| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not
properly handle (a) negative and (b) zero values during unspecified
read function calls in input_file.c, input_net.c, input_smb.c, and
input_http.c, which allows remote attackers to cause a denial of
service (crash) or possibly execute arbitrary code via vectors such as
(1) a file or (2) an HTTP response, which triggers consequences such
as out-of-bounds reads and heap-based buffer overflows.
|
|
|
|
|
|
Using asprintf() instead of malloc() + sprintf() reduces the lines of
code in xine-lib (moving the allocation to the C library or asprintf
replacement), makes it safer to access the string and can also improve
performance whenever the value returned by a function was used as
parameter, as before it had to run the function twice in almost every
case (once for strlen(), once for sprintf()).
|
|
The xine_xmalloc() function is going to be deprecated, as its
behaviour is rarely needed as such, and it's thus misused.
With this, almost all uses of xine_xmalloc() with static size (for
instance the value returned by sizeof()) or with a size that is
guaranteed not to be zero (like strlen()+1) are replaced with calls to
either calloc(1, ...) or malloc().
malloc() is used whenever the allocated memory is going to be
immediately overwritten, while calloc() is used in every other case,
as it sets the whole memory area to zero.
--HG--
extra : transplant_source : %8F%98%EC%02%1E%83%F0s%06X%83C%205Y%80%B12%CC%E1
|
|
For contributed code, leave whatever the version we last synced for is using
to make simpler future syncs.
|
|
CVS patchset: 8608
CVS date: 2007/02/20 00:34:55
|
|
CVS patchset: 8524
CVS date: 2007/01/19 01:05:24
|
|
*, so that 'return "something"' is valid. Note that _()/gettext() returns a char * but statically allocated, that the documentation considers constant.
CVS patchset: 8519
CVS date: 2007/01/18 23:02:18
|
|
Modified rtsp_session_read() to break reading after the end of the header.
Support user-specified bandwidth via the "media.network.bandwidth" config option.
CVS patchset: 8433
CVS date: 2006/12/22 16:42:20
|
|
support starting the playback at an optional time by delaying the PLAY
request upon the first call to rtsp_session_read() and setting the playback
start time via input_plugin->seek_time().
CVS patchset: 8422
CVS date: 2006/12/18 21:31:47
|
|
(through backports), to avoid exporting unneeded internal symbols, making plugins' loading faster and use of internal copies of libraries more solid. It should automatically fall back to the old way in GCCs that does not support -fvisibility=hidden, but has to be tested carefully. No issues were found in the months of testing in Gentoo, but this requires special attention anyway.
CVS patchset: 8101
CVS date: 2006/07/10 22:08:12
|
|
CVS patchset: 8065
CVS date: 2006/06/20 01:46:41
|
|
(Diego Pettenò)
CVS patchset: 7985
CVS date: 2006/05/03 19:46:06
|
|
2) [coverity] fixes:
- 279 (w32): test should be on input parametr type, not typeW
- 267 (aout): can be ignored but there was warning anyway
- 234 (w32): missing free on error & exit
- 152 (w32): missing free on error & exit
- 148 (w32): fixed bound of static array in test
- 101 (ffdec): defense code when avodec_encode_video will fail (just defense to the future,
should never happen with current ffmpeg in xine)
- 98, 99 (w32): check negative handle by _x_assert (it's used as index to array)
- 90 (w32): negate pointer check (+added check for size)
- 89 (w32): added NULL and size check
CVS patchset: 7959
CVS date: 2006/04/05 22:12:17
|
|
hopefuly somebody will be able to help fixing the
mess i did in dvdnav ;)
CVS patchset: 7759
CVS date: 2005/10/14 21:02:16
|
|
Incremented all input plugins API version.
CVS patchset: 7384
CVS date: 2005/02/06 15:00:34
|
|
is. Should protect against a plugin returning a malloc'd variable for
example.
