From d50b6542e330db416b50aa717aa67e2a0b564d58 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Sun, 8 Feb 2009 14:19:24 +0000 Subject: Remove a break which causes some front ends to hang. (cset ce60f8b5995a) (If this causes xine-lib to hang on certain broken streams, we have a problem.) --- ChangeLog | 2 ++ src/xine-engine/demux.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 1cecbb033..9968b2f43 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ xine-lib (1.1.17) 2009-??-?? * Build fixes related to ImageMagick 6.4 & later. * Fix an error in Matroska PTS calculation. + * Some front ends hang due to the hang fixes in 1.1.16. Fix this by + removing a break statement. * Enable libmpeg2new. This is not yet production code; the old mpeg2 decoder remains the default. * Fix a broken size check in the pvr input plugin (ref. CVE-2008-5239). diff --git a/src/xine-engine/demux.c b/src/xine-engine/demux.c index 4d6bc6c1c..cfb13831e 100644 --- a/src/xine-engine/demux.c +++ b/src/xine-engine/demux.c @@ -377,7 +377,7 @@ static void *demux_loop (void *stream_gen) { pthread_cond_wait (&stream->counter_changed, &stream->counter_lock); if (demux_unstick_ao_loop (stream)) - break; + /* break amarok */; } pthread_mutex_unlock (&stream->counter_lock); -- cgit v1.2.3 From b69cc6330e66260238abf75164f18db17337ba20 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Mon, 9 Feb 2009 16:35:45 +0000 Subject: Reinstate the previous Real codecs info, leaving in place the RealPlayer text. --- doc/faq/faq.sgml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/doc/faq/faq.sgml b/doc/faq/faq.sgml index 59bc5cde6..5dbd1c6a4 100644 --- a/doc/faq/faq.sgml +++ b/doc/faq/faq.sgml @@ -874,6 +874,19 @@ /opt/real/RealPlayer/codecs/. Restart xine then and you should be able to watch Real files/streams. + + Another way to get the Real codecs is to download them from the MPlayer website + + http://www.mplayerhq.hu/design7/dload.html + . + The package is called "essential". Unpack it and move everything you + find inside to /usr/lib/codecs and set the + decoder.external.real_codecs_path in your xine config file + to /usr/lib/codecs (actually you can place them + anywhere you want, e.g. someplace in your home directory, but then you'll + have to set decoder.external.real_codecs_path accordingly). + Restart xine then and you should be able to watch Real files/streams. + What about (live) network streams (pnm://, rtsp:// style urls)? -- cgit v1.2.3 From 8f9a6421c30167b2bf314d512ae70b27d0167bb1 Mon Sep 17 00:00:00 2001 From: Miguel Freitas Date: Mon, 9 Feb 2009 22:09:28 -0200 Subject: Fix race conditions in gapless_switch (ref. kde bug #180339) --- ChangeLog | 1 + src/xine-engine/audio_decoder.c | 6 ++++-- src/xine-engine/audio_out.c | 2 +- src/xine-engine/buffer.h | 3 +++ src/xine-engine/demux.c | 3 +++ src/xine-engine/video_decoder.c | 2 +- src/xine-engine/xine.c | 6 ++++-- src/xine-engine/xine_interface.c | 3 +++ src/xine-engine/xine_internal.h | 1 + 9 files changed, 21 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9968b2f43..33f153b25 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,7 @@ xine-lib (1.1.17) 2009-??