Bug Summary

File:build-analysis/../src/plugins/mp4/mp4ff/mp4tagupdate.c
Warning:line 181, column 8
Call to 'realloc' has an allocation size of 0 bytes

Annotated Source Code

1#include <stdlib.h>
2#include <string.h>
3#include "mp4ffint.h"
4
5#ifdef USE_TAGGING1
6
7uint32_t fix_byte_order_32(uint32_t src)
8{
9 uint32_t result;
10 uint32_t a, b, c, d;
11 int8_t data[4];
12
13 memcpy(data,&src,sizeof(src));
14 a = (uint8_t)data[0];
15 b = (uint8_t)data[1];
16 c = (uint8_t)data[2];
17 d = (uint8_t)data[3];
18
19 result = (a<<24) | (b<<16) | (c<<8) | d;
20 return (uint32_t)result;
21}
22
23uint16_t fix_byte_order_16(uint16_t src)
24{
25 uint16_t result;
26 uint16_t a, b;
27 int8_t data[2];
28
29 memcpy(data,&src,sizeof(src));
30 a = (uint8_t)data[0];
31 b = (uint8_t)data[1];
32
33 result = (a<<8) | b;
34 return (uint16_t)result;
35}
36
37
38typedef struct
39{
40 void * data;
41 unsigned written;
42 unsigned allocated;
43 unsigned error;
44} membuffer;
45
46unsigned membuffer_write(membuffer * buf,const void * ptr,unsigned bytes)
47{
48 unsigned dest_size = buf->written + bytes;
49
50 if (buf->error) return 0;
51 if (dest_size > buf->allocated)
52 {
53 do
54 {
55 buf->allocated <<= 1;
56 } while(dest_size > buf->allocated);
57
58 {
59 void * newptr = realloc(buf->data,buf->allocated);
60 if (newptr==0)
61 {
62 free(buf->data);
63 buf->data = 0;
64 buf->error = 1;
65 return 0;
66 }
67 buf->data = newptr;
68 }
69 }
70
71 if (ptr) memcpy((char*)buf->data + buf->written,ptr,bytes);
72 buf->written += bytes;
73 return bytes;
74}
75
76#define membuffer_write_datamembuffer_write membuffer_write
77
78unsigned membuffer_write_int32(membuffer * buf,uint32_t data)
79{
80 uint8_t temp[4] = {(uint8_t)(data>>24),(uint8_t)(data>>16),(uint8_t)(data>>8),(uint8_t)data};
81 return membuffer_write_datamembuffer_write(buf,temp,4);
82}
83
84unsigned membuffer_write_int24(membuffer * buf,uint32_t data)
85{
86 uint8_t temp[3] = {(uint8_t)(data>>16),(uint8_t)(data>>8),(uint8_t)data};
87 return membuffer_write_datamembuffer_write(buf,temp,3);
88}
89
90unsigned membuffer_write_int16(membuffer * buf,uint16_t data)
91{
92 uint8_t temp[2] = {(uint8_t)(data>>8),(uint8_t)data};
93 return membuffer_write_datamembuffer_write(buf,temp,2);
94}
95
96unsigned membuffer_write_atom_name(membuffer * buf,const char * data)
97{
98 return membuffer_write_datamembuffer_write(buf,data,4)==4 ? 1 : 0;
99}
100
101void membuffer_write_atom(membuffer * buf,const char * name,unsigned size,const void * data)
102{
103 membuffer_write_int32(buf,size + 8);
104 membuffer_write_atom_name(buf,name);
105 membuffer_write_datamembuffer_write(buf,data,size);
106}
107
108unsigned membuffer_write_string(membuffer * buf,const char * data)
109{
110 return membuffer_write_datamembuffer_write(buf,data,strlen(data));
111}
112
113unsigned membuffer_write_int8(membuffer * buf,uint8_t data)
114{
115 return membuffer_write_datamembuffer_write(buf,&data,1);
116}
117
118void * membuffer_get_ptr(const membuffer * buf)
119{
120 return buf->data;
121}
122
123unsigned membuffer_get_size(const membuffer * buf)
124{
125 return buf->written;
126}
127
128unsigned membuffer_error(const membuffer * buf)
129{
130 return buf->error;
131}
132
133void membuffer_set_error(membuffer * buf) {buf->error = 1;}
134
