From: Andre Noll Date: Mon, 9 Aug 2021 17:43:36 +0000 (+0200) Subject: mp4: Use para_{c,m}alloc() to allocate memory. X-Git-Tag: v0.7.1~7^2~129 X-Git-Url: http://git.tuebingen.mpg.de/?a=commitdiff_plain;h=ed9c31afce8eaa0bb7bf5f557e213d1193152ca5;p=paraslash.git mp4: Use para_{c,m}alloc() to allocate memory. With mp4ff being internal we can afford to just abort if allocations fail (which is what the para_ wrappers do). This allows us to simplify the code quite a bit. The code used to cast the pointer returned from malloc(). This is unnecessary, so drop these casts. --- diff --git a/mp4.c b/mp4.c index cdcfa651..84206e87 100644 --- a/mp4.c +++ b/mp4.c @@ -5,7 +5,10 @@ * See file COPYING. */ +#include + #include "para.h" +#include "string.h" #include "mp4.h" int32_t mp4ff_total_tracks(const mp4ff_t * f) @@ -388,10 +391,7 @@ static void mp4ff_track_add(mp4ff_t * f) f->error++; return; } - - f->track[f->total_tracks - 1] = malloc(sizeof (mp4ff_track_t)); - - memset(f->track[f->total_tracks - 1], 0, sizeof (mp4ff_track_t)); + f->track[f->total_tracks - 1] = para_calloc(sizeof (mp4ff_track_t)); } static uint8_t mp4ff_read_char(mp4ff_t * f) @@ -445,12 +445,8 @@ static int32_t mp4ff_read_stsz(mp4ff_t * f) if (f->track[f->total_tracks - 1]->stsz_sample_size == 0) { int32_t i; f->track[f->total_tracks - 1]->stsz_table = - (int32_t *)malloc(f->track[f->total_tracks - 1]->stsz_sample_count + para_malloc(f->track[f->total_tracks - 1]->stsz_sample_count * sizeof (int32_t)); - - if (!f->track[f->total_tracks - 1]->stsz_table) - return f->error++; - for (i = 0; i < f->track[f->total_tracks - 1]->stsz_sample_count && !f->stream->read_error; i++) { f->track[f->total_tracks - 1]->stsz_table[i] = mp4ff_read_int32(f); @@ -477,29 +473,15 @@ static int32_t mp4ff_read_stts(mp4ff_t * f) mp4ff_read_int24(f); /* flags */ p_track->stts_entry_count = mp4ff_read_int32(f); - p_track->stts_sample_count = (int32_t *)malloc(p_track->stts_entry_count + p_track->stts_sample_count = para_malloc(p_track->stts_entry_count * sizeof (int32_t)); - p_track->stts_sample_delta = (int32_t *)malloc(p_track->stts_entry_count + p_track->stts_sample_delta = para_malloc(p_track->stts_entry_count * sizeof (int32_t)); - - if (p_track->stts_sample_count == 0 || p_track->stts_sample_delta == 0) { - if (p_track->stts_sample_count) { - free(p_track->stts_sample_count); - p_track->stts_sample_count = 0; - } - if (p_track->stts_sample_delta) { - free(p_track->stts_sample_delta); - p_track->stts_sample_delta = 0; - } - p_track->stts_entry_count = 0; - return 0; - } else { - for (i = 0; i < f->track[f->total_tracks - 1]->stts_entry_count && !f->stream->read_error; i++) { /* CVE-2017-9254 */ - p_track->stts_sample_count[i] = mp4ff_read_int32(f); - p_track->stts_sample_delta[i] = mp4ff_read_int32(f); - } - return 1; + for (i = 0; i < f->track[f->total_tracks - 1]->stts_entry_count && !f->stream->read_error; i++) { /* CVE-2017-9254 */ + p_track->stts_sample_count[i] = mp4ff_read_int32(f); + p_track->stts_sample_delta[i] = mp4ff_read_int32(f); } + return 1; } static int32_t mp4ff_read_ctts(mp4ff_t * f) @@ -518,29 +500,16 @@ static int32_t mp4ff_read_ctts(mp4ff_t * f) mp4ff_read_int24(f); /* flags */ p_track->ctts_entry_count = mp4ff_read_int32(f); - p_track->ctts_sample_count = (int32_t *)malloc(p_track->ctts_entry_count + p_track->ctts_sample_count = para_malloc(p_track->ctts_entry_count * sizeof (int32_t)); - p_track->ctts_sample_offset = (int32_t *)malloc(p_track->ctts_entry_count + p_track->ctts_sample_offset = para_malloc(p_track->ctts_entry_count * sizeof (int32_t)); - if (p_track->ctts_sample_count == 0 || p_track->ctts_sample_offset == 0) { - if (p_track->ctts_sample_count) { - free(p_track->ctts_sample_count); - p_track->ctts_sample_count = 0; - } - if (p_track->ctts_sample_offset) { - free(p_track->ctts_sample_offset); - p_track->ctts_sample_offset = 0; - } - p_track->ctts_entry_count = 0; - return 0; - } else { - for (i = 0; i < f->track[f->total_tracks - 1]->ctts_entry_count && !f->stream->read_error; i++) { /* CVE-2017-9257 */ - p_track->ctts_sample_count[i] = mp4ff_read_int32(f); - p_track->ctts_sample_offset[i] = mp4ff_read_int32(f); - } - return 1; + for (i = 0; i < f->track[f->total_tracks - 1]->ctts_entry_count && !f->stream->read_error; i++) { /* CVE-2017-9257 */ + p_track->ctts_sample_count[i] = mp4ff_read_int32(f); + p_track->ctts_sample_offset[i] = mp4ff_read_int32(f); } + return 1; } static int32_t mp4ff_read_stsc(mp4ff_t * f) @@ -555,32 +524,15 @@ static int32_t mp4ff_read_stsc(mp4ff_t * f) f->track[f->total_tracks - 1]->stsc_entry_count = mp4ff_read_int32(f); f->track[f->total_tracks - 1]->stsc_first_chunk = - (int32_t *) malloc(f->track[f->total_tracks - 1]->stsc_entry_count * + para_malloc(f->track[f->total_tracks - 1]->stsc_entry_count * sizeof (int32_t)); f->track[f->total_tracks - 1]->stsc_samples_per_chunk = - (int32_t *) malloc(f->track[f->total_tracks - 1]->stsc_entry_count * + para_malloc(f->track[f->total_tracks - 1]->stsc_entry_count * sizeof (int32_t)); f->track[f->total_tracks - 1]->stsc_sample_desc_index = - (int32_t *) malloc(f->track[f->total_tracks - 1]->stsc_entry_count * + para_malloc(f->track[f->total_tracks - 1]->stsc_entry_count * sizeof (int32_t)); - /* CVE-2017-9219 */ - if (!f->track[f->total_tracks - 1]->stsc_first_chunk) { - return f->error++; - } - if (!f->track[f->total_tracks - 1]->stsc_samples_per_chunk) { - free(f->track[f->total_tracks - 1]->stsc_first_chunk); - f->track[f->total_tracks - 1]->stsc_first_chunk = NULL; - return f->error++; - } - if (!f->track[f->total_tracks - 1]->stsc_sample_desc_index) { - free(f->track[f->total_tracks - 1]->stsc_first_chunk); - f->track[f->total_tracks - 1]->stsc_first_chunk = NULL; - free(f->track[f->total_tracks - 1]->stsc_samples_per_chunk); - f->track[f->total_tracks - 1]->stsc_samples_per_chunk = NULL; - return f->error++; - } - for (i = 0; i < f->track[f->total_tracks - 1]->stsc_entry_count && !f->stream->read_error; i++) { /* CVE-2017-9255 */ f->track[f->total_tracks - 1]->stsc_first_chunk[i] = mp4ff_read_int32(f); @@ -605,13 +557,8 @@ static int32_t mp4ff_read_stco(mp4ff_t * f) f->track[f->total_tracks - 1]->stco_entry_count = mp4ff_read_int32(f); f->track[f->total_tracks - 1]->stco_chunk_offset = - (int32_t *) malloc(f->track[f->total_tracks - 1]->stco_entry_count * + para_malloc(f->track[f->total_tracks - 1]->stco_entry_count * sizeof (int32_t)); - - /* CVE-2017-9220 */ - if (!f->track[f->total_tracks - 1]->stco_chunk_offset) - return f->error++; - for (i = 0; i < f->track[f->total_tracks - 1]->stco_entry_count && !f->stream->read_error; i++) { /* CVE-2017-9256 */ f->track[f->total_tracks - 1]->stco_chunk_offset[i] = mp4ff_read_int32(f); @@ -700,15 +647,12 @@ static int32_t mp4ff_read_esds(mp4ff_t * f) if (f->track[f->total_tracks - 1]->decoderConfig) free(f->track[f->total_tracks - 1]->decoderConfig); f->track[f->total_tracks - 1]->decoderConfig = - malloc(f->track[f->total_tracks - 1]->decoderConfigLen); + para_malloc(f->track[f->total_tracks - 1]->decoderConfigLen); if (f->track[f->total_tracks - 1]->decoderConfig) { mp4ff_read_data(f, f->track[f->total_tracks - 1]->decoderConfig, f->track[f->total_tracks - 1]->decoderConfigLen); - } else { - f->track[f->total_tracks - 1]->decoderConfigLen = 0; } - /* will skip the remainder of the atom */ return 0; } @@ -834,11 +778,9 @@ static int32_t mp4ff_tag_add_field(mp4ff_metadata_t * tags, const char *item, tags->tags[tags->count].item = strdup(item); tags->tags[tags->count].len = len; if (len >= 0) { - tags->tags[tags->count].value = malloc(len + 1); - if (tags->tags[tags->count].value != NULL) { - memcpy(tags->tags[tags->count].value, value, len); - tags->tags[tags->count].value[len] = 0; - } + tags->tags[tags->count].value = para_malloc(len + 1); + memcpy(tags->tags[tags->count].value, value, len); + tags->tags[tags->count].value[len] = 0; } else { tags->tags[tags->count].value = strdup(value); } @@ -901,15 +843,12 @@ static const char *mp4ff_meta_index_to_genre(uint32_t idx) static char *mp4ff_read_string(mp4ff_t * f, uint32_t length) { - char *str = (char *) malloc(length + 1); - if (str != 0) { - if ((uint32_t) mp4ff_read_data(f, str, length) != length) { - free(str); - str = 0; - } else { - str[length] = 0; - } - } + char *str = para_malloc(length + 1); + if ((uint32_t)mp4ff_read_data(f, str, length) != length) { + free(str); + str = NULL; + } else + str[length] = 0; return str; } @@ -1321,11 +1260,7 @@ void mp4ff_get_decoder_config(const mp4ff_t * f, const int track, *ppBuf = NULL; *pBufSize = 0; } else { - *ppBuf = malloc(f->track[track]->decoderConfigLen); - if (*ppBuf == NULL) { - *pBufSize = 0; - return; - } + *ppBuf = para_malloc(f->track[track]->decoderConfigLen); memcpy(*ppBuf, f->track[track]->decoderConfig, f->track[track]->decoderConfigLen); *pBufSize = f->track[track]->decoderConfigLen; @@ -1334,9 +1269,7 @@ void mp4ff_get_decoder_config(const mp4ff_t * f, const int track, mp4ff_t *mp4ff_open_read(mp4ff_callback_t * f) { - mp4ff_t *ff = malloc(sizeof (mp4ff_t)); - - memset(ff, 0, sizeof (mp4ff_t)); + mp4ff_t *ff = para_calloc(sizeof(mp4ff_t)); ff->stream = f; @@ -1540,9 +1473,7 @@ int32_t mp4ff_num_samples(const mp4ff_t * f, const int32_t track) mp4ff_t *mp4ff_open_read_metaonly(mp4ff_callback_t * f) { - mp4ff_t *ff = malloc(sizeof (mp4ff_t)); - - memset(ff, 0, sizeof (mp4ff_t)); + mp4ff_t *ff = para_calloc(sizeof(mp4ff_t)); ff->stream = f; @@ -1652,8 +1583,8 @@ static membuffer *membuffer_create(void) { const unsigned initial_size = 256; - membuffer *buf = (membuffer *) malloc(sizeof (membuffer)); - buf->data = malloc(initial_size); + membuffer *buf = para_malloc(sizeof (membuffer)); + buf->data = para_malloc(initial_size); buf->written = 0; buf->allocated = initial_size; buf->error = buf->data == 0 ? 1 : 0; @@ -1875,9 +1806,7 @@ static uint32_t create_ilst(const mp4ff_metadata_t * data, void **out_buffer, { membuffer *buf = membuffer_create(); unsigned metaptr; - char *mask = (char *) malloc(data->count); - memset(mask, 0, data->count); - + char *mask = para_calloc(data->count); { const char *tracknumber_ptr = 0, *totaltracks_ptr = 0; const char *discnumber_ptr = 0, *totaldiscs_ptr = 0; @@ -2141,12 +2070,7 @@ static uint32_t modify_moov(mp4ff_t * f, const mp4ff_metadata_t * data, size_delta = new_ilst_size - (ilst_size - 8); *out_size = total_size + size_delta; - *out_buffer = malloc(*out_size); - if (*out_buffer == 0) { - free(new_ilst_buffer); - return 0; - } - + *out_buffer = para_malloc(*out_size); p_out = (uint8_t *) * out_buffer; mp4ff_set_position(f, total_base); @@ -2222,9 +2146,7 @@ int32_t mp4ff_meta_update(mp4ff_callback_t * f, const mp4ff_metadata_t * data) void *new_moov_data; uint32_t new_moov_size; - mp4ff_t *ff = malloc(sizeof (mp4ff_t)); - - memset(ff, 0, sizeof (mp4ff_t)); + mp4ff_t *ff = para_calloc(sizeof(mp4ff_t)); ff->stream = f; mp4ff_set_position(ff, 0);