| Age | Commit message (Collapse) | Author |
|---|
|
This avoids use of strlen(), which doesn't cope well with UTF-16, and
also has the ID3 parser double-NUL-terminate the buffered string.
|
|
|
|
|
|
|
|
--HG--
extra : transplant_source : %AE%D3%DCw%0F%073h%5D%C0%B5%A7%BA%2B%95%81%95bT%D6
|
|
|
|
This patch adds mimetypes to src/demuxers/demux_mod.c for the file types it
can handle. After this patch is applied, then xine_get_mime_types() reports
them correctly, which allows Amarok 2.x to play them and probably prevents
other interoperability problems.
Previously Amarok 2.x rejected MOD/S3M/IT/XM/etc. files that were enqueued
there when using the xine phonon backend because their mime types were not
included in those announced by xine-lib.
|
|
--HG--
rename : src/libmpeg2new/Makefile.am => src/video_dec/libmpeg2new/Makefile.am
rename : src/libmpeg2new/libmpeg2/Makefile.am => src/video_dec/libmpeg2new/libmpeg2/Makefile.am
|
|
|
|
--HG--
extra : transplant_source : U%AF%FD%B5%60%27Y%7F%B5Q%F796%F7a%98%F0k%B8%EF
|
|
|
|
|
|
|
|
Date: Tue, 17 Feb 2009 15:31:44 +0000
|
|
|
|
|
|
--HG--
rename : doc/faq/faq.sgml => doc/faq/faq.docbook
rename : src/xine-engine/buffer.h => include/xine/buffer.h
rename : src/xine-engine/xine_internal.h => include/xine/xine_internal.h
|
|
|
|
|
|
|
|
|
|
--HG--
rename : src/libxineadec/gsm610/long_term.c => contrib/gsm610/long_term.c
rename : src/libxineadec/gsm610/lpc.c => contrib/gsm610/lpc.c
rename : src/libxineadec/gsm610/rpe.c => contrib/gsm610/rpe.c
rename : src/libxineadec/gsm610/short_term.c => contrib/gsm610/short_term.c
rename : src/libfaad/common.h => contrib/libfaad/common.h
rename : src/xine-engine/broadcaster.h => include/xine/broadcaster.h
rename : src/xine-engine/buffer.h => include/xine/buffer.h
rename : src/xine-engine/refcounter.h => include/xine/refcounter.h
rename : src/xine-engine/video_out.h => include/xine/video_out.h
rename : src/xine-engine/vo_scale.h => include/xine/vo_scale.h
rename : src/xine-utils/xineutils.h => include/xine/xineutils.h
rename : src/libxineadec/fooaudio.c => src/audio_dec/fooaudio.c
rename : src/liba52/xine_a52_decoder.c => src/audio_dec/xine_a52_decoder.c
rename : src/libdts/xine_dts_decoder.c => src/audio_dec/xine_dts_decoder.c
rename : src/libfaad/xine_faad_decoder.c => src/audio_dec/xine_faad_decoder.c
rename : src/libxineadec/xine_lpcm_decoder.c => src/audio_dec/xine_lpcm_decoder.c
rename : src/libmad/xine_mad_decoder.c => src/audio_dec/xine_mad_decoder.c
rename : src/libmusepack/xine_musepack_decoder.c => src/audio_dec/xine_musepack_decoder.c
rename : src/libxineadec/nsf.c => src/combined/nsf_decoder.c
rename : src/libspucc/cc_decoder.c => src/spu_dec/cc_decoder.c
rename : src/libspudec/xine_spu_decoder.c => src/spu_dec/spu_decoder.c
rename : src/libspudec/spu.c => src/spu_dec/spudec.c
rename : src/libspudec/spu.h => src/spu_dec/spudec.h
rename : src/libsputext/xine_sputext_decoder.c => src/spu_dec/sputext_decoder.c
rename : src/libspucc/xine_cc_decoder.c => src/spu_dec/xine_cc_decoder.c
rename : src/libxinevdec/bitplane.c => src/video_dec/bitplane.c
rename : src/libxinevdec/foovideo.c => src/video_dec/foovideo.c
rename : src/libxinevdec/gdkpixbuf.c => src/video_dec/gdkpixbuf.c
rename : src/libxinevdec/image.c => src/video_dec/image.c
rename : src/libmpeg2/slice_xvmc_vld.c => src/video_dec/libmpeg2/slice_xvmc_vld.c
rename : src/libmpeg2/xine_mpeg2_decoder.c => src/video_dec/libmpeg2/xine_mpeg2_decoder.c
rename : src/libmpeg2new/include/Makefile.am => src/video_dec/libmpeg2new/include/Makefile.am
rename : src/libmpeg2new/libmpeg2/motion_comp_vis.c => src/video_dec/libmpeg2new/libmpeg2/motion_comp_vis.c
rename : src/libmpeg2new/xine_mpeg2new_decoder.c => src/video_dec/libmpeg2new/xine_mpeg2new_decoder.c
rename : src/libxinevdec/rgb.c => src/video_dec/rgb.c
rename : src/libxinevdec/yuv.c => src/video_dec/yuv.c
|
|
This requires that many other files include config.h themselves.
Also convert <config.h> to "config.h".
|
|
--HG--
rename : src/libfaad/Makefile.am => contrib/libfaad/Makefile.am
rename : src/libxineadec/Makefile.am => src/audio_dec/Makefile.am
rename : src/libxinevdec/Makefile.am => src/video_dec/Makefile.am
rename : src/libxinevdec/image.c => src/video_dec/image.c
rename : src/libmpeg2/Makefile.am => src/video_dec/libmpeg2/Makefile.am
rename : src/libmpeg2new/Makefile.am => src/video_dec/libmpeg2new/Makefile.am
|
|
|
|
--HG--
rename : src/demuxers/demux_nsf.c => src/combined/nsf_demuxer.c
rename : src/demuxers/demux_ogg.c => src/combined/xine_ogg_demuxer.c
rename : src/libsputext/demux_sputext.c => src/spu_dec/sputext_demuxer.c
|
|
|
|
|
|
|
|
the buffer
|
|
input->read may return negative error codes or read less than we want
so we should check for the right return value instead of just not 0
|
|
do not forward data if there is not enough
|
|
check buffer lengths to avoid out of bound access when
decoding the header.
Based on a patch by Matthias Hopf <mhopf@suse.de>.
|
|
if the atom size is shorter than the header size, do not try
to decompress anything, as this would lead to zlib reading
out of bound data.
|
|
check the size of allocated buffers to prevent out of bound access
|
|
Based on a patch by Matthias Hopf <mhopf@suse.de>.
|
|
|
|
return error when the allocation function returns NULL
Otherwise xine might be induced to segfault by bad user data.
|
|
Some input plugins (e.g. file) return negative error codes from read,
this should be treated as no (more) data available.
|
|
get_size might return -1 (e.g. for streams whose size is unknown),
but demux_mod is not able to handle this.
This is particularly bad because it is later assigned to unsigned types
(demux_mod_t.filesize is size_t).
Based on a patch by Matthias Hopf <mhopf@suse.de>.
|
|
Some input plugins (e.g. file) return negative error codes from read,
this should be treated as no (more) data available.
This is particularly bad because the error code is assigned to an
unsigned integer variable for use by the caller.
Based on a patch by Matthias Hopf <mhopf@suse.de>
|
|
matroska
while codec_private_len is unsigned, the size is later used to calculate
the signed xine_bmiheader.size
|
|
Add checks for negative return values in aac,ac3,dts,mpc,
nsf,ogg,shn,slave,ts,tta,vox demuxers.
Some input plugins (e.g. file) return negative error codes from read,
this should be treated as no (more) data available.
This is particularly the negative size is then assigned to buf->size,
potentially causing overflows elsewhere.
The patch also removes the duplication of the (previously) == 0 handler
in demux_ac3.
|
|
When a track's fifo is not set up (typically because the track type is invalid),
do not call init_codec, as all implementations dereference track->fifo,
segfaulting if it is NULL.
|
|
The real_parse_headers function in demux_real.c in xine-lib 1.1.12,
and other 1.1.15 and earlier versions, relies on an untrusted input
length value to "reindex into an allocated buffer," which allows
remote attackers to cause a denial of service (crash) via a crafted
value, probably an array index error.
|
|
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an
untrusted input value to determine the memory allocation and does not
check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry
element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG,
and (4) CONT_TAG chunks processed by the real_parse_headers function
in demux_real.c; which allows remote attackers to cause a denial of
service (NULL pointer dereference and crash) or possibly execute
arbitrary code via a crafted value.
|
|
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and
earlier versions, allow remote attackers to cause a denial of service
(crash) or possibly execute arbitrary code via (1) crafted width and
height values that are not validated by the mymng_process_header
function in demux_mng.c before use in an allocation calculation or (2)
crafted current_atom_size and string_size values processed by the
parse_reference_atom function in demux_qt.c.
|
|
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other
1.1.15 and earlier versions, allow remote attackers to execute
arbitrary code via vectors related to (1) a crafted EBML element
length processed by the parse_block_group function in
demux_matroska.c; (2) a certain combination of sps, w, and h values
processed by the real_parse_audio_specific_data and
demux_real_send_chunk functions in demux_real.c; and (3) an
unspecified combination of three values processed by the open_ra_file
function in demux_realaudio.c. NOTE: vector 2 reportedly exists
because of an incomplete fix in 1.1.15.
|
|
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other
versions before 1.1.15, allow remote attackers to execute arbitrary
code via vectors related to (1) a crafted metadata atom size processed
by the parse_moov_atom function in demux_qt.c and (2) frame reading in
the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is
possible that vector 1 has not been fixed in 1.1.15.
case ( FOURCC_TAG('C', 'O', 'M', 'M') ):
_x_meta_info_set_generic(stream, XINE_META_INFO_COMMENT, buf + 1 + 3, id3_encoding[enc]);
|
|
--HG--
rename : src/libxineadec/Makefile.am => src/audio_dec/Makefile.am
rename : src/libxinevdec/Makefile.am => src/video_dec/Makefile.am
rename : src/libmpeg2/Makefile.am => src/video_dec/libmpeg2/Makefile.am
|
