From 819e04c7a1958a1c4378d914b38bddaf248d9fc0 Mon Sep 17 00:00:00 2001
From: Jaroslav Kysela <perex@perex.cz>
Date: Wed, 13 Mar 2019 14:19:12 +0100
Subject: [PATCH] axfer: coverity fixes

- container-voc.c - out of array access
- container-voc.c - handle correctly eof
- frame_cache.c - correct memory allocation
- container.c - byte_count might be used uninitialized
- xfer-libasound-irq-mmap.c - fix avail signess
- xfer-options.c - fix potential 32-bit wrap for duration

Signed-off-by: Jaroslav Kysela <perex@perex.cz>
---
 axfer/container-voc.c           | 32 +++++++++++++-----------
 axfer/container.c               |  2 +-
 axfer/frame-cache.c             | 44 +++++++++++++++++----------------
 axfer/xfer-libasound-irq-mmap.c |  2 +-
 axfer/xfer-options.c            |  2 +-
 5 files changed, 43 insertions(+), 39 deletions(-)

diff --git a/axfer/container-voc.c b/axfer/container-voc.c
index 92e9c83..6fa59c3 100644
--- a/axfer/container-voc.c
+++ b/axfer/container-voc.c
@@ -234,7 +234,7 @@ static int build_time_constant(unsigned int frames_per_second,
 					frames_per_second)
 				break;
 		}
-		if (i < ARRAY_SIZE(ex_v110_time_consts) ||
+		if (i < ARRAY_SIZE(ex_v110_time_consts) &&
 		    frames_per_second <= 192000) {
 			*code = ex_v110_time_consts[i].code;
 		} else {
@@ -520,30 +520,32 @@ static int detect_format_block(struct container_context *cntr)
 {
 	struct parser_state *state = cntr->private_data;
 	struct block_header header;
-	void *buf = NULL;
+	void *buf;
 	int err;
 
 again:
+	buf = NULL;
 	err = cache_data_block(cntr, &header, &buf);
 	if (err < 0)
 		return err;
+	if (buf) {
+		if (header.type == BLOCK_TYPE_EXTENDED_V110_FORMAT) {
+			err = parse_extended_v110_format(state, buf);
+		} else if (header.type == BLOCK_TYPE_V120_DATA) {
+			err = parse_v120_format_block(state, buf);
+		} else if (header.type == BLOCK_TYPE_V110_DATA) {
+			err = parse_v110_data(state, buf);
+		} else {
+			free(buf);
+			goto again;
+		}
 
-	if (header.type == BLOCK_TYPE_EXTENDED_V110_FORMAT) {
-		err = parse_extended_v110_format(state, buf);
-	} else if (header.type == BLOCK_TYPE_V120_DATA) {
-		err = parse_v120_format_block(state, buf);
-	} else if (header.type == BLOCK_TYPE_V110_DATA) {
-		err = parse_v110_data(state, buf);
-	} else {
 		free(buf);
-		goto again;
+
+		if (err < 0)
+			return err;
 	}
 
-	free(buf);
-
-	if (err < 0)
-		return err;
-
 	// Expect to detect block_v110_data.
 	if (header.type == BLOCK_TYPE_EXTENDED_V110_FORMAT)
 		goto again;
diff --git a/axfer/container.c b/axfer/container.c
index 6b0e42e..7da97c6 100644
--- a/axfer/container.c
+++ b/axfer/container.c
@@ -296,7 +296,7 @@ int container_context_pre_process(struct container_context *cntr,
 				  unsigned int *frames_per_second,
 				  uint64_t *frame_count)
 {
-	uint64_t byte_count;
+	uint64_t byte_count = 0;
 	unsigned int bytes_per_frame;
 	int err;
 
diff --git a/axfer/frame-cache.c b/axfer/frame-cache.c
index 882568f..417c1e6 100644
--- a/axfer/frame-cache.c
+++ b/axfer/frame-cache.c
@@ -50,13 +50,18 @@ int frame_cache_init(struct frame_cache *cache, snd_pcm_access_t access,
 		     unsigned int samples_per_frame,
 		     unsigned int frames_per_cache)
 {
+	cache->access = access;
+	cache->remained_count = 0;
+	cache->bytes_per_sample = bytes_per_sample;
+	cache->samples_per_frame = samples_per_frame;
+	cache->frames_per_cache = frames_per_cache;
+
 	if (access == SND_PCM_ACCESS_RW_INTERLEAVED)
 		cache->align_frames = align_frames_in_i;
 	else if (access == SND_PCM_ACCESS_RW_NONINTERLEAVED)
 		cache->align_frames = align_frames_in_n;
 	else
 		return -EINVAL;
-	cache->access = access;
 