135unsigned membuffer_transfer_from_file(membuffer * buf,mp4ff_t * src,unsigned bytes)
136{
137 unsigned oldsize;
138 void * bufptr;
139
140 oldsize = membuffer_get_size(buf);
141 if (membuffer_write_datamembuffer_write(buf,0,bytes) != bytes) return 0;
142
143 bufptr = membuffer_get_ptr(buf);
144 if (bufptr==0) return 0;
145
146 if ((unsigned)mp4ff_read_data(src,(uint8_t *)bufptr + oldsize,bytes)!=bytes)
147 {
148 membuffer_set_error(buf);
149 return 0;
150 }
151
152 return bytes;
153}
154
155
156membuffer * membuffer_create(void)
157{
158 const unsigned initial_size = 256;
159
160 membuffer * buf = (membuffer *) malloc(sizeof(membuffer));
161 buf->data = malloc(initial_size);
162 buf->written = 0;
2
The value 0 is assigned to field 'written'
163 buf->allocated = initial_size;
164 buf->error = buf->data == 0 ? 1 : 0;
3
Assuming the condition is false
4
'?' condition is false
165
166 return buf;
167}
168
169void membuffer_free(membuffer * buf)
170{
171 if (buf->data) free(buf->data);
172 free(buf);
173}
174
175void * membuffer_detach(membuffer * buf)
176{
177 void * ret;
178
179 if (buf->error) return 0;
33
Taking false branch
180
181 ret = realloc(buf->data,buf->written);
34
Call to 'realloc' has an allocation size of 0 bytes
182
183 if (ret == 0) free(buf->data);
184
185 buf->data = 0;
186 buf->error = 1;
187
188 return ret;
189}
190
191#if 0
192/* metadata tag structure */
193typedef struct
194{
195 char *item;
196 char *value;
197} mp4ff_tag_t;
198
199/* metadata list structure */
200typedef struct
201{
202 mp4ff_tag_t *tags;
203 uint32_t count;
204} mp4ff_metadata_t;
205#endif
206
207typedef struct
208{
209 const char * atom;
210 const char * name;
211} stdmeta_entry;
212
213static stdmeta_entry stdmetas[] =
214{
215 {"\xA9" "nam","title"},
216 {"\xA9" "ART","artist"},
217 {"\xA9" "wrt","writer"},
218 {"\xA9" "alb","album"},
219 {"\xA9" "day","date"},
220 {"\xA9" "too","tool"},
221 {"\xA9" "cmt","comment"},
222// {"\xA9" "gen","genre"},
223 {"cpil","compilation"},
224// {"trkn","track"},
225// {"disk","disc"},
226// {"gnre","genre"},
227 {"covr","cover"},
228 /* added by AJS */
229 {"aART","album_artist"},
230};
231
232
233static const char* find_standard_meta(const char * name) //returns atom name if found, 0 if not
234{
235 unsigned n;
236 for(n=0;n<sizeof(stdmetas)/sizeof(stdmetas[0]);n++)
237 {
238 if (!stricmpstrcasecmp(name,stdmetas[n].name)) return stdmetas[n].atom;
239 }
240 return 0;
241}
242
243static void membuffer_write_track_tag(membuffer * buf,const char * name,uint32_t index,uint32_t total)
244{
245 membuffer_write_int32(buf,8 /*atom header*/ + 8 /*data atom header*/ + 8 /*flags + reserved*/ + 8 /*actual data*/ );
246 membuffer_write_atom_name(buf,name);
247 membuffer_write_int32(buf,8 /*data atom header*/ + 8 /*flags + reserved*/ + 8 /*actual data*/ );
248 membuffer_write_atom_name(buf,"data");
249 membuffer_write_int32(buf,0);//flags
250 membuffer_write_int32(buf,0);//reserved
251 membuffer_write_int16(buf,0);
252 membuffer_write_int16(buf,(uint16_t)index);//track number
253 membuffer_write_int16(buf,(uint16_t)total);//total tracks
254 membuffer_write_int16(buf,0);
255}
256
257static void membuffer_write_int16_tag(membuffer * buf,const char * name,uint16_t value)
258{
