From 5dad00be5277fa1fb4fde64f32e53459bd863978 Mon Sep 17 00:00:00 2001
From: "pwestin@webrtc.org"
 <pwestin@webrtc.org@4adac7df-926f-26a2-2b94-8c16560cd09d>
Date: Mon, 30 Jan 2012 13:05:29 +0000
Subject: [PATCH] Coverty fix: FEC unintended signed extension and resource
 leaks. Review URL: https://webrtc-codereview.appspot.com/368010

git-svn-id: http://webrtc.googlecode.com/svn/trunk@1569 4adac7df-926f-26a2-2b94-8c16560cd09d
---
 .../forward_error_correction_internal.cc      |  8 +++--
 src/modules/rtp_rtcp/source/receiver_fec.cc   | 31 ++++++++++++++++---
 2 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/src/modules/rtp_rtcp/source/forward_error_correction_internal.cc b/src/modules/rtp_rtcp/source/forward_error_correction_internal.cc
index 0217c165d..e2bf46169 100644
--- a/src/modules/rtp_rtcp/source/forward_error_correction_internal.cc
+++ b/src/modules/rtp_rtcp/source/forward_error_correction_internal.cc
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2011 The WebRTC project authors. All Rights Reserved.
+ *  Copyright (c) 2012 The WebRTC project authors. All Rights Reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
@@ -47,7 +47,8 @@ void FitSubMask(WebRtc_UWord16 numMaskBytes,
     if (numMaskBytes == numSubMaskBytes)
     {
         memcpy(packetMask,subMask,
-               numRows * numSubMaskBytes);
+               static_cast<WebRtc_UWord32>(numRows) *
+               static_cast<WebRtc_UWord32>(numSubMaskBytes));
     }
     else
     {
@@ -369,7 +370,8 @@ void GeneratePacketMasks(int numMediaPackets,
         // Mask = (k,n-k), with protection factor = (n-k)/k,
         // where k = numMediaPackets, n=total#packets, (n-k)=numFecPackets.
         memcpy(packetMask, packetMaskTbl[numMediaPackets - 1][numFecPackets - 1],
-            numFecPackets * numMaskBytes);
+            static_cast<WebRtc_UWord32>(numFecPackets) *
+            static_cast<WebRtc_UWord32>(numMaskBytes));
     }
     else  //UEP case
     {
diff --git a/src/modules/rtp_rtcp/source/receiver_fec.cc b/src/modules/rtp_rtcp/source/receiver_fec.cc
index 2a8820836..b2fe0b606 100644
--- a/src/modules/rtp_rtcp/source/receiver_fec.cc
+++ b/src/modules/rtp_rtcp/source/receiver_fec.cc
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2011 The WebRTC project authors. All Rights Reserved.
+ *  Copyright (c) 2012 The WebRTC project authors. All Rights Reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
@@ -101,13 +101,17 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
       incomingRtpPacket[rtpHeader->header.headerLength] & 0x7f;
 
   // use the payloadType to decide if it's FEC or coded data
-  if(_payloadTypeFEC == payloadType) {
+  if (_payloadTypeFEC == payloadType) {
     receivedPacket->isFec = true;
     FECpacket = true;
     // We don't need to parse old FEC packets.
     // Old FEC packets are sent to jitter buffer as empty packets in the
     // callback in rtp_receiver_video.
-    if (oldPacket)  return 0;
+    if (oldPacket) {
+      delete receivedPacket->pkt;
+      delete receivedPacket;
+      return 0;
+    }
   } else {
     receivedPacket->isFec = false;
     FECpacket = false;
@@ -126,6 +130,8 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
     if(timestampOffset != 0) {
       // timestampOffset should be 0, however, this is a valid error case in
       // the event of garbage payload.
+      delete receivedPacket->pkt;
+      delete receivedPacket;
       return -1;
     }
 
@@ -136,11 +142,15 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
     // check next RED header
     if(incomingRtpPacket[rtpHeader->header.headerLength+4] & 0x80) {
       // more than 2 blocks in packet not supported
+      delete receivedPacket->pkt;
+      delete receivedPacket;
       assert(false);
       return -1;
     }
     if(blockLength > payloadDataLength - REDHeaderLength) {
       // block length longer than packet
+      delete receivedPacket->pkt;
+      delete receivedPacket;
       assert(false);
       return -1;
     }
@@ -216,6 +226,10 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
   }
 
   if(receivedPacket->pkt->length == 0) {
+    if (secondReceivedPacket) {
+      delete secondReceivedPacket->pkt;
+    }
+    delete secondReceivedPacket;
     delete receivedPacket->pkt;
     delete receivedPacket;
     return 0;
@@ -225,9 +239,18 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
   // received list for FEC decoding (we don't do FEC decoding on old packets).
   if (oldPacket && receivedPacket->isFec == false) {
     if (ParseAndReceivePacket(receivedPacket->pkt) != 0) {
+      if (secondReceivedPacket) {
+        delete secondReceivedPacket->pkt;
+      }
+      delete secondReceivedPacket;
+      delete receivedPacket->pkt;
+      delete receivedPacket;
       return -1;
     }
-
+    if (secondReceivedPacket) {
+      delete secondReceivedPacket->pkt;
+    }
+    delete secondReceivedPacket;
     delete receivedPacket->pkt;
     delete receivedPacket;
   } else {