| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
--HG--
extra : transplant_source : %AE%D3%DCw%0F%073h%5D%C0%B5%A7%BA%2B%95%81%95bT%D6
|
|
if the atom size is shorter than the header size, do not try
to decompress anything, as this would lead to zlib reading
out of bound data.
|
|
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and
earlier versions, allow remote attackers to cause a denial of service
(crash) or possibly execute arbitrary code via (1) crafted width and
height values that are not validated by the mymng_process_header
function in demux_mng.c before use in an allocation calculation or (2)
crafted current_atom_size and string_size values processed by the
parse_reference_atom function in demux_qt.c.
|
|
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other
versions before 1.1.15, allow remote attackers to execute arbitrary
code via vectors related to (1) a crafted metadata atom size processed
by the parse_moov_atom function in demux_qt.c and (2) frame reading in
the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is
possible that vector 1 has not been fixed in 1.1.15.
case ( FOURCC_TAG('C', 'O', 'M', 'M') ):
_x_meta_info_set_generic(stream, XINE_META_INFO_COMMENT, buf + 1 + 3, id3_encoding[enc]);
|
|
|
|
If needed, use calloc() to allocate the area so that it's already
reset by the time it returns.
|
|
|
|
The xine_xmalloc() function is going to be deprecated, as its
behaviour is rarely needed as such, and it's thus misused.
With this, almost all uses of xine_xmalloc() with static size (for
instance the value returned by sizeof()) or with a size that is
guaranteed not to be zero (like strlen()+1) are replaced with calls to
either calloc(1, ...) or malloc().
malloc() is used whenever the allocated memory is going to be
immediately overwritten, while calloc() is used in every other case,
as it sets the whole memory area to zero.
--HG--
extra : transplant_source : %8F%98%EC%02%1E%83%F0s%06X%83C%205Y%80%B12%CC%E1
|
|
Functions and data structures that are not exported and are only ever
used in the same unit they are defined should be marked static to
improve compiler's ability to optimise them.
This applies to xine_dispose_internal() function for xine-lib, the
extended_to_int() function in the AIFF demuxer, the bandwidths array
in QuickTime demuxer, the wc_pal_lookup table in the WC3 movie
demuxer, and the rm_header and pnm_data_header arrays in pnm input
plugin.
|
|
|
|
On some m4a files I get a divide by zero.
bytes_per_packet in this case is zero. I'm not sure what the real problem is
but skipping the assignment in that case works fine.
|
|
|
|
|
|
|
|
Ref. http://aluigi.altervista.org/adv/xinehof-adv.txt
|
|
Some instances of "key colour" remain; ffmpeg is unmodified.
This change has caused two strings with two translations to collide (the
strings have become identical since some instances already used "colour").
I have therefore arbitrarily dropped the first of the differing translations,
the one for the string at src/video_out/video_out_directfb.c:1365.
|
|
--HG--
extra : transplant_source : %E0%D0%C5%8B%BEU%DD%24%5D7%1F%ADV%AD%EB%23%CBU%80%EB
|
|
For contributed code, leave whatever the version we last synced for is using
to make simpler future syncs.
|
|
Solaris definitions.
|
|
The attached patch fixes a problem with embedded references in recent
versions of quicktime's movie formats.
Apparently there is an additional atom (RMRA) before the RMDA atom: it
works like a container for all subsequent atoms, so it can be safely
skipped.
You can test yourself what I'm saying by watching some trailers at
apple.com (http://www.apple.com/trailers).
--
Regards,
Claudio Ciccani
klan@users.sf.net
http://directfb.org
http://sf.net/projects/php-directfb
|
|
|
|
Two of the modified files are headers, but each contains definitions as well as
declarations and is only ever used once.
|
|
|
|
CVS patchset: 8524
CVS date: 2007/01/19 01:05:24
|
|
constant string, and make the extensions and mrl vaiables usually declared when testing extension demux strategy constants too.
CVS patchset: 8523
CVS date: 2007/01/19 00:26:39
|
|
atom
CVS patchset: 8372
CVS date: 2006/11/11 12:23:44
|
|
audiobooks in AAC format. This still requires to be tested with encrypted audiobooks to make sure they fail gracefully.
CVS patchset: 8103
CVS date: 2006/07/10 22:17:49
|
|
(through backports), to avoid exporting unneeded internal symbols, making plugins' loading faster and use of internal copies of libraries more solid. It should automatically fall back to the old way in GCCs that does not support -fvisibility=hidden, but has to be tested carefully. No issues were found in the months of testing in Gentoo, but this requires special attention anyway.
CVS patchset: 8101
CVS date: 2006/07/10 22:08:12
|
|
CVS patchset: 8061
CVS date: 2006/06/19 13:51:04
|
|
CVS patchset: 8055
CVS date: 2006/06/18 20:29:03
|
|
CVS patchset: 8009
CVS date: 2006/06/02 22:18:56
|
|
(Diego Pettenò)
CVS patchset: 7985
CVS date: 2006/05/03 19:46:06
|
|
CVS patchset: 7977
CVS date: 2006/04/21 23:15:44
|
|
CID: 42
Checker: FORWARD_NULL (help)
File: xine-lib/src/demuxers/demux_qt.c
Function: parse_trak_atom
Description: Variable "(trak)->stsd_atoms" tracked as NULL was dereferenced.
CVS patchset: 7929
CVS date: 2006/03/16 21:44:14
|
|
non-seekable sources (e.g. STDIN, HTTP) and begin with an 'ftyp' atom
followed by a 'moov' atom
CVS patchset: 7749
CVS date: 2005/10/02 17:00:52
|
|
Add an extended MRL reference event which includes the item title, start
time and duration.
(Both events are sent; front ends should only listen for one of them.)
CVS patchset: 7656
CVS date: 2005/07/17 23:11:33
|
|
Keep looking for a 'moov' atom even if we find a 'free' atom that looks like one
CVS patchset: 7627
CVS date: 2005/06/17 16:53:25
|
|
FFmpeg)
CVS patchset: 7429
CVS date: 2005/03/06 07:18:04
|
|
header; works no better or worse than before since stereo MACE still
does not work (interaction problem with FFmpeg?); log PCM in QT still
does not work
CVS patchset: 7426
CVS date: 2005/03/01 04:50:44
|
|
Incremented demux API version.
This is needed to unload plugins.
CVS patchset: 7385
CVS date: 2005/02/06 15:26:00
|
|
add "m4a" to the known extensions for the QT demuxer
(it is already listed in the output of get_mimetypes(), so this should
be safe to add)
CVS patchset: 7319
CVS date: 2005/01/02 17:25:22
|
|
and backwards compatible translation
Sorry, I got a litte tired proof-reading the patch, so their might be
bugs lurking around. I will give it some further examination and
(as necessary) fixing tomorrow.
CVS patchset: 7233
CVS date: 2004/12/12 22:00:47
|
|
CVS patchset: 7117
CVS date: 2004/11/13 02:38:15
|
|
CVS patchset: 7116
CVS date: 2004/11/12 11:25:02
|
|
fix castaway.mov crash.
CVS patchset: 7040
CVS date: 2004/10/16 10:38:14
|
|
CVS patchset: 6959
CVS date: 2004/09/11 20:01:38
|
|
CVS patchset: 6896
CVS date: 2004/08/18 22:12:31
|
|
2) Support mp3 audio in mp4 files
CVS patchset: 6894
CVS date: 2004/08/18 21:41:58
|
