From cc330f2e604bacd33d1d3900fb6bc4301147c0a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reinhard=20Ni=C3=9Fl?= Date: Sat, 28 Mar 2009 20:51:33 +0100 Subject: Report frame duration changes. --- src/combined/ffmpeg/ff_video_decoder.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/combined/ffmpeg/ff_video_decoder.c b/src/combined/ffmpeg/ff_video_decoder.c index c272bc91a..adeef2c82 100644 --- a/src/combined/ffmpeg/ff_video_decoder.c +++ b/src/combined/ffmpeg/ff_video_decoder.c @@ -91,6 +91,7 @@ struct ff_video_decoder_s { int pts_tag_stable_counter; #endif /* AVCODEC_HAS_REORDERED_OPAQUE */ int video_step; + int reported_video_step; uint8_t decoder_ok:1; uint8_t decoder_init_mode:1; @@ -1381,7 +1382,10 @@ static void ff_handle_buffer (ff_video_decoder_t *this, buf_element_t *buf) { /* fallback to the VIDEO_PTS_MODE */ video_step_to_use = 0; } - + + if (video_step_to_use && video_step_to_use != this->reported_video_step) + _x_stream_info_set(this->stream, XINE_STREAM_INFO_FRAME_DURATION, (this->reported_video_step = video_step_to_use)); + if (this->av_frame->repeat_pict) img->duration = video_step_to_use * 3 / 2; else @@ -1445,7 +1449,7 @@ static void ff_decode_data (video_decoder_t *this_gen, buf_element_t *buf) { if (buf->decoder_flags & BUF_FLAG_FRAMERATE) { this->video_step = buf->decoder_info[0]; - _x_stream_info_set(this->stream, XINE_STREAM_INFO_FRAME_DURATION, this->video_step); + _x_stream_info_set(this->stream, XINE_STREAM_INFO_FRAME_DURATION, (this->reported_video_step = this->video_step)); } if (buf->decoder_flags & BUF_FLAG_PREVIEW) { -- cgit v1.2.3 From 7a61cfaeba686449903c7fb6bcac28227509b71a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reinhard=20Ni=C3=9Fl?= Date: Sat, 28 Mar 2009 20:44:44 +0100 Subject: Fix calculation of frame duration for ffmpeg-decoded formats. --- ChangeLog | 1 + src/combined/ffmpeg/ff_video_decoder.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index aada6125c..23a751f50 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,7 @@ xine-lib (1.1.17) 2009-??-?? pause/resume freeze with pulseaudio). * Fix build with libavutil >= 50.0.0. * Fix segfaults when playing VCDs. + * Fix calculation of frame duration for ffmpeg-decoded formats. xine-lib (1.1.16.2) 2009-02-10 * Build fixes related to ImageMagick 6.4 & later. diff --git a/src/combined/ffmpeg/ff_video_decoder.c b/src/combined/ffmpeg/ff_video_decoder.c index adeef2c82..88a10504b 100644 --- a/src/combined/ffmpeg/ff_video_decoder.c +++ b/src/combined/ffmpeg/ff_video_decoder.c @@ -1279,7 +1279,7 @@ static void ff_handle_buffer (ff_video_decoder_t *this, buf_element_t *buf) { } /* use externally provided video_step or fall back to stream's time_base otherwise */ - video_step_to_use = (this->video_step || !this->context->time_base.den) ? this->video_step : (int)(90000ll * this->context->time_base.num / this->context->time_base.den); + video_step_to_use = (this->video_step || !this->context->time_base.den) ? this->video_step : (int)(90000ll * this->context->ticks_per_frame * this->context->time_base.num / this->context->time_base.den); /* aspect ratio provided by ffmpeg, override previous setting */ if ((this->aspect_ratio_prio < 2) && -- cgit v1.2.3 From 5377b8eeefd5f28869098d70b674df663dfd807b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reinhard=20Ni=C3=9Fl?