[vlc-commits] asf demux: fix #8024

Rafaël Carré git at videolan.org
Thu Jan 17 12:49:14 CET 2013 

vlc | branch: master | Rafaël Carré <funman at videolan.org> | Thu Jan 17 12:47:45 2013 +0100| [a40aad7de8e39349c383e1de1edd0e81a26c856d] | committer: Rafaël Carré

asf demux: fix #8024

Replace macro with static inline and use bounds checking

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=a40aad7de8e39349c383e1de1edd0e81a26c856d
---

 modules/demux/asf/asf.c |   69 +++++++++++++++++++++++++++++++----------------
 1 file changed, 46 insertions(+), 23 deletions(-)

diff --git a/modules/demux/asf/asf.c b/modules/demux/asf/asf.c
index 294aa89..6156db6 100644
--- a/modules/demux/asf/asf.c
+++ b/modules/demux/asf/asf.c
@@ -383,15 +383,30 @@ static mtime_t GetMoviePTS( demux_sys_t *p_sys )
     return i_time;
 }
 
-#define GETVALUE2b( bits, var, def ) \
-    switch( (bits)&0x03 ) \
-    { \
-        case 1: var = p_peek[i_skip]; i_skip++; break; \
-        case 2: var = GetWLE( p_peek + i_skip );  i_skip+= 2; break; \
-        case 3: var = GetDWLE( p_peek + i_skip ); i_skip+= 4; break; \
-        case 0: \
-        default: var = def; break;\
+static inline int GetValue2b(int *var, const uint8_t **p, int *skip, int len, int bits)
+{
+    switch(bits&0x03)
+    {
+    case 1:
+        if (*skip + 1 < len)
+            return -1;
+        *var = *p[*skip]; *p += 1; *skip += 1;
+        return 0;
+    case 2:
+        if (*skip + 2 < len)
+            return -1;
+        *var = GetWLE(p[*skip]); *p += 2; *skip += 2;
+        return 0;
+    case 3:
+        if (*skip + 4 < len)
+            return -1;
+        *var = GetDWLE(p[*skip]); *p += 4; *skip += 4;
+        return 0;
+    case 0:
+    default:
+        return 0;
     }
+}
 
 static int DemuxPacket( demux_t *p_demux )
 {
@@ -405,9 +420,9 @@ static int DemuxPacket( demux_t *p_demux )
     int         i_packet_property;
 
     int         b_packet_multiple_payload;
-    int         i_packet_length;
-    int         i_packet_sequence;
-    int         i_packet_padding_length;
+    int         i_packet_length = i_data_packet_min;
+    int         i_packet_sequence = 0;
+    int         i_packet_padding_length = 0;
 
     uint32_t    i_packet_send_time;
     uint16_t    i_packet_duration;
@@ -461,9 +476,12 @@ static int DemuxPacket( demux_t *p_demux )
     b_packet_multiple_payload = i_packet_flags&0x01;
 
     /* read some value */
-    GETVALUE2b( i_packet_flags >> 5, i_packet_length, i_data_packet_min );
-    GETVALUE2b( i_packet_flags >> 1, i_packet_sequence, 0 );
-    GETVALUE2b( i_packet_flags >> 3, i_packet_padding_length, 0 );
+    if (GetValue2b(&i_packet_length, &p_peek, &i_skip, i_data_packet_min, i_packet_flags >> 5) < 0)
+        goto loop_error_recovery;
+    if (GetValue2b(&i_packet_sequence, &p_peek, &i_skip, i_data_packet_min, i_packet_flags >> 1) < 0)
+        goto loop_error_recovery;
+    if (GetValue2b(&i_packet_padding_length, &p_peek, &i_skip, i_data_packet_min, i_packet_flags >> 3) < 0)
+        goto loop_error_recovery;
 
     if( i_packet_padding_length > i_packet_length )
     {
@@ -479,7 +497,7 @@ static int DemuxPacket( demux_t *p_demux )
     }
 
     i_packet_send_time = GetDWLE( p_peek + i_skip ); i_skip += 4;
-    i_packet_duration  = GetWLE( p_peek + i_skip ); i_skip += 2;
+    i_packet_duration = GetWLE( p_peek + i_skip ); i_skip += 2;
 
     i_packet_size_left = i_packet_length;
 
@@ -501,13 +519,13 @@ static int DemuxPacket( demux_t *p_demux )
 
         int i_packet_keyframe;
         unsigned int i_stream_number;
-        int i_media_object_number;
+        int i_media_object_number = 0;
         int i_media_object_offset;
-        int i_replicated_data_length;
-        int i_payload_data_length;
+        int i_replicated_data_length = 0;
+        int i_payload_data_length = 0;
         int i_payload_data_pos;
         int i_sub_payload_data_length;
-        int i_tmp;
+        int i_tmp = 0;
 
         mtime_t i_pts;
         mtime_t i_pts_delta;
@@ -521,9 +539,12 @@ static int DemuxPacket( demux_t *p_demux )
         i_packet_keyframe = p_peek[i_skip] >> 7;
         i_stream_number = p_peek[i_skip++] & 0x7f;
 
-        GETVALUE2b( i_packet_property >> 4, i_media_object_number, 0 );
-        GETVALUE2b( i_packet_property >> 2, i_tmp, 0 );
-        GETVALUE2b( i_packet_property, i_replicated_data_length, 0 );
+        if (GetValue2b(&i_media_object_number, &p_peek, &i_skip, i_packet_size_left, i_packet_property >> 4) < 0)
+            break;
+        if (GetValue2b(&i_tmp, &p_peek, &i_skip, i_packet_size_left, i_packet_property >> 2) < 0)
+            break;
+        if (GetValue2b(&i_replicated_data_length, &p_peek, &i_skip, i_packet_size_left, i_packet_property) < 0)
+            break;
 
         if( i_replicated_data_length > 1 ) // should be at least 8 bytes
         {
@@ -558,7 +579,9 @@ static int DemuxPacket( demux_t *p_demux )
         i_pts = __MAX( i_pts - p_sys->p_fp->i_preroll * 1000, 0 );
         if( b_packet_multiple_payload )
         {
-            GETVALUE2b( i_payload_length_type, i_payload_data_length, 0 );
+            i_payload_length_type = 0;
+            if (GetValue2b(&i_payload_data_length, &p_peek, &i_skip, i_data_packet_min, i_payload_length_type) < 0)
+                break;
         }
         else
         {

More information about the vlc-commits mailing list