| Age | Commit message (Collapse) | Author |
|---|
|
Based on a patch by Matthias Hopf <mhopf@suse.de>.
|
|
|
|
return error when the allocation function returns NULL
Otherwise xine might be induced to segfault by bad user data.
|
|
Some input plugins (e.g. file) return negative error codes from read,
this should be treated as no (more) data available.
|
|
Currently, this is satisfied in all locations where it is called,
but it is more prudent to add the check.
|
|
get_size might return -1 (e.g. for streams whose size is unknown),
but demux_mod is not able to handle this.
This is particularly bad because it is later assigned to unsigned types
(demux_mod_t.filesize is size_t).
Based on a patch by Matthias Hopf <mhopf@suse.de>.
|
|
Some input plugins (e.g. file) return negative error codes from read,
this should be treated as no (more) data available.
This is particularly bad because the error code is assigned to an
unsigned integer variable for use by the caller.
Based on a patch by Matthias Hopf <mhopf@suse.de>
|
|
matroska
while codec_private_len is unsigned, the size is later used to calculate
the signed xine_bmiheader.size
|
|
Add checks for negative return values in aac,ac3,dts,mpc,
nsf,ogg,shn,slave,ts,tta,vox demuxers.
Some input plugins (e.g. file) return negative error codes from read,
this should be treated as no (more) data available.
This is particularly the negative size is then assigned to buf->size,
potentially causing overflows elsewhere.
The patch also removes the duplication of the (previously) == 0 handler
in demux_ac3.
|
|
When a track's fifo is not set up (typically because the track type is invalid),
do not call init_codec, as all implementations dereference track->fifo,
segfaulting if it is NULL.
|
|
The real_parse_headers function in demux_real.c in xine-lib 1.1.12,
and other 1.1.15 and earlier versions, relies on an untrusted input
length value to "reindex into an allocated buffer," which allows
remote attackers to cause a denial of service (crash) via a crafted
value, probably an array index error.
|
|
xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an
untrusted input value to determine the memory allocation and does not
check the result for (1) the MATROSKA_ID_TR_CODECPRIVATE track entry
element processed by demux_matroska.c; and (2) PROP_TAG, (3) MDPR_TAG,
and (4) CONT_TAG chunks processed by the real_parse_headers function
in demux_real.c; which allows remote attackers to cause a denial of
service (NULL pointer dereference and crash) or possibly execute
arbitrary code via a crafted value.
|
|
xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not
properly handle (a) negative and (b) zero values during unspecified
read function calls in input_file.c, input_net.c, input_smb.c, and
input_http.c, which allows remote attackers to cause a denial of
service (crash) or possibly execute arbitrary code via vectors such as
(1) a file or (2) an HTTP response, which triggers consequences such
as out-of-bounds reads and heap-based buffer overflows.
|
|
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and
earlier versions, allow remote attackers to cause a denial of service
(crash) or possibly execute arbitrary code via (1) crafted width and
height values that are not validated by the mymng_process_header
function in demux_mng.c before use in an allocation calculation or (2)
crafted current_atom_size and string_size values processed by the
parse_reference_atom function in demux_qt.c.
|
|
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other
1.1.15 and earlier versions, allow remote attackers to execute
arbitrary code via vectors related to (1) a crafted EBML element
length processed by the parse_block_group function in
demux_matroska.c; (2) a certain combination of sps, w, and h values
processed by the real_parse_audio_specific_data and
demux_real_send_chunk functions in demux_real.c; and (3) an
unspecified combination of three values processed by the open_ra_file
function in demux_realaudio.c. NOTE: vector 2 reportedly exists
because of an incomplete fix in 1.1.15.
|
|
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other
versions before 1.1.15, allow remote attackers to execute arbitrary
code via vectors related to (1) a crafted metadata atom size processed
by the parse_moov_atom function in demux_qt.c and (2) frame reading in
the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is
possible that vector 1 has not been fixed in 1.1.15.
case ( FOURCC_TAG('C', 'O', 'M', 'M') ):
_x_meta_info_set_generic(stream, XINE_META_INFO_COMMENT, buf + 1 + 3, id3_encoding[enc]);
|
|
On XINE_GUI_SEND_DRAWABLE_CHANGED, the clipping area is adjusted
to the new HWND and the frame shown again. This allows to switch
the window where the video is shown at runtime, simliar to the X11
drivers.
|
|
The lPitch setting of the offscreen buffer was not taken into account,
which let to a garbled image if the video card driver did support YV12 or
YUV2 color formats. This patch fixes bug #72.
|
|
The test stream sometimes causes the ASF demuxer to report "unknown GUID"
several times then act as if the headers have been received, with the audio
output thread waiting forever for data to be passed to it by the decoder, in
this case the ffmpeg audio decoder.
