ref: ccdef60e914fb336c7bddc5c8895b93ade3e3289
parent: 77121e1b905d03569318619e2f76ee6b2eb148af
author: Timothy B. Terriberry <tterribe@xiph.org>
date: Fri May 1 17:35:23 EDT 2020
Silence scan-build false positives. The actual guarantees we are making in op_read_native() are: - if _pcm == NULL, then _buf_sz <= 0 (requirement on the caller), - op_get_packet_duration() will succeed and return a positive value no larger than 120*48 (guaranteed by op_collect_audio_packets() filtering out any packets with invalid TOC sequences), and - nchannels is a small number greater than 0 (guaranteed by the validation in opus_parse_head()). However, trying to assert these things is not enough to convince clang to take the nsamples*nchannels>_buf_sz or duration*nchannels>_buf_sz branches when _pcm==NULL, so instead we have to be a bit more direct.
--- a/src/info.c
+++ b/src/info.c
@@ -96,6 +96,9 @@
int ci;
ncomments=_tags->comments;
if(_tags->user_comments!=NULL)ncomments++;
+ else{+ OP_ASSERT(ncomments==0);
+ }
for(ci=ncomments;ci-->0;)_ogg_free(_tags->user_comments[ci]);
_ogg_free(_tags->user_comments);
_ogg_free(_tags->comment_lengths);
@@ -590,6 +593,7 @@
int colors_set;
size_t i;
/*Decode the BASE64 data.*/
+ OP_ASSERT(_base64_sz>=11);
for(i=0;i<_base64_sz;i++){opus_uint32 value;
int j;
--- a/src/opusfile.c
+++ b/src/opusfile.c
@@ -2822,6 +2822,7 @@
/*If we have buffered samples, return them.*/
if(nsamples>0){if(nsamples*nchannels>_buf_size)nsamples=_buf_size/nchannels;
+ OP_ASSERT(_pcm!=NULL||nsamples<=0);
/*Check nsamples again so we don't pass NULL to memcpy() if _buf_size
is zero.
That would technically be undefined behavior, even if the number of
@@ -2885,6 +2886,7 @@
_of->samples_tracked+=trimmed_duration-od_buffer_pos;
}
else{+ OP_ASSERT(_pcm!=NULL);
/*Otherwise decode directly into the user's buffer.*/
ret=op_decode(_of,_pcm,pop,duration,nchannels);
if(OP_UNLIKELY(ret<0))return ret;