$OpenBSD: patch-modules_demux_tta_c,v 1.1 2008/09/04 22:58:23 brad Exp $ --- modules/demux/tta.c.orig Tue Sep 2 02:11:26 2008 +++ modules/demux/tta.c Tue Sep 2 02:12:05 2008 @@ -60,10 +60,10 @@ struct demux_sys_t es_out_id_t *p_es; /* */ - int i_totalframes; - int i_currentframe; + uint32_t i_totalframes; + uint32_t i_currentframe; uint32_t *pi_seektable; - int i_datalength; + uint32_t i_datalength; int i_framelength; /* */ @@ -81,10 +81,11 @@ static int Open( vlc_object_t * p_this ) es_format_t fmt; uint8_t *p_peek; uint8_t p_header[22]; - uint8_t *p_seektable; - int i_seektable_size = 0, i; + uint8_t *p_fullheader; + int i_seektable_size = 0; //char psz_info[4096]; //module_t *p_id3; + uint32_t i; if( stream_Peek( p_demux->s, &p_peek, 4 ) < 4 ) return VLC_EGENERIC; @@ -94,7 +95,7 @@ static int Open( vlc_object_t * p_this ) if( !p_demux->b_force ) return VLC_EGENERIC; /* User forced */ - msg_Err( p_demux, "this doesn't look like a flac stream, " + msg_Err( p_demux, "this doesn't look like a true-audio stream, " "continuing anyway" ); } @@ -106,11 +107,22 @@ static int Open( vlc_object_t * p_this ) p_demux->pf_control = Control; p_demux->p_sys = p_sys = malloc( sizeof( demux_sys_t ) ); + if( !p_sys ) + return VLC_ENOMEM; + + p_sys->pi_seektable = NULL; + /* Read the metadata */ es_format_Init( &fmt, AUDIO_ES, VLC_FOURCC( 'T', 'T', 'A', '1' ) ); fmt.audio.i_channels = GetWLE( &p_header[6] ); fmt.audio.i_bitspersample = GetWLE( &p_header[8] ); fmt.audio.i_rate = GetDWLE( &p_header[10] ); + if( fmt.audio.i_rate == 0 || /* Avoid divide by 0 */ + fmt.audio.i_rate > ( 1 << 20 ) /* Avoid i_framelength overflow */ ) + { + msg_Warn( p_demux, "Wrong sample rate" ); + goto error; + } p_sys->i_datalength = GetDWLE( &p_header[14] ); p_sys->i_framelength = TTA_FRAMETIME * fmt.audio.i_rate; @@ -118,25 +130,36 @@ static int Open( vlc_object_t * p_this ) p_sys->i_totalframes = p_sys->i_datalength / p_sys->i_framelength + ((p_sys->i_datalength % p_sys->i_framelength) ? 1 : 0); p_sys->i_currentframe = 0; + if( p_sys->i_totalframes > (1 << 29)) + goto error; i_seektable_size = sizeof(uint32_t)*p_sys->i_totalframes; - p_seektable = (uint8_t *)malloc( i_seektable_size ); - stream_Read( p_demux->s, p_seektable, i_seektable_size ); - p_sys->pi_seektable = (uint32_t *)malloc(i_seektable_size); - for( i = 0; i < p_sys->i_totalframes; i++ ) - p_sys->pi_seektable[i] = GetDWLE( &p_seektable[i*4] ); + /* Store the header and Seektable for avcodec */ + fmt.i_extra = 22 + i_seektable_size + 4; + fmt.p_extra = p_fullheader = malloc( fmt.i_extra ); + if( !p_fullheader ) + goto error; - stream_Read( p_demux->s, NULL, 4 ); /* CRC */ + memcpy( p_fullheader, p_header, 22 ); + p_fullheader += 22; + if( stream_Read( p_demux->s, p_fullheader, i_seektable_size ) + != i_seektable_size ) + goto error; - /* Store the header and Seektable for avcodec */ - fmt.i_extra = 22 + (p_sys->i_totalframes * 4) + 4; - fmt.p_extra = malloc( fmt.i_extra ); - memcpy( fmt.p_extra, p_header, 22 ); - memcpy( fmt.p_extra+22, p_seektable, fmt.i_extra -22 ); + p_sys->pi_seektable = calloc( p_sys->i_totalframes, sizeof(uint32_t) ); + if( !p_sys->pi_seektable ) + goto error; + for( i = 0; i < p_sys->i_totalframes; i++ ) + { + p_sys->pi_seektable[i] = GetDWLE( p_fullheader ); + p_fullheader += 4; + } + stream_Read( p_demux->s, p_fullheader, 4 ); /* CRC */ + p_fullheader += 4; + p_sys->p_es = es_out_Add( p_demux->out, &fmt ); - free( p_seektable ); p_sys->i_start = stream_Tell( p_demux->s ); #if 0 @@ -152,6 +175,10 @@ static int Open( vlc_object_t * p_this ) p_sys->p_meta = vlc_meta_New(); #endif return VLC_SUCCESS; +error: + es_format_Clean( &fmt ); + Close( p_this ); + return VLC_EGENERIC; } /***************************************************************************** @@ -162,6 +189,7 @@ static void Close( vlc_object_t * p_this ) demux_t *p_demux = (demux_t*)p_this; demux_sys_t *p_sys = p_demux->p_sys; + free( p_sys->pi_seektable ); free( p_sys ); } @@ -221,7 +249,7 @@ static int Control( demux_t *p_demux, int i_query, va_ if( i64 > 0 ) { int64_t tmp = 0; - int i; + uint32_t i; for( i=0; i < p_sys->i_totalframes && tmp+p_sys->pi_seektable[i] < i64; i++) { tmp += p_sys->pi_seektable[i];