Check some malloc() failures - yes it can happen when the alloc size is...

Check some malloc() failures - yes it can happen when the alloc size is variable. Unfortunately, the MP4 code seems pretty hopeless.

Check some malloc() failures - yes it can happen when the alloc size is...
Check some malloc() failures - yes it can happen when the alloc size is variable. Unfortunately, the MP4 code seems pretty hopeless.
fcbf24b4 · Rémi Denis-Courmont · 80af71f7 · fcbf24b4
Commit fcbf24b4 authored Mar 01, 2008 by Rémi Denis-Courmont
Show whitespace changes
Inline Side-by-side

Showing with 26 additions and 12 deletions

modules/demux/mp4/libmp4.c modules/demux/mp4/libmp4.c +26 -12

No files found.
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -68,8 +68,11 @@
    {       \
        const int __i_copy__ = strnlen( (char*)p_peek, i_read-1 );  \
        p_str = malloc( __i_copy__+1 );               \
-        if( __i_copy__ > 0 ) memcpy( p_str, p_peek, __i_copy__ );   \
+        if( p_str ) \
+        { \
+             memcpy( p_str, p_peek, __i_copy__ ); \
             p_str[__i_copy__] = 0; \
+        } \
        p_peek += __i_copy__ + 1;   \
        i_read -= __i_copy__ + 1;   \
    }       \
@@ -588,6 +591,7 @@ static int MP4_ReadBox_mdhd( stream_t *p_stream, MP4_Box_t *p_box )
 static int MP4_ReadBox_hdlr( stream_t *p_stream, MP4_Box_t *p_box )
 {
    int32_t i_reserved;
+    int code = 0;
    MP4_READBOX_ENTER( MP4_Box_data_hdlr_t );
@@ -603,7 +607,9 @@ static int MP4_ReadBox_hdlr( stream_t *p_stream, MP4_Box_t *p_box )
    if( i_read > 0 )
    {
-        p_box->data.p_hdlr->psz_name = malloc( i_read + 1 );
+        uint8_t *psz = p_box->data.p_hdlr->psz_name = malloc( i_read + 1 );
+        if( psz == NULL )
+            goto error;
        /* Yes, I love .mp4 :( */
        if( p_box->data.p_hdlr->i_predefined == VLC_FOURCC( 'm', 'h', 'l', 'r' ) )
@@ -614,12 +620,12 @@ static int MP4_ReadBox_hdlr( stream_t *p_stream, MP4_Box_t *p_box )
            MP4_GET1BYTE( i_len );
            i_copy = __MIN( i_read, i_len );
-            memcpy( p_box->data.p_hdlr->psz_name, p_peek, i_copy );
+            memcpy( psz, p_peek, i_copy );
            p_box->data.p_hdlr->psz_name[i_copy] = '\0';
        }
        else
        {
-            memcpy( p_box->data.p_hdlr->psz_name, p_peek, i_read );
+            memcpy( psz, p_peek, i_read );
            p_box->data.p_hdlr->psz_name[i_read] = '\0';
        }
    }
@@ -630,7 +636,10 @@ static int MP4_ReadBox_hdlr( stream_t *p_stream, MP4_Box_t *p_box )
                   p_box->data.p_hdlr->psz_name );
 #endif
-    MP4_READBOX_EXIT( 1 );
+    code = 1;
+error:
+    MP4_READBOX_EXIT( code );
 }
 static void MP4_FreeBox_hdlr( MP4_Box_t *p_box )
@@ -891,8 +900,11 @@ static int MP4_ReadBox_esds( stream_t *p_stream, MP4_Box_t *p_box )
            MP4_GET1BYTE( i_len );
            es_descriptor.psz_URL = malloc( i_len + 1 );
+            if( es_descriptor.psz_URL )
+            {
                memcpy( es_descriptor.psz_URL, p_peek, i_len );
                es_descriptor.psz_URL[i_len] = 0;
+            }
            p_peek += i_len;
            i_read -= i_len;
        }
@@ -947,6 +959,7 @@ static int MP4_ReadBox_esds( stream_t *p_stream, MP4_Box_t *p_box )
    es_descriptor.p_decConfigDescr->i_decoder_specific_info_len = i_len;
    es_descriptor.p_decConfigDescr->p_decoder_specific_info = malloc( i_len );
+    if( es_descriptor.p_decConfigDescr->p_decoder_specific_info )
        memcpy( es_descriptor.p_decConfigDescr->p_decoder_specific_info,
                p_peek, i_len );
@@ -976,8 +989,9 @@ static int MP4_ReadBox_avcC( stream_t *p_stream, MP4_Box_t *p_box )
    p_avcC->i_avcC = i_read;
    if( p_avcC->i_avcC > 0 )
    {
-        p_avcC->p_avcC = malloc( p_avcC->i_avcC );
+        uint8_t * p = p_avcC->p_avcC = malloc( p_avcC->i_avcC );
-        memcpy( p_avcC->p_avcC, p_peek, i_read );
+        if( p )
+            memcpy( p, p_peek, i_read );
    }
    MP4_GET1BYTE( p_avcC->i_version );