[libbdplus-devel] [Git][videolan/libbdplus][master] 7 commits: Check for NULL
Petri Hintukainen (@hpi)
gitlab at videolan.org
Sun Mar 6 12:21:01 UTC 2022
Petri Hintukainen pushed to branch master at VideoLAN / libbdplus
Commits:
86799d08 by anonymous at 2022-03-06T14:17:00+02:00
Check for NULL
- - - - -
2328cf66 by anonymous at 2022-03-06T14:17:26+02:00
Comment out unreachable case
- - - - -
70da9a70 by anonymous at 2022-03-06T14:18:00+02:00
Fix leak
- - - - -
df6209e5 by anonymous at 2022-03-06T14:18:34+02:00
Fix leak
- - - - -
1cc81c48 by anonymous at 2022-03-06T14:19:18+02:00
segment_save: Check fwrite() result
- - - - -
28a269f7 by anonymous at 2022-03-06T14:19:35+02:00
Fix possible integer overflow
- - - - -
c0336aee by anonymous at 2022-03-06T14:20:22+02:00
Check for error
- - - - -
4 changed files:
- src/libbdplus/bdsvm/diff.c
- src/libbdplus/bdsvm/segment.c
- src/libbdplus/bdsvm/trap.c
- src/libbdplus/internal.c
Changes:
=====================================
src/libbdplus/bdsvm/diff.c
=====================================
@@ -197,6 +197,7 @@ uint32_t diff_hashdb_load(uint8_t *hashname, uint8_t *fname, uint64_t offset,
// Hash it.
gcry_md_hash_buffer(GCRY_MD_SHA1, digest, namehash, shalen - 1);
+ X_FREE(namehash);
memset(str, 0, sizeof(str));
BD_DEBUG(DBG_BDPLUS,"[diff] find hashdb: %s\n",
=====================================
src/libbdplus/bdsvm/segment.c
=====================================
@@ -1045,7 +1045,7 @@ int32_t segment_save(conv_table_t *ct, FILE *fd)
STORE2((uint8_t *)&u16, ct->numTables);
rval = fwrite(&u16, sizeof(u16), 1, fd);
if(rval != 1)
- BD_DEBUG(DBG_BDPLUS,"[segment] Unable to write number of tables\n");
+ goto fail;
// We use "offset" to keep track of where we are, and were we WILL write
// entries, for the index-offset-array we write at the start of each
@@ -1061,10 +1061,14 @@ int32_t segment_save(conv_table_t *ct, FILE *fd)
STORE4((uint8_t *)&u32, subtable->tableID);
rval = fwrite(&u32, sizeof(u32), 1, fd);
+ if (rval != 1)
+ goto fail;
offset += 4;
STORE2((uint8_t *)&u16, subtable->numSegments);
rval = fwrite(&u16, sizeof(u16), 1, fd);
+ if (rval != 1)
+ goto fail;
offset += 2;
offset += subtable->numSegments * sizeof(uint32_t);
@@ -1078,6 +1082,8 @@ int32_t segment_save(conv_table_t *ct, FILE *fd)
//STORE4((uint8_t *)&u32, segment->offset);
STORE4((uint8_t *)&u32, offset);
rval = fwrite(&u32, sizeof(u32), 1, fd);
+ if (rval != 1)
+ goto fail;
// Increase offset based on size of entries.
offset += sizeof(segment->numEntries);
@@ -1101,6 +1107,8 @@ int32_t segment_save(conv_table_t *ct, FILE *fd)
STORE4((uint8_t *)&u32, segment->numEntries);
rval = fwrite(&u32, sizeof(u32), 1, fd);
+ if (rval != 1)
+ goto fail;
// Write out entry index list
for (currentry = 0; currentry < segment->numEntries; currentry++) {
@@ -1109,6 +1117,8 @@ int32_t segment_save(conv_table_t *ct, FILE *fd)
STORE4((uint8_t *)&u32, entry->index);
rval = fwrite(&u32, sizeof(u32), 1, fd);
+ if (rval != 1)
+ goto fail;
}
// Write out entries
@@ -1117,17 +1127,29 @@ int32_t segment_save(conv_table_t *ct, FILE *fd)
entry = &segment->Entries[ currentry ];
rval = fwrite(&entry->flags, 1, 1, fd);
+ if (rval != 1)
+ goto fail;
u32 = entry->patch0_address_adjust << 20;
u32 |= (entry->patch1_address_adjust << 8);
STORE4(tmp, u32);
rval = fwrite(tmp, 3, 1, fd);
+ if (rval != 1)
+ goto fail;
rval = fwrite(&entry->patch0_buffer_offset, 1, 1, fd);
+ if (rval != 1)
+ goto fail;
rval = fwrite(&entry->patch1_buffer_offset, 1, 1, fd);
+ if (rval != 1)
+ goto fail;
