vlc | branch: master | Rémi Denis-Courmont <[email protected]> | Sat Aug 30 16:34:39 2014 +0300| [aed1b6da46d484f18dbb36dbb5e62c4d4f9ec070] | committer: Rémi Denis-Courmont
decomp: fix heap overflow and cleanup (fixes #12052) > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=aed1b6da46d484f18dbb36dbb5e62c4d4f9ec070 --- modules/stream_filter/decomp.c | 63 ++++++++++++++++++++++++---------------- 1 file changed, 38 insertions(+), 25 deletions(-) diff --git a/modules/stream_filter/decomp.c b/modules/stream_filter/decomp.c index fa1013d..2b83310 100644 --- a/modules/stream_filter/decomp.c +++ b/modules/stream_filter/decomp.c @@ -183,16 +183,19 @@ static int Peek (stream_t *, const uint8_t **, unsigned int); */ static int Read (stream_t *stream, void *buf, unsigned int buflen) { - stream_sys_t *p_sys = stream->p_sys; - block_t *peeked; - ssize_t length; + stream_sys_t *sys = stream->p_sys; + unsigned ret = 0; if (buf == NULL) /* caller skips data, get big enough peek buffer */ buflen = Peek (stream, &(const uint8_t *){ NULL }, buflen); - if ((peeked = p_sys->peeked) != NULL) + block_t *peeked = sys->peeked; + if (peeked != NULL) { /* dequeue peeked data */ - length = (buflen > peeked->i_buffer) ? peeked->i_buffer : buflen; + size_t length = peeked->i_buffer; + if (length > buflen) + length = buflen; + if (buf != NULL) { memcpy (buf, peeked->p_buffer, length); @@ -201,24 +204,25 @@ static int Read (stream_t *stream, void *buf, unsigned int buflen) buflen -= length; peeked->p_buffer += length; peeked->i_buffer -= length; + if (peeked->i_buffer == 0) { block_Release (peeked); - p_sys->peeked = NULL; + sys->peeked = NULL; } - p_sys->offset += length; - if (buflen > 0) - length += Read (stream, ((char *)buf) + length, buflen - length); - return length; + sys->offset += length; + ret += length; } assert ((buf != NULL) || (buflen == 0)); - length = net_Read (stream, p_sys->read_fd, NULL, buf, buflen, false); - if (length < 0) - return 0; - p_sys->offset += length; - return length; + ssize_t val = net_Read (stream, sys->read_fd, NULL, buf, buflen, false); + if (val > 0) + { + sys->offset += val; + ret += val; + } + return ret; } /** @@ -226,23 +230,32 @@ static int Read (stream_t *stream, void *buf, unsigned int buflen) */ static int Peek (stream_t *stream, const uint8_t **pbuf, unsigned int len) { - stream_sys_t *p_sys = stream->p_sys; - block_t *peeked = p_sys->peeked; - size_t curlen = 0; - int fd = p_sys->read_fd; + stream_sys_t *sys = stream->p_sys; + block_t *peeked = sys->peeked; + size_t curlen; - if (peeked == NULL) + if (peeked != NULL) + { + curlen = peeked->i_buffer; + if (curlen < len) + peeked = block_Realloc (peeked, 0, len); + } + else + { + curlen = 0; peeked = block_Alloc (len); - else if ((curlen = peeked->i_buffer) < len) - peeked = block_Realloc (peeked, 0, len); + } - if ((p_sys->peeked = peeked) == NULL) + sys->peeked = peeked; + if (unlikely(peeked == NULL)) return 0; while (curlen < len) { - ssize_t val = net_Read (stream, fd, NULL, peeked->p_buffer + curlen, - len - curlen, false); + ssize_t val; + + val = net_Read (stream, sys->read_fd, NULL, + peeked->p_buffer + curlen, len - curlen, false); if (val <= 0) break; curlen += val; _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
