projects
/
platform
/
upstream
/
libvorbis.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add further array bounds checks to bark_noise_hybridmp.
[platform/upstream/libvorbis.git]
/
lib
/
info.c
diff --git
a/lib/info.c
b/lib/info.c
index
fed4582
..
4a5e2b3
100644
(file)
--- a/
lib/info.c
+++ b/
lib/info.c
@@
-11,7
+11,6
@@
********************************************************************
function: maintain the info structure, info <-> header packets
********************************************************************
function: maintain the info structure, info <-> header packets
- last mod: $Id$
********************************************************************/
********************************************************************/
@@
-20,7
+19,6
@@
#include <stdlib.h>
#include <string.h>
#include <stdlib.h>
#include <string.h>
-#include <ctype.h>
#include <ogg/ogg.h>
#include "vorbis/codec.h"
#include "codec_internal.h"
#include <ogg/ogg.h>
#include "vorbis/codec.h"
#include "codec_internal.h"
@@
-31,20
+29,10
@@
#include "misc.h"
#include "os.h"
#include "misc.h"
#include "os.h"
-#define GENERAL_VENDOR_STRING "Xiph.Org libVorbis 1.3.
5
"
-#define ENCODE_VENDOR_STRING "Xiph.Org libVorbis I 201
50105 (⛄⛄⛄⛄
)"
+#define GENERAL_VENDOR_STRING "Xiph.Org libVorbis 1.3.
6
"
+#define ENCODE_VENDOR_STRING "Xiph.Org libVorbis I 201
80316 (Now 100% fewer shells
)"
/* helpers */
/* helpers */
-static int ilog2(unsigned int v){
- int ret=0;
- if(v)--v;
- while(v){
- ret++;
- v>>=1;
- }
- return(ret);
-}
-
static void _v_writestring(oggpack_buffer *o,const char *s, int bytes){
while(bytes--){
static void _v_writestring(oggpack_buffer *o,const char *s, int bytes){
while(bytes--){
@@
-58,6
+46,10
@@
static void _v_readstring(oggpack_buffer *o,char *buf,int bytes){
}
}
}
}
+static int _v_toupper(int c) {
+ return (c >= 'a' && c <= 'z') ? (c & ~('a' - 'A')) : c;
+}
+
void vorbis_comment_init(vorbis_comment *vc){
memset(vc,0,sizeof(*vc));
}
void vorbis_comment_init(vorbis_comment *vc){
memset(vc,0,sizeof(*vc));
}
@@
-75,11
+67,13
@@
void vorbis_comment_add(vorbis_comment *vc,const char *comment){
}
void vorbis_comment_add_tag(vorbis_comment *vc, const char *tag, const char *contents){
}
void vorbis_comment_add_tag(vorbis_comment *vc, const char *tag, const char *contents){
- char *comment=alloca(strlen(tag)+strlen(contents)+2); /* +2 for = and \0 */
+ /* Length for key and value +2 for = and \0 */
+ char *comment=_ogg_malloc(strlen(tag)+strlen(contents)+2);
strcpy(comment, tag);
strcat(comment, "=");
strcat(comment, contents);
vorbis_comment_add(vc, comment);
strcpy(comment, tag);
strcat(comment, "=");
strcat(comment, contents);
vorbis_comment_add(vc, comment);
+ _ogg_free(comment);
}
/* This is more or less the same as strncasecmp - but that doesn't exist
}
/* This is more or less the same as strncasecmp - but that doesn't exist
@@
-87,7
+81,7
@@
void vorbis_comment_add_tag(vorbis_comment *vc, const char *tag, const char *con
static int tagcompare(const char *s1, const char *s2, int n){
int c=0;
while(c < n){
static int tagcompare(const char *s1, const char *s2, int n){
int c=0;
while(c < n){
- if(
toupper(s1[c]) !=
toupper(s2[c]))
+ if(
_v_toupper(s1[c]) != _v_
toupper(s2[c]))
return !0;
c++;
}
return !0;
c++;
}
@@
-98,27
+92,30
@@
char *vorbis_comment_query(vorbis_comment *vc, const char *tag, int count){
long i;
int found = 0;
int taglen = strlen(tag)+1; /* +1 for the = we append */
long i;
int found = 0;
int taglen = strlen(tag)+1; /* +1 for the = we append */
- char *fulltag =
alloca(taglen+
1);
+ char *fulltag =
_ogg_malloc(taglen+
1);
strcpy(fulltag, tag);
strcat(fulltag, "=");
for(i=0;i<vc->comments;i++){
if(!tagcompare(vc->user_comments[i], fulltag, taglen)){
strcpy(fulltag, tag);
strcat(fulltag, "=");
for(i=0;i<vc->comments;i++){
if(!tagcompare(vc->user_comments[i], fulltag, taglen)){
- if(count == found)
+ if(count == found)
{
/* We return a pointer to the data, not a copy */
/* We return a pointer to the data, not a copy */