-?? decoder remains the default. * Fix a broken size check in the pvr input plugin (ref. CVE-2008-5239). * More malloc checking (ref. CVE-2008-5240). + * Fix race conditions in gapless_switch (ref. kde bug #180339) xine-lib (1.1.16.1) 2009-01-11 * Fix build with older ffmpeg, both internal and in Debian 5.0. diff --git a/src/xine-engine/audio_decoder.c b/src/xine-engine/audio_decoder.c index 5476262d9..855dee372 100644 --- a/src/xine-engine/audio_decoder.c +++ b/src/xine-engine/audio_decoder.c @@ -89,16 +89,18 @@ static void *audio_decoder_loop (void *stream_gen) { if (stream->audio_decoder_plugin) { lprintf ("close old decoder\n"); - + + stream->keep_ao_driver_open = !!(buf->decoder_flags & BUF_FLAG_GAPLESS_SW); _x_free_audio_decoder (stream, stream->audio_decoder_plugin); stream->audio_decoder_plugin = NULL; stream->audio_track_map_entries = 0; stream->audio_type = 0; + stream->keep_ao_driver_open = 0; } running_ticket->release(running_ticket, 0); - if( !stream->gapless_switch ) + if( !(buf->decoder_flags & BUF_FLAG_GAPLESS_SW) ) stream->metronom->handle_audio_discontinuity (stream->metronom, DISC_STREAMSTART, 0); buftype_unknown = 0; diff --git a/src/xine-engine/audio_out.c b/src/xine-engine/audio_out.c index d28c45ea6..43553875e 100644 --- a/src/xine-engine/audio_out.c +++ b/src/xine-engine/audio_out.c @@ -1609,7 +1609,7 @@ static void ao_close(xine_audio_port_t *this_gen, xine_stream_t *stream) { pthread_mutex_unlock(&this->streams_lock); /* close driver if no streams left */ - if (!ite && !this->grab_only && !stream->gapless_switch) { + if (!ite && !this->grab_only && !stream->keep_ao_driver_open) { xprintf (this->xine, XINE_VERBOSITY_DEBUG, "audio_out: no streams left, closing driver\n"); if (this->audio_loop_running) { diff --git a/src/xine-engine/buffer.h b/src/xine-engine/buffer.h index 718dedd74..7669c38e6 100644 --- a/src/xine-engine/buffer.h +++ b/src/xine-engine/buffer.h @@ -374,6 +374,9 @@ struct buf_element_s { * decoder_info[2] carries denominator for display aspect ratio */ #define BUF_FLAG_ASPECT 0x0800 +/* represent the state of gapless_switch at the time buf was enqueued */ +#define BUF_FLAG_GAPLESS_SW 0x1000 + /* Special buffer types: * Sometimes there is a need to relay special information from a demuxer diff --git a/src/xine-engine/demux.c b/src/xine-engine/demux.c index cfb13831e..5e9cf5a83 100644 --- a/src/xine-engine/demux.c +++ b/src/xine-engine/demux.c @@ -231,15 +231,18 @@ void _x_demux_control_headers_done (xine_stream_t *stream) { void _x_demux_control_start( xine_stream_t *stream ) { buf_element_t *buf; + uint32_t flags = (stream->gapless_switch) ? BUF_FLAG_GAPLESS_SW : 0; pthread_mutex_lock(&stream->demux_mutex); buf = stream->video_fifo->buffer_pool_alloc (stream->video_fifo); buf->type = BUF_CONTROL_START; + buf->decoder_flags = flags; stream->video_fifo->put (stream->video_fifo, buf); buf = stream->audio_fifo->buffer_pool_alloc (stream->audio_fifo); buf->type = BUF_CONTROL_START; + buf->decoder_flags = flags; stream->audio_fifo->put (stream->audio_fifo, buf); pthread_mutex_unlock(&stream->demux_mutex); diff --git a/src/xine-engine/video_decoder.c b/src/xine-engine/video_decoder.c index c88e01714..d3c9e0d34 100644 --- a/src/xine-engine/video_decoder.c +++ b/src/xine-engine/video_decoder.c @@ -160,7 +160,7 @@ static void *video_decoder_loop (void *stream_gen) { running_ticket->release(running_ticket, 0); - if( !stream->gapless_switch ) + if( !