= Date: Thu, 2 Apr 2009 00:00:20 +0200 Subject: FFmpeg: add support for reordered_opaque to custom get_buffer() implementation. After adding support for PTS reordering some time ago, any codecs using direct rendering did no longer pass PTS values to the images due to missing support for reordered_opaque in xine-lib's custom get_buffer() function. With this fix, A/V sync should now be as before or even better, due to PTS reordering (the intent of the earlier changesets). --- src/combined/ffmpeg/ff_video_decoder.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/combined/ffmpeg/ff_video_decoder.c b/src/combined/ffmpeg/ff_video_decoder.c index 88a10504b..15b9f056d 100644 --- a/src/combined/ffmpeg/ff_video_decoder.c +++ b/src/combined/ffmpeg/ff_video_decoder.c @@ -225,6 +225,11 @@ static int get_buffer(AVCodecContext *context, AVFrame *av_frame){ av_frame->type= FF_BUFFER_TYPE_USER; +#ifdef AVCODEC_HAS_REORDERED_OPAQUE + /* take over pts for this frame to have it reordered */ + av_frame->reordered_opaque = context->reordered_opaque; +#endif + xine_list_push_back(this->dr1_frames, av_frame); return 0; -- cgit v1.2.3 From 97cdf31e3a618e2b4dcbd5ddf79dd8bcfc3a6533 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 2 Apr 2009 03:54:35 +0100 Subject: ID3v2 tags with zero-length content are allowed. --- ChangeLog | 1 + src/demuxers/id3.c | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 23a751f50..5e7b0a6b5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ xine-lib (1.1.17) 2009-??-?? * Fix build with libavutil >= 50.0.0. * Fix segfaults when playing VCDs. * Fix calculation of frame duration for ffmpeg-decoded formats. + * Don't assume that ID3v2 tags with no content mean "end of ID3 data". xine-lib (1.1.16.2) 2009-02-10 * Build fixes related to ImageMagick 6.4 & later. diff --git a/src/demuxers/id3.c b/src/demuxers/id3.c index ba8f50676..db5bba8f6 100644 --- a/src/demuxers/id3.c +++ b/src/demuxers/id3.c @@ -373,7 +373,7 @@ static int id3v22_parse_tag(input_plugin_t *input, while ((pos + ID3V22_FRAME_HEADER_SIZE) <= tag_header.size) { if (id3v22_parse_frame_header(input, &tag_frame_header)) { pos += ID3V22_FRAME_HEADER_SIZE; - if (tag_frame_header.id && tag_frame_header.size) { + if (tag_frame_header.id) { if ((pos + tag_frame_header.size) <= tag_header.size) { if (!id3v22_interp_frame(input, stream, &tag_frame_header)) { xprintf(stream->xine, XINE_VERBOSITY_DEBUG, @@ -570,7 +570,7 @@ static int id3v23_parse_tag(input_plugin_t *input, while ((pos + ID3V23_FRAME_HEADER_SIZE) <= tag_header.size) { if (id3v23_parse_frame_header(input, &tag_frame_header)) { pos += ID3V23_FRAME_HEADER_SIZE; - if (tag_frame_header.id && tag_frame_header.size) { + if (tag_frame_header.id) { if ((pos + tag_frame_header.size) <= tag_header.size) { if (!id3v23_interp_frame(input, stream, &tag_frame_header)) { xprintf(stream->xine, XINE_VERBOSITY_DEBUG, @@ -826,7 +826,7 @@ static int id3v24_parse_tag(input_plugin_t *input, while ((pos + ID3V24_FRAME_HEADER_SIZE) <= tag_header.size) { if (id3v24_parse_frame_header(input, &tag_frame_header)) { pos += ID3V24_FRAME_HEADER_SIZE; - if (tag_frame_header.id && tag_frame_header.size) { + if (tag_frame_header.id) { if ((pos + tag_frame_header.size) <= tag_header.size) { if (!id3v24_interp_frame(input, stream, &tag_frame_header)) { xprintf(stream->xine, XINE_VERBOSITY_DEBUG, -- cgit v1.2.3 From 20ec585fdc3280fd2acd9ec6f544004544ceb76d Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 2 Apr 2009 03:55:02 +0100 Subject: Fix up some warnings found while debugging the ID3v2 code. --- src/demuxers/id3.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/demuxers/id3.c b/src/demuxers/id3.c index db5bba8f6..c6f261468 100644 --- a/src/demuxers/id3.c +++ b/src/demuxers/id3.c @@ -241,7 +241,7 @@ static int id3v2_parse_header(input_plugin_t *input, uint8_t *mp3_frame_header, lprintf("tag: ID3 v2.%d.%d\n", mp3_frame_header[3], tag_header->revision); lprintf("flags: %d\n", tag_header->flags); - lprintf("size: %d\n", tag_header->size); + lprintf("size: %zu\n", tag_header->size); return 1; } else { return 0; @@ -261,7 +261,7 @@ static int id3v22_parse_frame_header(input_plugin_t *input, frame_header->size = _X_BE_24_synchsafe(&buf[3]); - lprintf("frame: %c%c%c: size: %d\n", buf[0], buf[1], buf[2], + lprintf("frame: %c%c%c: size: %zu\n", buf[0], buf[1], buf[2], frame_header->size); return 1; @@ -417,7 +417,7 @@ static int id3v23_parse_frame_header(input_plugin_t *input, frame_header->size = _X_BE_32(&buf[4]); frame_header->flags = _X_BE_16(buf + 8); - lprintf("frame: %c%c%c%c, size: %d, flags: %X\n", buf[0], buf[1], buf[2], buf[3], + lprintf("frame: %c%c%c%c, size: %zu, flags: %X\n", buf[0], buf[1], buf[2], buf[3], frame_header->size, frame_header->flags); return 1; @@ -453,11 +453,11 @@ static int id3v23_parse_frame_ext_header(input_plugin_t *input, } } else { - lprintf("invalid ext header size: %d\n", frame_ext_header->size); + lprintf("invalid ext header size: %zu\n", frame_ext_header->size); return 0; } - lprintf("ext header: size: %d, flags: %X, padding_size: %d, crc: %d\n", + lprintf("ext header: size: %zu, flags: %X, padding_size: %d, crc: %d\n", frame_ext_header->size, frame_ext_header->flags, frame_ext_header->padding_size, frame_ext_header->crc); return 1; @@ -585,7 +585,7 @@ static int id3v23_parse_tag(input_plugin_t *input, pos += tag_frame_header.size; } else { /* end of frames, the rest is padding */ - lprintf("skipping padding %d bytes\n", tag_header.size - pos); + lprintf("skipping padding %zu bytes\n", tag_header.size - pos); input->seek (input, tag_header.size - pos, SEEK_CUR); return 1; } @@ -631,7 +631,7 @@ static int id3v24_parse_frame_header(input_plugin_t *input, frame_header->size = _X_BE_32_synchsafe(&buf[4]); frame_header->flags = _X_BE_16(&buf[8]); - lprintf("frame: %c%c%c%c, size: %d, flags: %X\n", buf[0], buf[1], buf[2], buf[3], + lprintf("frame: %c%c%c%c, size: %zu, flags: %X\n", buf[0], buf[1], buf[2], buf[3], frame_header->size, frame_header->flags); return 1; @@ -711,7 +711,7 @@ static int id3v24_parse_ext_header(input_plugin_t *input, } else { return 0; } - lprintf("ext header: size: %d, flags: %X, crc: %d, restrictions: %8X\n", + lprintf("ext header: size: %zu, flags: %X, crc: %d, restrictions: %8X\n", frame_ext_header->size, frame_ext_header->flags, frame_ext_header->crc, frame_ext_header->restrictions); return 1; -- cgit v1.2.3 From 8e25d940125d48830914eed61fa1854d00b96cb3 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 2 Apr 2009 19:43:23 +0100 Subject: Fix up building with libavcodec.so.52 < 52.20.0. --- src/combined/ffmpeg/ff_video_decoder.