mirror of
https://github.com/claunia/flac.git
synced 2025-12-16 18:54:26 +00:00
extra checking on memory allocation sizes to prevent a class of overflow attacks
This commit is contained in:
Josh Coalson
@@ -50,6 +50,7 @@
|
||||
#include "private/bitwriter.h"
|
||||
#include "private/crc.h"
|
||||
#include "FLAC/assert.h"
|
||||
#include "share/alloc.h"
|
||||
|
||||
/* Things should be fastest when this matches the machine word size */
|
||||
/* WATCHOUT: if you change this you must also change the following #defines down to SWAP_BE_WORD_TO_HOST below to match */
|
||||
@@ -141,7 +142,7 @@ static FLAC__bool bitwriter_grow_(FLAC__BitWriter *bw, unsigned bits_to_add)
|
||||
FLAC__ASSERT(new_capacity > bw->capacity);
|
||||
FLAC__ASSERT(new_capacity >= bw->words + ((bw->bits + bits_to_add + FLAC__BITS_PER_WORD - 1) / FLAC__BITS_PER_WORD));
|
||||
|
||||
new_buffer = (bwword*)realloc(bw->buffer, sizeof(bwword)*new_capacity);
|
||||
new_buffer = (bwword*)safe_realloc_mul_2op_(bw->buffer, sizeof(bwword), /*times*/new_capacity);
|
||||
if(new_buffer == 0)
|
||||
return false;
|
||||
bw->buffer = new_buffer;
|
||||
|
||||
@@ -33,7 +33,7 @@ typedef struct {
|
||||
FLAC__uint32 buf[4];
|
||||
FLAC__uint32 bytes[2];
|
||||
FLAC__byte *internal_buf;
|
||||
unsigned capacity;
|
||||
size_t capacity;
|
||||
} FLAC__MD5Context;
|
||||
|
||||
void FLAC__MD5Init(FLAC__MD5Context *context);
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
#include <string.h> /* for memcpy() */
|
||||
|
||||
#include "private/md5.h"
|
||||
#include "share/alloc.h"
|
||||
|
||||
#ifndef FLaC__INLINE
|
||||
#define FLaC__INLINE
|
||||
@@ -396,13 +397,19 @@ static void format_input_(FLAC__byte *buf, const FLAC__int32 * const signal[], u
|
||||
*/
|
||||
FLAC__bool FLAC__MD5Accumulate(FLAC__MD5Context *ctx, const FLAC__int32 * const signal[], unsigned channels, unsigned samples, unsigned bytes_per_sample)
|
||||
{
|
||||
const unsigned bytes_needed = channels * samples * bytes_per_sample;
|
||||
const size_t bytes_needed = (size_t)channels * (size_t)samples * (size_t)bytes_per_sample;
|
||||
|
||||
/* overflow check */
|
||||
if((size_t)channels > SIZE_MAX / (size_t)bytes_per_sample)
|
||||
return false;
|
||||
if((size_t)channels * (size_t)bytes_per_sample > SIZE_MAX / (size_t)samples)
|
||||
return false;
|
||||
|
||||
if(ctx->capacity < bytes_needed) {
|
||||
FLAC__byte *tmp = (FLAC__byte*)realloc(ctx->internal_buf, bytes_needed);
|
||||
if(0 == tmp) {
|
||||
free(ctx->internal_buf);
|
||||
if(0 == (ctx->internal_buf = (FLAC__byte*)malloc(bytes_needed)))
|
||||
if(0 == (ctx->internal_buf = (FLAC__byte*)safe_malloc_(bytes_needed)))
|
||||
return false;
|
||||
}
|
||||
ctx->internal_buf = tmp;
|
||||
|
||||
@@ -35,6 +35,7 @@
|
||||
|
||||
#include "private/memory.h"
|
||||
#include "FLAC/assert.h"
|
||||
#include "share/alloc.h"
|
||||
|
||||
void *FLAC__memory_alloc_aligned(size_t bytes, void **aligned_address)
|
||||
{
|
||||
@@ -44,7 +45,7 @@ void *FLAC__memory_alloc_aligned(size_t bytes, void **aligned_address)
|
||||
|
||||
#ifdef FLAC__ALIGN_MALLOC_DATA
|
||||
/* align on 32-byte (256-bit) boundary */
|
||||
x = malloc(bytes+31);
|
||||
x = safe_malloc_add_2op_(bytes, /*+*/31);
|
||||
#ifdef SIZEOF_VOIDP
|
||||
#if SIZEOF_VOIDP == 4
|
||||
/* could do *aligned_address = x + ((unsigned) (32 - (((unsigned)x) & 31))) & 31; */
|
||||
@@ -64,7 +65,7 @@ void *FLAC__memory_alloc_aligned(size_t bytes, void **aligned_address)
|
||||
return 0;
|
||||
#endif
|
||||
#else
|
||||
x = malloc(bytes);
|
||||
x = safe_malloc_(bytes);
|
||||
*aligned_address = x;
|
||||
#endif
|
||||
return x;
|
||||
@@ -83,7 +84,10 @@ FLAC__bool FLAC__memory_alloc_aligned_int32_array(unsigned elements, FLAC__int32
|
||||
FLAC__ASSERT(0 != aligned_pointer);
|
||||
FLAC__ASSERT(unaligned_pointer != aligned_pointer);
|
||||
|
||||
pu = (FLAC__int32*)FLAC__memory_alloc_aligned(sizeof(FLAC__int32) * elements, &u.pv);
|
||||