(buf->decoder_flags & BUF_FLAG_GAPLESS_SW) ) stream->metronom->handle_video_discontinuity (stream->metronom, DISC_STREAMSTART, 0); diff --git a/src/xine-engine/xine.c b/src/xine-engine/xine.c index e4e36527f..63a5b7213 100644 --- a/src/xine-engine/xine.c +++ b/src/xine-engine/xine.c @@ -419,6 +419,7 @@ void xine_stop (xine_stream_t *stream) { static void close_internal (xine_stream_t *stream) { int i ; + int gapless_switch = stream->gapless_switch; if( stream->slave ) { xine_close( stream->slave ); @@ -429,7 +430,7 @@ static void close_internal (xine_stream_t *stream) { } } - if( !stream->gapless_switch ) { + if( !gapless_switch ) { /* make sure that other threads cannot change the speed, especially pauseing the stream */ pthread_mutex_lock(&stream->speed_change_lock); stream->ignore_speed_change = 1; @@ -445,7 +446,7 @@ static void close_internal (xine_stream_t *stream) { stop_internal( stream ); - if( !stream->gapless_switch ) { + if( !gapless_switch ) { if (stream->video_out) stream->video_out->set_property(stream->video_out, VO_PROP_DISCARD_FRAMES, 0); if (stream->audio_out) @@ -596,6 +597,7 @@ xine_stream_t *xine_stream_new (xine_t *this, stream->early_finish_event = 0; stream->delay_finish_event = 0; stream->gapless_switch = 0; + stream->keep_ao_driver_open = 0; stream->video_out = vo; if (vo) diff --git a/src/xine-engine/xine_interface.c b/src/xine-engine/xine_interface.c index d1d5a18d9..0438aedfa 100644 --- a/src/xine-engine/xine_interface.c +++ b/src/xine-engine/xine_interface.c @@ -527,6 +527,9 @@ void xine_set_param (xine_stream_t *stream, int param, int value) { case XINE_PARAM_GAPLESS_SWITCH: stream->gapless_switch = !!value; + if( stream->gapless_switch && !stream->early_finish_event ) { + xprintf (stream->xine, XINE_VERBOSITY_DEBUG, "frontend possibly buggy: gapless_switch without early_finish_event\n"); + } break; default: diff --git a/src/xine-engine/xine_internal.h b/src/xine-engine/xine_internal.h index f97ca0b24..945157fc2 100644 --- a/src/xine-engine/xine_internal.h +++ b/src/xine-engine/xine_internal.h @@ -361,6 +361,7 @@ struct xine_stream_s { int early_finish_event; /* do not wait fifos get empty before sending event */ int gapless_switch; /* next stream switch will be gapless */ int delay_finish_event; /* delay event in 1/10 sec units. 0=>no delay, -1=>forever */ + int keep_ao_driver_open; #endif }; -- cgit v1.2.3 From 2afab9c8441685d1ec8f6ef5c9f8c4a163533dfa Mon Sep 17 00:00:00 2001 From: Lorenzo Desole Date: Mon, 9 Feb 2009 22:38:40 +0100 Subject: demux_unstick_ao_loop() reports that xine might be stuck != is stuck Don't give up immediately if demux_unstick_ao_loop() reports that xine might be stuck, because it's not necessarily so. According to my tests, this fixes http://bugs.kde.org/show_bug.cgi?id=180339#c42 and http://bugs.debian.org/514114. This has been tested with Amarok and kde 4.1.x (with phonon) and kaffeine. --- src/combined/ffmpeg/ff_audio_decoder.c | 4 ++- src/xine-engine/demux.c | 52 ++++++++++++++++++++++++---------- 2 files changed, 40 insertions(+), 16 deletions(-) diff --git a/src/combined/ffmpeg/ff_audio_decoder.c b/src/combined/ffmpeg/ff_audio_decoder.c index 140a88f80..24c193b44 100644 --- a/src/combined/ffmpeg/ff_audio_decoder.c +++ b/src/combined/ffmpeg/ff_audio_decoder.c @@ -333,8 +333,10 @@ static void ff_audio_decode_data (audio_decoder_t *this_gen, buf_element_t *buf) while (out < decode_buffer_size) { int stream_status = xine_get_status(this->stream); - if (stream_status == XINE_STATUS_QUIT || stream_status == XINE_STATUS_STOP) + if (stream_status == XINE_STATUS_QUIT || stream_status == XINE_STATUS_STOP) { + this->size = 0; return; + } audio_buffer = this->stream->audio_out->get_buffer (this->stream->audio_out); diff --git a/src/xine-engine/demux.c b/src/xine-engine/demux.c index 5e9cf5a83..2ff64dfd3 100644 --- a/src/xine-engine/demux.c +++ b/src/xine-engine/demux.c @@ -120,6 +120,16 @@ void _x_demux_flush_engine (xine_stream_t *stream) { } +struct timespec _x_compute_interval(unsigned int millisecs) { + struct timespec ts; + clock_gettime(CLOCK_REALTIME, &ts); + uint64_t ttimer = (uint64_t)ts.tv_sec*1000 + ts.tv_nsec/1000000 + millisecs; + ts.tv_sec = ttimer/1000; + ts.tv_nsec = (ttimer%1000)*1000000; + return ts; +} + + void _x_demux_control_newpts( xine_stream_t *stream, int64_t pts, uint32_t flags ) { buf_element_t *buf; @@ -147,19 +157,20 @@ void _x_demux_control_newpts( xine_stream_t *stream, int64_t pts, uint32_t flags */ static int demux_unstick_ao_loop (xine_stream_t *stream) { - if (!stream->audio_thread_created) +/* if (!stream->audio_thread_created) return 0; - +*/ int status = xine_get_status (stream); - if (status != XINE_STATUS_QUIT && status != XINE_STATUS_STOP) + if (status != XINE_STATUS_QUIT && status != XINE_STATUS_STOP && stream->demux_plugin->get_status(stream->demux_plugin) != DEMUX_FINISHED) return 0; - +#if 0 /* right, stream is stopped... */ audio_buffer_t *buf = stream->audio_out->get_buffer (stream->audio_out); buf->num_frames = 0; buf->stream = NULL; stream->audio_out->put_buffer (stream->audio_out, buf, stream); - +#endif + lprintf("stuck\n"); return 1; } @@ -200,24 +211,27 @@ void _x_demux_control_headers_done (xine_stream_t *stream) { stream->audio_fifo->put (stream->audio_fifo, buf_audio); pthread_mutex_unlock(&stream->demux_mutex); + unsigned int max_iterations = 0; while ((stream->header_count_audio < header_count_audio) || (stream->header_count_video < header_count_video)) { - struct timeval tv; - struct timespec ts; lprintf ("waiting for headers. v:%d %d a:%d %d\n", stream->header_count_video, header_count_video, stream->header_count_audio, header_count_audio); + + struct timespec ts = _x_compute_interval(1000); + int ret_wait; - gettimeofday(&tv, NULL); - ts.tv_sec = tv.tv_sec + 1; - ts.tv_nsec = tv.tv_usec * 1000; /* use timedwait to workaround buggy pthread broadcast implementations */ - pthread_cond_timedwait (&stream->counter_changed, &stream->counter_lock, &ts); + ret_wait = pthread_cond_timedwait (&stream->counter_changed, &stream->counter_lock, &ts); - if (demux_unstick_ao_loop (stream)) + if (ret_wait == ETIMEDOUT && demux_unstick_ao_loop (stream) && ++max_iterations > 4) { + xine_log(stream->xine, + XINE_LOG_MSG,_("Stuck in _x_demux_control_headers_done(). Taking the emergency exit\n")); + stream->emergency_brake = 1; break; + } } stream->demux_action_pending = 0; @@ -374,13 +388,21 @@ static void *demux_loop (void *stream_gen) { pthread_mutex_unlock( &stream->demux_lock ); pthread_mutex_lock (&stream->counter_lock); + struct timespec ts; + unsigned int max_iterations = 0; + int ret_wait; while ((stream->finished_count_audio < finished_count_audio) || (stream->finished_count_video < finished_count_video)) { lprintf ("waiting for finisheds.\n"); - pthread_cond_wait (&stream->counter_changed, &stream->counter_lock); + ts = _x_compute_interval(1000); + ret_wait = pthread_cond_timedwait (&stream->counter_changed, &stream->counter_lock, &ts); - if (demux_unstick_ao_loop (stream)) - /* break amarok */; + if (ret_wait == ETIMEDOUT && demux_unstick_ao_loop (stream) && ++max_iterations > 4) { + xine_log(stream->xine, + XINE_LOG_MSG,_("Stuck in demux_loop(). Taking the emergency exit\n")); + stream->emergency_brake = 1; + break; + } } pthread_mutex_unlock (&stream->counter_lock); -- cgit v1.2.3 From a0b9021d54dc9890da5f0c9bd26361db4556f6c2 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Tue, 10 Feb 2009 17:17:50 +0000 Subject: Fix broken size checks in various input plugins (ref. CVE-2008-5239). --- ChangeLog | 2 +- src/input/input_dvb.c | 4 +++- src/input/input_file.c | 4 +++- src/input/input_gnome_vfs.c | 4 +++- src/input/input_http.c | 4 +++- src/input/input_mms.c | 4 +++- src/input/input_net.c | 4 +++- src/input/input_pnm.c | 4 +++- src/input/input_pvr.c | 4 +++- src/input/input_rtp.c | 4 +++- src/input/input_rtsp.c | 4 +++- src/input/input_smb.c | 4 +++- src/input/input_stdin_fifo.c | 4 +++- 13 files changed, 37 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 33f153b25..ebff0e5de 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,7 +5,7 @@ xine-lib (1.1.17) 2009-??-?? removing a break statement. * Enable libmpeg2new. This is not yet production code; the old mpeg2 decoder remains the default. - * Fix a broken size check in the pvr input plugin (ref. CVE-2008-5239). + * Fix broken size checks in various input plugins (ref. CVE-2008-5239). * More malloc checking (ref. CVE-2008-5240). * Fix race conditions in gapless_switch (ref. kde bug #180339) diff --git a/src/input/input_dvb.c b/src/input/input_dvb.c index 9c592a067..5060757e4 100644 --- a/src/input/input_dvb.c +++ b/src/input/input_dvb.c @@ -2602,7 +2602,9 @@ static buf_element_t *dvb_plugin_read_block (input_plugin_t *this_gen, buf_element_t *buf = fifo->buffer_pool_alloc (fifo); int total_bytes; - if (todo < 0 || todo > buf->size) { + if (todo > buf->max_size) + todo = buf->max_size; + if (todo < 0) { buf->free_buffer (buf); return NULL; } diff --git a/src/input/input_file.c b/src/input/input_file.c index 690913aa4..2187f0007 100644 --- a/src/input/input_file.c +++ b/src/input/input_file.c @@ -169,7 +169,9 @@ static buf_element_t *file_plugin_read_block (input_plugin_t *this_gen, fifo_buf file_input_plugin_t *this = (file_input_plugin_t *) this_gen; buf_element_t *buf = fifo->buffer_pool_alloc (fifo); - if (todo < 0 || todo > buf->size) { + if (todo > buf->max_size) + todo = buf->max_size; + if (todo < 0) { buf->free_buffer (buf); return NULL; } diff --git a/src/input/input_gnome_vfs.c b/src/input/input_gnome_vfs.c index ec025f7b5..a3dfafdd5 100644 --- a/src/input/input_gnome_vfs.c +++ b/src/input/input_gnome_vfs.c @@ -121,7 +121,9 @@ gnomevfs_plugin_read_block (input_plugin_t *this_gen, fifo_buffer_t *fifo, off_t total_bytes; buf_element_t *buf = fifo->buffer_pool_alloc (fifo); - if (todo < 0 || todo > buf->size) { + if (todo > buf->max_size) + todo = buf->max_size; + if (todo < 0) { buf->free_buffer (buf); return NULL; } diff --git a/src/input/input_http.c b/src/input/input_http.c index 3cb745656..c831dfc59 100644 --- a/src/input/input_http.c +++ b/src/input/input_http.c @@ -506,7 +506,9 @@ static buf_element_t *http_plugin_read_block (input_plugin_t *this_gen, fifo_buf off_t total_bytes; buf_element_t *buf = fifo->buffer_pool_alloc (fifo); - if (todo < 0 || todo > buf->size) { + if (todo > buf->max_size) + todo = buf->max_size; + if (todo < 0) { buf->free_buffer (buf); return NULL; } diff --git a/src/input/input_mms.c b/src/input/input_mms.c index d5cc0a2ac..cd88a0609 100644 --- a/src/input/input_mms.c +++ b/src/input/input_mms.c @@ -122,7 +122,9 @@ static buf_element_t *mms_plugin_read_block (input_plugin_t *this_gen, lprintf ("mms_plugin_read_block: %"PRId64" bytes...