From fb6ecb4c766f8f6cd61f1ddba019e53f90fbe3d8 Mon Sep 17 00:00:00 2001 From: Steve Underwood Date: Tue, 22 Jul 2014 09:38:55 +0800 Subject: [PATCH] Fixed some issues raised by coverity in spandsp ilbc and unimrcp --- libs/ilbc/src/iLBC_decode.c | 27 +++++++++---------- libs/ilbc/src/iLBC_encode.c | 16 +++++------ libs/spandsp/src/super_tone_rx.c | 2 +- libs/unimrcp/libs/mpf/src/mpf_dtmf_detector.c | 3 ++- .../unimrcp/libs/mpf/src/mpf_dtmf_generator.c | 3 ++- 5 files changed, 26 insertions(+), 25 deletions(-) diff --git a/libs/ilbc/src/iLBC_decode.c b/libs/ilbc/src/iLBC_decode.c index ddc164bed8..7eb63f512a 100644 --- a/libs/ilbc/src/iLBC_decode.c +++ b/libs/ilbc/src/iLBC_decode.c @@ -188,7 +188,7 @@ static void Decode(ilbc_decode_state_t *iLBCdec_inst, /* (i/o) the decoder stat /* setup memory */ memset(mem, 0, (CB_MEML - iLBCdec_inst->state_short_len)*sizeof(float)); - memcpy(mem + CB_MEML - iLBCdec_inst->state_short_len, + memcpy(&mem[CB_MEML - iLBCdec_inst->state_short_len], decresidual + start_pos, iLBCdec_inst->state_short_len*sizeof(float)); @@ -239,8 +239,8 @@ static void Decode(ilbc_decode_state_t *iLBCdec_inst, /* (i/o) the decoder stat if (Nfor > 0) { /* Setup memory */ - memset(mem, 0, (CB_MEML-STATE_LEN)*sizeof(float)); - memcpy(mem + CB_MEML - STATE_LEN, decresidual + (start - 1)*SUBL, STATE_LEN*sizeof(float)); + memset(mem, 0, (CB_MEML - STATE_LEN)*sizeof(float)); + memcpy(&mem[CB_MEML - STATE_LEN], decresidual + (start - 1)*SUBL, STATE_LEN*sizeof(float)); /* Loop over sub-frames to encode */ for (subframe = 0; subframe < Nfor; subframe++) @@ -255,10 +255,10 @@ static void Decode(ilbc_decode_state_t *iLBCdec_inst, /* (i/o) the decoder stat CB_NSTAGES); /* Update memory */ - memcpy(mem, mem + SUBL, (CB_MEML - SUBL)*sizeof(float)); - memcpy(mem + CB_MEML-SUBL, - &decresidual[(start + 1 + subframe)*SUBL], - SUBL*sizeof(float)); + memmove(mem, &mem[SUBL], (CB_MEML - SUBL)*sizeof(float)); + memmove(&mem[CB_MEML - SUBL], + &decresidual[(start + 1 + subframe)*SUBL], + SUBL*sizeof(float)); subcount++; } @@ -291,10 +291,10 @@ static void Decode(ilbc_decode_state_t *iLBCdec_inst, /* (i/o) the decoder stat CB_NSTAGES); /* Update memory */ - memcpy(mem, mem + SUBL, (CB_MEML - SUBL)*sizeof(float)); - memcpy(mem + CB_MEML - SUBL, - &reverseDecresidual[subframe*SUBL], - SUBL*sizeof(float)); + memmove(mem, &mem[SUBL], (CB_MEML - SUBL)*sizeof(float)); + memmove(&mem[CB_MEML - SUBL], + &reverseDecresidual[subframe*SUBL], + SUBL*sizeof(float)); subcount++; } @@ -332,7 +332,6 @@ static void ilbc_decode_frame(ilbc_decode_state_t *iLBCdec_inst, /* (i/o) the de float cc; float maxcc; int idxVec[STATE_LEN]; - int check; int gain_index[NASUB_MAX*CB_NSTAGES]; int extra_gain_index[CB_NSTAGES]; int cb_index[CB_NSTAGES*NASUB_MAX]; @@ -452,7 +451,7 @@ static void ilbc_decode_frame(ilbc_decode_state_t *iLBCdec_inst, /* (i/o) the de /* Decode the LSF */ SimplelsfDEQ(lsfdeq, lsf_i, iLBCdec_inst->lpc_n); - check = LSF_check(lsfdeq, ILBC_LPC_FILTERORDER, iLBCdec_inst->lpc_n); + LSF_check(lsfdeq, ILBC_LPC_FILTERORDER, iLBCdec_inst->lpc_n); DecoderInterpolateLSF(syntdenum, weightdenum, lsfdeq, ILBC_LPC_FILTERORDER, iLBCdec_inst); Decode(iLBCdec_inst, @@ -499,7 +498,7 @@ static void ilbc_decode_frame(ilbc_decode_state_t *iLBCdec_inst, /* (i/o) the de order_plus_one = ILBC_LPC_FILTERORDER + 1; for (i = 0; i < iLBCdec_inst->nsub; i++) - memcpy(syntdenum + (i*order_plus_one), PLClpc, order_plus_one*sizeof(float)); + memcpy(&syntdenum[i*order_plus_one], PLClpc, order_plus_one*sizeof(float)); } if (iLBCdec_inst->use_enhancer == 1) diff --git a/libs/ilbc/src/iLBC_encode.c b/libs/ilbc/src/iLBC_encode.c index 5330d89643..44c8166f00 100644 --- a/libs/ilbc/src/iLBC_encode.c +++ b/libs/ilbc/src/iLBC_encode.c @@ -195,7 +195,7 @@ static int ilbc_encode_frame(ilbc_encode_state_t *iLBCenc_inst, /* (i/o) the /* Setup memory */ memset(mem, 0, (CB_MEML - iLBCenc_inst->state_short_len)*sizeof(float)); - memcpy(mem + CB_MEML - iLBCenc_inst->state_short_len, decresidual + start_pos, iLBCenc_inst->state_short_len*sizeof(float)); + memcpy(&mem[CB_MEML - iLBCenc_inst->state_short_len], &decresidual[start_pos], iLBCenc_inst->state_short_len*sizeof(float)); memset(weightState, 0, ILBC_LPC_FILTERORDER*sizeof(float)); /* Encode sub-frames */ @@ -272,7 +272,7 @@ static int ilbc_encode_frame(ilbc_encode_state_t *iLBCenc_inst, /* (i/o) the { /* Setup memory */ memset(mem, 0, (CB_MEML-STATE_LEN)*sizeof(float)); - memcpy(mem + CB_MEML - STATE_LEN, decresidual + (start - 1)*SUBL, STATE_LEN*sizeof(float)); + memcpy(&mem[CB_MEML - STATE_LEN], decresidual + (start - 1)*SUBL, STATE_LEN*sizeof(float)); memset(weightState, 0, ILBC_LPC_FILTERORDER*sizeof(float)); /* Loop over sub-frames to encode */ @@ -301,8 +301,8 @@ static int ilbc_encode_frame(ilbc_encode_state_t *iLBCenc_inst, /* (i/o) the CB_NSTAGES); /* Update memory */ - memcpy(mem, mem+SUBL, (CB_MEML-SUBL)*sizeof(float)); - memcpy(mem + CB_MEML - SUBL, &decresidual[(start + 1 + subframe)*SUBL], SUBL*sizeof(float)); + memmove(mem, &mem[SUBL], (CB_MEML-SUBL)*sizeof(float)); + memmove(&mem[CB_MEML - SUBL], &decresidual[(start + 1 + subframe)*SUBL], SUBL*sizeof(float)); memset(weightState, 0, ILBC_LPC_FILTERORDER*sizeof(float)); subcount++; } @@ -357,10 +357,10 @@ static int ilbc_encode_frame(ilbc_encode_state_t *iLBCenc_inst, /* (i/o) the CB_NSTAGES); /* Update memory */ - memcpy(mem, mem + SUBL, (CB_MEML - SUBL)*sizeof(float)); - memcpy(mem + CB_MEML - SUBL, - &reverseDecresidual[subframe*SUBL], - SUBL*sizeof(float)); + memmove(mem, &mem[SUBL], (CB_MEML - SUBL)*sizeof(float)); + memmove(&mem[CB_MEML - SUBL], + &reverseDecresidual[subframe*SUBL], + SUBL*sizeof(float)); memset(weightState, 0, ILBC_LPC_FILTERORDER*sizeof(float)); subcount++; diff --git a/libs/spandsp/src/super_tone_rx.c b/libs/spandsp/src/super_tone_rx.c index eabebe6a30..a6324f91bf 100644 --- a/libs/spandsp/src/super_tone_rx.c +++ b/libs/spandsp/src/super_tone_rx.c @@ -400,7 +400,7 @@ static void super_tone_chunk(super_tone_rx_state_t *s) s->segments[9].f2, s->segments[9].min_duration*SUPER_TONE_BINS/8); } - memcpy (&s->segments[0], &s->segments[1], 9*sizeof(s->segments[0])); + memmove(&s->segments[0], &s->segments[1], 9*sizeof(s->segments[0])); s->segments[9].f1 = k1; s->segments[9].f2 = k2; s->segments[9].min_duration = 1; diff --git a/libs/unimrcp/libs/mpf/src/mpf_dtmf_detector.c b/libs/unimrcp/libs/mpf/src/mpf_dtmf_detector.c index f22da57a8d..889416a3f2 100644 --- a/libs/unimrcp/libs/mpf/src/mpf_dtmf_detector.c +++ b/libs/unimrcp/libs/mpf/src/mpf_dtmf_detector.c @@ -142,7 +142,8 @@ MPF_DECLARE(char) mpf_dtmf_detector_digit_get(struct mpf_dtmf_detector_t *detect apr_thread_mutex_lock(detector->mutex); digit = detector->buf[0]; if (digit) { - strcpy(detector->buf, detector->buf + 1); + /* This used to be a strcpy(), but that can give overlapping buffer issues */ + memmove(detector->buf, &detector->buf[1], strlen(&detector->buf[1]) + 1); detector->digits--; } apr_thread_mutex_unlock(detector->mutex); diff --git a/libs/unimrcp/libs/mpf/src/mpf_dtmf_generator.c b/libs/unimrcp/libs/mpf/src/mpf_dtmf_generator.c index a31240be4a..ee4072e8a8 100644 --- a/libs/unimrcp/libs/mpf/src/mpf_dtmf_generator.c +++ b/libs/unimrcp/libs/mpf/src/mpf_dtmf_generator.c @@ -209,7 +209,8 @@ MPF_DECLARE(apt_bool_t) mpf_dtmf_generator_put_frame( /* Get next valid digit from queue */ do { generator->event_id = (apr_byte_t) mpf_dtmf_char_to_event_id(*generator->queue); - strcpy(generator->queue, generator->queue + 1); + /* This used to be a strcpy(), but that can give overlapping buffer issues */ + memmove(generator->queue, &generator->queue[1], strlen(&generator->queue[1]) + 1); } while (*generator->queue && (generator->event_id > DTMF_EVENT_ID_MAX)); /* Reset state */ if (generator->event_id <= DTMF_EVENT_ID_MAX) {