if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
|
||||
return false;
|
||||
|
||||
pu = (FLAC__int32*)FLAC__memory_alloc_aligned(sizeof(*pu) * (size_t)elements, &u.pv);
|
||||
if(0 == pu) {
|
||||
return false;
|
||||
}
|
||||
@@ -109,7 +113,10 @@ FLAC__bool FLAC__memory_alloc_aligned_uint32_array(unsigned elements, FLAC__uint
|
||||
FLAC__ASSERT(0 != aligned_pointer);
|
||||
FLAC__ASSERT(unaligned_pointer != aligned_pointer);
|
||||
|
||||
pu = (FLAC__uint32*)FLAC__memory_alloc_aligned(sizeof(FLAC__uint32) * elements, &u.pv);
|
||||
if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
|
||||
return false;
|
||||
|
||||
pu = (FLAC__uint32*)FLAC__memory_alloc_aligned(sizeof(*pu) * elements, &u.pv);
|
||||
if(0 == pu) {
|
||||
return false;
|
||||
}
|
||||
@@ -135,7 +142,10 @@ FLAC__bool FLAC__memory_alloc_aligned_uint64_array(unsigned elements, FLAC__uint
|
||||
FLAC__ASSERT(0 != aligned_pointer);
|
||||
FLAC__ASSERT(unaligned_pointer != aligned_pointer);
|
||||
|
||||
pu = (FLAC__uint64*)FLAC__memory_alloc_aligned(sizeof(FLAC__uint64) * elements, &u.pv);
|
||||
if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
|
||||
return false;
|
||||
|
||||
pu = (FLAC__uint64*)FLAC__memory_alloc_aligned(sizeof(*pu) * elements, &u.pv);
|
||||
if(0 == pu) {
|
||||
return false;
|
||||
}
|
||||
@@ -161,7 +171,10 @@ FLAC__bool FLAC__memory_alloc_aligned_unsigned_array(unsigned elements, unsigned
|
||||
FLAC__ASSERT(0 != aligned_pointer);
|
||||
FLAC__ASSERT(unaligned_pointer != aligned_pointer);
|
||||
|
||||
pu = (unsigned*)FLAC__memory_alloc_aligned(sizeof(unsigned) * elements, &u.pv);
|
||||
if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
|
||||
return false;
|
||||
|
||||
pu = (unsigned*)FLAC__memory_alloc_aligned(sizeof(*pu) * elements, &u.pv);
|
||||
if(0 == pu) {
|
||||
return false;
|
||||
}
|
||||
@@ -189,7 +202,10 @@ FLAC__bool FLAC__memory_alloc_aligned_real_array(unsigned elements, FLAC__real *
|
||||
FLAC__ASSERT(0 != aligned_pointer);
|
||||
FLAC__ASSERT(unaligned_pointer != aligned_pointer);
|
||||
|
||||
pu = (FLAC__real*)FLAC__memory_alloc_aligned(sizeof(FLAC__real) * elements, &u.pv);
|
||||
if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
|
||||
return false;
|
||||
|
||||
pu = (FLAC__real*)FLAC__memory_alloc_aligned(sizeof(*pu) * elements, &u.pv);
|
||||
if(0 == pu) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -61,6 +61,7 @@
|
||||
|
||||
#include "FLAC/assert.h"
|
||||
#include "FLAC/stream_decoder.h"
|
||||
#include "share/alloc.h"
|
||||
|
||||
#ifdef max
|
||||
#undef max
|
||||
@@ -2152,6 +2153,9 @@ FLAC__Metadata_SimpleIteratorStatus read_metadata_block_data_application_cb_(FLA
|
||||
if(read_cb(block->id, 1, id_bytes, handle) != id_bytes)
|
||||
return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_READ_ERROR;
|
||||
|
||||
if(block_length < id_bytes)
|
||||
return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_READ_ERROR;
|
||||
|
||||
block_length -= id_bytes;
|
||||
|
||||
if(block_length == 0) {
|
||||
@@ -2179,7 +2183,7 @@ FLAC__Metadata_SimpleIteratorStatus read_metadata_block_data_seektable_cb_(FLAC_
|
||||
|
||||
if(block->num_points == 0)
|
||||
block->points = 0;
|
||||
else if(0 == (block->points = (FLAC__StreamMetadata_SeekPoint*)malloc(block->num_points * sizeof(FLAC__StreamMetadata_SeekPoint))))
|
||||
else if(0 == (block->points = (FLAC__StreamMetadata_SeekPoint*)safe_malloc_mul_2op_(block->num_points, /*times*/sizeof(FLAC__StreamMetadata_SeekPoint))))
|
||||
return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
|
||||
|
||||
for(i = 0; i < block->num_points; i++) {
|
||||
@@ -2212,7 +2216,7 @@ FLAC__Metadata_SimpleIteratorStatus read_metadata_block_data_vorbis_comment_entr
|
||||
entry->entry = 0;
|
||||
}
|
||||
else {
|
||||
if(0 == (entry->entry = (FLAC__byte*)malloc(entry->length+1)))
|
||||
if(0 == (entry->entry = (FLAC__byte*)safe_malloc_add_2op_(entry->length, /*+*/1)))
|
||||
