Commit a587eb0e authored by David Schleef's avatar David Schleef

gst/librfb/gstrfbsrc.c: Check return values to avoid segfaults.

Original commit message from CVS:
* gst/librfb/gstrfbsrc.c: (gst_rfbsrc_get): Check return values
to avoid segfaults.
* gst/librfb/rfbbytestream.c: (rfb_bytestream_get),
(rfb_bytestream_check), (rfb_bytestream_copy_nocheck),
(rfb_bytestream_read), (rfb_bytestream_peek):
* gst/librfb/rfbbytestream.h:
* gst/librfb/rfbdecoder.c: (rfb_socket_get_buffer),
(rfb_socket_send_buffer), (rfb_decoder_iterate),
(rfb_decoder_state_wait_for_protocol_version),
(rfb_decoder_state_wait_for_security),
(rfb_decoder_state_wait_for_server_initialisation),
(rfb_decoder_state_normal), (rfb_decoder_state_framebuffer_update):
parent 808f0f53
2005-03-25 David Schleef <ds@schleef.org>
* gst/librfb/gstrfbsrc.c: (gst_rfbsrc_get): Check return values
to avoid segfaults.
* gst/librfb/rfbbytestream.c: (rfb_bytestream_get),
(rfb_bytestream_check), (rfb_bytestream_copy_nocheck),
(rfb_bytestream_read), (rfb_bytestream_peek):
* gst/librfb/rfbbytestream.h:
* gst/librfb/rfbdecoder.c: (rfb_socket_get_buffer),
(rfb_socket_send_buffer), (rfb_decoder_iterate),
(rfb_decoder_state_wait_for_protocol_version),
(rfb_decoder_state_wait_for_security),
(rfb_decoder_state_wait_for_server_initialisation),
(rfb_decoder_state_normal), (rfb_decoder_state_framebuffer_update):
2005-03-23 till busch <buti@gmx.at>
Reviewed by: Ronald S. Bultje <rbultje@ronald.bitfreak.net>
......
......@@ -443,6 +443,7 @@ gst_rfbsrc_get (GstPad * pad)
gulong newsize;
GstBuffer *buf;
RfbDecoder *decoder;
int ret;
GST_DEBUG ("gst_rfbsrc_get");
......@@ -454,7 +455,10 @@ gst_rfbsrc_get (GstPad * pad)
if (!decoder->inited) {
while (!decoder->inited) {
rfb_decoder_iterate (decoder);
ret = rfb_decoder_iterate (decoder);
if (!ret) {
/* error */
}
}
gst_pad_renegotiate (rfbsrc->srcpad);
......@@ -476,7 +480,10 @@ gst_rfbsrc_get (GstPad * pad)
rfbsrc->go = TRUE;
while (rfbsrc->go) {
rfb_decoder_iterate (decoder);
ret = rfb_decoder_iterate (decoder);
if (!ret) {
return GST_DATA (gst_event_new (GST_EVENT_EOS));
}
GST_DEBUG ("iterate...\n");
}
......
......@@ -2,6 +2,9 @@
#include <rfbbytestream.h>
#include <string.h>
#include <gst/gst.h>
RfbBytestream *
rfb_bytestream_new (void)
{
......@@ -16,12 +19,14 @@ rfb_bytestream_get (RfbBytestream * bs, int len)
buffer = bs->get_buffer (len, bs->user_data);
if (buffer) {
g_print ("got buffer (%d bytes)\n", buffer->length);
GST_DEBUG ("got buffer (%d bytes)", buffer->length);
bs->buffer_list = g_list_append (bs->buffer_list, buffer);
bs->length += buffer->length;
return len;
} else {
bs->disconnected = TRUE;
}
return 0;
......@@ -32,6 +37,8 @@ rfb_bytestream_check (RfbBytestream * bs, int len)
{
while (bs->length < len) {
rfb_bytestream_get (bs, len - bs->length);
if (bs->disconnected)
return FALSE;
}
return TRUE;
}
......@@ -50,7 +57,7 @@ rfb_bytestream_copy_nocheck (RfbBytestream * bs, RfbBuffer * buffer, int len)
for (item = bs->buffer_list; item; item = g_list_next (item)) {
frombuf = (RfbBuffer *) item->data;
n = MIN (len, frombuf->length - first_offset);
g_print ("copying %d bytes from %p\n", n, frombuf);
GST_DEBUG ("copying %d bytes from %p", n, frombuf);
memcpy (buffer->data + offset, frombuf->data + first_offset, n);
first_offset = 0;
len -= n;
......@@ -67,8 +74,14 @@ int
rfb_bytestream_read (RfbBytestream * bs, RfbBuffer ** buffer, int len)
{
RfbBuffer *buf;
int ret;
rfb_bytestream_check (bs, len);
if (bs->disconnected)
return 0;
ret = rfb_bytestream_check (bs, len);
if (!ret)
return 0;
buf = rfb_buffer_new_and_alloc (len);
rfb_bytestream_copy_nocheck (bs, buf, len);
......@@ -84,6 +97,9 @@ rfb_bytestream_peek (RfbBytestream * bs, RfbBuffer ** buffer, int len)
{
RfbBuffer *buf;
if (bs->disconnected)
return 0;
rfb_bytestream_check (bs, len);
buf = rfb_buffer_new_and_alloc (len);
......
