diff options
| author | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2008-03-26 18:54:55 +0000 |
|---|---|---|
| committer | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2008-03-26 18:54:55 +0000 |
| commit | 1bedd052b17aab0fc6b1b85a727207648908095b (patch) | |
| tree | 3373c04b323dbeec5a0237db31c032661b2098ae | |
| parent | 38c7aa2581a80ca5fda454af74e0bd12f4f159b6 (diff) | |
| download | xine-lib-1bedd052b17aab0fc6b1b85a727207648908095b.tar.gz xine-lib-1bedd052b17aab0fc6b1b85a727207648908095b.tar.bz2 | |
Be more careful with malloc(x+1), particularly on 32-bit.
| -rw-r--r-- | src/demuxers/demux_matroska.c | 14 | ||||
| -rw-r--r-- | src/demuxers/ebml.c | 25 | ||||
| -rw-r--r-- | src/demuxers/ebml.h | 2 |
3 files changed, 23 insertions, 18 deletions
diff --git a/src/demuxers/demux_matroska.c b/src/demuxers/demux_matroska.c index 63b6ea3c8..7643a2cb4 100644 --- a/src/demuxers/demux_matroska.c +++ b/src/demuxers/demux_matroska.c @@ -1179,13 +1179,10 @@ static int parse_track_entry(demux_matroska_t *this, matroska_track_t *track) { break; case MATROSKA_ID_TR_CODECID: { - char *codec_id = malloc (elem.len + 1); + char *codec_id = ebml_alloc_read_ascii (ebml, &elem); lprintf("CodecID\n"); - if (!ebml_read_ascii(ebml, &elem, codec_id)) { - free(codec_id); + if (!codec_id) return 0; - } - codec_id[elem.len] = '\0'; track->codec_id = codec_id; } break; @@ -1203,13 +1200,10 @@ static int parse_track_entry(demux_matroska_t *this, matroska_track_t *track) { break; case MATROSKA_ID_TR_LANGUAGE: { - char *language = malloc (elem.len + 1); + char *language = ebml_alloc_read_ascii (ebml, &elem); lprintf("Language\n"); - if (!ebml_read_ascii(ebml, &elem, language)) { - free(language); + if (!language) return 0; - } - language[elem.len] = '\0'; track->language = language; } break; diff --git a/src/demuxers/ebml.c b/src/demuxers/ebml.c index cc8173c26..0c633643f 100644 --- a/src/demuxers/ebml.c +++ b/src/demuxers/ebml.c @@ -318,6 +318,22 @@ int ebml_read_utf8 (ebml_parser_t *ebml, ebml_elem_t *elem, char *str) { return ebml_read_ascii (ebml, elem, str); } +char *ebml_alloc_read_ascii (ebml_parser_t *ebml, ebml_elem_t *elem) +{ + char *text; + if (elem->len >= 4096) + return NULL; + text = malloc(elem->len + 1); + if (text) + { + text[elem->len] = '\0'; + if (ebml_read_ascii (ebml, &elem, text)) + return text; + free (text); + } + return NULL; +} + int ebml_read_date (ebml_parser_t *ebml, ebml_elem_t *elem, int64_t *date) { return ebml_read_sint (ebml, elem, date); } @@ -423,17 +439,10 @@ int ebml_check_header(ebml_parser_t *ebml) { } case EBML_ID_DOCTYPE: { - char *text = malloc(elem.len + 1); + char *text = ebml_alloc_read_ascii (ebml, &elem); if (!text) return 0; - text[elem.len] = '\0'; - if (!ebml_read_ascii (ebml, &elem, text)) - { - free (text); - return 0; - } - lprintf("doctype: %s\n", text); if (ebml->doctype) free (ebml->doctype); diff --git a/src/demuxers/ebml.h b/src/demuxers/ebml.h index 35078c502..a38515544 100644 --- a/src/demuxers/ebml.h +++ b/src/demuxers/ebml.h @@ -91,6 +91,8 @@ int ebml_read_ascii(ebml_parser_t *ebml, ebml_elem_t *elem, char *str); int ebml_read_utf8(ebml_parser_t *ebml, ebml_elem_t *elem, char *str); +char *ebml_alloc_read_ascii(ebml_parser_t *ebml, ebml_elem_t *elem); + int ebml_read_date(ebml_parser_t *ebml, ebml_elem_t *elem, int64_t *date); int ebml_read_master(ebml_parser_t *ebml, ebml_elem_t *elem); |