\n", todo); - if (todo < 0 || todo > buf->size) { + if (todo > buf->max_size) + todo = buf->max_size; + if (todo < 0) { buf->free_buffer (buf); return NULL; } diff --git a/src/input/input_net.c b/src/input/input_net.c index 719203ff9..d9da27b54 100644 --- a/src/input/input_net.c +++ b/src/input/input_net.c @@ -291,7 +291,9 @@ static buf_element_t *net_plugin_read_block (input_plugin_t *this_gen, buf_element_t *buf = fifo->buffer_pool_alloc (fifo); off_t total_bytes; - if (todo < 0 || todo > buf->size) { + if (todo > buf->max_size) + todo = buf->max_size; + if (todo < 0) { buf->free_buffer (buf); return NULL; } diff --git a/src/input/input_pnm.c b/src/input/input_pnm.c index af2b8add2..f609695d5 100644 --- a/src/input/input_pnm.c +++ b/src/input/input_pnm.c @@ -97,7 +97,9 @@ static buf_element_t *pnm_plugin_read_block (input_plugin_t *this_gen, lprintf ("pnm_plugin_read_block: %"PRId64" bytes...\n", todo); - if (todo < 0 || todo > buf->size) { + if (todo > buf->max_size) + todo = buf->max_size; + if (todo < 0) { buf->free_buffer (buf); return NULL; } diff --git a/src/input/input_pvr.c b/src/input/input_pvr.c index 5238fccbc..a9c92e42e 100644 --- a/src/input/input_pvr.c +++ b/src/input/input_pvr.c @@ -1208,7 +1208,9 @@ static buf_element_t *pvr_plugin_read_block (input_plugin_t *this_gen, fifo_buff } buf = fifo->buffer_pool_alloc (fifo); - if (todo < 0 || todo > buf->size) { + if (todo > buf->max_size) + todo = buf->max_size; + if (todo < 0) { buf->free_buffer(buf); return NULL; } diff --git a/src/input/input_rtp.c b/src/input/input_rtp.c index 8d07eb6cf..90bae6670 100644 --- a/src/input/input_rtp.c +++ b/src/input/input_rtp.c @@ -527,7 +527,9 @@ static buf_element_t *rtp_plugin_read_block (input_plugin_t *this_gen, buf_element_t *buf = fifo->buffer_pool_alloc (fifo); int total_bytes; - if (todo < 0 || todo > buf->size) { + if (todo > buf->max_size) + todo = buf->max_size; + if (todo < 0) { buf->free_buffer (buf); return NULL; } diff --git a/src/input/input_rtsp.c b/src/input/input_rtsp.c index bfe8fdf85..fad395e0b 100644 --- a/src/input/input_rtsp.c +++ b/src/input/input_rtsp.c @@ -98,7 +98,9 @@ static buf_element_t *rtsp_plugin_read_block (input_plugin_t *this_gen, lprintf ("rtsp_plugin_read_block: %"PRId64" bytes...\n", todo); - if (todo < 0 || todo > buf->size) { + if (todo > buf->max_size) + todo = buf->max_size; + if (todo < 0) { buf->free_buffer (buf); return NULL; } diff --git a/src/input/input_smb.c b/src/input/input_smb.c index 4d7e9a94a..e49eaa889 100644 --- a/src/input/input_smb.c +++ b/src/input/input_smb.c @@ -91,7 +91,9 @@ smb_plugin_read_block (input_plugin_t *this_gen, fifo_buffer_t *fifo, off_t total_bytes; buf_element_t *buf = fifo->buffer_pool_alloc (fifo); - if (todo < 0 || todo > buf->size) { + if (todo > buf->max_size) + todo = buf->max_size; + if (todo < 0) { buf->free_buffer (buf); return NULL; } diff --git a/src/input/input_stdin_fifo.c b/src/input/input_stdin_fifo.c index 4acd825a5..64b8d748c 100644 --- a/src/input/input_stdin_fifo.c +++ b/src/input/input_stdin_fifo.c @@ -123,7 +123,9 @@ static buf_element_t *stdin_plugin_read_block (input_plugin_t *this_gen, fifo_bu /* stdin_input_plugin_t *this = (stdin_input_plugin_t *) this_gen; */ buf_element_t *buf = fifo->buffer_pool_alloc (fifo); - if (todo < 0 || todo > buf->size) { + if (todo > buf->max_size) + todo = buf->max_size; + if (todo < 0) { buf->free_buffer (buf); return NULL; } -- cgit v1.2.3 From ec17a06e90ae960595fce584ce1b161f2674293e Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Tue, 10 Feb 2009 17:17:50 +0000 Subject: Fix a possible integer overflow in the 4XM demuxer. (TKADV2009-004.txt) --- ChangeLog | 1 + src/demuxers/demux_4xm.