Bug 449307 - Fix memory corruption issue in liboggplay when querying duration - rs=roc
authorChris Double <chris.double@double.co.nz>
Mon, 10 Nov 2008 14:36:42 +1300
changeset 21541 fb44ae3d118255a923fa33631c09f77bc19792b7
parent 21540 d1baec088ee009f91aafdfb9f5e0c5d43c665db1
child 21542 f1d71b8ac3fed48c84b0cbef8a7fb96d879a8d66
push id3565
push usercdouble@mozilla.com
push dateMon, 10 Nov 2008 01:36:56 +0000
treeherdermozilla-central@fb44ae3d1182 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersroc
bugs449307
milestone1.9.1b2pre
Bug 449307 - Fix memory corruption issue in liboggplay when querying duration - rs=roc
media/liboggplay/README_MOZILLA
media/liboggplay/src/liboggplay/oggplay.c
media/liboggplay/src/liboggplay/oggplay_private.h
media/liboggplay/src/liboggplay/oggplay_seek.c
--- a/media/liboggplay/README_MOZILLA
+++ b/media/liboggplay/README_MOZILLA
@@ -1,11 +1,11 @@
 The source from this directory was copied from the liboggplay svn
 source using the update.sh script. The only changes made were those
 applied by update.sh and the addition/upate of Makefile.in files for
 the Mozilla build system.
 
 http://svn.annodex.net/liboggplay/trunk/
 
-The svn revision number used was r3761.
+The svn revision number used was r3774.
 
 The patch from Annodex trac ticket 421 is applied to fix bug 459938:
   http://trac.annodex.net/ticket/421
--- a/media/liboggplay/src/liboggplay/oggplay.c
+++ b/media/liboggplay/src/liboggplay/oggplay.c
@@ -639,19 +639,22 @@ oggplay_get_duration(OggPlay *me) {
 
   if (me == NULL) {
     return E_OGGPLAY_BAD_OGGPLAY;
   }
 
   if (me->reader->duration) 
     return me->reader->duration(me->reader);
   else {
-    ogg_int64_t pos = oggz_tell_units(me->oggz);
-    ogg_int64_t duration = oggz_seek_units(me->oggz, 0, SEEK_END);
+    ogg_int64_t pos;
+    ogg_int64_t duration;
+    pos = oggz_tell_units(me->oggz);
+    duration = oggz_seek_units(me->oggz, 0, SEEK_END);
     oggz_seek_units(me->oggz, pos, SEEK_SET);
+    oggplay_seek_cleanup(me, pos);
     return duration;
   }
 }
 
 int
 oggplay_media_finished_retrieving(OggPlay *me) {
 
   if (me == NULL) {
--- a/media/liboggplay/src/liboggplay/oggplay_private.h
+++ b/media/liboggplay/src/liboggplay/oggplay_private.h
@@ -224,16 +224,19 @@ struct _OggPlay {
 
 void
 oggplay_set_data_callback_force(OggPlay *me, OggPlayDataCallback callback,
                 void *user);
 
 void
 oggplay_take_out_trash(OggPlay *me, OggPlaySeekTrash *trash);
 
+void
+oggplay_seek_cleanup(OggPlay *me, ogg_int64_t milliseconds);
+
 typedef struct {
   void (*init)(void *user_data);
   int (*callback)(OGGZ * oggz, ogg_packet * op, long serialno,
                                                           void * user_data);
   void (*shutdown)(void *user_data);
   int size;
 } OggPlayCallbackFunctions;
 
--- a/media/liboggplay/src/liboggplay/oggplay_seek.c
+++ b/media/liboggplay/src/liboggplay/oggplay_seek.c
@@ -36,21 +36,17 @@
  * Shane Stephens <shane.stephens@annodex.net>
  */
 
 #include "oggplay_private.h"
 
 OggPlayErrorCode
 oggplay_seek(OggPlay *me, ogg_int64_t milliseconds) {
 
-  OggPlaySeekTrash    * trash;
-  OggPlaySeekTrash   ** p;
-  OggPlayDataHeader  ** end_of_list_p;
-  int                   i;
-  int                   eof;
+  ogg_int64_t           eof;
 
   if (me == NULL) {
     return E_OGGPLAY_BAD_OGGPLAY;
   }
 
   if (milliseconds < 0) {
     return E_OGGPLAY_CANT_SEEK;
   }
@@ -71,16 +67,31 @@ oggplay_seek(OggPlay *me, ogg_int64_t mi
       return E_OGGPLAY_CANT_SEEK;
     }
   } else {
     if (oggz_seek_units(me->oggz, milliseconds, SEEK_SET) == -1) {
       return E_OGGPLAY_CANT_SEEK;
     }
   }
 
+  oggplay_seek_cleanup(me, milliseconds);
+
+  return E_OGGPLAY_OK;
+
+}
+
+void
+oggplay_seek_cleanup(OggPlay* me, ogg_int64_t milliseconds)
+{
+
+  OggPlaySeekTrash    * trash;
+  OggPlaySeekTrash   ** p;
+  OggPlayDataHeader  ** end_of_list_p;
+  int                   i;
+
   /*
    * first, create a trash object to store the context that we want to
    * delete but can't until the presentation thread is no longer using it -
    * this will occur as soon as the thread calls oggplay_buffer_release_next
    */
 
   trash = calloc(sizeof(OggPlaySeekTrash), 1);
 
@@ -124,19 +135,16 @@ oggplay_seek(OggPlay *me, ogg_int64_t mi
   trash->next = NULL;
 
   p = &(me->trash);
   while (*p != NULL) {
     p = &((*p)->next);
   }
 
   *p = trash;
-
-  return E_OGGPLAY_OK;
-
 }
 
 void
 oggplay_take_out_trash(OggPlay *me, OggPlaySeekTrash *trash) {
 
   OggPlaySeekTrash *p = NULL;
 
   for (; trash != NULL; trash = trash->next) {