This particular hang occurs if playback is stopped before the demuxer has
decided that headers have been received (later, and we'd have the problem
which the parent cset of this cset fixes); having the demuxer control insert
empty audio buffers where it would otherwise wait forever for the audio
output thread to receive some data.
Test stream: mmsh://213.92.19.8:80/radiodeejay?MSWMExt=.asf
|
|
playback stopped.
|
|
libmms will always fail to request media with URIs containing percent-encoded
characters. This is because the path component in the MMS URI should be
decoded before it is sent to the server.
http://download.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D-A4F81802D92C/%5BMS-MMSP%5D.pdf
(page 48)
|
|
|
|
|
|
|
|
These are known to be present in some nvidia graphics hardware.
|
|
These drivers use "NV* Video Texture" instead of "* Textured Video".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When it comes to FLAC audio files, seeking relies on seekpoints which are
not always present, and even when they are, sometimes it fails. Also, as far
as I can see, xine is unable to play a FLAC stream starting at an arbitrary
position.
Other players (namely mplayer) do not rely on seekpoints when they handle
FLAC files and they don't suffer from these problems.
With this patch, time-based seeking doesn't change, while position-based
seeking is completely independent from seekpoints.
|
|
|
|
- goom initialization
- matroska playing recent files with AAC
- replace free() by ffmpeg's av_free() in ff decoders
|
|
Add warning flags to the DEBUG_CFLAGS too.
|
|
|
|
There is needed some ui<->lib interaction: used caca display is optionally delivered from ui to the caca vo plugin.
|
|
|
|
|
|
|
|
|
|
This fixes several bugs/incompatibilities in spudvb decoder.
You can find various test samples at http://hftom.free.fr/video_samples/
--HG--
extra : transplant_source : %CD%CE%3A%3F%B6%8BN%FD2%5D%DB%9A%AB%AF%C2%E1%2B%1A%B1%23
|
|
The playback pointer did occasionally overrun the write pointer, which
results in audible gaps in playback. To solve this, the slotted ringbuffer
was replaced by a simple ringbuffer and the service threads now checks
periodically if there is still data in the buffer instead of checking at the
slots borders.
--HG--
extra : transplant_source : %A1%12%60%B9%E4%AB%E7%7C%D7%D6%BD%7C%C6M%C9%94s%7F%BE%91
|
|
If neither YV12 nor YUV2 format is supported by DirectX, a secondary buffer
with the same pixelformat as the primary buffer is used. However, the pixel
format of the primary was not passed to CreateSurface, instead a 16 bit
pixelformat was created, which is the reason why the video was broken on
24bit or 32bit desktops.
--HG--
extra : transplant_source : %A6-%ADwyY%EE%C8%26%E2%5E%2A%83%0A%0B/%CBM%23%0F
|
|
Without this patch, the video freezes.
Available corrupted sample:
http://hftom.free.fr/video_samples/corrupted_video.m2t
--HG--
extra : transplant_source : %86g%9A%B1%AF%12L%7E%3EN%8C%0FT%D2%D8%3B%7Dv%F0%14
|
|
To place SDL output inside an existing window, the SDL_WINDOWID environement
variable has to be set. This was done by the SDL video out pluging if
HAVE_X11 was defined, but not for WIN32, where it works as well.
--HG--
extra : transplant_source : E%169%A2%B4%93%3CY%07%A9%9F%1C%E0%B8-%14m4%A2%11
|
|
let raw video out plugin handle cropping.
--HG--
extra : transplant_source : %F3l%EFUI%28%2C%A0%0C%3E%AD%EA%EC%80%D1%9A%C0/%20%E5
|
|
Date: Sun, 28 Sep 2008 20:17:54 +0200
The channel order of aac 5.1 audio is wrong during playback. IIRC, the
internal channels order for this kind of streams is the same as dts: dts
output is reordered according to alsa specs (and ac3 5.1 also works), but
aac is not and - for instance - front center is send to front left.
The audio channels configuration table should be something like this
## ---------------------
## | Config: 5.1 Ch |
## ---- ---------------- -------------- --------------
## | Ch | AAC/DTS | ALSA | AC3 |
## ---- ---------------- --------------- --------------
## | 00 | Center front | Left front | Left front |
## | 01 | Left front | Right front | Center |
## | 02 | Right front | Left back | Right front |
## | 03 | Left back | Right back | Left back |
## | 04 | Right back | Center | Right back |
## | 05 | LFE | LFE | LFE |
## ---- ---------------- --------------- --------------
|
|
Date: Sat, 28 Jun 2008 17:29:59 +0200
This patch adds this to the FLAC demuxer.
|
