X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2FlibFLAC%2Fmetadata_object.c;h=7f178f813c639095360b15d71f409b08d5f55aa6;hb=387b72731dbf79450050987b9b36bf70f286b098;hp=1726787407f4658c1421595158b5fcfaf215994e;hpb=a65fd93119bdf33d4f8750f5fdcb7483f09c78d5;p=platform%2Fupstream%2Fflac.git diff --git a/src/libFLAC/metadata_object.c b/src/libFLAC/metadata_object.c index 1726787..7f178f8 100644 --- a/src/libFLAC/metadata_object.c +++ b/src/libFLAC/metadata_object.c @@ -1,5 +1,5 @@ /* libFLAC - Free Lossless Audio Codec library - * Copyright (C) 2001,2002,2003,2004,2005,2006 Josh Coalson + * Copyright (C) 2001,2002,2003,2004,2005,2006,2007,2008,2009 Josh Coalson * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -39,6 +39,7 @@ #include "private/metadata.h" #include "FLAC/assert.h" +#include "share/alloc.h" /**************************************************************************** @@ -53,14 +54,14 @@ * from != NULL && bytes > 0 * to <- copy of from * else ASSERT - * malloc error leaved 'to' unchanged + * malloc error leaves 'to' unchanged */ static FLAC__bool copy_bytes_(FLAC__byte **to, const FLAC__byte *from, unsigned bytes) { FLAC__ASSERT(0 != to); if(bytes > 0 && 0 != from) { FLAC__byte *x; - if(0 == (x = (FLAC__byte*)malloc(bytes))) + if(0 == (x = safe_malloc_(bytes))) return false; memcpy(x, from, bytes); *to = x; @@ -94,7 +95,7 @@ static FLAC__bool free_copy_bytes_(FLAC__byte **to, const FLAC__byte *from, unsi /* realloc() failure leaves entry unchanged */ static FLAC__bool ensure_null_terminated_(FLAC__byte **entry, unsigned length) { - FLAC__byte *x = (FLAC__byte*)realloc(*entry, length+1); + FLAC__byte *x = safe_realloc_add_2op_(*entry, length, /*+*/1); if(0 != x) { x[length] = '\0'; *entry = x; @@ -132,7 +133,7 @@ static FLAC__bool copy_vcentry_(FLAC__StreamMetadata_VorbisComment_Entry *to, co else { FLAC__byte *x; FLAC__ASSERT(from->length > 0); - if(0 == (x = (FLAC__byte*)malloc(from->length+1))) + if(0 == (x = safe_malloc_add_2op_(from->length, /*+*/1))) return false; memcpy(x, from->entry, from->length); x[from->length] = '\0'; @@ -150,7 +151,7 @@ static FLAC__bool copy_track_(FLAC__StreamMetadata_CueSheet_Track *to, const FLA else { FLAC__StreamMetadata_CueSheet_Index *x; FLAC__ASSERT(from->num_indices > 0); - if(0 == (x = (FLAC__StreamMetadata_CueSheet_Index*)malloc(from->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index)))) + if(0 == (x = safe_malloc_mul_2op_(from->num_indices, /*times*/sizeof(FLAC__StreamMetadata_CueSheet_Index)))) return false; memcpy(x, from->indices, from->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index)); to->indices = x; @@ -172,7 +173,7 @@ static FLAC__StreamMetadata_SeekPoint *seekpoint_array_new_(unsigned num_points) FLAC__ASSERT(num_points > 0); - object_array = (FLAC__StreamMetadata_SeekPoint*)malloc(num_points * sizeof(FLAC__StreamMetadata_SeekPoint)); + object_array = safe_malloc_mul_2op_(num_points, /*times*/sizeof(FLAC__StreamMetadata_SeekPoint)); if(0 != object_array) { unsigned i; @@ -205,7 +206,7 @@ static FLAC__StreamMetadata_VorbisComment_Entry *vorbiscomment_entry_array_new_( { FLAC__ASSERT(num_comments > 0); - return (FLAC__StreamMetadata_VorbisComment_Entry*)calloc(num_comments, sizeof(FLAC__StreamMetadata_VorbisComment_Entry)); + return safe_calloc_(num_comments, sizeof(FLAC__StreamMetadata_VorbisComment_Entry)); } static void vorbiscomment_entry_array_delete_(FLAC__StreamMetadata_VorbisComment_Entry *object_array, unsigned num_comments) @@ -344,14 +345,14 @@ static FLAC__StreamMetadata_CueSheet_Index *cuesheet_track_index_array_new_(unsi { FLAC__ASSERT(num_indices > 0); - return (FLAC__StreamMetadata_CueSheet_Index*)calloc(num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index)); + return safe_calloc_(num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index)); } static FLAC__StreamMetadata_CueSheet_Track *cuesheet_track_array_new_(unsigned num_tracks) { FLAC__ASSERT(num_tracks > 0); - return (FLAC__StreamMetadata_CueSheet_Track*)calloc(num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track)); + return safe_calloc_(num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track)); } static void cuesheet_track_array_delete_(FLAC__StreamMetadata_CueSheet_Track *object_array, unsigned num_tracks) @@ -436,7 +437,7 @@ FLAC_API FLAC__StreamMetadata *FLAC__metadata_object_new(FLAC__MetadataType type if(type > FLAC__MAX_METADATA_TYPE_CODE) return 0; - object = (FLAC__StreamMetadata*)calloc(1, sizeof(FLAC__StreamMetadata)); + object = calloc(1, sizeof(FLAC__StreamMetadata)); if(0 != object) { object->is_last = false; object->type = type; @@ -537,6 +538,10 @@ FLAC_API FLAC__StreamMetadata *FLAC__metadata_object_clone(const FLAC__StreamMet case FLAC__METADATA_TYPE_PADDING: break; case FLAC__METADATA_TYPE_APPLICATION: + if(to->length < FLAC__STREAM_METADATA_APPLICATION_ID_LEN / 8) { /* underflow check */ + FLAC__metadata_object_delete(to); + return 0; + } memcpy(&to->data.application.id, &object->data.application.id, FLAC__STREAM_METADATA_APPLICATION_ID_LEN / 8); if(!copy_bytes_(&to->data.application.data, object->data.application.data, object->length - FLAC__STREAM_METADATA_APPLICATION_ID_LEN / 8)) { FLAC__metadata_object_delete(to); @@ -545,6 +550,10 @@ FLAC_API FLAC__StreamMetadata *FLAC__metadata_object_clone(const FLAC__StreamMet break; case FLAC__METADATA_TYPE_SEEKTABLE: to->data.seek_table.num_points = object->data.seek_table.num_points; + if(to->data.seek_table.num_points > UINT32_MAX / sizeof(FLAC__StreamMetadata_SeekPoint)) { /* overflow check */ + FLAC__metadata_object_delete(to); + return 0; + } if(!copy_bytes_((FLAC__byte**)&to->data.seek_table.points, (FLAC__byte*)object->data.seek_table.points, object->data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint))) { FLAC__metadata_object_delete(to); return 0; @@ -930,8 +939,12 @@ FLAC_API FLAC__bool FLAC__metadata_object_seektable_resize_points(FLAC__StreamMe return false; } else { - const unsigned old_size = object->data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint); - const unsigned new_size = new_num_points * sizeof(FLAC__StreamMetadata_SeekPoint); + const size_t old_size = object->data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint); + const size_t new_size = new_num_points * sizeof(FLAC__StreamMetadata_SeekPoint); + + /* overflow check */ + if(new_num_points > UINT32_MAX / sizeof(FLAC__StreamMetadata_SeekPoint)) + return false; FLAC__ASSERT(object->data.seek_table.num_points > 0); @@ -939,7 +952,7 @@ FLAC_API FLAC__bool FLAC__metadata_object_seektable_resize_points(FLAC__StreamMe free(object->data.seek_table.points); object->data.seek_table.points = 0; } - else if(0 == (object->data.seek_table.points = (FLAC__StreamMetadata_SeekPoint*)realloc(object->data.seek_table.points, new_size))) + else if(0 == (object->data.seek_table.points = realloc(object->data.seek_table.points, new_size))) return false; /* if growing, set new elements to placeholders */ @@ -1157,8 +1170,12 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_resize_comments(FLAC__St return false; } else { - const unsigned old_size = object->data.vorbis_comment.num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry); - const unsigned new_size = new_num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry); + const size_t old_size = object->data.vorbis_comment.num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry); + const size_t new_size = new_num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry); + + /* overflow check */ + if(new_num_comments > UINT32_MAX / sizeof(FLAC__StreamMetadata_VorbisComment_Entry)) + return