| Commit message (Collapse) | Author | Files | Lines |
|
|
|
The function decodeFirstFrame() allocates memory based on data from
the mp3 header. This can make the buffer size allocation overflow, or
lead to a DoS attack with a very large buffer. Cap this buffer at 8
million frames, which should really be enough for reasonable files.
|
|
A crafted mp4 file could cause an integer overflow in mp4_decode
function in src/inputPlugins/mp4_plugin.c. mp4ff_num_samples()
function returns some tainted value. sizeof(float) * numSamples is an
integer overflow operation if numSamples is too huge, so xmalloc will
allocate a small memory region. I constructe a mp4 file, and use
faad2 to open the file. mp4ff_num_samples() returns -1. So I think mpd
bears from the same problem.
|
|
The previous patch enabled these warnings. In Eric's branch, they
were worked around with a generic deconst_ptr() function. There are
several places where we can add "const" to pointers, and in others,
libraries want non-const strings. In the latter, convert string
literals to "static char[]" variables - this takes the same space, and
seems safer than deconsting a string literal.
|
|
During the tag library refactoring, the shout plugin was disabled, and
I forgot about adapting it to the new API. Apply the same fixes to
the oggflac decoder plugin.
|
|
Since tag_new() uses xmalloc(), it cannot fail - if we're really out
of memory, the process will abort.
|
|
|
|
Getting rid of CamelCase; not having typedefs also allows us to
forward-declare the structures.
|
|
|
|
Fix lots of "unused parameter" warnings in the OggFLAC decoder
plugin. Not sure if anybody uses it anymore, since newer libflac
obsoletes it.
|
|
Also introduce MUTEFRAME_NONE; previously, the code used "0".
|
|
|
|
The old code called can_seek() with the uninitialized pointer
"isp.is". Has this ever worked? Anyway, initialize "isp" first, then
call can_seek(&isp).
|
|
Move everything related to finding and initializing the WVC stream to
wavpack_open_wvc(). This greatly simplifies its error handling and
the function wavpack_streamdecode().
|
|
Return early when the player thread sent us a command. This saves one
level of indentation.
|
|
If the input stream is not seekable, the try_decode() function
consumes valuable data, which is not available to the decode()
function anymore. This means that the decode() function does not
parse the header correctly. Better skip the detection if we cannot
seek. Or implement better buffering, something like unread() or
buffered rewind().
|
|
The return value of audio_linear_dither() is always casted to
mpd_sint16. Returning long does not make sense, and consumed 8 bytes
on a 64 bit platform.
|
|
The output buffer always contains mpd_sint16; declaring it with that
type saves several casts.
|
|
The previous patch removed all loop specific dependencies from the
num_samples formula; we can now calculate it before entering the loop.
|
|
The output buffer is always flushed after being appended to, which
allows us to assume it is always empty. Always start writing at
outputBuffer, don't remember outputPtr.
|
|
The previous patch made mp3Read() flush the output buffer in every
iteration, which means we can eliminate the flush check after invoking
mp3Read().
|
|
Since we try to fill the buffer in every iteration, we assume that we
should flush the output buffer at the end of each iteration.
|
|
Fill the whole output buffer at a time by using dither_buffer()'s
ability to decode blocks. Calculate how many samples fit into the
output buffer before each invocation.
|
|
Simplifying loops for performance: why check dropSamplesAtEnd in every
iteration, when we could modify the loop boundary? The (writable)
variable samplesLeft can be eliminated; add a write-once variable
pcm_length instead, which is used for the loop condition.
|
|
The variable samplesPerFrame is used only in one single closure. Make
it local to this closure. The compiler will probably convert it to a
register anyway.
|
|
|
|
Preparing for simplifying and thus speeding up the dithering code:
moved dithering to a separate function which contains a trivial loop.
With this patch, only one sample is dithered at a time, but the
following patches will allow us to dither a whole block at a time,
without complicated buffer length checks.
|
|
Performance improvement by moving stuff out of a loop: skip part of
the first frame before entering the loop.
|
|
Copy some code from aac_decode() to aac_stream_decode() and apply
necessary changes to allow streaming audio data. Both functions might
be merged later.
|
|
initAacBuffer() should really only initialize the buffer; currently,
it also reads data from the input stream and parses the header. All
of the AAC buffer code should probably be moved to a separate library
anyway.
|
|
The AAC plugin sometimes does not check the length of available data
when checking for magic prefixes. Add length checks.
|
|
Eliminate some duplicated code by using fillAacBuffer().
|
|
Find AAC frames in the input and skip invalid data. This prepares AAC
streaming.
|
|
adts_check_frame() checks whether the buffer head is an AAC frame, and
returns the frame length.
|
|
Shifting from the buffer queue is a common operation, and should be
provided as a separate function. Move code to aac_buffer_shift() and
add a bunch of assertions.
|
|
When checking for EOF, we should not check whether the read request
has been fully satisified. The InputStream API does not guarantee
that readFromInputStream() always fills the whole buffer, if EOF is
not reached. Since there is the function inputStreamAtEOF() dedicated
for this purpose, we should use it for EOF checking after
readFromInputStream()==0.
|
|
Fill the AacBuffer even when nothing has been consumed yet. The
function should not check for consumed data, but for free space at the
end of the buffer.
|
|
Return instead of putting all the code into a if-closure. That saves
one level of indentation.
|
|
adtsParse() always returns 1, and its caller does not use the return
value.
|
|
|
|
Since we eliminated the parameters retFileread and retTagsize in all
callers, we can now safely remove it from the function prototype.
|
|
|
|
Anonymous code blocks just to declare variables look ugly. Move the
variable declarations up and disband the code block.
|
|
Similar to previous patch: eliminate one variable by using "break".
This also simplifies the code since we can remove one level of indent.
[ew: rewritten to match current API]
|
|
"break" is so much easier than "eof=1; continue;", when "!eof" is the
loop condition.
|
|
Include only headers which are really required. This speeds up
compilation and helps detect cross-layer accesses.
[ew: minor fixups to not break on new core]
|
|
Also enable -Wunused-parameter - this forces us to add the gcc
"unused" attribute to a lot of parameters (mostly library callback
functions), but it's worth it during code refactorizations.
|
|
This has been tested for both playback of streams and
outputting to streams, and seems to work fine with minimal
locking. This reuses the sequence number infrastructure
in OutputBuffer for synchronizing metadata payloads; so
(IMNSHO) should be much more understandable than various
flags being set here and there..
It could still use some cleanup and much testing, but
synchronization issues should be minimal.
|
|
data->muteFrame won't necessarily get cleared when it
enters that block of code, so we don't signal the action
as complete until it is actually cleared.
|
|
We spawned the output buffer thread before daemonizing in
initPlayerData(), which is ultra bad because daemonizes forks
and threads are not preserved on exit. Since playerData has
been stripped bare by this core-rewrite anyways, move this code
into the outputBuffer_* group and drop playerData.[ch]
completely
I completely forgot to test this :<
|