return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
|
||||
|
||||
if(read_cb(entry->entry, 1, entry->length, handle) != entry->length)
|
||||
@@ -2387,7 +2391,7 @@ static FLAC__Metadata_SimpleIteratorStatus read_metadata_block_data_picture_cstr
|
||||
if(0 != *data)
|
||||
free(*data);
|
||||
|
||||
if(0 == (*data = (FLAC__byte*)malloc(*length+1)))
|
||||
if(0 == (*data = (FLAC__byte*)safe_malloc_add_2op_(*length, /*+*/1)))
|
||||
return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
|
||||
|
||||
if(*length > 0) {
|
||||
@@ -3206,7 +3210,7 @@ FLAC__bool open_tempfile_(const char *filename, const char *tempfile_path_prefix
|
||||
{
|
||||
static const char *tempfile_suffix = ".metadata_edit";
|
||||
if(0 == tempfile_path_prefix) {
|
||||
if(0 == (*tempfilename = (char*)malloc(strlen(filename) + strlen(tempfile_suffix) + 1))) {
|
||||
if(0 == (*tempfilename = (char*)safe_malloc_add_3op_(strlen(filename), /*+*/strlen(tempfile_suffix), /*+*/1))) {
|
||||
*status = FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
@@ -3220,7 +3224,7 @@ FLAC__bool open_tempfile_(const char *filename, const char *tempfile_path_prefix
|
||||
else
|
||||
p++;
|
||||
|
||||
if(0 == (*tempfilename = (char*)malloc(strlen(tempfile_path_prefix) + 1 + strlen(p) + strlen(tempfile_suffix) + 1))) {
|
||||
if(0 == (*tempfilename = (char*)safe_malloc_add_4op_(strlen(tempfile_path_prefix), /*+*/strlen(p), /*+*/strlen(tempfile_suffix), /*+*/2))) {
|
||||
*status = FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -39,6 +39,7 @@
|
||||
#include "private/metadata.h"
|
||||
|
||||
#include "FLAC/assert.h"
|
||||
#include "share/alloc.h"
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
@@ -53,14 +54,14 @@
|
||||
* from != NULL && bytes > 0
|
||||
* to <- copy of from
|
||||
* else ASSERT
|
||||
* malloc error leaved 'to' unchanged
|
||||
* malloc error leaves 'to' unchanged
|
||||
*/
|
||||
static FLAC__bool copy_bytes_(FLAC__byte **to, const FLAC__byte *from, unsigned bytes)
|
||||
{
|
||||
FLAC__ASSERT(0 != to);
|
||||
if(bytes > 0 && 0 != from) {
|
||||
FLAC__byte *x;
|
||||
if(0 == (x = (FLAC__byte*)malloc(bytes)))
|
||||
if(0 == (x = (FLAC__byte*)safe_malloc_(bytes)))
|
||||
return false;
|
||||
memcpy(x, from, bytes);
|
||||
*to = x;
|
||||
@@ -94,7 +95,7 @@ static FLAC__bool free_copy_bytes_(FLAC__byte **to, const FLAC__byte *from, unsi
|
||||
/* realloc() failure leaves entry unchanged */
|
||||
static FLAC__bool ensure_null_terminated_(FLAC__byte **entry, unsigned length)
|
||||
{
|
||||
FLAC__byte *x = (FLAC__byte*)realloc(*entry, length+1);
|
||||
FLAC__byte *x = (FLAC__byte*)safe_realloc_add_2op_(*entry, length, /*+*/1);
|
||||
if(0 != x) {
|
||||
x[length] = '\0';
|
||||
*entry = x;
|
||||
@@ -132,7 +133,7 @@ static FLAC__bool copy_vcentry_(FLAC__StreamMetadata_VorbisComment_Entry *to, co
|
||||
else {
|
||||
FLAC__byte *x;
|
||||
FLAC__ASSERT(from->length > 0);
|
||||
if(0 == (x = (FLAC__byte*)malloc(from->length+1)))
|
||||
if(0 == (x = (FLAC__byte*)safe_malloc_add_2op_(from->length, /*+*/1)))
|
||||
return false;
|
||||
memcpy(x, from->entry, from->length);
|
||||
x[from->length] = '\0';
|
||||
@@ -150,7 +151,7 @@ static FLAC__bool copy_track_(FLAC__StreamMetadata_CueSheet_Track *to, const FLA
|
||||
else {
|
||||
FLAC__StreamMetadata_CueSheet_Index *x;
|
||||
FLAC__ASSERT(from->num_indices > 0);
|
||||
if(0 == (x = (FLAC__StreamMetadata_CueSheet_Index*)malloc(from->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index))))
|
||||
if(0 == (x = (FLAC__StreamMetadata_CueSheet_Index*)safe_malloc_mul_2op_(from->num_indices, /*times*/sizeof(FLAC__StreamMetadata_CueSheet_Index))))
|
||||
return false;
|
||||
memcpy(x, from->indices, from->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index));
|
||||
to->indices = x;
|
||||
@@ -172,7 +173,7 @@ static FLAC__StreamMetadata_SeekPoint *seekpoint_array_new_(unsigned num_points)
|
||||
|
||||
FLAC__ASSERT(num_points > 0);
|
||||
|
||||
object_array = (FLAC__StreamMetadata_SeekPoint*)malloc(num_points * sizeof(FLAC__StreamMetadata_SeekPoint));
|
||||
object_array = (FLAC__StreamMetadata_SeekPoint*)safe_malloc_mul_2op_(num_points, /*times*/sizeof(FLAC__StreamMetadata_SeekPoint));
|
||||
|
||||
if(0 != object_array) {
|
||||
unsigned i;
|
||||
@@ -205,7 +206,7 @@ static FLAC__StreamMetadata_VorbisComment_Entry *vorbiscomment_entry_array_new_(
|
||||
{
|
||||
FLAC__ASSERT(num_comments > 0);
|
||||
|
||||
return (FLAC__StreamMetadata_VorbisComment_Entry*)calloc(num_comments, sizeof(FLAC__StreamMetadata_VorbisComment_Entry));
|
||||
return (FLAC__StreamMetadata_VorbisComment_Entry*)safe_calloc_(num_comments, sizeof(FLAC__StreamMetadata_VorbisComment_Entry));
|
||||
}
|
||||
|
||||
static void vorbiscomment_entry_array_delete_(FLAC__StreamMetadata_VorbisComment_Entry *object_array, unsigned num_comments)
|
||||
@@ -344,14 +345,14 @@ static FLAC__StreamMetadata_CueSheet_Index *cuesheet_track_index_array_new_(unsi
|
||||
{
|
||||
FLAC__ASSERT(num_indices > 0);
|
||||
|
||||
return (FLAC__StreamMetadata_CueSheet_Index*)calloc(num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index));
|
||||
return (FLAC__StreamMetadata_CueSheet_Index*)safe_calloc_(num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index));
|
||||
}
|
||||
|
||||
static FLAC__StreamMetadata_CueSheet_Track *cuesheet_track_array_new_(unsigned num_tracks)
|
||||
{
|
||||
FLAC__ASSERT(num_tracks > 0);
|
||||
|
||||
return (FLAC__StreamMetadata_CueSheet_Track*)calloc(num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track));
|
||||
return (FLAC__StreamMetadata_CueSheet_Track*)safe_calloc_(num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track));
|
||||
}
|
||||
|
||||
static void cuesheet_track_array_delete_(FLAC__StreamMetadata_CueSheet_Track *object_array, unsigned num_tracks)
|
||||
@@ -537,6 +538,10 @@ FLAC_API FLAC__StreamMetadata *FLAC__metadata_object_clone(const FLAC__StreamMet
|
||||
case FLAC__METADATA_TYPE_PADDING:
|
||||
break;
|
||||
case FLAC__METADATA_TYPE_APPLICATION:
|
||||
if(to->length < FLAC__STREAM_METADATA_APPLICATION_ID_LEN / 8) { /* underflow check */
|
||||
FLAC__metadata_object_delete(to);
|
||||
return 0;
|
||||
}
|
||||
memcpy(&to->data.application.id, &object->data.application.id, FLAC__STREAM_METADATA_APPLICATION_ID_LEN / 8);
|
||||
if(!copy_bytes_(&to->data.application.data, object->data.application.data, object->length - FLAC__STREAM_METADATA_APPLICATION_ID_LEN / 8)) {
|
||||
FLAC__metadata_object_delete(to);
|
||||
@@ -545,6 +550,10 @@ FLAC_API FLAC__StreamMetadata *FLAC__metadata_object_clone(const FLAC__StreamMet
|
||||
break;
|
||||
case FLAC__METADATA_TYPE_SEEKTABLE:
|
||||
to->data.seek_table.num_points = object->data.seek_table.num_points;
|
||||
if(to->data.seek_table.num_points > SIZE_MAX / sizeof(FLAC__StreamMetadata_SeekPoint)) { /* overflow check */
|
||||
FLAC__metadata_object_delete(to);
|
||||
return 0;
|
||||
}
|
||||
if(!copy_bytes_((FLAC__byte**)&to->data.seek_table.points, (FLAC__byte*)object->data.seek_table.points, object->data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint))) {
|
||||
FLAC__metadata_object_delete(to);
|
||||
return 0;
|
||||
@@ -930,8 +939,12 @@ FLAC_API FLAC__bool FLAC__metadata_object_seektable_resize_points(FLAC__StreamMe
|
||||
return false;
|
||||
}
|
||||
else {
|
||||
const unsigned old_size = object->data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint);
|
||||
const unsigned new_size = new_num_points * sizeof(FLAC__StreamMetadata_SeekPoint);
|
||||
const size_t old_size = object->data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint);
|
||||
const size_t new_size = new_num_points * sizeof(FLAC__StreamMetadata_SeekPoint);
|
||||
|
||||
/* overflow check */
|
||||
if((size_t)new_num_points > SIZE_MAX / sizeof(FLAC__StreamMetadata_SeekPoint))
|
||||
return false;
|
||||
|
||||
FLAC__ASSERT(object->data.seek_table.num_points > 0);