CVS patchset: 6821
CVS date: 2004/07/20 00:50:10
|
|
http://article.gmane.org/gmane.comp.video.xine.devel/9532
it is now up to demuxers to decide what the 0..65535 position means.
demuxers tested: ogg, voc, flac, rm, asf, vqa, vob, avi, y4m, au, mov, ts, mp3, mpg, wav, ra, mve
CVS patchset: 6686
CVS date: 2004/06/13 21:28:52
|
|
CVS patchset: 5912
CVS date: 2003/12/14 22:13:22
|
|
CVS patchset: 5809
CVS date: 2003/11/27 22:33:01
|
|
CVS patchset: 5796
CVS date: 2003/11/26 19:43:26
|
|
from getting angry :)
CVS patchset: 5545
CVS date: 2003/10/19 16:28:10
|
|
(patch sent by Lethal Weapon <lethalwp@tiscali.be>)
CVS patchset: 4748
CVS date: 2003/05/02 12:33:44
|
|
CVS patchset: 4692
CVS date: 2003/04/26 22:34:31
|
|
CVS patchset: 4605
CVS date: 2003/04/13 19:04:27
|
|
old open() function replaced by :
*_class_get_instance() : return an instance if the plugin handles the mrl
*_plugin_open() : open the stream
CVS patchset: 4598
CVS date: 2003/04/13 16:02:53
|
|
All assert() function calls, with exceptions of libdvdread and libdvdnav, have been
replaced with XINE_ASSERT. Functionally XINE_ASSERT behaves just likes its predecesor but its
adding the ability to print out a stack trace at the point where the assertion fails.
So here are a few examples.
assert (0);
This use of assert was found in a couple locations most favorably being the default case of a switch
statement. This was the only thing there. So if the switch statement was unable to find a match
it would have defaulted to this and the user and the developers would be stuck wonder who died and where.
So it has been replaced with
XINE_ASSERT(0, "We have reach this point and don't have a default case");
It may seem a bit none descriptive but there is more going on behind the scene.
In addition to checking a condition is true/false, in this case '0', the XINE_ASSERT
prints out:
<filename>:<function name>:<line number> - assertion '<assertion expression>' failed. <description>
An example of this might be:
input_dvd.c:open_plugin:1178 - assertion '0' failed. xine_malloc failed!!! You have run out of memory
XINE_ASSERT and its helper function, print_trace, are found in src/xine-utils/xineutils.h
CVS patchset: 4301
CVS date: 2003/02/28 02:51:47
|
|
- new fb driver with zero copy
CVS patchset: 4058
CVS date: 2003/01/31 14:06:03
|
|
(thanks Chris Rankin for noticing)
CVS patchset: 3693
CVS date: 2002/12/27 16:47:10
|
|
different sizeof than integer.
- add extra_info structure to pass informations from input/demuxers down
to the output frame. this can be used, for example, to pass the frame
number of a frame (when known by decoder). also, immediate benefict is
that we now have a slider which really shows the current position of
the playing stream. new fields can be added to extra_info keeping
binary compatibility
- bumpy everybody's api versions
CVS patchset: 3603
CVS date: 2002/12/21 12:56:44
|
|
- removing exit()s from pnm.c
- server error message retrieving fixed in pnm.c
- handling of server messages in rtsp
CVS patchset: 3564
CVS date: 2002/12/16 21:50:54
|
|
rtsp input plugins to prevent stuttering at the beginning
- enable CAP_PREVIEW in pnm and rtsp input plugins
CVS patchset: 3545
CVS date: 2002/12/15 16:54:10
|
|
- a hack to handle REDIRECT rtsp method
- make rtsp fields case insensitive
- add '.rm' suffix to mrls to force handling
by demux_real.
CVS patchset: 3516
CVS date: 2002/12/14 00:02:30
|
|
only a few streams work for now.
* A couple of fixes in pnm input plugin.
* Fixed stream info in demux_real.
CVS patchset: 3495
CVS date: 2002/12/12 22:08:09
|
