Bug Summary

File:libs/opus-1.1-p2/tests/test_opus_padding.c
Location:line 53, column 5
Description:Potential leak of memory pointed to by 'out'

Annotated Source Code

1/* Copyright (c) 2012 Xiph.Org Foundation
2 Written by Jüri Aedla and Ralph Giles */
3/*
4 Redistribution and use in source and binary forms, with or without
5 modification, are permitted provided that the following conditions
6 are met:
7
8 - Redistributions of source code must retain the above copyright
9 notice, this list of conditions and the following disclaimer.
10
11 - Redistributions in binary form must reproduce the above copyright
12 notice, this list of conditions and the following disclaimer in the
13 documentation and/or other materials provided with the distribution.
14
15 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
18 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
19 OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
20 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
22 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
23 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
24 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26*/
27
28/* Check for overflow in reading the padding length.
29 * http://lists.xiph.org/pipermail/opus/2012-November/001834.html
30 */
31
32#include <stdio.h>
33#include <stdlib.h>
34#include <string.h>
35#include "opus.h"
36#include "test_opus_common.h"
37
38#define PACKETSIZE16909318 16909318
39#define CHANNELS2 2
40#define FRAMESIZE5760 5760
41
42int test_overflow(void)
43{
44 OpusDecoder *decoder;
45 int result;
46 int error;
47
48 unsigned char *in = malloc(PACKETSIZE16909318);
49 opus_int16 *out = malloc(FRAMESIZE5760*CHANNELS2*sizeof(*out));
4
Memory is allocated
50
51 fprintf(stderrstderr, " Checking for padding overflow... ");
52 if (!in || !out) {
5
Assuming 'in' is null
53 fprintf(stderrstderr, "FAIL (out of memory)\n");
6
Potential leak of memory pointed to by 'out'
54 return -1;
55 }
56 in[0] = 0xff;
57 in[1] = 0x41;
58 memset(in + 2, 0xff, PACKETSIZE16909318 - 3);
59 in[PACKETSIZE16909318-1] = 0x0b;
60
61 decoder = opus_decoder_create(48000, CHANNELS2, &error);
62 result = opus_decode(decoder, in, PACKETSIZE16909318, out, FRAMESIZE5760, 0);
63 opus_decoder_destroy(decoder);
64
65 free(in);
66 free(out);
67
68 if (result != OPUS_INVALID_PACKET-4) {
69 fprintf(stderrstderr, "FAIL!\n");
70 test_failed()_test_failed("tests/test_opus_padding.c", 70);;
71 }
72
73 fprintf(stderrstderr, "OK.\n");
74
75 return 1;
76}
77
78int main(void)
79{
80 const char *oversion;
81 int tests = 0;;
82
83 iseed = 0;
84 oversion = opus_get_version_string();
85 if (!oversion) test_failed()_test_failed("tests/test_opus_padding.c", 85);;
1
Assuming 'oversion' is non-null
2
Taking false branch
86 fprintf(stderrstderr, "Testing %s padding.\n", oversion);
87
88 tests += test_overflow();
3
Calling 'test_overflow'
89
90 fprintf(stderrstderr, "All padding tests passed.\n");
91
92 return 0;
93}