 	if (access == SND_PCM_ACCESS_RW_INTERLEAVED) {
 		char *buf;
@@ -64,45 +69,42 @@ int frame_cache_init(struct frame_cache *cache, snd_pcm_access_t access,
 		buf = calloc(frames_per_cache,
 			     bytes_per_sample * samples_per_frame);
 		if (buf == NULL)
-			return -ENOMEM;
+			goto nomem;
 		cache->buf = buf;
 		cache->buf_ptr = buf;
 	} else {
-		char **bufs;
-		char **buf_ptrs;
+		char **bufs = calloc(samples_per_frame, sizeof(*bufs));
+		char **buf_ptrs = calloc(samples_per_frame, sizeof(*buf_ptrs));
 		int i;
 
-		bufs = calloc(samples_per_frame, sizeof(*bufs));
-		if (bufs == NULL)
-			return -ENOMEM;
-		buf_ptrs = calloc(samples_per_frame, sizeof(*buf_ptrs));
-		if (buf_ptrs == NULL)
-			return -ENOMEM;
+		cache->buf = bufs;
+		cache->buf_ptr = buf_ptrs;
+		if (bufs == NULL || buf_ptrs == NULL)
+			goto nomem;
 		for (i = 0; i < samples_per_frame; ++i) {
 			bufs[i] = calloc(frames_per_cache, bytes_per_sample);
 			if (bufs[i] == NULL)
-				return -ENOMEM;
+				goto nomem;
 			buf_ptrs[i] = bufs[i];
 		}
-		cache->buf = bufs;
-		cache->buf_ptr = buf_ptrs;
 	}
 
-	cache->remained_count = 0;
-	cache->bytes_per_sample = bytes_per_sample;
-	cache->samples_per_frame = samples_per_frame;
-	cache->frames_per_cache = frames_per_cache;
 
 	return 0;
+
+nomem:
+	frame_cache_destroy(cache);
+	return -ENOMEM;
 }
 
 void frame_cache_destroy(struct frame_cache *cache)
 {
 	if (cache->access == SND_PCM_ACCESS_RW_NONINTERLEAVED) {
-		int i;
-		for (i = 0; i < cache->samples_per_frame; ++i) {
-			char **bufs = cache->buf;
-			free(bufs[i]);
+		char **bufs = cache->buf;
+		if (bufs) {
+			int i;
+			for (i = 0; i < cache->samples_per_frame; ++i)
+				free(bufs[i]);
 		}
 		free(cache->buf_ptr);
 	}
diff --git a/axfer/xfer-libasound-irq-mmap.c b/axfer/xfer-libasound-irq-mmap.c
index 0c96ee5..0fbbcc6 100644
--- a/axfer/xfer-libasound-irq-mmap.c
+++ b/axfer/xfer-libasound-irq-mmap.c
@@ -75,7 +75,7 @@ static int irq_mmap_process_frames(struct libasound_state *state,
 	struct map_layout *layout = state->private_data;
 	const snd_pcm_channel_area_t *areas;
 	snd_pcm_uframes_t frame_offset;
-	snd_pcm_uframes_t avail;
+	snd_pcm_sframes_t avail;
 	unsigned int avail_count;
 	void *frame_buf;
 	snd_pcm_sframes_t consumed_count;
diff --git a/axfer/xfer-options.c b/axfer/xfer-options.c
index 8394d8a..2713027 100644
--- a/axfer/xfer-options.c
+++ b/axfer/xfer-options.c
@@ -395,7 +395,7 @@ void xfer_options_calculate_duration(struct xfer_context *xfer,
 	uint64_t frame_count;
 
 	if (xfer->duration_seconds > 0) {
-		frame_count = xfer->duration_seconds * xfer->frames_per_second;
+		frame_count = (uint64_t)xfer->duration_seconds * (uint64_t)xfer->frames_per_second;
 		if (frame_count < *total_frame_count)
 			*total_frame_count = frame_count;
 	}