Commit 24c07ff7 authored by Jean-Paul Saman's avatar Jean-Paul Saman

ATSC descriptors: cleanup and review

- remove excess parenthesis
- add boundary checks
- explicite allocation of struct members
  requires explicite release of struct members when freeing
parent 98184467
......@@ -43,35 +43,33 @@ dvbpsi_carousel_id_dr_t *dvbpsi_DecodeCarouselIdDr(dvbpsi_descriptor_t *p_descri
/* Check the tag */
if (p_descriptor->i_tag != 0x13)
{
return NULL;
}
/* Don't decode twice */
if (p_descriptor->p_decoded)
{
return p_descriptor->p_decoded;
}
/* Check length */
if (p_descriptor->i_length < 4)
{
return NULL;
}
p_decoded = (dvbpsi_carousel_id_dr_t*)malloc(sizeof(dvbpsi_carousel_id_dr_t) + p_descriptor->i_length - 4);
p_decoded = (dvbpsi_carousel_id_dr_t*)malloc(sizeof(dvbpsi_carousel_id_dr_t));
if (!p_decoded)
return NULL;
p_decoded->p_private_data = malloc(p_descriptor->i_length - 4);
if (!p_decoded->s_private_data)
{
free(p_decoded);
return NULL;
}
p_decoded->i_private_data_len = p_descriptor->i_length - 4;
p_decoded->i_carousel_id= ((p_descriptor->p_data[0] & 0xff) << 24) | ((p_descriptor->p_data[1] & 0xff) << 16)|
p_decoded->i_carousel_id = ((p_descriptor->p_data[0] & 0xff) << 24) | ((p_descriptor->p_data[1] & 0xff) << 16)|
((p_descriptor->p_data[2] & 0xff) << 8) | (p_descriptor->p_data[3] & 0xff);
p_decoded->i_private_data_len= p_descriptor->i_length - 4;
memcpy(p_decoded->s_private_data, &p_descriptor->p_data[4], p_decoded->i_private_data_len);
memcpy(p_decoded->p_private_data, &p_descriptor->p_data[4], p_decoded->i_private_data_len);
p_descriptor->p_decoded = (void*)p_decoded;
return p_decoded;
}
......@@ -40,7 +40,7 @@ typedef struct dvbpsi_carousel_id_dr_s
{
uint32_t i_carousel_id;
uint8_t i_private_data_len;
uint8_t s_private_data[0];
uint8_t *p_private_data; /*< allocated memory must be released */
}dvbpsi_carousel_id_dr_t;
/*****************************************************************************
......
......@@ -45,34 +45,39 @@ dvbpsi_association_tag_dr_t *dvbpsi_DecodeAssociationTagDr(dvbpsi_descriptor_t *
/* Check the tag */
if (p_descriptor->i_tag != 0x14)
{
return NULL;
}
/* Don't decode twice */
if (p_descriptor->p_decoded)
{
return p_descriptor->p_decoded;
}
/* Check length */
if (p_descriptor->i_length < 5)
{
return NULL;
}
selector_len = p_descriptor->p_data[4];
/* Invalid selector length */
if (selector_len + 5 > p_descriptor->i_length)
{
return NULL;
}
private_data_len= p_descriptor->i_length - (5 + selector_len);
p_decoded = (dvbpsi_association_tag_dr_t*)malloc(sizeof(dvbpsi_association_tag_dr_t) + selector_len + private_data_len);
p_decoded = (dvbpsi_association_tag_dr_t*)malloc(sizeof(dvbpsi_association_tag_dr_t));
if (!p_decoded)
return NULL;
p_decoded->p_selector = malloc(selector_len);
if (!p_decoded->p_selector)
{
free(p_decoder);
return NULL;
}
p_decoded->p_private_data = malloc(private_data_len);
if (!p_decoded->p_private_data)
{
free(p_decoded->p_selector);
free(p_decoder);
return NULL;
}
......@@ -82,12 +87,10 @@ dvbpsi_association_tag_dr_t *dvbpsi_DecodeAssociationTagDr(dvbpsi_descriptor_t *
p_decoded->i_private_data_len= private_data_len;
p_decoded->p_selector = ((void*)p_decoded) + sizeof(dvbpsi_association_tag_dr_t);
p_decoded->p_private_data = p_decoded->p_selector + selector_len;
memcpy(p_decoded->p_selector, &p_descriptor->p_data[5 ], selector_len);
memcpy(p_decoded->p_selector, &p_descriptor->p_data[5], selector_len);
memcpy(p_decoded->p_private_data, &p_descriptor->p_data[5 + selector_len], private_data_len);
p_descriptor->p_decoded = (void*)p_decoded;
return p_decoded;
}
......@@ -43,9 +43,8 @@ typedef struct dvbpsi_association_tag_dr_s
uint8_t i_selector_len;
uint8_t *p_selector;
uint8_t i_private_data_len;
uint8_t *p_private_data;
}dvbpsi_association_tag_dr_t;
uint8_t *p_private_data; /*< release allocated memory */
} dvbpsi_association_tag_dr_t;
/*****************************************************************************
* dvbpsi_DecodeAssociationTagDr
......
