| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not
properly handle (a) negative and (b) zero values during unspecified
read function calls in input_file.c, input_net.c, input_smb.c, and
input_http.c, which allows remote attackers to cause a denial of
service (crash) or possibly execute arbitrary code via vectors such as
(1) a file or (2) an HTTP response, which triggers consequences such
as out-of-bounds reads and heap-based buffer overflows.
|
|
Add warning flags to the DEBUG_CFLAGS too.
|
|
Using asprintf() instead of malloc() + sprintf() reduces the lines of
code in xine-lib (moving the allocation to the C library or asprintf
replacement), makes it safer to access the string and can also improve
performance whenever the value returned by a function was used as
parameter, as before it had to run the function twice in almost every
case (once for strlen(), once for sprintf()).
|
|
The xine_xmalloc() function is going to be deprecated, as its
behaviour is rarely needed as such, and it's thus misused.
With this, almost all uses of xine_xmalloc() with static size (for
instance the value returned by sizeof()) or with a size that is
guaranteed not to be zero (like strlen()+1) are replaced with calls to
either calloc(1, ...) or malloc().
malloc() is used whenever the allocated memory is going to be
immediately overwritten, while calloc() is used in every other case,
as it sets the whole memory area to zero.
--HG--
extra : transplant_source : %8F%98%EC%02%1E%83%F0s%06X%83C%205Y%80%B12%CC%E1
|
|
1.2 series.
|
|
elements by the size of the single element.
(transplanted from 512894f517c423fed0cadeca0d46c6d909403106)
--HG--
extra : transplant_source : Q%28%94%F5%17%C4%23%FE%D0%CA%DE%CA%0DF%C6%D9%09%401%06
|
|
--HG--
extra : transplant_source : %E0%D0%C5%8B%BEU%DD%24%5D7%1F%ADV%AD%EB%23%CBU%80%EB
|
|
For contributed code, leave whatever the version we last synced for is using
to make simpler future syncs.
|
|
work. Thanks Timothy Redaelli for helping me diagnose it.
CVS patchset: 8564
CVS date: 2007/01/26 17:06:05
|
|
(through backports), to avoid exporting unneeded internal symbols, making plugins' loading faster and use of internal copies of libraries more solid. It should automatically fall back to the old way in GCCs that does not support -fvisibility=hidden, but has to be tested carefully. No issues were found in the months of testing in Gentoo, but this requires special attention anyway.
CVS patchset: 8101
CVS date: 2006/07/10 22:08:12
|
|
CVS patchset: 8065
CVS date: 2006/06/20 01:46:41
|
|
CVS patchset: 8055
CVS date: 2006/06/18 20:29:03
|
|
CVS patchset: 8009
CVS date: 2006/06/02 22:18:56
|
|
(Diego Pettenò)
CVS patchset: 7985
CVS date: 2006/05/03 19:46:06
|
|
(video_out/alphablend* need to be removed yet)
gcc-2.95 support: SMB, external compiled with different gcc VCD
fixed GDK_PIXBUF build
CVS patchset: 7983
CVS date: 2006/05/01 21:35:30
|
|
CID: 10
Checker: DEADCODE (help)
File: xine-lib/src/input/input_smb.c
Function: smb_plugin_read
Description: After this line, the value of "n" is at least 1
CVS patchset: 7937
CVS date: 2006/03/18 09:25:02
|
|
CVS patchset: 7893
CVS date: 2006/02/14 18:42:13
|
|
CVS patchset: 7864
CVS date: 2006/02/04 12:08:22
|
|
CVS patchset: 7863
CVS date: 2006/02/02 22:35:30
|
|
hopefuly somebody will be able to help fixing the
mess i did in dvdnav ;)
CVS patchset: 7759
CVS date: 2005/10/14 21:02:16
|
|
Incremented all input plugins API version.
CVS patchset: 7384
CVS date: 2005/02/06 15:00:34
|
|
CVS patchset: 7047
CVS date: 2004/10/18 18:44:56
|
|
CVS patchset: 7046
CVS date: 2004/10/18 18:26:12
|
|
CVS patchset: 7044
CVS date: 2004/10/18 18:01:44
|