- return vc->user_comments[i] + taglen;
- else
+ _ogg_free(fulltag);
+ return vc->user_comments[i] + taglen;
+ } else {
found++;
found++;
+ }
}
}
}
}
+ _ogg_free(fulltag);
return NULL; /* didn't find anything */
}
int vorbis_comment_query_count(vorbis_comment *vc, const char *tag){
int i,count=0;
int taglen = strlen(tag)+1; /* +1 for the = we append */
return NULL; /* didn't find anything */
}
int vorbis_comment_query_count(vorbis_comment *vc, const char *tag){
int i,count=0;
int taglen = strlen(tag)+1; /* +1 for the = we append */
- char *fulltag =
alloca
(taglen+1);
+ char *fulltag =
_ogg_malloc
(taglen+1);
strcpy(fulltag,tag);
strcat(fulltag, "=");
strcpy(fulltag,tag);
strcat(fulltag, "=");
@@
-127,6
+124,7
@@
int vorbis_comment_query_count(vorbis_comment *vc, const char *tag){
count++;
}
count++;
}
+ _ogg_free(fulltag);
return count;
}
return count;
}
@@
-208,6
+206,7
@@
void vorbis_info_clear(vorbis_info *vi){
static int _vorbis_unpack_info(vorbis_info *vi,oggpack_buffer *opb){
codec_setup_info *ci=vi->codec_setup;
static int _vorbis_unpack_info(vorbis_info *vi,oggpack_buffer *opb){
codec_setup_info *ci=vi->codec_setup;
+ int bs;
if(!ci)return(OV_EFAULT);
vi->version=oggpack_read(opb,32);
if(!ci)return(OV_EFAULT);
vi->version=oggpack_read(opb,32);
@@
-216,12
+215,16
@@
static int _vorbis_unpack_info(vorbis_info *vi,oggpack_buffer *opb){
vi->channels=oggpack_read(opb,8);
vi->rate=oggpack_read(opb,32);
vi->channels=oggpack_read(opb,8);
vi->rate=oggpack_read(opb,32);
- vi->bitrate_upper=oggpack_read(opb,32);
- vi->bitrate_nominal=oggpack_read(opb,32);
- vi->bitrate_lower=oggpack_read(opb,32);
+ vi->bitrate_upper=
(ogg_int32_t)
oggpack_read(opb,32);
+ vi->bitrate_nominal=
(ogg_int32_t)
oggpack_read(opb,32);
+ vi->bitrate_lower=
(ogg_int32_t)
oggpack_read(opb,32);
- ci->blocksizes[0]=1<<oggpack_read(opb,4);
- ci->blocksizes[1]=1<<oggpack_read(opb,4);
+ bs = oggpack_read(opb,4);
+ if(bs<0)goto err_out;
+ ci->blocksizes[0]=1<<bs;
+ bs = oggpack_read(opb,4);
+ if(bs<0)goto err_out;
+ ci->blocksizes[1]=1<<bs;
if(vi->rate<1)goto err_out;
if(vi->channels<1)goto err_out;
if(vi->rate<1)goto err_out;
if(vi->channels<1)goto err_out;
@@
-447,7
+450,11
@@
int vorbis_synthesis_headerin(vorbis_info *vi,vorbis_comment *vc,ogg_packet *op)
static int _vorbis_pack_info(oggpack_buffer *opb,vorbis_info *vi){
codec_setup_info *ci=vi->codec_setup;
static int _vorbis_pack_info(oggpack_buffer *opb,vorbis_info *vi){
codec_setup_info *ci=vi->codec_setup;
- if(!ci)return(OV_EFAULT);
+ if(!ci||
+ ci->blocksizes[0]<64||
+ ci->blocksizes[1]<ci->blocksizes[0]){
+ return(OV_EFAULT);
+ }
/* preamble */
oggpack_write(opb,0x01,8);
/* preamble */
oggpack_write(opb,0x01,8);
@@
-462,8
+469,8
@@
static int _vorbis_pack_info(oggpack_buffer *opb,vorbis_info *vi){
oggpack_write(opb,vi->bitrate_nominal,32);
oggpack_write(opb,vi->bitrate_lower,32);
oggpack_write(opb,vi->bitrate_nominal,32);
oggpack_write(opb,vi->bitrate_lower,32);
- oggpack_write(opb,
ilog2(ci->blocksizes[0]
),4);
- oggpack_write(opb,
ilog2(ci->blocksizes[1]
),4);
+ oggpack_write(opb,
ov_ilog(ci->blocksizes[0]-1
),4);
+ oggpack_write(opb,
ov_ilog(ci->blocksizes[1]-1
),4);
oggpack_write(opb,1,1);
return(0);
oggpack_write(opb,1,1);
return(0);
@@
-589,7
+596,8
@@
int vorbis_analysis_headerout(vorbis_dsp_state *v,
oggpack_buffer opb;
private_state *b=v->backend_state;
oggpack_buffer opb;
private_state *b=v->backend_state;
- if(!b){
+ if(!b||vi->channels<=0||vi->channels>256){
+ b = NULL;
ret=OV_EFAULT;
goto err_out;
}
ret=OV_EFAULT;
goto err_out;
}
@@
-648,7
+656,7
@@
int vorbis_analysis_headerout(vorbis_dsp_state *v,
memset(op_code,0,sizeof(*op_code));
if(b){
memset(op_code,0,sizeof(*op_code));
if(b){
- oggpack_writeclear(&opb);
+
if(vi->channels>0)
oggpack_writeclear(&opb);
if(b->header)_ogg_free(b->header);
if(b->header1)_ogg_free(b->header1);
if(b->header2)_ogg_free(b->header2);
if(b->header)_ogg_free(b->header);
if(b->header1)_ogg_free(b->header1);
if(b->header2)_ogg_free(b->header2);