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index ebff0e5de..bdfaf1d23 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ xine-lib (1.1.17) 2009-??-?? * Fix broken size checks in various input plugins (ref. CVE-2008-5239). * More malloc checking (ref. CVE-2008-5240). * Fix race conditions in gapless_switch (ref. kde bug #180339) + * Fix a possible integer overflow in the 4XM demuxer. (TKADV2009-004.txt) xine-lib (1.1.16.1) 2009-01-11 * Fix build with older ffmpeg, both internal and in Debian 5.0. diff --git a/src/demuxers/demux_4xm.c b/src/demuxers/demux_4xm.c index a02a4b597..015ed8b2f 100644 --- a/src/demuxers/demux_4xm.c +++ b/src/demuxers/demux_4xm.c @@ -192,6 +192,10 @@ static int open_fourxm_file(demux_fourxm_t *fourxm) { const uint32_t current_track = _X_LE_32(&header[i + 8]); if (current_track + 1 > fourxm->track_count) { fourxm->track_count = current_track + 1; + if (fourxm->track_count >= UINT_MAX / sizeof(audio_track_t)) { + free(header); + return 0; + } fourxm->tracks = realloc(fourxm->tracks, fourxm->track_count * sizeof(audio_track_t)); if (!fourxm->tracks) { -- cgit v1.2.3 From 5c2144fc9e1fc812dadba98b8bdccbd6f9639460 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Tue, 10 Feb 2009 17:26:08 +0000 Subject: Disable libmpeg2new for release. --- ChangeLog | 2 -- configure.ac | 3 --- src/Makefile.am | 1 - 3 files changed, 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index bdfaf1d23..b279fd1f4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,8 +3,6 @@ xine-lib (1.1.17) 2009-??-?? * Fix an error in Matroska PTS calculation. * Some front ends hang due to the hang fixes in 1.1.16. Fix this by removing a break statement. - * Enable libmpeg2new. This is not yet production code; the old mpeg2 - decoder remains the default. * Fix broken size checks in various input plugins (ref. CVE-2008-5239). * More malloc checking (ref. CVE-2008-5240). * Fix race conditions in gapless_switch (ref. kde bug #180339) diff --git a/configure.ac b/configure.ac index 55450c780..e5b1d110a 100644 --- a/configure.ac +++ b/configure.ac @@ -2731,9 +2731,6 @@ src/libffmpeg/libavcodec/libpostproc/Makefile src/libffmpeg/libavutil/Makefile src/libmad/Makefile src/libmpeg2/Makefile -src/libmpeg2new/Makefile -src/libmpeg2new/libmpeg2/Makefile -src/libmpeg2new/include/Makefile src/libmusepack/Makefile src/libmusepack/musepack/Makefile src/libspudec/Makefile diff --git a/src/Makefile.am b/src/Makefile.am index 249bbc2b6..6718b4805 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -11,7 +11,6 @@ SUBDIRS = \ demuxers \ libffmpeg \ libmpeg2 \ - libmpeg2new \ liba52 \ libspudec \ libspucc \ -- cgit v1.2.3 From 2f2825efdc20e79da1126f908c04289589034917 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Tue, 10 Feb 2009 17:34:14 +0000 Subject: 1.1.16.2; back out release changes intended for 1.1.17. --- ChangeLog | 2 +- configure.ac | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index b279fd1f4..c3845bfe8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -xine-lib (1.1.17) 2009-??