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/combined/ffmpeg/ff_video_decoder.c b/src/combined/ffmpeg/ff_video_decoder.c index 88a10504b..74299fa0b 100644 --- a/src/combined/ffmpeg/ff_video_decoder.c +++ b/src/combined/ffmpeg/ff_video_decoder.c @@ -1279,7 +1279,15 @@ static void ff_handle_buffer (ff_video_decoder_t *this, buf_element_t *buf) { } /* use externally provided video_step or fall back to stream's time_base otherwise */ - video_step_to_use = (this->video_step || !this->context->time_base.den) ? this->video_step : (int)(90000ll * this->context->ticks_per_frame * this->context->time_base.num / this->context->time_base.den); + video_step_to_use = (this->video_step || !this->context->time_base.den) + ? this->video_step + : (int)(90000ll +#if LIBAVCODEC_VERSION_INT >= 0x341400 + * this->context->ticks_per_frame +#elif LIBAVCODEC_VERSION_INT >= 0x340000 +# warning Building without avcodec ticks_per_frame support; you should upgrade your libavcodec and recompile +#endif + * this->context->time_base.num / this->context->time_base.den); /* aspect ratio provided by ffmpeg, override previous setting */ if ((this->aspect_ratio_prio < 2) && -- cgit v1.2.3 From 7e63be8ffb88c1fe981c7cf39c535a5553e35b31 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Sun, 8 Mar 2009 16:54:39 +0000 Subject: Fix another possible 4xm demuxer integer overflow. --HG-- extra : transplant_source : U%AF%FD%B5%60%27Y%7F%B5Q%F796%F7a%98%F0k%B8%EF --- ChangeLog | 6 +++++- src/demuxers/demux_4xm.c | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5e7b0a6b5..49e48990f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,7 @@ xine-lib (1.1.17) 2009-??-?? + * Security fixes: + - Fix another possible int overflow in the 4XM demuxer. + (ref. TKADV2009-004, CVE-2009-0385) * Enable libmpeg2new (if configured with --enable-libmpeg2new). This is not yet production code; the old mpeg2 decoder remains the default. * Add support for OpenBSD. @@ -18,7 +21,8 @@ xine-lib (1.1.16.2) 2009-02-10 * Fix broken size checks in various input plugins (ref. CVE-2008-5239). * More malloc checking (ref. CVE-2008-5240). * Fix race conditions in gapless_switch (ref. kde bug #180339) - * Fix a possible integer overflow in the 4XM demuxer. (TKADV2009-004.txt) + * Fix a possible integer overflow in the 4XM demuxer. + (TKADV2009-004, CVE-2009-0385) xine-lib (1.1.16.1) 2009-01-11 * Fix build with older ffmpeg, both internal and in Debian 5.0. diff --git a/src/demuxers/demux_4xm.c b/src/demuxers/demux_4xm.c index 015ed8b2f..397a271b8 100644 --- a/src/demuxers/demux_4xm.c +++ b/src/demuxers/demux_4xm.c @@ -190,9 +190,9 @@ static int open_fourxm_file(demux_fourxm_t *fourxm) { return 0; } const uint32_t current_track = _X_LE_32(&header[i + 8]); - if (current_track + 1 > fourxm->track_count) { + if (current_track >= fourxm->track_count) { fourxm->track_count = current_track + 1; - if (fourxm->track_count >= UINT_MAX / sizeof(audio_track_t)) { + if (!fourxm->track_count || fourxm->track_count >= UINT_MAX / sizeof(audio_track_t)) { free(header); return 0; } -- cgit v1.2.3 From 1e81086a8196e09868e3726609b322f6acfabd04 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Wed, 1 Apr 2009 02:49:51 +0100 Subject: Fix an integer overflow in the Quicktime demuxer. --HG-- extra : transplant_source : %AE%D3%DCw%0F%073h%5D%C0%B5%A7%BA%2B%95%81%95bT%D6 --- ChangeLog | 1 + src/demuxers/demux_qt.