......@@ -43,29 +43,23 @@ dvbpsi_frequency_list_dr_t *dvbpsi_DecodeFrequencyListDr(dvbpsi_descriptor_t *p_
int i;
/* Check the tag */
if (p_descriptor->i_tag != 0x62)
{
return NULL;
}
/* Don't decode twice */
if (p_descriptor->p_decoded)
{
return p_descriptor->p_decoded;
}
/* Check length */
if ((p_descriptor->i_length - 1) % 4)
{
return NULL;
}
p_decoded = (dvbpsi_frequency_list_dr_t*)malloc(sizeof(dvbpsi_frequency_list_dr_t));
if (!p_decoded)
{
return NULL;
}
p_decoded->i_number_of_frequencies = (p_descriptor->i_length - 1) / 4;
if (p_decoded->i_number_of_frequencies > ARRAY_SIZE(p_decoded->p_center_frequencies))
p_decoded->i_number_of_frequencies = ARRAY_SIZE(p_decoded->p_center_frequencies);
p_decoded->i_coding_type = p_descriptor->p_data[0] & 0x3;
......
......@@ -43,33 +43,30 @@ dvbpsi_data_broadcast_id_dr_t *dvbpsi_DecodeDataBroadcastIdDr(dvbpsi_descriptor_
/* Check the tag */
if (p_descriptor->i_tag != 0x66)
{
return NULL;
}
/* Don't decode twice */
if (p_descriptor->p_decoded)
{
return p_descriptor->p_decoded;
}
/* Check length */
if (p_descriptor->i_length < 2)
{
return NULL;
}
p_decoded = (dvbpsi_data_broadcast_id_dr_t*)malloc(sizeof(dvbpsi_data_broadcast_id_dr_t) + p_descriptor->i_length - 2);
p_decoded = (dvbpsi_data_broadcast_id_dr_t*)malloc(sizeof(dvbpsi_data_broadcast_id_dr_t));
if (!p_decoded)
return NULL;
p_decoded->p_id_selector = malloc(p_descriptor->i_length - 2);
if (!p_decoded->p_id_selector)
{
free(p_decoded);
return NULL;
}
p_decoded->i_data_broadcast_id = ((p_descriptor->p_data[0] & 0xff) << 8) | (p_descriptor->p_data[1] & 0xff);
p_decoded->i_id_selector_len = p_descriptor->i_length - 2;
memcpy(p_decoded->s_id_selector, &p_descriptor->p_data[2], p_decoded->i_id_selector_len);
memcpy(p_decoded->p_id_selector, &p_descriptor->p_data[2], p_decoded->i_id_selector_len);
p_descriptor->p_decoded = (void*)p_decoded;
return p_decoded;
}
......@@ -40,7 +40,7 @@ typedef struct dvbpsi_data_broadcast_id_dr_s
{
uint16_t i_data_broadcast_id;
uint8_t i_id_selector_len;
uint8_t s_id_selector[0];
uint8_t *p_id_selector; /*< release allocated memory */
}dvbpsi_data_broadcast_id_dr_t;
/*****************************************************************************
......