259 membuffer_write_int32(buf,8 /*atom header*/ + 8 /*data atom header*/ + 8 /*flags + reserved*/ + 2 /*actual data*/ );
260 membuffer_write_atom_name(buf,name);
261 membuffer_write_int32(buf,8 /*data atom header*/ + 8 /*flags + reserved*/ + 2 /*actual data*/ );
262 membuffer_write_atom_name(buf,"data");
263 membuffer_write_int32(buf,0);//flags
264 membuffer_write_int32(buf,0);//reserved
265 membuffer_write_int16(buf,value);//value
266}
267
268static void membuffer_write_std_tag(membuffer * buf,const char * name,const char * value)
269{
270 /* added by AJS */
271 uint32_t flags = 1;
272
273 /* special check for compilation flag */
274 if ( strcmp(name, "cpil") == 0)
275 {
276 flags = 21;
277 }
278
279 membuffer_write_int32(buf,8 /*atom header*/ + 8 /*data atom header*/ + 8 /*flags + reserved*/ + strlen(value) );
280 membuffer_write_atom_name(buf,name);
281 membuffer_write_int32(buf,8 /*data atom header*/ + 8 /*flags + reserved*/ + strlen(value));
282 membuffer_write_atom_name(buf,"data");
283 membuffer_write_int32(buf,flags);//flags
284 membuffer_write_int32(buf,0);//reserved
285 membuffer_write_datamembuffer_write(buf,value,strlen(value));
286}
287
288static void membuffer_write_custom_tag(membuffer * buf,const char * name,const char * value)
289{
290 membuffer_write_int32(buf,8 /*atom header*/ + 0x1C /*weirdo itunes atom*/ + 12 /*name atom header*/ + strlen(name) + 16 /*data atom header + flags*/ + strlen(value) );
291 membuffer_write_atom_name(buf,"----");
292 membuffer_write_int32(buf,0x1C);//weirdo itunes atom
293 membuffer_write_atom_name(buf,"mean");
294 membuffer_write_int32(buf,0);
295 membuffer_write_datamembuffer_write(buf,"com.apple.iTunes",16);
296 membuffer_write_int32(buf,12 + strlen(name));
297 membuffer_write_atom_name(buf,"name");
298 membuffer_write_int32(buf,0);
299 membuffer_write_datamembuffer_write(buf,name,strlen(name));
300 membuffer_write_int32(buf,8 /*data atom header*/ + 8 /*flags + reserved*/ + strlen(value));
301 membuffer_write_atom_name(buf,"data");
302 membuffer_write_int32(buf,1);//flags
303 membuffer_write_int32(buf,0);//reserved
304 membuffer_write_datamembuffer_write(buf,value,strlen(value));
305
306}
307
308static uint32_t myatoi(const char * param)
309{
310 return param ? atoi(param) : 0;
311}
312
313static uint32_t create_ilst(const mp4ff_metadata_t * data,void ** out_buffer,uint32_t * out_size)
314{
315 membuffer * buf = membuffer_create();
1
Calling 'membuffer_create'
5
Returning from 'membuffer_create'
316 unsigned metaptr;
317 char * mask = (char*)malloc(data->count);
318 memset(mask,0,data->count);
319
320 {
321 const char * tracknumber_ptr = 0, * totaltracks_ptr = 0;
322 const char * discnumber_ptr = 0, * totaldiscs_ptr = 0;
323 const char * genre_ptr = 0, * tempo_ptr = 0;
324 for(metaptr = 0; metaptr < data->count; metaptr++)
6
Loop condition is true. Entering loop body
21
Assuming the condition is false
22
Loop condition is false. Execution continues on line 360
325 {
326 mp4ff_tag_t * tag = &data->tags[metaptr];
327 if (!stricmpstrcasecmp(tag->item,"tracknumber") || !stricmpstrcasecmp(tag->item,"track"))
7
Assuming the condition is false
8
Assuming the condition is false
9
Taking false branch
328 {
329 if (tracknumber_ptr==0) tracknumber_ptr = tag->value;
330 mask[metaptr] = 1;
331 }
332 else if (!stricmpstrcasecmp(tag->item,"totaltracks"))
10
Assuming the condition is false
11
Taking false branch
333 {
334 if (totaltracks_ptr==0) totaltracks_ptr = tag->value;
335 mask[metaptr] = 1;
336 }
337 else if (!stricmpstrcasecmp(tag->item,"discnumber") || !stricmpstrcasecmp(tag->item,"disc"))
12
Assuming the condition is false
13
Assuming the condition is false
14
Taking false branch
338 {
339 if (discnumber_ptr==0) discnumber_ptr = tag->value;
340 mask[metaptr] = 1;
341 }
342 else if (!stricmpstrcasecmp(tag->item,"totaldiscs"))
15
Assuming the condition is false
16
Taking false branch
343 {
344 if (totaldiscs_ptr==0) totaldiscs_ptr = tag->value;
345 mask[metaptr] = 1;
346 }
347 else if (!stricmpstrcasecmp(tag->item,"genre"))
17
Assuming the condition is false
18
Taking false branch
348 {
349 if (genre_ptr==0) genre_ptr = tag->value;
350 mask[metaptr] = 1;
351 }
352 else if (!stricmpstrcasecmp(tag->item,"tempo"))
19
Assuming the condition is false
20
Taking false branch
353 {
354 if (tempo_ptr==0) tempo_ptr = tag->value;
355 mask[metaptr] = 1;
356 }
357
358 }
359
360 if (tracknumber_ptr) membuffer_write_track_tag(buf,"trkn",myatoi(tracknumber_ptr),myatoi(totaltracks_ptr));
23
Taking false branch
361 if (discnumber_ptr) membuffer_write_track_tag(buf,"disk",myatoi(discnumber_ptr),myatoi(totaldiscs_ptr));
24
Taking false branch
362 if (tempo_ptr) membuffer_write_int16_tag(buf,"tmpo",(uint16_t)myatoi(tempo_ptr));
25
Taking false branch
363
364 if (genre_ptr)
26
Taking false branch
365 {
366 uint32_t index = mp4ff_meta_genre_to_index(genre_ptr);
367 if (index==0)
368 membuffer_write_std_tag(buf,"©gen",genre_ptr);
369 else
370 membuffer_write_int16_tag(buf,"gnre",(uint16_t)index);
371 }
372 }
373
374 for(metaptr = 0; metaptr < data->count; metaptr++)
27
Loop condition is true. Entering loop body
30
Loop condition is false. Execution continues on line 391
375 {
376 if (!mask[metaptr])
28
Assuming the condition is false
29
Taking false branch
377 {
378 mp4ff_tag_t * tag = &data->tags[metaptr];
379 const char * std_meta_atom = find_standard_meta(tag->item);
380 if (std_meta_atom)
381 {
382 membuffer_write_std_tag(buf,std_meta_atom,tag->value);
383 }
384 else
385 {
386 membuffer_write_custom_tag(buf,tag->item,tag->value);
387 }
388 }
389 }
390
391 free(mask);
392
393 if (membuffer_error(buf))
31
Taking false branch
394 {
395 membuffer_free(buf);
396 return 0;
397 }
398
399 *out_size = membuffer_get_size(buf);
400 *out_buffer = membuffer_detach(buf);
32
Calling 'membuffer_detach'
401 membuffer_free(buf);
402
403 return 1;
404}
405
406static uint32_t find_atom(mp4ff_t * f,uint64_t base,uint32_t size,const char * name)
407{
408 uint32_t remaining = size;
409 uint64_t atom_offset = base;
410 for(;;)
411 {
412 uint8_t atom_name[4];
413 uint32_t atom_size;
414
415 mp4ff_set_position(f,atom_offset);
416
417 if (remaining < 8) break;
418 atom_size = mp4ff_read_int32(f);
419 if (atom_size > remaining || atom_size < 8) break;
420 mp4ff_read_data(f,atom_name,4);
421
422 if (!memcmp(atom_name,name,4))
423 {
424 mp4ff_set_position(f,atom_offset);
425 return 1;
426 }
427
428 remaining -= atom_size;
429 atom_offset += atom_size;
430 }
431 return 0;
432}
433
434static uint32_t find_atom_v2(mp4ff_t * f,uint64_t base,uint32_t size,const char * name,uint32_t extraheaders,const char * name_inside)
