summaryrefslogtreecommitdiff
path: root/src/demuxers/demux_qt.c
AgeCommit message (Collapse)Author
2009-01-04Fix for CVE-2008-5234.Matthias Hopf
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15. case ( FOURCC_TAG('C', 'O', 'M', 'M') ): _x_meta_info_set_generic(stream, XINE_META_INFO_COMMENT, buf + 1 + 3, id3_encoding[enc]);
2008-06-15Merge from 1.1.Darren Salt
--HG-- rename : src/xine-utils/xineutils.h => include/xine/xineutils.h rename : po/libxine1.pot => po/libxine2.pot
2008-06-14Extra MIME types for Quicktime/ISO media.Darren Salt
2008-05-23Merge from 1.1. VDR needs to be updated.Diego 'Flameeyes' Pettenò
--HG-- rename : src/liba52/parse.c => contrib/a52dec/parse.c rename : include/xine.h.in => include/xine.h rename : src/xine-engine/alphablend.h => include/xine/alphablend.h rename : src/xine-utils/attributes.h => include/xine/attributes.h rename : src/xine-engine/buffer.h => include/xine/buffer.h rename : src/input/input_plugin.h => include/xine/input_plugin.h rename : src/xine-utils/xineutils.h => include/xine/xineutils.h rename : src/libxineadec/fooaudio.c => src/audio_dec/fooaudio.c rename : src/libxineadec/gsm610.c => src/audio_dec/gsm610.c rename : src/liba52/xine_a52_decoder.c => src/audio_dec/xine_a52_decoder.c rename : src/libdts/xine_dts_decoder.c => src/audio_dec/xine_dts_decoder.c rename : src/libfaad/xine_faad_decoder.c => src/audio_dec/xine_faad_decoder.c rename : src/libxineadec/xine_lpcm_decoder.c => src/audio_dec/xine_lpcm_decoder.c rename : src/libmad/xine_mad_decoder.c => src/audio_dec/xine_mad_decoder.c rename : src/libmusepack/xine_musepack_decoder.c => src/audio_dec/xine_musepack_decoder.c rename : src/combined/decoder_flac.c => src/combined/flac_decoder.c rename : src/combined/demux_flac.c => src/combined/flac_demuxer.c rename : src/libxineadec/nsf.c => src/combined/nsf_decoder.c rename : src/demuxers/demux_nsf.c => src/combined/nsf_demuxer.c rename : src/combined/combined_wavpack.h => src/combined/wavpack_combined.h rename : src/combined/decoder_wavpack.c => src/combined/wavpack_decoder.c rename : src/combined/demux_wavpack.c => src/combined/wavpack_demuxer.c rename : src/demuxers/demux_ogg.c => src/combined/xine_ogg_demuxer.c rename : src/libxineadec/xine_speex_decoder.c => src/combined/xine_speex_decoder.c rename : src/libxinevdec/xine_theora_decoder.c => src/combined/xine_theora_decoder.c rename : src/libxineadec/xine_vorbis_decoder.c => src/combined/xine_vorbis_decoder.c rename : src/libspucc/cc_decoder.c => src/spu_dec/cc_decoder.c rename : src/libspucmml/xine_cmml_decoder.c => src/spu_dec/cmml_decoder.c rename : src/libspudec/xine_spu_decoder.c => src/spu_dec/spu_decoder.c rename : src/libspudec/spu.c => src/spu_dec/spudec.c rename : src/libspudvb/xine_spudvb_decoder.c => src/spu_dec/spudvb_decoder.c rename : src/libsputext/xine_sputext_decoder.c => src/spu_dec/sputext_decoder.c rename : src/libsputext/demux_sputext.c => src/spu_dec/sputext_demuxer.c rename : src/libspucc/xine_cc_decoder.c => src/spu_dec/xine_cc_decoder.c rename : src/libxinevdec/bitplane.c => src/video_dec/bitplane.c rename : src/libxinevdec/foovideo.c => src/video_dec/foovideo.c rename : src/libxinevdec/gdkpixbuf.c => src/video_dec/gdkpixbuf.c rename : src/libxinevdec/image.c => src/video_dec/image.c rename : src/libmpeg2/xine_mpeg2_decoder.c => src/video_dec/libmpeg2/xine_mpeg2_decoder.c rename : src/libxinevdec/rgb.c => src/video_dec/rgb.c rename : src/libxinevdec/yuv.c => src/video_dec/yuv.c
2008-05-07Avoid memset() on newly allocated memory areas.Diego 'Flameeyes' Pettenò
If needed, use calloc() to allocate the area so that it's already reset by the time it returns.
2008-05-07Merge file removal.Diego 'Flameeyes' Pettenò
2008-05-07xine_xmalloc() deprecation: replace its use with static and non-zero size.Diego 'Flameeyes' Pettenò
The xine_xmalloc() function is going to be deprecated, as its behaviour is rarely needed as such, and it's thus misused. With this, almost all uses of xine_xmalloc() with static size (for instance the value returned by sizeof()) or with a size that is guaranteed not to be zero (like strlen()+1) are replaced with calls to either calloc(1, ...) or malloc(). malloc() is used whenever the allocated memory is going to be immediately overwritten, while calloc() is used in every other case, as it sets the whole memory area to zero. --HG-- extra : transplant_source : %8F%98%EC%02%1E%83%F0s%06X%83C%205Y%80%B12%CC%E1
2008-05-07Mark internal functions and data structures static.Diego 'Flameeyes' Pettenò
Functions and data structures that are not exported and are only ever used in the same unit they are defined should be marked static to improve compiler's ability to optimise them. This applies to xine_dispose_internal() function for xine-lib, the extended_to_int() function in the AIFF demuxer, the bandwidths array in QuickTime demuxer, the wc_pal_lookup table in the WC3 movie demuxer, and the rm_header and pnm_data_header arrays in pnm input plugin.
2008-04-15Merge from 1.1.Darren Salt
--HG-- rename : debian/libxine1.install => debian/libxine2.install rename : src/libxineadec/xine_speex_decoder.c => src/combined/xine_speex_decoder.c rename : src/libsputext/demux_sputext.c => src/spu_dec/sputext_demuxer.c
2008-04-14Remove a memset() rendered pointless by use of calloc().Darren Salt
2008-04-14divide by zero in demux_qt.cColin Gibbs
On some m4a files I get a divide by zero. bytes_per_packet in this case is zero. I'm not sure what the real problem is but skipping the assignment in that case works fine.
2008-04-02Merge from 1.1.Darren Salt
--HG-- rename : src/combined/demux_wavpack.c => src/combined/wavpack_demuxer.c
2008-03-31Revert a change which broke Quicktime atom parsing.Darren Salt
2008-03-29Merge from 1.1.Darren Salt
--HG-- rename : src/libxineadec/xine_lpcm_decoder.c => src/audio_dec/xine_lpcm_decoder.c
2008-03-26Merge from 1.1.Darren Salt
2008-03-28More checking for memory allocation failures.Darren Salt
2008-03-23Replace various malloc(x*sizeof(y)) with calloc(x,sizeof(y)).Darren Salt
2008-03-23Check for failure of various memory allocations. (SA29484)Darren Salt
Ref. http://aluigi.altervista.org/adv/xinehof-adv.txt
2008-02-04Report the identifiers of unrecognised video & audio codecs.Darren Salt
2007-12-30Manual port of the color→colour change to 1.2; should make merging easier.Darren Salt
2007-12-19Update all the code to the new headers layout.Diego 'Flameeyes' Pettenò
2007-12-18Allocate the preview buffer only when actually needed; use zeroed allocation ↵Diego 'Flameeyes' Pettenò
rather than memset().
2007-12-18Use calloc() when the allocated size would be counted by multiplying the ↵Diego 'Flameeyes' Pettenò
size of an item for the number of items. Also don't memset calloc()ed areas to zero.
2007-12-18Declare color_* variables only when actually used.Diego 'Flameeyes' Pettenò
2007-12-18Replace seven calls to parse_data_atom with a single call, and then set the ↵Diego 'Flameeyes' Pettenò
value on the proper structure. This way, parse_data_atom is inlined by GCC.
2007-12-18Allocate atom_preamble only when it's actually going to be used.Diego 'Flameeyes' Pettenò
2007-12-18Simplify code, set ftyp_atom_size at once.Diego 'Flameeyes' Pettenò
2007-12-18Return right away if the atom is not an FTYP.Diego 'Flameeyes' Pettenò
2007-12-18Don't use an if when returning a comparison.Diego 'Flameeyes' Pettenò
2007-12-18Alloc preview only when needed; use zeroed allocation rather than memset.Diego 'Flameeyes' Pettenò
2007-12-18Don't test for the pointer before freeing.Diego 'Flameeyes' Pettenò
2007-12-13Make the edit_list_index parameter in get_next_edit_list_entry unsigned, ↵Diego 'Flameeyes' Pettenò
remove warnings.
2007-12-13Make parse_data_atom accept a constant buffer, removes warnings.Diego 'Flameeyes' Pettenò
2007-12-13Simplify code handling RDRF_ATOM, unbranch it.Diego 'Flameeyes' Pettenò
2007-12-13Change url in a char pointer, as it's a string, not a buffer.Diego 'Flameeyes' Pettenò
2007-12-13Change the way string_size is initialised, reduce the numer of temporary ↵Diego 'Flameeyes' Pettenò
operations with it.