false; FLAC__ASSERT(object->data.vorbis_comment.num_comments > 0); @@ -1174,7 +1191,7 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_resize_comments(FLAC__St free(object->data.vorbis_comment.comments); object->data.vorbis_comment.comments = 0; } - else if(0 == (object->data.vorbis_comment.comments = (FLAC__StreamMetadata_VorbisComment_Entry*)realloc(object->data.vorbis_comment.comments, new_size))) + else if(0 == (object->data.vorbis_comment.comments = realloc(object->data.vorbis_comment.comments, new_size))) return false; /* if growing, zero all the length/pointers of new elements */ @@ -1238,7 +1255,7 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_replace_comment(FLAC__St { int i; - unsigned field_name_length; + size_t field_name_length; const FLAC__byte *eq = (FLAC__byte*)memchr(entry.entry, '=', entry.length); FLAC__ASSERT(0 != eq); @@ -1248,16 +1265,21 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_replace_comment(FLAC__St field_name_length = eq-entry.entry; - if((i = vorbiscomment_find_entry_from_(object, 0, (const char *)entry.entry, field_name_length)) >= 0) { + i = vorbiscomment_find_entry_from_(object, 0, (const char *)entry.entry, field_name_length); + if(i >= 0) { unsigned index = (unsigned)i; if(!FLAC__metadata_object_vorbiscomment_set_comment(object, index, entry, copy)) return false; - if(all && (index+1 < object->data.vorbis_comment.num_comments)) { - for(i = vorbiscomment_find_entry_from_(object, index+1, (const char *)entry.entry, field_name_length); i >= 0; ) { - if(!FLAC__metadata_object_vorbiscomment_delete_comment(object, (unsigned)i)) + entry = object->data.vorbis_comment.comments[index]; + index++; /* skip over replaced comment */ + if(all && index < object->data.vorbis_comment.num_comments) { + i = vorbiscomment_find_entry_from_(object, index, (const char *)entry.entry, field_name_length); + while(i >= 0) { + index = (unsigned)i; + if(!FLAC__metadata_object_vorbiscomment_delete_comment(object, index)) return false; - if((unsigned)i < object->data.vorbis_comment.num_comments) - i = vorbiscomment_find_entry_from_(object, (unsigned)i, (const char *)entry.entry, field_name_length); + if(index < object->data.vorbis_comment.num_comments) + i = vorbiscomment_find_entry_from_(object, index, (const char *)entry.entry, field_name_length); else i = -1; } @@ -1306,14 +1328,14 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_entry_from_name_value_pa const size_t nn = strlen(field_name); const size_t nv = strlen(field_value); entry->length = nn + 1 /*=*/ + nv; - if(0 == (entry->entry = (FLAC__byte*)malloc(entry->length+1))) + if(0 == (entry->entry = safe_malloc_add_4op_(nn, /*+*/1, /*+*/nv, /*+*/1))) return false; memcpy(entry->entry, field_name, nn); entry->entry[nn] = '='; memcpy(entry->entry+nn+1, field_value, nv); entry->entry[entry->length] = '\0'; } - + return true; } @@ -1333,9 +1355,9 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_entry_to_name_value_pair FLAC__ASSERT(0 != eq); if(0 == eq) return false; /* double protection */ - if(0 == (*field_name = (char*)malloc(nn+1))) + if(0 == (*field_name = safe_malloc_add_2op_(nn, /*+*/1))) return false; - if(0 == (*field_value = (char*)malloc(nv+1))) { + if(0 == (*field_value = safe_malloc_add_2op_(nv, /*+*/1))) { free(*field_name); return false; } @@ -1353,7 +1375,7 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_entry_matches(const FLAC FLAC__ASSERT(0 != entry.entry && entry.length > 0); { const FLAC__byte *eq = (FLAC__byte*)memchr(entry.entry, '=', entry.length); -#if defined _MSC_VER || defined __MINGW32__ || defined __EMX__ +#if defined _MSC_VER || defined __BORLANDC__ || defined __MINGW32__ #define FLAC__STRNCASECMP strnicmp #else #define FLAC__STRNCASECMP strncasecmp @@ -1411,9 +1433,9 @@ FLAC_API int FLAC__metadata_object_vorbiscomment_remove_entries_matching(FLAC__S