-?? +xine-lib (1.1.16.2) 2009-02-10 * Build fixes related to ImageMagick 6.4 & later. * Fix an error in Matroska PTS calculation. * Some front ends hang due to the hang fixes in 1.1.16. Fix this by diff --git a/configure.ac b/configure.ac index e5b1d110a..8a04af5e4 100644 --- a/configure.ac +++ b/configure.ac @@ -17,9 +17,9 @@ dnl XINE_SUB += 1; XINE_PATCH = ''; continue with XINE_LT_* values below dnl XINE_MAJOR=1 XINE_MINOR=1 -XINE_SUB=17 +XINE_SUB=16 dnl XINE_PATCH should be left empty or set to ".1" or ".2" or something similar -XINE_PATCH= +XINE_PATCH=.2 dnl Release series number (usually $XINE_MAJOR.$XINE_MINOR) XINE_SERIES=1.1 @@ -54,9 +54,9 @@ dnl are platform dependent dnl * in Linux, the library will be named dnl libname.so.(XINE_LT_CURRENT - XINE_LT_AGE).XINE_LT_AGE.XINE_LT_REVISION -XINE_LT_CURRENT=27 +XINE_LT_CURRENT=26 XINE_LT_REVISION=0 -XINE_LT_AGE=26 +XINE_LT_AGE=25 dnl for a release tarball do "rm .cvsversion" before "make dist" if test -f "${srcdir-.}/.cvsversion"; then -- cgit v1.2.3 From f066da0ce6e676542d3c429b4446928bcc7e78cf Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Tue, 10 Feb 2009 18:04:41 +0000 Subject: Added tag xine-lib-1_1_16_2-release for changeset ff19463729d8 --- .hgtags | 1 + 1 file changed, 1 insertion(+) diff --git a/.hgtags b/.hgtags index 896d963bc..3bd9ba22b 100644 --- a/.hgtags +++ b/.hgtags @@ -74,3 +74,4 @@ b6be674453e922114b55d4613cb197c77d19f094 xine-lib-1_1_9-release 17f8ed16524ba779af42913e51667e89b83a1887 xine-lib-1_1_15-release e33280bcaa3b1f3f5b93e633e2225e2440ecfd7c xine-lib-1_1_16-release 01fac0a015581bbdf7e38561ad2a95405e2ca785 xine-lib-1_1_16_1-release +ff19463729d8f9bbea35171d641c5f28cdacc7c8 xine-lib-1_1_16_2-release -- cgit v1.2.3 From 6002a9a87b3f591832c2b91ca1b2b1b67be008f5 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Tue, 10 Feb 2009 18:17:12 +0000 Subject: Restart 1.1.17 (again); revert changes made specifically for the release. --- ChangeLog | 4 ++++ configure.ac | 11 +++++++---- src/Makefile.am | 1 + 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index c3845bfe8..b3e8baaf2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +xine-lib (1.1.17) 2009-??-?? + * Enable libmpeg2new. This is not yet production code; the old mpeg2 + decoder remains the default. + xine-lib (1.1.16.2) 2009-02-10 * Build fixes related to ImageMagick 6.4 & later. * Fix an error in Matroska PTS calculation. diff --git a/configure.ac b/configure.ac index 8a04af5e4..55450c780 100644 --- a/configure.ac +++ b/configure.ac @@ -17,9 +17,9 @@ dnl XINE_SUB += 1; XINE_PATCH = ''; continue with XINE_LT_* values below dnl XINE_MAJOR=1 XINE_MINOR=1 -XINE_SUB=16 +XINE_SUB=17 dnl XINE_PATCH should be left empty or set to ".1" or ".2" or something similar -XINE_PATCH=.2 +XINE_PATCH= dnl Release series number (usually $XINE_MAJOR.$XINE_MINOR) XINE_SERIES=1.1 @@ -54,9 +54,9 @@ dnl are platform dependent dnl * in Linux, the library will be named dnl libname.so.(XINE_LT_CURRENT - XINE_LT_AGE).XINE_LT_AGE.XINE_LT_REVISION -XINE_LT_CURRENT=26 +XINE_LT_CURRENT=27 XINE_LT_REVISION=0 -XINE_LT_AGE=25 +XINE_LT_AGE=26 dnl for a release tarball do "rm .cvsversion" before "make dist" if test -f "${srcdir-.}/.cvsversion"; then @@ -2731,6 +2731,9 @@ src/libffmpeg/libavcodec/libpostproc/Makefile src/libffmpeg/libavutil/Makefile src/libmad/Makefile src/libmpeg2/Makefile +src/libmpeg2new/Makefile +src/libmpeg2new/libmpeg2/Makefile +src/libmpeg2new/include/Makefile src/libmusepack/Makefile src/libmusepack/musepack/Makefile src/libspudec/Makefile diff --git a/src/Makefile.am b/src/Makefile.am index 6718b4805..249bbc2b6 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -11,6 +11,7 @@ SUBDIRS = \ demuxers \ libffmpeg \ libmpeg2 \ + libmpeg2new \ liba52 \ libspudec \ libspucc \ -- cgit v1.2.3