......@@ -42,21 +42,19 @@ dvbpsi_default_authority_dr_t *dvbpsi_DecodeDefaultAuthorityDr(dvbpsi_descriptor
/* Check the tag */
if (p_descriptor->i_tag != 0x73)
{
return NULL;
}
/* Don't decode twice */
if (p_descriptor->p_decoded)
{
return p_descriptor->p_decoded;
}
p_decoded = (dvbpsi_default_authority_dr_t*)malloc(sizeof(dvbpsi_default_authority_dr_t));
if (!p_decoded)
{
return NULL;
}
if (p_descriptor->i_length > 255)
p_descriptor->i_length = 255;
memcpy(&p_decoded->authority, p_descriptor->p_data, p_descriptor->i_length);
p_decoded->authority[p_descriptor->i_length] = 0;
......@@ -64,5 +62,3 @@ dvbpsi_default_authority_dr_t *dvbpsi_DecodeDefaultAuthorityDr(dvbpsi_descriptor
return p_decoded;
}
......@@ -40,23 +40,22 @@ dvbpsi_content_id_dr_t *dvbpsi_DecodeContentIdDr(dvbpsi_descriptor_t *p_descript
{
dvbpsi_content_id_dr_t *p_decoded;
int byte;
/* Check the tag */
if (p_descriptor->i_tag != 0x76)
{
return NULL;
}
/* Don't decode twice */
if (p_descriptor->p_decoded)
{
return p_descriptor->p_decoded;
}
/* Check boundaries */
if (p_descriptor->i_length > ARRAY_SIZE(p_decoded->p_entries))
p_descriptor->i_length = ARRAY_SIZE(p_decoded->p_entries);
p_decoded = (dvbpsi_content_id_dr_t*)malloc(sizeof(dvbpsi_content_id_dr_t));
if (!p_decoded)
{
return NULL;
}
p_decoded->i_number_of_entries = 0;
for (byte = 0; byte < p_descriptor->i_length; p_decoded->i_number_of_entries ++)
......@@ -70,6 +69,9 @@ dvbpsi_content_id_dr_t *dvbpsi_DecodeContentIdDr(dvbpsi_descriptor_t *p_descript
if (entry->i_location == CRID_LOCATION_DESCRIPTOR)
{
uint8_t len = p_descriptor->p_data[byte];
if (len > 253)
len = 253;
unsigned int i;
byte ++;
for (i = 0; i < len; i ++)
......@@ -91,11 +93,9 @@ dvbpsi_content_id_dr_t *dvbpsi_DecodeContentIdDr(dvbpsi_descriptor_t *p_descript
free(p_decoded);
return NULL;
}
}
p_descriptor->p_decoded = (void*)p_decoded;
return p_decoded;
}
......@@ -40,31 +40,26 @@ dvbpsi_lcn_dr_t *dvbpsi_DecodeLCNDr(dvbpsi_descriptor_t *p_descriptor)
{
dvbpsi_lcn_dr_t *p_decoded;
int i;
/* Check the tag */
if (p_descriptor->i_tag != 0x83)
{
return NULL;
}
/* Don't decode twice */
if (p_descriptor->p_decoded)
{
return p_descriptor->p_decoded;
}
/* Check length */
if (p_descriptor->i_length % 4)
{
return NULL;
}
p_decoded = (dvbpsi_lcn_dr_t*)malloc(sizeof(dvbpsi_lcn_dr_t));
if (!p_decoded)
{
return NULL;
}
p_decoded->i_number_of_entries = p_descriptor->i_length / 4;
if (p_decoded->i_number_of_entries > ARRAY_SIZE(p_decoded->p_entries))
p_decoded->i_number_of_entries = ARRAY_SIZE(p_decoded->p_entries);
for (i = 0; i < p_decoded->i_number_of_entries; i ++)
{
......
......@@ -65,7 +65,7 @@ typedef struct dvbpsi_lcn_dr_s
{
uint8_t i_number_of_entries; /*!< Number of LCN entries present. */
dvbpsi_lcn_entry_t p_entries[64];/*!< Array of LCN entries. */
}dvbpsi_lcn_dr_t;
} dvbpsi_lcn_dr_t;
/*****************************************************************************
* dvbpsi_DecodeLCNDr
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment