Navigation

← Previous Changeset
Next Changeset →

Changeset 38aaaeb38781b5087e8bf645c6aaf19520745093

Timestamp:

05/10/08 20:01:11 (2 months ago)

Author:

Jean-Paul Saman <jpsaman@videolan.org>

git-committer:

Jean-Paul Saman <jpsaman@videolan.org> 1210442471 +0200

git-parent:

[594e6e22ceafa46b99baa2b2bfdc4012680d4f13]

git-author:

Jean-Paul Saman <jpsaman@videolan.org> 1210441481 +0200

Message:

Check malloc return value or risk overwritting not allocated memory.

Files:

modules/access/rtmp/rtmp_amf_flv.c (modified) (27 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

modules/access/rtmp/rtmp_amf_flv.c

r9f42721	r38aaaeb
224	224	const uint8_t FLV_VIDEO_FRAME_TYPE_INTER_FRAME = 0x20;
225	225	const uint8_t FLV_VIDEO_FRAME_TYPE_DISPOSABLE_INTER_FRAME = 0x30;
	226
226	227	/*****************************************************************************
227	228	* static RTMP functions:
…	…
430	431
431	432	tmp_url = (char *) malloc( strlen( "rtmp://") + strlen( p_thread->url.psz_buffer ) + 1 );
	433	/* FIXME: Handle error case when malloc FAILS */
432	434	sprintf( tmp_url, "rtmp://%s", p_thread->url.psz_buffer );
433	435	tmp_buffer = amf_encode_object_variable( "tcUrl",
…	…
782	784
783	785	tmp_buffer = (uint8_t ) malloc( sizeof( uint32_t ) sizeof( uint8_t ) );
	786	if( !tmp_buffer ) return NULL;
	787
784	788	reply = hton32( reply );
785	789	memcpy( tmp_buffer, &reply, sizeof( uint32_t ) );
…	…
998	1002	{
999	1003	rtmp_packet = (rtmp_packet_t *) malloc( sizeof( rtmp_packet_t ) );
	1004	if( !rtmp_packet ) goto error;
1000	1005
1001	1006	rtmp_packet->stream_index = stream_index;
…	…
1015	1020	error:
1016	1021	msg_Err( p_thread, "rtmp_read_net_packet: net_Read error");
1017
1018	1022	return NULL;
1019	1023	}
…	…
1043	1047	rtmp_handler_null( rtmp_control_thread_t p_thread, rtmp_packet_t rtmp_packet )
1044	1048	{
	1049	VLC_UNUSED(p_thread);
1045	1050	free( rtmp_packet->body->body );
1046	1051	free( rtmp_packet->body );
…	…
1456	1461
1457	1462	rtmp_packet = (rtmp_packet_t *) malloc( sizeof( rtmp_packet_t ) );
	1463	if( !rtmp_packet ) return NULL;
	1464
1458	1465	interchunk_headers = body->length_body / p_thread->chunk_size_send;
1459	1466	if( body->length_body % p_thread->chunk_size_send == 0 )
…	…
1510	1517
1511	1518	rtmp_packet->body = (rtmp_body_t *) malloc( sizeof( rtmp_body_t ) );
	1519	if( !rtmp_packet->body )
	1520	{
	1521	free( rtmp_packet );
	1522	return NULL;
	1523	}
1512	1524
1513	1525	rtmp_packet->body->length_body = body->length_body;
1514	1526	rtmp_packet->body->length_buffer = body->length_body;
1515	1527	rtmp_packet->body->body = (uint8_t ) malloc( rtmp_packet->body->length_buffer sizeof( uint8_t ) );
	1528	if( !rtmp_packet->body->body )
	1529	{
	1530	free( rtmp_packet->body );
	1531	free( rtmp_packet );
	1532	return NULL;
	1533	}
1516	1534	memcpy( rtmp_packet->body->body, body->body, rtmp_packet->body->length_body );
1517	1535
…	…
1558	1576
1559	1577	out = (uint8_t ) malloc( rtmp_packet->length_encoded sizeof( uint8_t ) );
	1578	if( !out ) return NULL;
	1579
1560	1580	interchunk_headers = rtmp_packet->body->length_body / p_thread->chunk_size_send;
1561	1581	if( rtmp_packet->body->length_body % p_thread->chunk_size_send == 0 )
…	…
1834	1854
1835	1855	description = (char *) malloc( strlen( "Playing and resetting ") + strlen( psz_media ) + strlen( "." ) + 1 );
	1856	/* FIXME: Handle error case when malloc FAILS */
	1857
1836	1858	sprintf( description, "Playing and resetting %s.", psz_media );
1837	1859	tmp_buffer = amf_encode_object_variable( "description",
…	…
1914	1936
1915	1937	description = (char *) malloc( strlen( "Started playing ") + strlen( psz_media ) + strlen( "." ) + 1 );
	1938	/* FIXME: Handle error case when MALLOC FAILS */
	1939
1916	1940	sprintf( description, "Started playing %s.", psz_media );
1917	1941	tmp_buffer = amf_encode_object_variable( "description",
…	…
2007	2031
2008	2032	rtmp_body = (rtmp_body_t *) malloc( sizeof( rtmp_body_t ) );
	2033	if( !rtmp_body ) return NULL;
2009	2034
2010	2035	rtmp_body->length_body = 0;
…	…
2014	2039	rtmp_body->length_buffer = length_buffer;
2015	2040	rtmp_body->body = (uint8_t ) malloc( rtmp_body->length_buffer sizeof( uint8_t ) );
2016
	2041	if( !rtmp_body->body )
	2042	{
	2043	free( rtmp_body );
	2044	return NULL;
	2045	}
2017	2046	return rtmp_body;
2018	2047	}
…	…
2043	2072	rtmp_encode_ping( uint16_t type, uint32_t src_dst, uint32_t third_arg, uint32_t fourth_arg )
2044	2073	{
2045		uint8_t *out;
	2074	uint8_t *out = NULL;
	2075	VLC_UNUSED(fourth_arg);
2046	2076
2047	2077	if( type == RTMP_PING_CLEAR_STREAM )
…	…
2052	2082	{
2053	2083	out = (uint8_t ) malloc( RTMP_PING_SIZE_BUFFER_TIME_CLIENT sizeof( uint8_t ) );
2054
	2084	if( !out ) goto error;
2055	2085	third_arg = hton32( third_arg );
2056	2086	memcpy( out + 6, &third_arg, sizeof( uint32_t ) );
…	…
2069	2099	{
2070	2100	out = (uint8_t ) malloc( RTMP_PING_SIZE_BUFFER_TIME_CLIENT sizeof( uint8_t ) );
2071
	2101	if( !out ) goto error;
2072	2102	out[6] = 0x0D; out[7] = 0x0E; out[8] = 0x0A; out[9] = 0x0D;
2073	2103	}
	2104
	2105	if( !out ) goto error;
2074	2106
2075	2107	type = hton16( type );
…	…
2080	2112
2081	2113	return out;
	2114
	2115	error:
	2116	return NULL;
2082	2117	}
2083	2118
…	…
2095	2130
2096	2131	out = (uint8_t ) malloc( AMF_DATATYPE_SIZE_NUMBER sizeof( uint8_t ) );
	2132	if( !out ) return NULL;
2097	2133
2098	2134	number = hton64( number );
…	…
2102	2138	{
2103	2139	out = (uint8_t ) malloc( AMF_DATATYPE_SIZE_BOOLEAN sizeof( uint8_t ) );
	2140	if( !out ) return NULL;
2104	2141
2105	2142	out[0] = AMF_DATATYPE_BOOLEAN;
…	…
2111	2148	length_psz = length_psz_cpy = strlen( (char *) value );
2112	2149	out = (uint8_t ) malloc( ( AMF_DATATYPE_SIZE_STRING + length_psz ) sizeof( uint8_t ) );
	2150	if( !out ) return NULL;
2113	2151
2114	2152	out[0] = AMF_DATATYPE_STRING;
…	…
2119	2157	{
2120	2158	out = (uint8_t ) malloc( AMF_DATATYPE_SIZE_OBJECT sizeof( uint8_t ) );
	2159	if( !out ) return NULL;
2121	2160
2122	2161	out[0] = AMF_DATATYPE_OBJECT;
…	…
2124	2163	{
2125	2164	out = (uint8_t ) malloc( AMF_DATATYPE_SIZE_NULL sizeof( uint8_t ) );
	2165	if( !out ) return NULL;
2126	2166
2127	2167	out[0] = AMF_DATATYPE_NULL;
…	…
2131	2171
2132	2172	out = (uint8_t ) malloc( AMF_DATATYPE_SIZE_MIXED_ARRAY sizeof( uint8_t ) );
	2173	if( !out ) return NULL;
2133	2174
2134	2175	highest_index = hton32( highest_index );
…	…
2143	2184	{
2144	2185	out = (uint8_t ) malloc( AMF_DATATYPE_SIZE_NUMBER sizeof( uint8_t ) );
	2186	if( !out ) return NULL;
2145	2187
2146	2188	out[0] = AMF_DATATYPE_NUMBER;
…	…
2172	2214	{
2173	2215	out = (uint8_t ) malloc( AMF_DATATYPE_SIZE_NUMBER sizeof( uint8_t ) );
	2216	if( !out ) return NULL;
2174	2217
2175	2218	out[0] = AMF_DATATYPE_NUMBER;
…	…
2181	2224
2182	2225	out = (uint8_t ) malloc( ( AMF_DATATYPE_SIZE_OBJECT_VARIABLE + length_psz + length_value ) sizeof( uint8_t ) );
	2226	if( !out ) return NULL;
2183	2227
2184	2228	length_psz = hton16( length_psz );
…	…
2229	2273
2230	2274	out = (char ) malloc( length + 1 ); / '\0' terminated */
	2275	if( !out ) return NULL;
2231	2276
2232	2277	for(i = 0; i < length; i++)

Navigation

Changeset 38aaaeb38781b5087e8bf645c6aaf19520745093

Legend:

modules/access/rtmp/rtmp_amf_flv.c

Download in other formats: