| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
check buffer lengths to avoid out of bound access when
decoding the header.
Based on a patch by Matthias Hopf <mhopf@suse.de>.
|
|
The real_parse_headers function in demux_real.c in xine-lib 1.1.12,
and other 1.1.15 and earlier versions, relies on an untrusted input
length value to "reindex into an allocated buffer," which allows
remote attackers to cause a denial of service (crash) via a crafted
value, probably an array index error.
|
|
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an
untrusted input value to determine the memory allocation and does not
check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry
element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG,
and (4) CONT_TAG chunks processed by the real_parse_headers function
in demux_real.c; which allows remote attackers to cause a denial of
service (NULL pointer dereference and crash) or possibly execute
arbitrary code via a crafted value.
|
|
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other
1.1.15 and earlier versions, allow remote attackers to execute
arbitrary code via vectors related to (1) a crafted EBML element
length processed by the parse_block_group function in
demux_matroska.c; (2) a certain combination of sps, w, and h values
processed by the real_parse_audio_specific_data and
demux_real_send_chunk functions in demux_real.c; and (3) an
unspecified combination of three values processed by the open_ra_file
function in demux_realaudio.c. NOTE: vector 2 reportedly exists
because of an incomplete fix in 1.1.15.
|
|
Add warning flags to the DEBUG_CFLAGS too.
|
|
|
|
|
|
|
|
--HG--
extra : transplant_source : %B5%96xd%99U%EC%7Cr%ABB%A8%26l%08%99L3o%F6
|
|
Also try to simplify frame buffer allocation.
--HG--
extra : transplant_source : %B6%B5o%A8%24%E1%F5B%D2%D8%08%F8%DE%E7%9E%B6%B8C%A4j
|
|
Also don't reset memory after it's allocated if we do that with
calloc.
|
|
The xine_xmalloc() function is going to be deprecated, as its
behaviour is rarely needed as such, and it's thus misused.
With this, almost all uses of xine_xmalloc() with static size (for
instance the value returned by sizeof()) or with a size that is
guaranteed not to be zero (like strlen()+1) are replaced with calls to
either calloc(1, ...) or malloc().
malloc() is used whenever the allocated memory is going to be
immediately overwritten, while calloc() is used in every other case,
as it sets the whole memory area to zero.
--HG--
extra : transplant_source : %8F%98%EC%02%1E%83%F0s%06X%83C%205Y%80%B12%CC%E1
|
|
|
|
1.2 series.
|
|
(transplanted from 3640d3cbe551f96df932b7d6218b071b910a237b)
--HG--
extra : transplant_source : 6%40%D3%CB%E5Q%F9m%F92%B7%D6%21%8B%07%1B%91%0A%23%7B
|
|
elements by the size of the single element.
(transplanted from 512894f517c423fed0cadeca0d46c6d909403106)
--HG--
extra : transplant_source : Q%28%94%F5%17%C4%23%FE%D0%CA%DE%CA%0DF%C6%D9%09%401%06
|
|
|
|
|
|
This patch drops support for RV20.
|
|
|
|
Ref. http://aluigi.altervista.org/adv/xinehof-adv.txt
|
|
Such broken wrong-extension wrong-MIME-type lists exist in the wild...
|
|
(transplanted from c139cfe735874922208d936c8e49bbfa532ed2ec)
--HG--
extra : transplant_source : %C19%CF%E75%87I%22%20%8D%93l%8EI%BB%FAS.%D2%EC
|
|
|
|
--HG--
extra : transplant_source : %E0%D0%C5%8B%BEU%DD%24%5D7%1F%ADV%AD%EB%23%CBU%80%EB
|
|
For contributed code, leave whatever the version we last synced for is using
to make simpler future syncs.
|
|
Solaris definitions.
|
|
CVS patchset: 8608
CVS date: 2007/02/20 00:34:55
|
|
constant string, and make the extensions and mrl vaiables usually declared when testing extension demux strategy constants too.
CVS patchset: 8523
CVS date: 2007/01/19 00:26:39
|
|
CVS patchset: 8434
CVS date: 2006/12/22 16:45:44
|
|
support starting the playback at an optional time by delaying the PLAY
request upon the first call to rtsp_session_read() and setting the playback
start time via input_plugin->seek_time().
CVS patchset: 8422
CVS date: 2006/12/18 21:31:47
|
|
(through backports), to avoid exporting unneeded internal symbols, making plugins' loading faster and use of internal copies of libraries more solid. It should automatically fall back to the old way in GCCs that does not support -fvisibility=hidden, but has to be tested carefully. No issues were found in the months of testing in Gentoo, but this requires special attention anyway.
CVS patchset: 8101
CVS date: 2006/07/10 22:08:12
|
|
CVS patchset: 8009
CVS date: 2006/06/02 22:18:56
|
|
(Diego Pettenò)
CVS patchset: 7985
CVS date: 2006/05/03 19:46:06
|
|
Add an extended MRL reference event which includes the item title, start
time and duration.
(Both events are sent; front ends should only listen for one of them.)
CVS patchset: 7656
CVS date: 2005/07/17 23:11:33
|
|
CVS patchset: 7603
CVS date: 2005/06/04 11:05:59
|
|
Incremented demux API version.
This is needed to unload plugins.
CVS patchset: 7385
CVS date: 2005/02/06 15:26:00
|
|
CVS patchset: 6901
CVS date: 2004/08/19 19:59:14
|
|
CVS patchset: 6890
CVS date: 2004/08/17 19:49:51
|
|
CVS patchset: 6864
CVS date: 2004/07/30 19:08:47
|
|
http://article.gmane.org/gmane.comp.video.xine.devel/9532
it is now up to demuxers to decide what the 0..65535 position means.
demuxers tested: ogg, voc, flac, rm, asf, vqa, vob, avi, y4m, au, mov, ts, mp3, mpg, wav, ra, mve
CVS patchset: 6686
CVS date: 2004/06/13 21:28:52
|
|
- workaround decoding bug (green blocks) for the xvid stream "test.avi"
(i know, i know. it is a pretty generic name but some people know what i meant)
- some lprintf's to real demuxer. helps debugging reference problems.
CVS patchset: 6599
CVS date: 2004/05/27 11:10:11
|
|
2) Fix timestamps for video with b-frames
CVS patchset: 6579
CVS date: 2004/05/23 16:05:47
|
|
0 for "raw" demuxers
10 for "normal" demuxers
CVS patchset: 6553
CVS date: 2004/05/16 18:01:26
|
|
timestamp for all frames
CVS patchset: 6531
CVS date: 2004/05/13 21:17:09
|
|
CVS patchset: 6259
CVS date: 2004/03/14 21:37:52
|
