Mercurial > libdvdread4.hg
comparison ifo_read.c @ 91:23d412d59d62 src
Abort when PTT search table has zero entries
The static analyzer from LLVM/Clang 1:3.4~svn194079-1 reports a possible
allocation of size 0 in `libdvdread/src/ifo_read.c`.
$ scan-build -o scan-build make
$ scan-view scan-build/2013-11-18-155601-16168-1
When `vts_ptt_srpt->nr_of_srpts` is zero the allocation size is zero.
vts_ptt_srpt->title = malloc(vts_ptt_srpt->nr_of_srpts * sizeof(ttu_t));
The manual of the function `malloc` writes the following.
If size is 0, then malloc() returns either NULL, or a unique
pointer value that can later be successfully passed to free().
So check for 0 and, if it is, abort by going to the label `fail`.
Patch by Paul Menzel <paulepanter AT users DOT sourceforge DOT net>
author | rathann |
---|---|
date | Wed, 04 Dec 2013 22:40:17 +0000 |
parents | 42d169fbee1d |
children | 7ab44001373e |
comparison
equal
deleted
inserted
replaced
90:9f5802d2767a | 91:23d412d59d62 |
---|---|
1184 | 1184 |
1185 if(vts_ptt_srpt->nr_of_srpts > info_length / sizeof(*data)) { | 1185 if(vts_ptt_srpt->nr_of_srpts > info_length / sizeof(*data)) { |
1186 fprintf(stderr, "libdvdread: PTT search table too small.\n"); | 1186 fprintf(stderr, "libdvdread: PTT search table too small.\n"); |
1187 goto fail; | 1187 goto fail; |
1188 } | 1188 } |
1189 | |
1190 if(vts_ptt_srpt->nr_of_srpts == 0) { | |
1191 fprintf(stderr, "libdvdread: Zero entries in PTT search table.\n"); | |
1192 goto fail; | |
1193 } | |
1194 | |
1189 for(i = 0; i < vts_ptt_srpt->nr_of_srpts; i++) { | 1195 for(i = 0; i < vts_ptt_srpt->nr_of_srpts; i++) { |
1190 /* Transformers 3 has PTT start bytes that point outside the SRPT PTT */ | 1196 /* Transformers 3 has PTT start bytes that point outside the SRPT PTT */ |
1191 uint32_t start = data[i]; | 1197 uint32_t start = data[i]; |
1192 B2N_32(start); | 1198 B2N_32(start); |
1193 if(start + sizeof(ptt_info_t) > vts_ptt_srpt->last_byte + 1) { | 1199 if(start + sizeof(ptt_info_t) > vts_ptt_srpt->last_byte + 1) { |