......@@ -18,6 +18,8 @@ struct _RfbBytestream
GList *buffer_list;
int length;
int offset;
int disconnected;
};
......
......@@ -7,6 +7,8 @@
#include <arpa/inet.h>
#include <errno.h>
#include <gst/gst.h>
#if 0
struct _RfbSocketPrivate
......@@ -29,7 +31,7 @@ rfb_socket_get_buffer (int length, gpointer user_data)
buffer->data = g_malloc (length);
buffer->free_data = (void *) g_free;
g_print ("calling read(%d, %p, %d)\n", fd, buffer->data, length);
GST_DEBUG ("calling read(%d, %p, %d)", fd, buffer->data, length);
ret = read (fd, buffer->data, length);
if (ret <= 0) {
g_critical ("read: %s", strerror (errno));
......@@ -48,7 +50,7 @@ rfb_socket_send_buffer (guint8 * buffer, int length, gpointer user_data)
int fd = GPOINTER_TO_INT (user_data);
int ret;
g_print ("calling write(%d, %p, %d)\n", fd, buffer, length);
GST_DEBUG ("calling write(%d, %p, %d)", fd, buffer, length);
ret = write (fd, buffer, length);
if (ret < 0) {
g_critical ("write: %s", strerror (errno));
......@@ -125,7 +127,7 @@ rfb_decoder_iterate (RfbDecoder * decoder)
decoder->state = rfb_decoder_state_wait_for_protocol_version;
}
g_print ("iterating...\n");
GST_DEBUG ("iterating...");
return decoder->state (decoder);
}
......@@ -152,7 +154,7 @@ rfb_decoder_state_wait_for_protocol_version (RfbDecoder * decoder)
data = buffer->data;
g_assert (memcmp (buffer->data, "RFB 003.00", 10) == 0);
g_print ("\"%.11s\"\n", buffer->data);
GST_DEBUG ("\"%.11s\"", buffer->data);
rfb_buffer_free (buffer);
rfb_decoder_send (decoder, "RFB 003.003\n", 12);
......@@ -173,7 +175,7 @@ rfb_decoder_state_wait_for_security (RfbDecoder * decoder)
return FALSE;
decoder->security_type = RFB_GET_UINT32 (buffer->data);
g_print ("security = %d\n", decoder->security_type);
GST_DEBUG ("security = %d", decoder->security_type);
rfb_buffer_free (buffer);
......@@ -220,8 +222,8 @@ rfb_decoder_state_wait_for_server_initialisation (RfbDecoder * decoder)
decoder->green_shift = RFB_GET_UINT8 (data + 15);
decoder->blue_shift = RFB_GET_UINT8 (data + 16);
g_print ("width: %d\n", decoder->width);
g_print ("height: %d\n", decoder->height);
GST_DEBUG ("width: %d", decoder->width);
GST_DEBUG ("height: %d", decoder->height);
name_length = RFB_GET_UINT32 (data + 20);
rfb_buffer_free (buffer);
......@@ -231,7 +233,7 @@ rfb_decoder_state_wait_for_server_initialisation (RfbDecoder * decoder)
return FALSE;
decoder->name = g_strndup ((char *) (buffer->data) + 24, name_length);
g_print ("name: %s\n", decoder->name);
GST_DEBUG ("name: %s", decoder->name);
rfb_buffer_free (buffer);
decoder->state = rfb_decoder_state_normal;
......@@ -248,6 +250,8 @@ rfb_decoder_state_normal (RfbDecoder * decoder)
int message_type;
ret = rfb_bytestream_read (decoder->bytestream, &buffer, 1);
if (ret < 1)
return FALSE;
message_type = RFB_GET_UINT8 (buffer->data);
switch (message_type) {
......@@ -280,6 +284,8 @@ rfb_decoder_state_framebuffer_update (RfbDecoder * decoder)
int ret;
ret = rfb_bytestream_read (decoder->bytestream, &buffer, 3);
if (ret < 3)
return FALSE;
decoder->n_rects = RFB_GET_UINT16 (buffer->data + 1);
decoder->state = rfb_decoder_state_framebuffer_update_rectangle;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment