From b30b98aa0bbeef7628f248d3cfcc145d5efff031 Mon Sep 17 00:00:00 2001 From: mannol Date: Fri, 7 Feb 2014 00:10:55 +0100 Subject: [PATCH] Fixed _all_ the issues --- toxav/phone.c | 15 +++++---------- toxav/toxmedia.c | 2 +- toxav/toxmsi.c | 31 ++++++++++++++++++++----------- toxav/toxrtp.c | 28 +++++++++++++++++++--------- toxav/toxrtp.h | 2 +- toxcore/event.c | 8 +++----- 6 files changed, 49 insertions(+), 37 deletions(-) diff --git a/toxav/phone.c b/toxav/phone.c index 6e746bc5c..d8318ff9c 100755 --- a/toxav/phone.c +++ b/toxav/phone.c @@ -153,7 +153,7 @@ void INFO (const char* _format, ...) unsigned char *hex_string_to_bin(char hex_string[]) { size_t i, len = strlen(hex_string); - unsigned char *val = calloc(sizeof(char), len); + unsigned char *val = calloc(sizeof(unsigned char), len); char *pos = hex_string; for (i = 0; i < len; ++i, pos += 2) @@ -463,7 +463,7 @@ void *encode_audio_thread(void *arg) void *decode_video_thread(void *arg) { - INFO("Started decode audio thread!"); + INFO("Started decode video thread!"); av_session_t* _phone = arg; codec_state *cs = _phone->cs; @@ -489,7 +489,7 @@ void *decode_video_thread(void *arg) if (cs->video_decoder_ctx->width != width || cs->video_decoder_ctx->height != height) { width = cs->video_decoder_ctx->width; height = cs->video_decoder_ctx->height; - printf("w: %d h%d \n", width, height); + printf("w: %d h: %d \n", width, height); video_decoder_refresh(_phone, width, height); } @@ -505,7 +505,6 @@ void *decode_video_thread(void *arg) usleep(1000); } - printf("vend\n"); /* clean up codecs */ pthread_mutex_lock(&cs->ctrl_mutex); av_free(r_video_frame); @@ -667,7 +666,7 @@ int phone_startmedia_loop ( av_session_t* _phone ) _phone->_msi->call->nonce_local ); - _phone->_rtp_audio = rtp_init_session ( + _phone->_rtp_video = rtp_init_session ( type_video, _phone->_messenger, _phone->_msi->call->peers[0], @@ -891,11 +890,7 @@ av_session_t* av_init_session() printf("Could not start capture device! %d\n", alcGetError((ALCdevice*)_retu->audio_capture_device)); return 0; } - - - init_encoder(_retu->cs); - init_decoder(_retu->cs); - + uint8_t _byte_address[TOX_FRIEND_ADDRESS_SIZE]; tox_get_address(_retu->_messenger, _byte_address ); diff --git a/toxav/toxmedia.c b/toxav/toxmedia.c index bb4e72100..a31b9ab01 100644 --- a/toxav/toxmedia.c +++ b/toxav/toxmedia.c @@ -142,7 +142,7 @@ int empty_queue(struct jitter_buffer *q) while (q->size > 0) { q->size--; /* FIXME: */ - /* rtp_free_msg(cs->_rtp_video, q->queue[q->front]); */ + rtp_free_msg(NULL, q->queue[q->front]); q->front++; if (q->front == q->capacity) diff --git a/toxav/toxmsi.c b/toxav/toxmsi.c index db9ae2d27..d5c357306 100755 --- a/toxav/toxmsi.c +++ b/toxav/toxmsi.c @@ -47,7 +47,7 @@ #define TYPE_REQUEST 1 #define TYPE_RESPONSE 2 -#define VERSION_STRING "0.3.1" +unsigned char* VERSION_STRING = (unsigned char*)"0.3.1"; #define VERSION_STRLEN 5 #define CT_AUDIO_HEADER_VALUE "AUDIO" @@ -220,18 +220,26 @@ static inline const uint8_t *stringify_response ( MSIResponse response ) { * @retval -1 Error occured. * @retval 0 Success. */ -int parse_raw_data ( MSIMessage* msg, const uint8_t* data ) { +int parse_raw_data ( MSIMessage* msg, const uint8_t* data, uint16_t length ) { assert ( msg ); + if ( data[length - 1] ) /* End byte must have value 0 */ + return -1; + const uint8_t* _it = data; while ( *_it ) {/* until end_byte is hit */ - - if ( *_it == field_byte ) { + + uint16_t itedlen = (_it - data) + 2; + + if ( *_it == field_byte && itedlen < length ) { + uint16_t _size = ( uint16_t ) * ( _it + 1 ) << 8 | ( uint16_t ) * ( _it + 2 ); - _it += 3; /*place it at the field value beginning*/ + if ( itedlen + _size > length ) return -1; + + _it += 3; /* place it at the field value beginning */ switch ( _size ) { /* Compare the size of the hardcoded values ( vary fast and convenient ) */ @@ -340,7 +348,7 @@ MSIMessage* msi_new_message ( uint8_t type, const uint8_t* type_id ) { return NULL; } - ALLOCATE_HEADER ( _retu->version, VERSION_STRING, strlen ( VERSION_STRING ) ) + ALLOCATE_HEADER ( _retu->version, VERSION_STRING, strlen ( (const char*)VERSION_STRING ) ) return _retu; } @@ -353,7 +361,7 @@ MSIMessage* msi_new_message ( uint8_t type, const uint8_t* type_id ) { * @return MSIMessage* Parsed message. * @retval NULL Error occured. */ -MSIMessage* parse_message ( const uint8_t* data ) { +MSIMessage* parse_message ( const uint8_t* data, uint16_t length ) { assert ( data ); MSIMessage* _retu = calloc ( sizeof ( MSIMessage ), 1 ); @@ -361,7 +369,7 @@ MSIMessage* parse_message ( const uint8_t* data ) { memset ( _retu, 0, sizeof ( MSIMessage ) ); - if ( parse_raw_data ( _retu, data ) == -1 ) { + if ( parse_raw_data ( _retu, data, length ) == -1 ) { free_message ( _retu ); return NULL; @@ -1014,12 +1022,13 @@ void msi_handle_packet ( Messenger* messenger, int source, uint8_t* data, uint16 { /* Unused */ (void)messenger; - (void)&length; MSISession* _session = object; MSIMessage* _msg; - _msg = parse_message ( data ); + if ( !length ) return; + + _msg = parse_message ( data, length ); if ( !_msg ) return; @@ -1227,7 +1236,7 @@ int msi_invite ( MSISession* session, MSICallType call_type, uint32_t rngsec, ui int msi_hangup ( MSISession* session ) { assert ( session ); - if ( !session->call && session->call->state != call_active ) + if ( !session->call || session->call->state != call_active ) return -1; MSIMessage* _msg_ending = msi_new_message ( TYPE_REQUEST, stringify_request ( end ) ); diff --git a/toxav/toxrtp.c b/toxav/toxrtp.c index f8bdee2f8..d573d4031 100755 --- a/toxav/toxrtp.c +++ b/toxav/toxrtp.c @@ -310,6 +310,7 @@ RTPExtHeader* extract_ext_header ( const uint8_t* payload, size_t length ) if ( length < ( _ext_length * sizeof(uint32_t) ) ) { + free(_retu); return NULL; } @@ -351,9 +352,11 @@ uint8_t* add_header ( RTPHeader* header, uint8_t* payload ) U32_to_bytes( _it, header->timestamp); _it+=4; U32_to_bytes( _it, header->ssrc); - uint8_t _x; - for ( _x = 0; _x < _cc; _x++ ) { - _it+=4; U32_to_bytes( _it, header->csrc[_x]); + if ( header->csrc ) { + uint8_t _x; + for ( _x = 0; _x < _cc; _x++ ) { + _it+=4; U32_to_bytes( _it, header->csrc[_x]); + } } return _it + 4; @@ -373,9 +376,11 @@ uint8_t* add_ext_header ( RTPExtHeader* header, uint8_t* payload ) U16_to_bytes(_it, header->length); _it+=2; U16_to_bytes(_it, header->type); _it-=2; /* Return to 0 position */ - uint16_t _x; - for ( _x = 0; _x < header->length; _x++ ) { - _it+=4; U32_to_bytes(_it, header->table[_x]); + if ( header->table ) { + uint16_t _x; + for ( _x = 0; _x < header->length; _x++ ) { + _it+=4; U32_to_bytes(_it, header->table[_x]); + } } return _it + 4; @@ -465,8 +470,13 @@ RTPMessage* msg_parse ( uint16_t sequnum, const uint8_t* data, int length ) } else { _retu->ext_header = NULL; } - - memcpy ( _retu->data, data + _from_pos, length - _from_pos ); + + if ( length - _from_pos <= MAX_RTP_SIZE ) + memcpy ( _retu->data, data + _from_pos, length - _from_pos ); + else { + rtp_free_msg(NULL, _retu); + return NULL; + } _retu->next = NULL; return _retu; @@ -488,7 +498,7 @@ int rtp_handle_packet ( void* object, IP_Port ip_port, uint8_t* data, uint32_t l RTPSession* _session = object; RTPMessage* _msg; - if ( !_session ) + if ( !_session || length < 13 ) /* 12 is the minimum length for rtp + desc. byte */ return -1; uint8_t _plain[MAX_UDP_PACKET_SIZE]; diff --git a/toxav/toxrtp.h b/toxav/toxrtp.h index 9f8ae5ee6..4b0d681ff 100755 --- a/toxav/toxrtp.h +++ b/toxav/toxrtp.h @@ -31,7 +31,7 @@ #include "../toxcore/tox.h" #define MAX_SEQU_NUM 65535 -#define MAX_RTP_SIZE 1400 +#define MAX_RTP_SIZE 10400 /** * @brief Standard rtp header diff --git a/toxcore/event.c b/toxcore/event.c index 81f8172f7..05e2a03ca 100755 --- a/toxcore/event.c +++ b/toxcore/event.c @@ -360,16 +360,14 @@ void __attribute__((constructor)) init_event_poll () RUN_IN_THREAD(event_poll, &event_handler); } +/* NOTE: Do we need this? */ void __attribute__((destructor)) terminate_event_poll() { /* Exit thread */ event_handler.running = 0; - /* Keep the global until thread exits */ - while (event_handler.running > -1) { - (void)event_handler.running; - usleep(FREQUENCY*2); - } + /* Give it enought time to exit */ + usleep(FREQUENCY*2); pthread_mutex_destroy( &event_handler.mutex ); } \ No newline at end of file