435{
436 uint64_t first_base = (uint64_t)(-1);
437 while(find_atom(f,base,size,name))//try to find atom <name> with atom <name_inside> in it
438 {
439 uint64_t mybase = mp4ff_position(f);
440 uint32_t mysize = mp4ff_read_int32(f);
441
442 if (first_base == (uint64_t)(-1)) first_base = mybase;
443
444 if (mysize < 8 + extraheaders) break;
445
446 if (find_atom(f,mybase+(8+extraheaders),mysize-(8+extraheaders),name_inside))
447 {
448 mp4ff_set_position(f,mybase);
449 return 2;
450 }
451 base += mysize;
452 if (size<=mysize) {size=0;break;}
453 size -= mysize;
454 }
455
456 if (first_base != (uint64_t)(-1))//wanted atom inside not found
457 {
458 mp4ff_set_position(f,first_base);
459 return 1;
460 }
461 else return 0;
462}
463
464static uint32_t create_meta(const mp4ff_metadata_t * data,void ** out_buffer,uint32_t * out_size)
465{
466 membuffer * buf;
467 uint32_t ilst_size;
468 void * ilst_buffer;
469
470 if (!create_ilst(data,&ilst_buffer,&ilst_size)) return 0;
471
472 buf = membuffer_create();
473
474 membuffer_write_int32(buf,0);
475 membuffer_write_atom(buf,"ilst",ilst_size,ilst_buffer);
476 free(ilst_buffer);
477
478 *out_size = membuffer_get_size(buf);
479 *out_buffer = membuffer_detach(buf);
480 membuffer_free(buf);
481 return 1;
482}
483
484static uint32_t create_udta(const mp4ff_metadata_t * data,void ** out_buffer,uint32_t * out_size)
485{
486 membuffer * buf;
487 uint32_t meta_size;
488 void * meta_buffer;
489
490 if (!create_meta(data,&meta_buffer,&meta_size)) return 0;
491
492 buf = membuffer_create();
493
494 membuffer_write_atom(buf,"meta",meta_size,meta_buffer);
495
496 free(meta_buffer);
497
498 *out_size = membuffer_get_size(buf);
499 *out_buffer = membuffer_detach(buf);
500 membuffer_free(buf);
501 return 1;
502}
503
504static uint32_t modify_moov(mp4ff_t * f,const mp4ff_metadata_t * data,void ** out_buffer,uint32_t * out_size)
505{
506 uint64_t total_base = f->moov_offset + 8;
507 uint32_t total_size = (uint32_t)(f->moov_size - 8);
508
509 uint64_t udta_offset,meta_offset,ilst_offset;
510 uint32_t udta_size, meta_size, ilst_size;
511
512 uint32_t new_ilst_size;
513 void * new_ilst_buffer;
514
515 uint8_t * p_out;
516 int32_t size_delta;
517
518
519 if (!find_atom_v2(f,total_base,total_size,"udta",0,"meta"))
520 {
521 membuffer * buf;
522 void * new_udta_buffer;
523 uint32_t new_udta_size;
524 if (!create_udta(data,&new_udta_buffer,&new_udta_size)) return 0;
525
526 buf = membuffer_create();
527 mp4ff_set_position(f,total_base);
528 membuffer_transfer_from_file(buf,f,total_size);
529
530 membuffer_write_atom(buf,"udta",new_udta_size,new_udta_buffer);
531
532 free(new_udta_buffer);
533
534 *out_size = membuffer_get_size(buf);
535 *out_buffer = membuffer_detach(buf);
536 membuffer_free(buf);
537 return 1;
538 }
539 else
540 {
541 udta_offset = mp4ff_position(f);
542 udta_size = mp4ff_read_int32(f);
543 if (!find_atom_v2(f,udta_offset+8,udta_size-8,"meta",4,"ilst"))
544 {
545 membuffer * buf;
546 void * new_meta_buffer;
547 uint32_t new_meta_size;
548 if (!create_meta(data,&new_meta_buffer,&new_meta_size)) return 0;
549
550 buf = membuffer_create();
551 mp4ff_set_position(f,total_base);
552 membuffer_transfer_from_file(buf,f,(uint32_t)(udta_offset - total_base));
553
554 membuffer_write_int32(buf,udta_size + 8 + new_meta_size);
555 membuffer_write_atom_name(buf,"udta");
556 membuffer_transfer_from_file(buf,f,udta_size);
557
558 membuffer_write_atom(buf,"meta",new_meta_size,new_meta_buffer);
559 free(new_meta_buffer);
560
561 *out_size = membuffer_get_size(buf);
562 *out_buffer = membuffer_detach(buf);
563 membuffer_free(buf);
564 return 1;
565 }
566 meta_offset = mp4ff_position(f);
567 meta_size = mp4ff_read_int32(f);
568 if (!find_atom(f,meta_offset+12,meta_size-12,"ilst")) return 0;//shouldn't happen, find_atom_v2 above takes care of it
569 ilst_offset = mp4ff_position(f);
570 ilst_size = mp4ff_read_int32(f);
571
572 if (!create_ilst(data,&new_ilst_buffer,&new_ilst_size)) return 0;
573
574 size_delta = new_ilst_size - (ilst_size - 8);
575
576 *out_size = total_size + size_delta;
577 *out_buffer = malloc(*out_size);
578 if (*out_buffer == 0)
579 {
580 free(new_ilst_buffer);
581 return 0;
582 }
583
584 p_out = (uint8_t*)*out_buffer;
585
586 mp4ff_set_position(f,total_base);
587 mp4ff_read_data(f,p_out,(uint32_t)(udta_offset - total_base )); p_out += (uint32_t)(udta_offset - total_base );
588 *(uint32_t*)p_out = fix_byte_order_32(mp4ff_read_int32(f) + size_delta); p_out += 4;
589 mp4ff_read_data(f,p_out,4); p_out += 4;
590 mp4ff_read_data(f,p_out,(uint32_t)(meta_offset - udta_offset - 8)); p_out += (uint32_t)(meta_offset - udta_offset - 8);
591 *(uint32_t*)p_out = fix_byte_order_32(mp4ff_read_int32(f) + size_delta); p_out += 4;
592 mp4ff_read_data(f,p_out,4); p_out += 4;
593 mp4ff_read_data(f,p_out,(uint32_t)(ilst_offset - meta_offset - 8)); p_out += (uint32_t)(ilst_offset - meta_offset - 8);
594 *(uint32_t*)p_out = fix_byte_order_32(mp4ff_read_int32(f) + size_delta); p_out += 4;
595 mp4ff_read_data(f,p_out,4); p_out += 4;
596
597 memcpy(p_out,new_ilst_buffer,new_ilst_size);
598 p_out += new_ilst_size;
599
600 mp4ff_set_position(f,ilst_offset + ilst_size);
601 mp4ff_read_data(f,p_out,(uint32_t)(total_size - (ilst_offset - total_base) - ilst_size));
602
603 free(new_ilst_buffer);
604 }
605 return 1;
606
607}
608
609int32_t mp4ff_meta_update(mp4ff_callback_t *f,const mp4ff_metadata_t * data)
610{
611 void * new_moov_data;
612 uint32_t new_moov_size;
613
614 mp4ff_t *ff = malloc(sizeof(mp4ff_t));
615
616 memset(ff, 0, sizeof(mp4ff_t));
617 ff->stream = f;
618 mp4ff_set_position(ff,0);
619
620 parse_atoms(ff,1);
621
622
623 if (!modify_moov(ff,data,&new_moov_data,&new_moov_size))
624 {
625 mp4ff_close(ff);
626 return 0;
627 }
628
629 /* copy moov atom to end of the file */
630 if (ff->last_atom != ATOM_MOOV1)
631 {
632 uint8_t *free_data = (uint8_t *)"free";
633
634 /* rename old moov to free */
635 mp4ff_set_position(ff, ff->moov_offset + 4);
636 mp4ff_write_data(ff, free_data, 4);
637
638 mp4ff_set_position(ff, ff->file_size);
639 mp4ff_write_int32(ff,new_moov_size + 8);
640 mp4ff_write_data(ff,(uint8_t *)"moov",4);
641 mp4ff_write_data(ff, new_moov_data, new_moov_size);
642 }
643 else
644 {
645 mp4ff_set_position(ff, ff->moov_offset);
646 mp4ff_write_int32(ff,new_moov_size + 8);
647 mp4ff_write_data(ff,(uint8_t *)"moov",4);
648 mp4ff_write_data(ff, new_moov_data, new_moov_size);
649 }
650
651 mp4ff_truncate(ff);
652
653 mp4ff_close(ff);
654 return 1;
655}
656#endif