From a587eb0e3849a4937889cb14bdd14f677ad66c59 Mon Sep 17 00:00:00 2001 From: David Schleef Date: Sat, 26 Mar 2005 01:24:38 +0000 Subject: gst/librfb/gstrfbsrc.c: Check return values to avoid segfaults. Original commit message from CVS: * gst/librfb/gstrfbsrc.c: (gst_rfbsrc_get): Check return values to avoid segfaults. * gst/librfb/rfbbytestream.c: (rfb_bytestream_get), (rfb_bytestream_check), (rfb_bytestream_copy_nocheck), (rfb_bytestream_read), (rfb_bytestream_peek): * gst/librfb/rfbbytestream.h: * gst/librfb/rfbdecoder.c: (rfb_socket_get_buffer), (rfb_socket_send_buffer), (rfb_decoder_iterate), (rfb_decoder_state_wait_for_protocol_version), (rfb_decoder_state_wait_for_security), (rfb_decoder_state_wait_for_server_initialisation), (rfb_decoder_state_normal), (rfb_decoder_state_framebuffer_update): --- ChangeLog | 15 +++++++++++++++ gst/librfb/gstrfbsrc.c | 11 +++++++++-- gst/librfb/rfbbytestream.c | 22 +++++++++++++++++++--- gst/librfb/rfbbytestream.h | 2 ++ gst/librfb/rfbdecoder.c | 22 ++++++++++++++-------- 5 files changed, 59 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 28dbf8dd..64a9dc2b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,18 @@ +2005-03-25 David Schleef + + * gst/librfb/gstrfbsrc.c: (gst_rfbsrc_get): Check return values + to avoid segfaults. + * gst/librfb/rfbbytestream.c: (rfb_bytestream_get), + (rfb_bytestream_check), (rfb_bytestream_copy_nocheck), + (rfb_bytestream_read), (rfb_bytestream_peek): + * gst/librfb/rfbbytestream.h: + * gst/librfb/rfbdecoder.c: (rfb_socket_get_buffer), + (rfb_socket_send_buffer), (rfb_decoder_iterate), + (rfb_decoder_state_wait_for_protocol_version), + (rfb_decoder_state_wait_for_security), + (rfb_decoder_state_wait_for_server_initialisation), + (rfb_decoder_state_normal), (rfb_decoder_state_framebuffer_update): + 2005-03-23 till busch Reviewed by: Ronald S. Bultje diff --git a/gst/librfb/gstrfbsrc.c b/gst/librfb/gstrfbsrc.c index 99e3144c..80ea761a 100644 --- a/gst/librfb/gstrfbsrc.c +++ b/gst/librfb/gstrfbsrc.c @@ -443,6 +443,7 @@ gst_rfbsrc_get (GstPad * pad) gulong newsize; GstBuffer *buf; RfbDecoder *decoder; + int ret; GST_DEBUG ("gst_rfbsrc_get"); @@ -454,7 +455,10 @@ gst_rfbsrc_get (GstPad * pad) if (!decoder->inited) { while (!decoder->inited) { - rfb_decoder_iterate (decoder); + ret = rfb_decoder_iterate (decoder); + if (!ret) { + /* error */ + } } gst_pad_renegotiate (rfbsrc->srcpad); @@ -476,7 +480,10 @@ gst_rfbsrc_get (GstPad * pad) rfbsrc->go = TRUE; while (rfbsrc->go) { - rfb_decoder_iterate (decoder); + ret = rfb_decoder_iterate (decoder); + if (!ret) { + return GST_DATA (gst_event_new (GST_EVENT_EOS)); + } GST_DEBUG ("iterate...\n"); } diff --git a/gst/librfb/rfbbytestream.c b/gst/librfb/rfbbytestream.c index bcdc1b08..729851b0 100644 --- a/gst/librfb/rfbbytestream.c +++ b/gst/librfb/rfbbytestream.c @@ -2,6 +2,9 @@ #include #include +#include + + RfbBytestream * rfb_bytestream_new (void) { @@ -16,12 +19,14 @@ rfb_bytestream_get (RfbBytestream * bs, int len) buffer = bs->get_buffer (len, bs->user_data); if (buffer) { - g_print ("got buffer (%d bytes)\n", buffer->length); + GST_DEBUG ("got buffer (%d bytes)", buffer->length); bs->buffer_list = g_list_append (bs->buffer_list, buffer); bs->length += buffer->length; return len; + } else { + bs->disconnected = TRUE; } return 0; @@ -32,6 +37,8 @@ rfb_bytestream_check (RfbBytestream * bs, int len) { while (bs->length < len) { rfb_bytestream_get (bs, len - bs->length); + if (bs->disconnected) + return FALSE; } return TRUE; } @@ -50,7 +57,7 @@ rfb_bytestream_copy_nocheck (RfbBytestream * bs, RfbBuffer * buffer, int len) for (item = bs->buffer_list; item; item = g_list_next (item)) { frombuf = (RfbBuffer *) item->data; n = MIN (len, frombuf->length - first_offset); - g_print ("copying %d bytes from %p\n", n, frombuf); + GST_DEBUG ("copying %d bytes from %p", n, frombuf); memcpy (buffer->data + offset, frombuf->data + first_offset, n); first_offset = 0; len -= n; @@ -67,8 +74,14 @@ int rfb_bytestream_read (RfbBytestream * bs, RfbBuffer ** buffer, int len) { RfbBuffer *buf; + int ret; - rfb_bytestream_check (bs, len); + if (bs->disconnected) + return 0; + + ret = rfb_bytestream_check (bs, len); + if (!ret) + return 0; buf = rfb_buffer_new_and_alloc (len); rfb_bytestream_copy_nocheck (bs, buf, len); @@ -84,6 +97,9 @@ rfb_bytestream_peek (RfbBytestream * bs, RfbBuffer ** buffer, int len) { RfbBuffer *buf; + if (bs->disconnected) + return 0; + rfb_bytestream_check (bs, len); buf = rfb_buffer_new_and_alloc (len); diff --git a/gst/librfb/rfbbytestream.h b/gst/librfb/rfbbytestream.h index 8304169a..9f121948 100644 --- a/gst/librfb/rfbbytestream.h +++ b/gst/librfb/rfbbytestream.h @@ -18,6 +18,8 @@ struct _RfbBytestream GList *buffer_list; int length; int offset; + + int disconnected; }; diff --git a/gst/librfb/rfbdecoder.c b/gst/librfb/rfbdecoder.c index 0b35f494..b30dc34d 100644 --- a/gst/librfb/rfbdecoder.c +++ b/gst/librfb/rfbdecoder.c @@ -7,6 +7,8 @@ #include #include +#include + #if 0 struct _RfbSocketPrivate @@ -29,7 +31,7 @@ rfb_socket_get_buffer (int length, gpointer user_data) buffer->data = g_malloc (length); buffer->free_data = (void *) g_free; - g_print ("calling read(%d, %p, %d)\n", fd, buffer->data, length); + GST_DEBUG ("calling read(%d, %p, %d)", fd, buffer->data, length); ret = read (fd, buffer->data, length); if (ret <= 0) { g_critical ("read: %s", strerror (errno)); @@ -48,7 +50,7 @@ rfb_socket_send_buffer (guint8 * buffer, int length, gpointer user_data) int fd = GPOINTER_TO_INT (user_data); int ret; - g_print ("calling write(%d, %p, %d)\n", fd, buffer, length); + GST_DEBUG ("calling write(%d, %p, %d)", fd, buffer, length); ret = write (fd, buffer, length); if (ret < 0) { g_critical ("write: %s", strerror (errno)); @@ -125,7 +127,7 @@ rfb_decoder_iterate (RfbDecoder * decoder) decoder->state = rfb_decoder_state_wait_for_protocol_version; } - g_print ("iterating...\n"); + GST_DEBUG ("iterating..."); return decoder->state (decoder); } @@ -152,7 +154,7 @@ rfb_decoder_state_wait_for_protocol_version (RfbDecoder * decoder) data = buffer->data; g_assert (memcmp (buffer->data, "RFB 003.00", 10) == 0); - g_print ("\"%.11s\"\n", buffer->data); + GST_DEBUG ("\"%.11s\"", buffer->data); rfb_buffer_free (buffer); rfb_decoder_send (decoder, "RFB 003.003\n", 12); @@ -173,7 +175,7 @@ rfb_decoder_state_wait_for_security (RfbDecoder * decoder) return FALSE; decoder->security_type = RFB_GET_UINT32 (buffer->data); - g_print ("security = %d\n", decoder->security_type); + GST_DEBUG ("security = %d", decoder->security_type); rfb_buffer_free (buffer); @@ -220,8 +222,8 @@ rfb_decoder_state_wait_for_server_initialisation (RfbDecoder * decoder) decoder->green_shift = RFB_GET_UINT8 (data + 15); decoder->blue_shift = RFB_GET_UINT8 (data + 16); - g_print ("width: %d\n", decoder->width); - g_print ("height: %d\n", decoder->height); + GST_DEBUG ("width: %d", decoder->width); + GST_DEBUG ("height: %d", decoder->height); name_length = RFB_GET_UINT32 (data + 20); rfb_buffer_free (buffer); @@ -231,7 +233,7 @@ rfb_decoder_state_wait_for_server_initialisation (RfbDecoder * decoder) return FALSE; decoder->name = g_strndup ((char *) (buffer->data) + 24, name_length); - g_print ("name: %s\n", decoder->name); + GST_DEBUG ("name: %s", decoder->name); rfb_buffer_free (buffer); decoder->state = rfb_decoder_state_normal; @@ -248,6 +250,8 @@ rfb_decoder_state_normal (RfbDecoder * decoder) int message_type; ret = rfb_bytestream_read (decoder->bytestream, &buffer, 1); + if (ret < 1) + return FALSE; message_type = RFB_GET_UINT8 (buffer->data); switch (message_type) { @@ -280,6 +284,8 @@ rfb_decoder_state_framebuffer_update (RfbDecoder * decoder) int ret; ret = rfb_bytestream_read (decoder->bytestream, &buffer, 3); + if (ret < 3) + return FALSE; decoder->n_rects = RFB_GET_UINT16 (buffer->data + 1); decoder->state = rfb_decoder_state_framebuffer_update_rectangle; -- cgit v1.2.1