|
||||
|
||||
@@ -1157,8 +1170,12 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_resize_comments(FLAC__St
|
||||
return false;
|
||||
}
|
||||
else {
|
||||
const unsigned old_size = object->data.vorbis_comment.num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry);
|
||||
const unsigned new_size = new_num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry);
|
||||
const size_t old_size = object->data.vorbis_comment.num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry);
|
||||
const size_t new_size = new_num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry);
|
||||
|
||||
/* overflow check */
|
||||
if((size_t)new_num_comments > SIZE_MAX / sizeof(FLAC__StreamMetadata_VorbisComment_Entry))
|
||||
return false;
|
||||
|
||||
FLAC__ASSERT(object->data.vorbis_comment.num_comments > 0);
|
||||
|
||||
@@ -1306,7 +1323,7 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_entry_from_name_value_pa
|
||||
const size_t nn = strlen(field_name);
|
||||
const size_t nv = strlen(field_value);
|
||||
entry->length = nn + 1 /*=*/ + nv;
|
||||
if(0 == (entry->entry = (FLAC__byte*)malloc(entry->length+1)))
|
||||
if(0 == (entry->entry = (FLAC__byte*)safe_malloc_add_4op_(nn, /*+*/1, /*+*/nv, /*+*/1)))
|
||||
return false;
|
||||
memcpy(entry->entry, field_name, nn);
|
||||
entry->entry[nn] = '=';
|
||||
@@ -1333,9 +1350,9 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_entry_to_name_value_pair
|
||||
FLAC__ASSERT(0 != eq);
|
||||
if(0 == eq)
|
||||
return false; /* double protection */
|
||||
if(0 == (*field_name = (char*)malloc(nn+1)))
|
||||
if(0 == (*field_name = (char*)safe_malloc_add_2op_(nn, /*+*/1)))
|
||||
return false;
|
||||
if(0 == (*field_value = (char*)malloc(nv+1))) {
|
||||
if(0 == (*field_value = (char*)safe_malloc_add_2op_(nv, /*+*/1))) {
|
||||
free(*field_name);
|
||||
return false;
|
||||
}
|
||||
@@ -1465,8 +1482,12 @@ FLAC_API FLAC__bool FLAC__metadata_object_cuesheet_track_resize_indices(FLAC__St
|
||||
return false;
|
||||
}
|
||||
else {
|
||||
const unsigned old_size = track->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index);
|
||||
const unsigned new_size = new_num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index);
|
||||
const size_t old_size = track->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index);
|
||||
const size_t new_size = new_num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index);
|
||||
|
||||
/* overflow check */
|
||||
if((size_t)new_num_indices > SIZE_MAX / sizeof(FLAC__StreamMetadata_CueSheet_Index))
|
||||
return false;
|
||||
|
||||
FLAC__ASSERT(track->num_indices > 0);
|
||||
|
||||
@@ -1549,8 +1570,12 @@ FLAC_API FLAC__bool FLAC__metadata_object_cuesheet_resize_tracks(FLAC__StreamMet
|
||||
return false;
|
||||
}
|
||||
else {
|
||||
const unsigned old_size = object->data.cue_sheet.num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track);
|
||||
const unsigned new_size = new_num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track);
|
||||
const size_t old_size = object->data.cue_sheet.num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track);
|
||||
const size_t new_size = new_num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track);
|
||||
|
||||
/* overflow check */
|
||||
if((size_t)new_num_tracks > SIZE_MAX / sizeof(FLAC__StreamMetadata_CueSheet_Track))
|
||||
return false;
|
||||
|
||||
FLAC__ASSERT(object->data.cue_sheet.num_tracks > 0);
|
||||
|
||||
@@ -1707,6 +1732,8 @@ FLAC_API FLAC__bool FLAC__metadata_object_picture_set_mime_type(FLAC__StreamMeta
|
||||
|
||||
/* do the copy first so that if we fail we leave the object untouched */
|
||||
if(copy) {
|
||||
if(new_length >= SIZE_MAX) /* overflow check */
|
||||
return false;
|
||||
if(!copy_bytes_((FLAC__byte**)(&object->data.picture.mime_type), (FLAC__byte*)mime_type, new_length+1))
|
||||
return false;
|
||||
}
|
||||
@@ -1737,6 +1764,8 @@ FLAC_API FLAC__bool FLAC__metadata_object_picture_set_description(FLAC__StreamMe