return ok? (int)matching : -1; } -FLAC_API FLAC__StreamMetadata_CueSheet_Track *FLAC__metadata_object_cuesheet_track_new() +FLAC_API FLAC__StreamMetadata_CueSheet_Track *FLAC__metadata_object_cuesheet_track_new(void) { - return (FLAC__StreamMetadata_CueSheet_Track*)calloc(1, sizeof(FLAC__StreamMetadata_CueSheet_Track)); + return calloc(1, sizeof(FLAC__StreamMetadata_CueSheet_Track)); } FLAC_API FLAC__StreamMetadata_CueSheet_Track *FLAC__metadata_object_cuesheet_track_clone(const FLAC__StreamMetadata_CueSheet_Track *object) @@ -1465,8 +1487,12 @@ FLAC_API FLAC__bool FLAC__metadata_object_cuesheet_track_resize_indices(FLAC__St return false; } else { - const unsigned old_size = track->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index); - const unsigned new_size = new_num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index); + const size_t old_size = track->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index); + const size_t new_size = new_num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index); + + /* overflow check */ + if(new_num_indices > UINT32_MAX / sizeof(FLAC__StreamMetadata_CueSheet_Index)) + return false; FLAC__ASSERT(track->num_indices > 0); @@ -1474,7 +1500,7 @@ FLAC_API FLAC__bool FLAC__metadata_object_cuesheet_track_resize_indices(FLAC__St free(track->indices); track->indices = 0; } - else if(0 == (track->indices = (FLAC__StreamMetadata_CueSheet_Index*)realloc(track->indices, new_size))) + else if(0 == (track->indices = realloc(track->indices, new_size))) return false; /* if growing, zero all the lengths/pointers of new elements */ @@ -1549,8 +1575,12 @@ FLAC_API FLAC__bool FLAC__metadata_object_cuesheet_resize_tracks(FLAC__StreamMet return false; } else { - const unsigned old_size = object->data.cue_sheet.num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track); - const unsigned new_size = new_num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track); + const size_t old_size = object->data.cue_sheet.num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track); + const size_t new_size = new_num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track); + + /* overflow check */ + if(new_num_tracks > UINT32_MAX / sizeof(FLAC__StreamMetadata_CueSheet_Track)) + return false; FLAC__ASSERT(object->data.cue_sheet.num_tracks > 0); @@ -1566,7 +1596,7 @@ FLAC_API FLAC__bool FLAC__metadata_object_cuesheet_resize_tracks(FLAC__StreamMet free(object->data.cue_sheet.tracks); object->data.cue_sheet.tracks = 0; } - else if(0 == (object->data.cue_sheet.tracks = (FLAC__StreamMetadata_CueSheet_Track*)realloc(object->data.cue_sheet.tracks, new_size))) + else if(0 == (object->data.cue_sheet.tracks = realloc(object->data.cue_sheet.tracks, new_size))) return false; /* if growing, zero all the lengths/pointers of new elements */ @@ -1670,6 +1700,7 @@ static FLAC__uint32 cddb_add_digits_(FLAC__uint32 x) return n; } +/*@@@@add to tests*/ FLAC_API FLAC__uint32 FLAC__metadata_object_cuesheet_calculate_cddb_id(const FLAC__StreamMetadata *object) { const FLAC__StreamMetadata_CueSheet *cs; @@ -1707,6 +1738,8 @@ FLAC_API FLAC__bool FLAC__metadata_object_picture_set_mime_type(FLAC__StreamMeta /* do the copy first so that if we fail we leave the object untouched */ if(copy) { + if(new_length >= SIZE_MAX) /* overflow check */ + return false; if(!copy_bytes_((FLAC__byte**)(&object->data.picture.mime_type), (FLAC__byte*)mime_type, new_length+1)) return false; } @@ -1737,6 +1770,8 @@ FLAC_API FLAC__bool FLAC__metadata_object_picture_set_description(FLAC__StreamMe /* do the copy first so that if we fail we leave the object untouched */ if(copy) { + if(new_length >= SIZE_MAX) /* overflow check */ + return false; if(!copy_bytes_(&object->data.picture.description, description, new_length+1)) return false; }