENOMEM;
}
if (size > 0) {
memcpy(buffer, data, size);
@ -2029,7 +2041,10 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
if (chunk_data_size <= kSkipBytesOfDataBox) {
return ERROR_MALFORMED;
}
sp<ABuffer> buffer = new ABuffer(chunk_data_size + 1);
sp<ABuffer> buffer = new (fallible) ABuffer(chunk_data_size + 1);
if (!buffer.get()) {
return -ENOMEM;
}
if (mDataSource->readAt(
data_offset, buffer->data(), chunk_data_size) != (ssize_t)chunk_data_size) {
return ERROR_IO;