Coverty fix: FEC unintended signed extension and resource leaks.

Review URL: https://webrtc-codereview.appspot.com/368010 git-svn-id: http://webrtc.googlecode.com/svn/trunk@1569 4adac7df-926f-26a2-2b94-8c16560cd09d
2012-01-30 13:05:29 +00:00 · 2012-01-30 13:05:29 +00:00 · 5dad00be52
commit 5dad00be52
parent d3b22c9356
2 changed files with 32 additions and 7 deletions
--- a/src/modules/rtp_rtcp/source/forward_error_correction_internal.cc
+++ b/src/modules/rtp_rtcp/source/forward_error_correction_internal.cc
@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2011 The WebRTC project authors. All Rights Reserved.
+ *  Copyright (c) 2012 The WebRTC project authors. All Rights Reserved.
 *
 *  Use of this source code is governed by a BSD-style license
 *  that can be found in the LICENSE file in the root of the source
@ -47,7 +47,8 @@ void FitSubMask(WebRtc_UWord16 numMaskBytes,
    if (numMaskBytes == numSubMaskBytes)
    {
        memcpy(packetMask,subMask,
-               numRows * numSubMaskBytes);
+               static_cast<WebRtc_UWord32>(numRows) *
+               static_cast<WebRtc_UWord32>(numSubMaskBytes));
    }
    else
    {
@ -369,7 +370,8 @@ void GeneratePacketMasks(int numMediaPackets,
        // Mask = (k,n-k), with protection factor = (n-k)/k,
        // where k = numMediaPackets, n=total#packets, (n-k)=numFecPackets.
        memcpy(packetMask, packetMaskTbl[numMediaPackets - 1][numFecPackets - 1],
-            numFecPackets * numMaskBytes);
+            static_cast<WebRtc_UWord32>(numFecPackets) *
+            static_cast<WebRtc_UWord32>(numMaskBytes));
    }
    else  //UEP case
    {
--- a/src/modules/rtp_rtcp/source/receiver_fec.cc
+++ b/src/modules/rtp_rtcp/source/receiver_fec.cc
@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2011 The WebRTC project authors. All Rights Reserved.
+ *  Copyright (c) 2012 The WebRTC project authors. All Rights Reserved.
 *
 *  Use of this source code is governed by a BSD-style license
 *  that can be found in the LICENSE file in the root of the source
@ -101,13 +101,17 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
      incomingRtpPacket[rtpHeader->header.headerLength] & 0x7f;

  // use the payloadType to decide if it's FEC or coded data
-  if(_payloadTypeFEC == payloadType) {
+  if (_payloadTypeFEC == payloadType) {
    receivedPacket->isFec = true;
    FECpacket = true;
    // We don't need to parse old FEC packets.
    // Old FEC packets are sent to jitter buffer as empty packets in the
    // callback in rtp_receiver_video.
-    if (oldPacket)  return 0;
+    if (oldPacket) {
+      delete receivedPacket->pkt;
+      delete receivedPacket;
+      return 0;
+    }
  } else {
    receivedPacket->isFec = false;
    FECpacket = false;
@ -126,6 +130,8 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
    if(timestampOffset != 0) {
      // timestampOffset should be 0, however, this is a valid error case in
      // the event of garbage payload.
+      delete receivedPacket->pkt;
+      delete receivedPacket;
      return -1;
    }

@ -136,11 +142,15 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
    // check next RED header
    if(incomingRtpPacket[rtpHeader->header.headerLength+4] & 0x80) {
      // more than 2 blocks in packet not supported
+      delete receivedPacket->pkt;
+      delete receivedPacket;
      assert(false);
      return -1;
    }
    if(blockLength > payloadDataLength - REDHeaderLength) {
      // block length longer than packet
+      delete receivedPacket->pkt;
+      delete receivedPacket;
      assert(false);
      return -1;
    }
@ -216,6 +226,10 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
  }

  if(receivedPacket->pkt->length == 0) {
+    if (secondReceivedPacket) {
+      delete secondReceivedPacket->pkt;
+    }
+    delete secondReceivedPacket;
    delete receivedPacket->pkt;
    delete receivedPacket;
    return 0;
@ -225,9 +239,18 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
  // received list for FEC decoding (we don't do FEC decoding on old packets).
  if (oldPacket && receivedPacket->isFec == false) {
    if (ParseAndReceivePacket(receivedPacket->pkt) != 0) {
+      if (secondReceivedPacket) {
+        delete secondReceivedPacket->pkt;
+      }
+      delete secondReceivedPacket;
+      delete receivedPacket->pkt;
+      delete receivedPacket;
      return -1;
    }
-
+    if (secondReceivedPacket) {
+      delete secondReceivedPacket->pkt;
+    }
+    delete secondReceivedPacket;
    delete receivedPacket->pkt;
    delete receivedPacket;
  } else {