Coverty fix: FEC unintended signed extension and resource leaks.

Review URL: https://webrtc-codereview.appspot.com/368010

git-svn-id: http://webrtc.googlecode.com/svn/trunk@1569 4adac7df-926f-26a2-2b94-8c16560cd09d
This commit is contained in:
pwestin@webrtc.org 2012-01-30 13:05:29 +00:00
parent d3b22c9356
commit 5dad00be52
2 changed files with 32 additions and 7 deletions

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2011 The WebRTC project authors. All Rights Reserved.
* Copyright (c) 2012 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
@ -47,7 +47,8 @@ void FitSubMask(WebRtc_UWord16 numMaskBytes,
if (numMaskBytes == numSubMaskBytes)
{
memcpy(packetMask,subMask,
numRows * numSubMaskBytes);
static_cast<WebRtc_UWord32>(numRows) *
static_cast<WebRtc_UWord32>(numSubMaskBytes));
}
else
{
@ -369,7 +370,8 @@ void GeneratePacketMasks(int numMediaPackets,
// Mask = (k,n-k), with protection factor = (n-k)/k,
// where k = numMediaPackets, n=total#packets, (n-k)=numFecPackets.
memcpy(packetMask, packetMaskTbl[numMediaPackets - 1][numFecPackets - 1],
numFecPackets * numMaskBytes);
static_cast<WebRtc_UWord32>(numFecPackets) *
static_cast<WebRtc_UWord32>(numMaskBytes));
}
else //UEP case
{

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2011 The WebRTC project authors. All Rights Reserved.
* Copyright (c) 2012 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
@ -107,7 +107,11 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
// We don't need to parse old FEC packets.
// Old FEC packets are sent to jitter buffer as empty packets in the
// callback in rtp_receiver_video.
if (oldPacket) return 0;
if (oldPacket) {
delete receivedPacket->pkt;
delete receivedPacket;
return 0;
}
} else {
receivedPacket->isFec = false;
FECpacket = false;
@ -126,6 +130,8 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
if(timestampOffset != 0) {
// timestampOffset should be 0, however, this is a valid error case in
// the event of garbage payload.
delete receivedPacket->pkt;
delete receivedPacket;
return -1;
}
@ -136,11 +142,15 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
// check next RED header
if(incomingRtpPacket[rtpHeader->header.headerLength+4] & 0x80) {
// more than 2 blocks in packet not supported
delete receivedPacket->pkt;
delete receivedPacket;
assert(false);
return -1;
}
if(blockLength > payloadDataLength - REDHeaderLength) {
// block length longer than packet
delete receivedPacket->pkt;
delete receivedPacket;
assert(false);
return -1;
}
@ -216,6 +226,10 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
}
if(receivedPacket->pkt->length == 0) {
if (secondReceivedPacket) {
delete secondReceivedPacket->pkt;
}
delete secondReceivedPacket;
delete receivedPacket->pkt;
delete receivedPacket;
return 0;
@ -225,9 +239,18 @@ WebRtc_Word32 ReceiverFEC::AddReceivedFECPacket(
// received list for FEC decoding (we don't do FEC decoding on old packets).
if (oldPacket && receivedPacket->isFec == false) {
if (ParseAndReceivePacket(receivedPacket->pkt) != 0) {
if (secondReceivedPacket) {
delete secondReceivedPacket->pkt;
}
delete secondReceivedPacket;
delete receivedPacket->pkt;
delete receivedPacket;
return -1;
}
if (secondReceivedPacket) {
delete secondReceivedPacket->pkt;
}
delete secondReceivedPacket;
delete receivedPacket->pkt;
delete receivedPacket;
} else {