Commit Graph

308 Commits

Author SHA1 Message Date
Max Kellermann
913028a780 mp3: fix buffer overflow when max_frames is too large
The function decodeFirstFrame() allocates memory based on data from
the mp3 header.  This can make the buffer size allocation overflow, or
lead to a DoS attack with a very large buffer.  Cap this buffer at 8
million frames, which should really be enough for reasonable files.
2008-09-17 22:30:34 +02:00
Terry
79a14c9a10 mp4: fix potential integer overflow bug in the mp4_decode() function
A crafted mp4 file could cause an integer overflow in mp4_decode
function in src/inputPlugins/mp4_plugin.c.  mp4ff_num_samples()
function returns some tainted value. sizeof(float) * numSamples is an
integer overflow operation if numSamples is too huge, so xmalloc will
allocate a small memory region.  I constructe a mp4 file, and use
faad2 to open the file. mp4ff_num_samples() returns -1. So I think mpd
bears from the same problem.
2008-09-12 17:06:04 +02:00
Max Kellermann
f1dd9c209c audio_format: converted typedef AudioFormat to struct audio_format
Get rid of CamelCase, and don't use a typedef, so we can
forward-declare it, and unclutter the include dependencies.
2008-09-07 19:19:55 +02:00
Max Kellermann
4dd9d4b2fd fix -Wcast-qual -Wwrite-strings warnings
The previous patch enabled these warnings.  In Eric's branch, they
were worked around with a generic deconst_ptr() function.  There are
several places where we can add "const" to pointers, and in others,
libraries want non-const strings.  In the latter, convert string
literals to "static char[]" variables - this takes the same space, and
seems safer than deconsting a string literal.
2008-09-07 19:14:39 +02:00
Max Kellermann
d8ad109e10 oggflac: fix GCC warnings
Fix lots of "unused parameter" warnings in the OggFLAC decoder
plugin.  Not sure if anybody uses it anymore, since newer libflac
obsoletes it.
2008-08-29 15:03:09 +02:00
Max Kellermann
01f9684f70 tag: fix the shout and oggflac plugins
During the tag library refactoring, the shout plugin was disabled, and
I forgot about adapting it to the new API.  Apply the same fixes to
the oggflac decoder plugin.
2008-08-29 15:02:49 +02:00
Max Kellermann
055f4a41c5 wavpack: tag_new() cannot fail
Since tag_new() uses xmalloc(), it cannot fail - if we're really out
of memory, the process will abort.
2008-08-29 09:38:25 +02:00
Max Kellermann
91502cd71e tag: renamed functions, no CamelCase 2008-08-29 09:38:21 +02:00
Max Kellermann
d0556dc983 tag: renamed MpdTag and MpdTagItem to struct tag, struct mpd_tag_item
Getting rid of CamelCase; not having typedefs also allows us to
forward-declare the structures.
2008-08-29 09:38:11 +02:00
Max Kellermann
a94845ee00 moved global variable "ob" to outputBuffer.h
This releases several include file dependencies.  As a side effect,
"CHUNK_SIZE" isn't defined by decoder_api.h anymore, so we have to
define it directly in the plugins which need it.  It just isn't worth
it to add it to the decoder plugin API.
2008-08-26 08:41:05 +02:00
Max Kellermann
6df980a996 flac: decoder command means EOF
It was possible for the decoder thread to go into an endless loop
(flac and oggflac decoders): when a "STOP" command arrived, the Read()
callback would return 0, but the EOF() callback returned false.  Fix:
when decoder_get_command()!=NONE, return EOF==true.
2008-08-26 08:27:16 +02:00
Max Kellermann
f46de2c32f mp3, flac: check for seek command after decoder_read()
When we introduced decoder_read(), we added code which aborts the read
operation when a decoder command arrives.  Several plugins however did
not expect that when they were converted to decoder_read().  Add
proper checks to the mp3 and flac decoder plugins.
2008-08-26 08:27:15 +02:00
Max Kellermann
e530181e23 check decoder_command!=NONE instead of decoder_command==STOP
The code said "decoder_command==STOP" because that was a conversion
from the old "dc->stop" test.  As we can now check for all commands in
one test, we can simply rewrite that to decoder_command!=NONE.
2008-08-26 08:27:15 +02:00
Max Kellermann
4515ac5ecb mp3: converted the MUTEFRAME_ macros to an enum
Also introduce MUTEFRAME_NONE; previously, the code used "0".
2008-08-26 08:27:14 +02:00
Max Kellermann
95fff55d7e mp3: converted the DECODE_ constants to an enum 2008-08-26 08:27:14 +02:00
Max Kellermann
cf139dc012 wavpack: don't use "isp" before initialization
The old code called can_seek() with the uninitialized pointer
"isp.is".  Has this ever worked?  Anyway, initialize "isp" first, then
call can_seek(&isp).
2008-08-26 08:27:14 +02:00
Max Kellermann
2e822a577d wavpack: moved code to wavpack_open_wvc()
Move everything related to finding and initializing the WVC stream to
wavpack_open_wvc().  This greatly simplifies its error handling and
the function wavpack_streamdecode().
2008-08-26 08:27:14 +02:00
Max Kellermann
af58de6543 simplified code in the ogg decoder plugin
Return early when the player thread sent us a command.  This saves one
level of indentation.
2008-08-26 08:27:14 +02:00
Max Kellermann
940ecf5345 added decoder_read()
On our way to stabilize the decoder API, we will one day remove the
input stream functions.  The most basic function, read() will be
provided by decoder_api.h with this patch.  It already contains a loop
(still with manual polling), error/eof handling and decoder command
checks.  This kind of code used to be duplicated in all decoder
plugins.
2008-08-26 08:27:14 +02:00
Max Kellermann
d80260ab4e wavpack: added InputStreamPlus.decoder
The "decoder" object reference will be used by another patch.
2008-08-26 08:27:14 +02:00
Max Kellermann
a1b430cb88 oggvorbis: don't detect OGG header if stream is not seekable
If the input stream is not seekable, the try_decode() function
consumes valuable data, which is not available to the decode()
function anymore.  This means that the decode() function does not
parse the header correctly.  Better skip the detection if we cannot
seek.  Or implement better buffering, something like unread() or
buffered rewind().
2008-08-26 08:27:13 +02:00
Max Kellermann
7bbca0842d added AacBuffer.decoder
We need the decoder object at several places in the AAC plugin.  Add
it to mp3DecodeData, so we don't have to pass it around in every
function.
2008-08-26 08:27:13 +02:00
Max Kellermann
468f61d587 mp3: added mp3DecodeData.decoder
We need the decoder object at several places in the mp3 plugin.  Add
it to mp3DecodeData, so we don't have to pass it around in every
function.
2008-08-26 08:27:13 +02:00
Max Kellermann
7653ab434e mp3: audio_linear_dither() returns mpd_sint16
The return value of audio_linear_dither() is always casted to
mpd_sint16.  Returning long does not make sense, and consumed 8 bytes
on a 64 bit platform.
2008-08-26 08:27:13 +02:00
Max Kellermann
9c823d67a7 mp3: changed outputBuffer's type to mpd_sint16[]
The output buffer always contains mpd_sint16; declaring it with that
type saves several casts.
2008-08-26 08:27:13 +02:00
Max Kellermann
2a9608536c mp3: moved num_samples calculation out of the loop
The previous patch removed all loop specific dependencies from the
num_samples formula; we can now calculate it before entering the loop.
2008-08-26 08:27:13 +02:00
Max Kellermann
3f55b5a1e4 mp3: eliminated outputPtr
The output buffer is always flushed after being appended to, which
allows us to assume it is always empty.  Always start writing at
outputBuffer, don't remember outputPtr.
2008-08-26 08:27:13 +02:00
Max Kellermann
f0bcb4a44a mp3: don't do a second flush in mp3_decode()
The previous patch made mp3Read() flush the output buffer in every
iteration, which means we can eliminate the flush check after invoking
mp3Read().
2008-08-26 08:27:13 +02:00
Max Kellermann
2e8bd3ae1d mp3: always flush directly after decoding/dithering
Since we try to fill the buffer in every iteration, we assume that we
should flush the output buffer at the end of each iteration.
2008-08-26 08:27:12 +02:00
Max Kellermann
af83ac5ec6 mp3: dither a whole block at a time
Fill the whole output buffer at a time by using dither_buffer()'s
ability to decode blocks.  Calculate how many samples fit into the
output buffer before each invocation.
2008-08-26 08:27:12 +02:00
Max Kellermann
e99536e8eb mp3: moved dropSamplesAtEnd check out of the loop
Simplifying loops for performance: why check dropSamplesAtEnd in every
iteration, when we could modify the loop boundary?  The (writable)
variable samplesLeft can be eliminated; add a write-once variable
pcm_length instead, which is used for the loop condition.
2008-08-26 08:27:12 +02:00
Max Kellermann
e4c6c01903 mp3: make samplesPerFrame more local
The variable samplesPerFrame is used only in one single closure.  Make
it local to this closure.  The compiler will probably convert it to a
register anyway.
2008-08-26 08:27:12 +02:00
Max Kellermann
60a155624c mp3: unsigned integers 2008-08-26 08:27:12 +02:00
Max Kellermann
f667da1b46 mp3: removed double cmd==STOP check
cmd has already been checked before, it cannot have changed meanwhile
because it is a local variable.
2008-08-26 08:27:12 +02:00
Max Kellermann
09fbbdc366 mp3: moved code to dither_buffer()
Preparing for simplifying and thus speeding up the dithering code:
moved dithering to a separate function which contains a trivial loop.
With this patch, only one sample is dithered at a time, but the
following patches will allow us to dither a whole block at a time,
without complicated buffer length checks.
2008-08-26 08:27:12 +02:00
Max Kellermann
d9583aa95b mp3: don't check dropSamplesAtStart in the loop
Performance improvement by moving stuff out of a loop: skip part of
the first frame before entering the loop.
2008-08-26 08:27:12 +02:00
Max Kellermann
e99333167e aac: support decoding AAC streams
Copy some code from aac_decode() to aac_stream_decode() and apply
necessary changes to allow streaming audio data.  Both functions might
be merged later.
2008-08-26 08:27:11 +02:00
Max Kellermann
5300f79ca9 aac: splitted aac_parse_header() from initAacBuffer()
initAacBuffer() should really only initialize the buffer; currently,
it also reads data from the input stream and parses the header.  All
of the AAC buffer code should probably be moved to a separate library
anyway.
2008-08-26 08:27:11 +02:00
Max Kellermann
351dda01bd aac: check buffer lengths
The AAC plugin sometimes does not check the length of available data
when checking for magic prefixes.  Add length checks.
2008-08-26 08:27:11 +02:00
Max Kellermann
9131f9ebfe aac: use fillAacBuffer() instead of manual reading
Eliminate some duplicated code by using fillAacBuffer().
2008-08-26 08:27:11 +02:00
Max Kellermann
00c47b3c85 find AAC frames
Find AAC frames in the input and skip invalid data.  This prepares AAC
streaming.
2008-08-26 08:27:11 +02:00
Max Kellermann
f43e39047d aac: moved code to adts_check_frame()
adts_check_frame() checks whether the buffer head is an AAC frame, and
returns the frame length.
2008-08-26 08:27:11 +02:00
Max Kellermann
b7ad3e4121 aac: moved code to aac_buffer_shift()
Shifting from the buffer queue is a common operation, and should be
provided as a separate function.  Move code to aac_buffer_shift() and
add a bunch of assertions.
2008-08-26 08:27:11 +02:00
Max Kellermann
a3cc928c71 aac: use inputStreamAtEOF()
When checking for EOF, we should not check whether the read request
has been fully satisified.  The InputStream API does not guarantee
that readFromInputStream() always fills the whole buffer, if EOF is
not reached.  Since there is the function inputStreamAtEOF() dedicated
for this purpose, we should use it for EOF checking after
readFromInputStream()==0.
2008-08-26 08:27:10 +02:00
Max Kellermann
35858dfe3a aac: don't depend on consumed data in fillAacBuffer()
Fill the AacBuffer even when nothing has been consumed yet.  The
function should not check for consumed data, but for free space at the
end of the buffer.
2008-08-26 08:27:10 +02:00
Max Kellermann
2a14141121 aac: simplified fillAacBuffer()
Return instead of putting all the code into a if-closure.  That saves
one level of indentation.
2008-08-26 08:27:10 +02:00
Max Kellermann
1d18f0089a aac: make adtsParse() void
adtsParse() always returns 1, and its caller does not use the return
value.
2008-08-26 08:27:10 +02:00
Max Kellermann
0ca8f9ac49 aac: use size_t 2008-08-26 08:27:10 +02:00
Max Kellermann
a6332fd13b aac: removed unused initAacBuffer() parameters
Since we eliminated the parameters retFileread and retTagsize in all
callers, we can now safely remove it from the function prototype.
2008-08-26 08:27:10 +02:00
Max Kellermann
4ca24b960b eliminate unused variables in the AAC decoder 2008-08-26 08:27:10 +02:00