|
||||
|
||||
/* do the copy first so that if we fail we leave the object untouched */
|
||||
if(copy) {
|
||||
if(new_length >= SIZE_MAX) /* overflow check */
|
||||
return false;
|
||||
if(!copy_bytes_(&object->data.picture.description, description, new_length+1))
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -36,6 +36,7 @@
|
||||
#include <stdlib.h> /* for malloc() */
|
||||
#include <string.h> /* for memcmp(), memcpy() */
|
||||
#include "FLAC/assert.h"
|
||||
#include "share/alloc.h"
|
||||
#include "private/ogg_helper.h"
|
||||
#include "protected/stream_encoder.h"
|
||||
|
||||
@@ -112,7 +113,7 @@ FLAC__bool simple_ogg_page__get_at(FLAC__StreamEncoder *encoder, FLAC__uint64 po
|
||||
}
|
||||
|
||||
/* allocate space for the page header */
|
||||
if(0 == (page->header = (unsigned char *)malloc(OGG_MAX_HEADER_LEN))) {
|
||||
if(0 == (page->header = (unsigned char *)safe_malloc_(OGG_MAX_HEADER_LEN))) {
|
||||
encoder->protected_->state = FLAC__STREAM_ENCODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
@@ -154,7 +155,7 @@ FLAC__bool simple_ogg_page__get_at(FLAC__StreamEncoder *encoder, FLAC__uint64 po
|
||||
}
|
||||
|
||||
/* allocate space for the page body */
|
||||
if(0 == (page->body = (unsigned char *)malloc(page->body_len))) {
|
||||
if(0 == (page->body = (unsigned char *)safe_malloc_(page->body_len))) {
|
||||
encoder->protected_->state = FLAC__STREAM_ENCODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -53,6 +53,7 @@
|
||||
#endif
|
||||
#endif
|
||||
#include "FLAC/assert.h"
|
||||
#include "share/alloc.h"
|
||||
#include "protected/stream_decoder.h"
|
||||
#include "private/bitreader.h"
|
||||
#include "private/bitmath.h"
|
||||
@@ -181,7 +182,7 @@ typedef struct FLAC__StreamDecoderPrivate {
|
||||
FLAC__StreamMetadata seek_table;
|
||||
FLAC__bool metadata_filter[128]; /* MAGIC number 128 == total number of metadata block types == 1 << 7 */
|
||||
FLAC__byte *metadata_filter_ids;
|
||||
unsigned metadata_filter_ids_count, metadata_filter_ids_capacity; /* units for both are IDs, not bytes */
|
||||
size_t metadata_filter_ids_count, metadata_filter_ids_capacity; /* units for both are IDs, not bytes */
|
||||
FLAC__Frame frame;
|
||||
FLAC__bool cached; /* true if there is a byte in lookahead */
|
||||
FLAC__CPUInfo cpuinfo;
|
||||
@@ -784,7 +785,7 @@ FLAC_API FLAC__bool FLAC__stream_decoder_set_metadata_respond_application(FLAC__
|
||||
FLAC__ASSERT(0 != decoder->private_->metadata_filter_ids);
|
||||
|
||||
if(decoder->private_->metadata_filter_ids_count == decoder->private_->metadata_filter_ids_capacity) {
|
||||
if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)realloc(decoder->private_->metadata_filter_ids, decoder->private_->metadata_filter_ids_capacity * 2))) {
|
||||
if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)safe_realloc_mul_2op_(decoder->private_->metadata_filter_ids, decoder->private_->metadata_filter_ids_capacity, /*times*/2))) {
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
@@ -843,7 +844,7 @@ FLAC_API FLAC__bool FLAC__stream_decoder_set_metadata_ignore_application(FLAC__S
|
||||
FLAC__ASSERT(0 != decoder->private_->metadata_filter_ids);
|
||||
|
||||
if(decoder->private_->metadata_filter_ids_count == decoder->private_->metadata_filter_ids_capacity) {
|
||||
if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)realloc(decoder->private_->metadata_filter_ids, decoder->private_->metadata_filter_ids_capacity * 2))) {
|
||||
if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)safe_realloc_mul_2op_(decoder->private_->metadata_filter_ids, decoder->private_->metadata_filter_ids_capacity, /*times*/2))) {
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
@@ -1325,7 +1326,7 @@ FLAC__bool allocate_output_(FLAC__StreamDecoder *decoder, unsigned size, unsigne
|
||||
* (at negative indices) for alignment purposes; we use 4
|
||||
* to keep the data well-aligned.
|
||||
*/
|
||||
tmp = (FLAC__int32*)malloc(sizeof(FLAC__int32)*(size+4));
|
||||
tmp = (FLAC__int32*)safe_malloc_muladd2_(sizeof(FLAC__int32), /*times (*/size, /*+*/4/*)*/);
|
||||
if(tmp == 0) {
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
@@ -1350,7 +1351,7 @@ FLAC__bool allocate_output_(FLAC__StreamDecoder *decoder, unsigned size, unsigne
|
||||
|
||||
FLAC__bool has_id_filtered_(FLAC__StreamDecoder *decoder, FLAC__byte *id)
|
||||
{
|
||||
unsigned i;
|
||||
size_t i;
|
||||
|
||||
FLAC__ASSERT(0 != decoder);
|
||||
FLAC__ASSERT(0 != decoder->private_);
|
||||
@@ -1471,6 +1472,11 @@ FLAC__bool read_metadata_(FLAC__StreamDecoder *decoder)
|
||||
if(!FLAC__bitreader_read_byte_block_aligned_no_crc(decoder->private_->input, block.data.application.id, FLAC__STREAM_METADATA_APPLICATION_ID_LEN/8))
|
||||
return false; /* read_callback_ sets the state for us */
|
||||
|
||||
if(real_length < FLAC__STREAM_METADATA_APPLICATION_ID_LEN/8) { /* underflow check */
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;/*@@@@@@ maybe wrong error? need to resync?*/
|
||||
return false;
|
||||
}
|
||||
|
||||
real_length -= FLAC__STREAM_METADATA_APPLICATION_ID_LEN/8;
|
||||
|
||||
if(decoder->private_->metadata_filter_ids_count > 0 && has_id_filtered_(decoder, block.data.application.id))
|
||||
@@ -1533,7 +1539,7 @@ FLAC__bool read_metadata_(FLAC__StreamDecoder *decoder)
|
||||
if(!decoder->private_->is_seeking && decoder->private_->metadata_callback)
|
||||
decoder->private_->metadata_callback(decoder, &block, decoder->private_->client_data);
|
||||
|
||||
/* now we have to free any malloc'ed data in the block */
|
||||
/* now we have to free any malloc()ed data in the block */
|
||||
switch(type) {
|
||||
case FLAC__METADATA_TYPE_PADDING:
|
||||
break;
|
||||
@@ -1673,7 +1679,7 @@ FLAC__bool read_metadata_seektable_(FLAC__StreamDecoder *decoder, FLAC__bool is_
|
||||
decoder->private_->seek_table.data.seek_table.num_points = length / FLAC__STREAM_METADATA_SEEKPOINT_LENGTH;
|
||||
|
||||
/* use realloc since we may pass through here several times (e.g. after seeking) */
|
||||
if(0 == (decoder->private_->seek_table.data.seek_table.points = (FLAC__StreamMetadata_SeekPoint*)realloc(decoder->private_->seek_table.data.seek_table.points, decoder->private_->seek_table.data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint)))) {
|
||||
if(0 == (decoder->private_->seek_table.data.seek_table.points = (FLAC__StreamMetadata_SeekPoint*)safe_realloc_mul_2op_(decoder->private_->seek_table.data.seek_table.points, decoder->private_->seek_table.data.seek_table.num_points, /*times*/sizeof(FLAC__StreamMetadata_SeekPoint)))) {
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
@@ -1712,7 +1718,7 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre
|
||||
if(!FLAC__bitreader_read_uint32_little_endian(decoder->private_->input, &obj->vendor_string.length))
|
||||
return false; /* read_callback_ sets the state for us */
|
||||
if(obj->vendor_string.length > 0) {
|
||||
if(0 == (obj->vendor_string.entry = (FLAC__byte*)malloc(obj->vendor_string.length+1))) {
|
||||
if(0 == (obj->vendor_string.entry = (FLAC__byte*)safe_malloc_add_2op_(obj->vendor_string.length, /*+*/1))) {
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
@@ -1730,7 +1736,7 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre
|
||||
|
||||
/* read comments */
|
||||
if(obj->num_comments > 0) {
|
||||
if(0 == (obj->comments = (FLAC__StreamMetadata_VorbisComment_Entry*)malloc(obj->num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry)))) {
|
||||
if(0 == (obj->comments = (FLAC__StreamMetadata_VorbisComment_Entry*)safe_malloc_mul_2op_(obj->num_comments, /*times*/sizeof(FLAC__StreamMetadata_VorbisComment_Entry)))) {
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
@@ -1739,7 +1745,7 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre
|
||||
if(!FLAC__bitreader_read_uint32_little_endian(decoder->private_->input, &obj->comments[i].length))
|
||||
return false; /* read_callback_ sets the state for us */
|
||||
if(obj->comments[i].length > 0) {
|
||||
if(0 == (obj->comments[i].entry = (FLAC__byte*)malloc(obj->comments[i].length+1))) {
|
||||
if(0 == (obj->comments[i].entry = (FLAC__byte*)safe_malloc_add_2op_(obj->comments[i].length, /*+*/1))) {
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
@@ -1785,7 +1791,7 @@ FLAC__bool read_metadata_cuesheet_(FLAC__StreamDecoder *decoder, FLAC__StreamMet
|
||||
obj->num_tracks = x;
|
||||
|
||||
if(obj->num_tracks > 0) {
|
||||
if(0 == (obj->tracks = (FLAC__StreamMetadata_CueSheet_Track*)calloc(obj->num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track)))) {
|
||||
if(0 == (obj->tracks = (FLAC__StreamMetadata_CueSheet_Track*)safe_calloc_(obj->num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track)))) {
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
@@ -1818,7 +1824,7 @@ FLAC__bool read_metadata_cuesheet_(FLAC__StreamDecoder *decoder, FLAC__StreamMet
|
||||
track->num_indices = (FLAC__byte)x;
|
||||
|
||||
if(track->num_indices > 0) {
|
||||
if(0 == (track->indices = (FLAC__StreamMetadata_CueSheet_Index*)calloc(track->num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index)))) {
|
||||
if(0 == (track->indices = (FLAC__StreamMetadata_CueSheet_Index*)safe_calloc_(track->num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index)))) {
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
@@ -1855,7 +1861,7 @@ FLAC__bool read_metadata_picture_(FLAC__StreamDecoder *decoder, FLAC__StreamMeta
|
||||
/* read MIME type */
|
||||
if(!FLAC__bitreader_read_raw_uint32(decoder->private_->input, &x, FLAC__STREAM_METADATA_PICTURE_MIME_TYPE_LENGTH_LEN))
|
||||
return false; /* read_callback_ sets the state for us */
|
||||
if(0 == (obj->mime_type = (char*)malloc(x+1))) {
|
||||
if(0 == (obj->mime_type = (char*)safe_malloc_add_2op_(x, /*+*/1))) {
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
@@ -1868,7 +1874,7 @@ FLAC__bool read_metadata_picture_(FLAC__StreamDecoder *decoder, FLAC__StreamMeta
|
||||
/* read description */
|
||||
if(!FLAC__bitreader_read_raw_uint32(decoder->private_->input, &x, FLAC__STREAM_METADATA_PICTURE_DESCRIPTION_LENGTH_LEN))
|
||||
return false; /* read_callback_ sets the state for us */
|
||||
if(0 == (obj->description = (FLAC__byte*)malloc(x+1))) {
|
||||
if(0 == (obj->description = (FLAC__byte*)safe_malloc_add_2op_(x, /*+*/1))) {
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
@@ -1897,7 +1903,7 @@ FLAC__bool read_metadata_picture_(FLAC__StreamDecoder *decoder, FLAC__StreamMeta
|
||||
/* read data */
|
||||
if(!FLAC__bitreader_read_raw_uint32(decoder->private_->input, &(obj->data_length), FLAC__STREAM_METADATA_PICTURE_DATA_LENGTH_LEN))
|
||||
return false; /* read_callback_ sets the state for us */
|
||||
if(0 == (obj->data = (FLAC__byte*)malloc(obj->data_length))) {
|
||||
if(0 == (obj->data = (FLAC__byte*)safe_malloc_(obj->data_length))) {
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -54,6 +54,7 @@
|
||||
#endif
|
||||
#include "FLAC/assert.h"
|
||||
#include "FLAC/stream_decoder.h"
|
||||
#include "share/alloc.h"
|
||||
#include "protected/stream_encoder.h"
|
||||
#include "private/bitwriter.h"
|
||||
#include "private/bitmath.h"
|
||||
@@ -993,7 +994,7 @@ static FLAC__StreamEncoderInitStatus init_stream_internal_(
|
||||
*/
|
||||
encoder->private_->verify.input_fifo.size = encoder->protected_->blocksize+OVERREAD_;
|
||||
for(i = 0; i < encoder->protected_->channels; i++) {
|
||||
if(0 == (encoder->private_->verify.input_fifo.data[i] = (FLAC__int32*)malloc(sizeof(FLAC__int32) * encoder->private_->verify.input_fifo.size))) {
|
||||
if(0 == (encoder->private_->verify.input_fifo.data[i] = (FLAC__int32*)safe_malloc_mul_2op_(sizeof(FLAC__int32), /*times*/encoder->private_->verify.input_fifo.size))) {
|
||||
encoder->protected_->state = FLAC__STREAM_ENCODER_MEMORY_ALLOCATION_ERROR;
|
||||
return FLAC__STREAM_ENCODER_INIT_STATUS_ENCODER_ERROR;
|
||||
}
|
||||
@@ -1731,7 +1732,7 @@ FLAC_API FLAC__bool FLAC__stream_encoder_set_metadata(FLAC__StreamEncoder *encod
|
||||
}
|
||||
if(num_blocks) {
|
||||
FLAC__StreamMetadata **m;
|
||||
if(0 == (m = (FLAC__StreamMetadata**)malloc(sizeof(m[0]) * num_blocks)))
|
||||
if(0 == (m = (FLAC__StreamMetadata**)safe_malloc_mul_2op_(sizeof(m[0]), /*times*/num_blocks)))
|
||||
return false;
|
||||
memcpy(m, metadata, sizeof(m[0]) * num_blocks);
|
||||
encoder->protected_->metadata = m;
|
||||
|
||||
Reference in New Issue
Block a user