rval = fwrite(&entry->patch0, sizeof(entry->patch0), 1, fd);
+ if (rval != 1)
+ goto fail;
rval = fwrite(&entry->patch1, sizeof(entry->patch1), 1, fd);
+ if (rval != 1)
+ goto fail;
} // entries
@@ -1135,6 +1157,9 @@ int32_t segment_save(conv_table_t *ct, FILE *fd)
} // tables
+ return 0;
+ fail:
+ BD_DEBUG(DBG_BDPLUS | DBG_CRIT, "[segment] Saving segment failed\n");
return -1;
}
@@ -1464,6 +1489,8 @@ static int ts_parse_desc_0x89(bdplus_st_t *ct, const unsigned spn, const unsigne
if (segment->Entries == NULL) {
segment->Entries = calloc(E1_CACHE_SIZE, sizeof(st->Segments[sp_id].Entries[0]));
segment->numEntries = 0;
+ if (!segment->Entries)
+ return 0;
}
/* drop past entries */
while (segment->numEntries > 0 &&
=====================================
src/libbdplus/bdsvm/trap.c
=====================================
@@ -135,7 +135,7 @@ uint32_t TRAP_Aes(bdplus_config_t *config, uint8_t *dst, uint8_t *src, uint32_t
gcry_error_t gcry_err;
uint32_t i;
uint8_t decryptedKey[AES_BLOCK_SIZE]; // Temporary key
- char errstr[100];
+ char errstr[100] = "";
BD_DEBUG(DBG_BDPLUS_TRAP,"[TRAP] TRAP_Aes(KeyID %08X)\n", opOrKeyID);
@@ -151,7 +151,12 @@ uint32_t TRAP_Aes(bdplus_config_t *config, uint8_t *dst, uint8_t *src, uint32_t
if ((opOrKeyID < 0xFFF10000) && (opOrKeyID > 6))
return STATUS_INVALID_PARAMETER;
- gcry_cipher_open(&gcry_h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0);
+ gcry_err = gcry_cipher_open(&gcry_h, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0);
+ if (gcry_err) {
+ gpg_strerror_r(gcry_err, errstr, sizeof(errstr));
+ BD_DEBUG(DBG_BDPLUS|DBG_CRIT,"[TRAP] TRAP_Aes %s.\n", errstr);
+ return STATUS_INVALID_PARAMETER;
+ }
switch(opOrKeyID) {
@@ -215,11 +220,13 @@ uint32_t TRAP_Aes(bdplus_config_t *config, uint8_t *dst, uint8_t *src, uint32_t
if (!config || !config->aes_keys) {
BD_DEBUG(DBG_BDPLUS | DBG_CRIT, "[TRAP] TRAP_Aes: AES keys not loaded.\n");
+ gcry_cipher_close(gcry_h);
return STATUS_INVALID_PARAMETER;
}
if ((int)opOrKeyID >= config->num_aes_keys) {
BD_DEBUG(DBG_BDPLUS|DBG_CRIT,"[TRAP] TRAP_Aes(AES_DECRYPT_PLAYERKEYS): Key %u does not exist in config.\n", opOrKeyID);
+ gcry_cipher_close(gcry_h);
return STATUS_INVALID_PARAMETER;
}
@@ -1181,7 +1188,7 @@ uint32_t TRAP_LoadContentCode(bdplus_config_t *config, uint8_t *FileName, uint32
file_close(fd);
return STATUS_INVALID_PARAMETER;
}
- if (file_seek(fd, Section * 0x200000, SEEK_CUR) < 0) { // locate wanted section
+ if (file_seek(fd, (int64_t)Section * 0x200000, SEEK_CUR) < 0) { // locate wanted section
BD_DEBUG(DBG_BDPLUS | DBG_CRIT,"[TRAP] ERROR: seeking %s to section %d failed\n", (char*)FileName, Section);
file_close(fd);
return STATUS_INVALID_PARAMETER;
=====================================
src/libbdplus/internal.c
=====================================
@@ -408,7 +408,7 @@ int32_t bdplus_run_convtab(bdplus_t *plus)
// Generic table retrieval.
switch(current_break) {
- case 0:
+ //case 0:
case 1:
case 2:
break; // Do nothing
@@ -531,7 +531,7 @@ int32_t bdplus_run_idle(VM *vm)
current_break++;
switch(current_break) {
- case 0: /* never 0 */
+ //case 0: /* never 0 */
case 1:
case 2:
case 3:
View it on GitLab: https://code.videolan.org/videolan/libbdplus/-/compare/bd404373d18b268e9e628db2f29151a60dce35ea...c0336aeea97927ae1ef35c1c50bc7a3b77dcad0b
--
View it on GitLab: https://code.videolan.org/videolan/libbdplus/-/compare/bd404373d18b268e9e628db2f29151a60dce35ea...c0336aeea97927ae1ef35c1c50bc7a3b77dcad0b
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the libbdplus-devel
mailing list