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 49e48990f..b3c593fb6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ xine-lib (1.1.17) 2009-??-?? * Security fixes: - Fix another possible int overflow in the 4XM demuxer. (ref. TKADV2009-004, CVE-2009-0385) + - Fix an integer overflow in the Quicktime demuxer. * Enable libmpeg2new (if configured with --enable-libmpeg2new). This is not yet production code; the old mpeg2 decoder remains the default. * Add support for OpenBSD. diff --git a/src/demuxers/demux_qt.c b/src/demuxers/demux_qt.c index 4ad71e958..5aba5b479 100644 --- a/src/demuxers/demux_qt.c +++ b/src/demuxers/demux_qt.c @@ -1535,7 +1535,8 @@ static qt_error parse_trak_atom (qt_trak *trak, } else if (current_atom == STTS_ATOM) { /* there should only be one of these atoms */ - if (trak->time_to_sample_table) { + if (trak->time_to_sample_table + || current_atom_size < 12 || current_atom_size >= UINT_MAX) { last_error = QT_HEADER_TROUBLE; goto free_trak; } @@ -1545,6 +1546,11 @@ static qt_error parse_trak_atom (qt_trak *trak, debug_atom_load(" qt stts atom (time-to-sample atom): %d entries\n", trak->time_to_sample_count); + if (trak->time_to_sample_count > (current_atom_size - 12) / 8) { + last_error = QT_HEADER_TROUBLE; + goto free_trak; + } + trak->time_to_sample_table = (time_to_sample_table_t *)calloc( trak->time_to_sample_count+1, sizeof(time_to_sample_table_t)); if (!trak->time_to_sample_table) { -- cgit v1.2.3 From 406edde7570e42ba439b1b2177616528277fe423 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Fri, 3 Apr 2009 16:29:00 +0100 Subject: 1.1.16.3. --- ChangeLog | 2 +- configure.ac | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index b3c593fb6..0dba0df93 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -xine-lib (1.1.17) 2009-??-?? +xine-lib (1.1.16.3) 2009-04-03 * Security fixes: - Fix another possible int overflow in the 4XM demuxer. (ref. TKADV2009-004, CVE-2009-0385) diff --git a/configure.ac b/configure.ac index 595b7b3f5..929375515 100644 --- a/configure.ac +++ b/configure.ac @@ -17,9 +17,9 @@ dnl XINE_SUB += 1; XINE_PATCH = ''; continue with XINE_LT_* values below dnl XINE_MAJOR=1 XINE_MINOR=1 -XINE_SUB=17 +XINE_SUB=16 dnl XINE_PATCH should be left empty or set to ".1" or ".2" or something similar -XINE_PATCH= +XINE_PATCH=.3 dnl Release series number (usually $XINE_MAJOR.$XINE_MINOR) XINE_SERIES=1.1 @@ -55,7 +55,7 @@ dnl * in Linux, the library will be named dnl libname.so.(XINE_LT_CURRENT - XINE_LT_AGE).XINE_LT_AGE.XINE_LT_REVISION XINE_LT_CURRENT=27 -XINE_LT_REVISION=0 +XINE_LT_REVISION=1 XINE_LT_AGE=26 dnl for a release tarball do "rm .cvsversion" before "make dist" -- cgit v1.2.3 From 2760d19fe0a2a60b5d61301ae917cad61dae1977 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Fri, 3 Apr 2009 16:29:04 +0100 Subject: Added tag xine-lib-1_1_16_3-release for changeset fc1aecbb9d80 --- .hgtags | 1 + 1 file changed, 1 insertion(+) diff --git a/.hgtags b/.hgtags index 3bd9ba22b..f054f132c 100644 --- a/.hgtags +++ b/.hgtags @@ -75,3 +75,4 @@ b6be674453e922114b55d4613cb197c77d19f094 xine-lib-1_1_9-release e33280bcaa3b1f3f5b93e633e2225e2440ecfd7c xine-lib-1_1_16-release 01fac0a015581bbdf7e38561ad2a95405e2ca785 xine-lib-1_1_16_1-release ff19463729d8f9bbea35171d641c5f28cdacc7c8 xine-lib-1_1_16_2-release +fc1aecbb9d80a32d9c802a5208dfdc012f1ba9d5 xine-lib-1_1_16_3-release -- cgit v1.2.3