2007-12-13Replace strncmp and strncpy with memcmp and memcpy where applicable.Diego 'Flameeyes' Pettenò
2007-12-13Add two missing types to constants.Diego 'Flameeyes' Pettenò
2007-12-11Rename METHOD_BY_EXTENSION to METHOD_BY_MRL, as it's used to identify ↵Diego 'Flameeyes' Pettenò
protocols too.
2007-12-11Remove redundant METHOD_BY_EXTENSION checks now that libxine takes care of them.Diego 'Flameeyes' Pettenò
2007-12-11Transform get_extensions and get_mimetypes into strings.Diego 'Flameeyes' Pettenò
Please note that this commit temporarily breaks building.
2007-12-11Bump the interface version for demuxer plugins.Diego 'Flameeyes' Pettenò
2007-12-11Use default_*_class_dispose macro whenever the class dispose function only ↵Diego 'Flameeyes' Pettenò
called free().
2007-12-11Use N_() rather than _(), passing the string just once to gettext().Diego 'Flameeyes' Pettenò
This way the gettext code for description does not need to be repeated by every plugin.
2007-12-11Update all demux plugins to the new identifier/description interface. Add ↵Diego 'Flameeyes' Pettenò
_() where missing, for i18n.
2007-11-10Merge from 1.1.Darren Salt
--HG-- rename : src/libxineadec/nsf.c => src/combined/nsf_decoder.c rename : src/demuxers/demux_nsf.c => src/combined/nsf_demuxer.c rename : src/combined/combined_wavpack.c => src/combined/wavpack_combined.c rename : src/combined/combined_wavpack.h => src/combined/wavpack_combined.h rename : src/combined/decoder_wavpack.c => src/combined/wavpack_decoder.c rename : src/combined/demux_wavpack.c => src/combined/wavpack_demuxer.c rename : src/demuxers/demux_ogg.c => src/combined/xine_ogg_demuxer.c rename : src/libxineadec/xine_speex_decoder.c => src/combined/xine_speex_decoder.c rename : src/libxinevdec/xine_theora_decoder.c => src/combined/xine_theora_decoder.c rename : src/libxineadec/xine_vorbis_decoder.c => src/combined/xine_vorbis_decoder.c rename : src/liba52/xine_a52_decoder.c => src/libxineadec/xine_a52_decoder.c rename : src/libdts/xine_dts_decoder.c => src/libxineadec/xine_dts_decoder.c rename : src/libfaad/xine_faad_decoder.c => src/libxineadec/xine_faad_decoder.c rename : src/libmad/xine_mad_decoder.c => src/libxineadec/xine_mad_decoder.c rename : src/libmusepack/xine_musepack_decoder.c => src/libxineadec/xine_musepack_decoder.c
2007-11-10Delete most of the CVS $Id$/$Log$ lines.Darren Salt
--HG-- extra : transplant_source : %E0%D0%C5%8B%BEU%DD%24%5D7%1F%ADV%AD%EB%23%CBU%80%EB
2007-11-09Merge FSF address changes from 1.1 branch.Diego 'Flameeyes' Pettenò
--HG-- rename : src/combined/decoder_flac.c => src/combined/flac_decoder.c rename : src/combined/demux_flac.c => src/combined/flac_demuxer.c rename : src/libxineadec/nsf.c => src/combined/nsf_decoder.c rename : src/demuxers/demux_nsf.c => src/combined/nsf_demuxer.c rename : src/combined/combined_wavpack.c => src/combined/wavpack_combined.c rename : src/combined/combined_wavpack.h => src/combined/wavpack_combined.h rename : src/combined/decoder_wavpack.c => src/combined/wavpack_decoder.c rename : src/combined/demux_wavpack.c => src/combined/wavpack_demuxer.c rename : src/demuxers/demux_ogg.c => src/combined/xine_ogg_demuxer.c rename : src/libxineadec/xine_speex_decoder.c => src/combined/xine_speex_decoder.c rename : src/libxinevdec/xine_theora_decoder.c => src/combined/xine_theora_decoder.c rename : src/libxineadec/xine_vorbis_decoder.c => src/combined/xine_vorbis_decoder.c rename : src/liba52/xine_a52_decoder.c => src/libxineadec/xine_a52_decoder.c rename : src/libdts/xine_dts_decoder.c => src/libxineadec/xine_dts_decoder.c rename : src/libfaad/xine_faad_decoder.c => src/libxineadec/xine_faad_decoder.c rename : src/libmusepack/xine_musepack_decoder.c => src/libxineadec/xine_musepack_decoder.c
2007-11-09Update FSF address on non-contributed code and COPYING files.Diego 'Flameeyes' Pettenò
For contributed code, leave whatever the version we last synced for is using to make simpler future syncs.
2007-06-16Rename the BE/LE/ME macros with a _X_ prefix, so they don't clash with ↵Diego 'Flameeyes' Pettenò
Solaris definitions (1.2 branch commit).
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 05:41:00 +0000