player/player.c

Bug Summary

File:	player/player.c
Location:	line 157, column 51
Description:	Access to field 'nfiles' results in a dereference of a null pointer (loaded from field 'queue')

Annotated Source Code

* Permission to use, copy, modify, and distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

* copyright notice and this permission notice appear in all copies.

* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

#include "player.h"

/* globals */

player_backend_t player;

player_info_t player_info;

/* callbacks */

static void callback_playnext() { player_skip_song(1); }

static void

callback_fatal(char *fmt, ...)

{

va_list ap;

ui_destroy();

fprintf(stderr(&__sF[2]),"The player-backend '%s' has experienced a fatal error:\n",

player.name);

va_start(ap, fmt)__builtin_va_start(ap, fmt);

vfprintf(stderr(&__sF[2]), fmt, ap);

va_end(ap)__builtin_va_end(ap);

fflush(stderr(&__sF[2]));

VSIG_QUIT = 1;

exit(1);

}

/* definition of backends */

const player_backend_t PlayerBackends[] = {

{

BACKEND_MPLAYER, "mplayer", false0, NULL((void *)0),

mplayer_start,

mplayer_finish,

mplayer_sigchld,

mplayer_play,

mplayer_stop,

mplayer_pause,

mplayer_seek,

mplayer_volume_step,

mplayer_get_position,

mplayer_get_volume,

mplayer_is_playing,

mplayer_is_paused,

mplayer_set_callback_playnext,

mplayer_set_callback_notice,

mplayer_set_callback_error,

mplayer_set_callback_fatal,

mplayer_monitor

# if defined(ENABLE_GSTREAMER)

{

BACKEND_GSTREAMER, "gst", false0, NULL((void *)0),

gstplayer_init,

gstplayer_cleanup,

NULL((void *)0),

gstplayer_play,

gstplayer_stop,

gstplayer_pause,

gstplayer_seek,

gstplayer_volume_step,

gstplayer_get_position,

gstplayer_get_volume,

gstplayer_is_playing,

gstplayer_is_paused,

gstplayer_set_callback_playnext,

gstplayer_set_callback_notice,

gstplayer_set_callback_error,

gstplayer_set_callback_fatal,

gstplayer_monitor,

# endif

{ 0, "", false0, NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0),

NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0), NULL((void *)0) }

};

const size_t PlayerBackendsSize = sizeof(PlayerBackends) / sizeof(player_backend_t);

/* setup/destroy functions */

void

100

player_init(const char *backend,

101

void (message_handler)(char *fmt, ...),

102

void (error_handler)(char *fmt, ...))

103

{

104

bool_Bool found;

105

size_t i;

106

107

player_info.mode = MODE_LINEAR;

108

player_info.queue = NULL((void *)0);

109

player_info.qidx = -1;

110

111

player_info.rseed = time(0);

112

srand(player_info.rseed);

113

114

/* find the player backend */

115

found = false0;

116

for (i = 0; i < PlayerBackendsSize && !found; i++) {

117

if (!strcasecmp(backend, PlayerBackends[i].name)) {

118

player = PlayerBackends[i];

119

found = true1;

120

}

121

}

122

123

if (!found)

124

errx(1, "media backend '%s' is unknown", backend);

125

126

if (player.dynamic) {

127

ui_destroy();

128

errx(1, "dynamically loaded backends not yet supported");

129

}

130

131

player.set_callback_playnext(callback_playnext);

132

player.set_callback_notice(message_handler);

133

player.set_callback_error(error_handler);

134

player.set_callback_fatal(callback_fatal);

135

player.start();

136

}

137

138

void

139

player_destroy()

140

{

141

player.finish();

142

}

143

144

void

145

player_set_queue(playlist *queue, int pos)

146

{

147

player_info.queue = queue;

148

player_info.qidx = pos;

149

}

150

151

void

152

player_play()

153

{

154

if (player_info.queue == NULL((void *)0))

←

Assuming pointer value is null

→

←

Taking true branch

→

155

errx(1, "player_play: bad queue/qidx");

156

157

if (player_info.qidx < 0 || player_info.qidx > player_info.queue->nfiles)

←

Access to field 'nfiles' results in a dereference of a null pointer (loaded from field 'queue')

158

errx(1, "player_play: qidx %i out-of-range", player_info.qidx);

159

160

player.play(player_info.queue->files[player_info.qidx]->filename);

161

162

}

163

164

void

165

player_stop()

166

{

167

player.stop();

168

}

169

170

void

171

player_pause()

172

{

173

if (!player.playing())

174

return;

175

176

player.pause();

177

}

178

179

void

180

player_seek(int seconds)

181

{

182

if (!player.playing())

183

return;

184

185

player.seek(seconds);

186

}

187

188

/* TODO merge this with the player_play_prev_song into player_skip_song */

189

void

190

player_play_next_song(int skip)

191

{

192

if (!player.playing())

193

return;

194

195

switch (player_info.mode) {

196

case MODE_LINEAR:

197

player_info.qidx += skip;

198

if (player_info.qidx >= player_info.queue->nfiles) {

199

player_info.qidx = 0;

200

player_stop();

201

} else

202

player_play();

203

204

break;

205

206

case MODE_LOOP:

207

player_info.qidx += skip;

208

if (player_info.qidx >= player_info.queue->nfiles)

209

player_info.qidx %= player_info.queue->nfiles;

210

211

player_play();

212

break;

213

214

case MODE_RANDOM:

215

player_info.qidx = rand() % player_info.queue->nfiles;

216

player_play();

217

break;

218

}

219

}

220

221

/* TODO (see comment for player_play_next_song) */

222

void

223

player_play_prev_song(int skip)

224

{

225

if (!player.playing())

←

Value assigned to 'player_info.queue'

→

←

Taking false branch

→

226

return;

227

228

switch (player_info.mode) {

←

Control jumps to 'case MODE_LINEAR:' at line 229

→

229

case MODE_LINEAR:

230

player_info.qidx -= skip;

231

if (player_info.qidx < 0) {

←

Taking false branch

→

232

player_info.qidx = 0;

233

player_stop();

234

} else

235

player_play();

←

Calling 'player_play'

→

236

237

break;

238

239

case MODE_LOOP:

240

skip %= player_info.queue->nfiles;

241

if (skip <= player_info.qidx)

242

player_info.qidx -= skip;

243

else

244

player_info.qidx = player_info.queue->nfiles - (skip + player_info.qidx);

245

246

player_play();

247

break;

248

249

case MODE_RANDOM:

250

player_info.qidx = rand() % player_info.queue->nfiles;

251

player_play();

252

break;

253

}

254

}

255

256

/* TODO merge with above... wtf didn't i do it that way!? */

257

void

258

player_skip_song(int num)

259

{

260

if (num >= 0)

Assuming 'num' is < 0

→

←

Taking false branch

→

261

player_play_next_song(num);

262

else

263

player_play_prev_song(num * -1);

←

Calling 'player_play_prev_song'

→

264

}

265

266

void

267

player_volume_step(float percent)

268

{

269

if (!player.playing())

270

return;

271

272

player.volume_step(percent);

273

}

274

275

void

276

player_monitor(void)

277

{

278

player.monitor();

279

}

280