From cb6dd79398b58ae40e6d73fa3239021ac1164daf Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Mon, 14 Apr 2008 19:36:44 +0100 Subject: dsputil_mmx.c compile failure with gcc 4.3 i386. Building as non-PIC "fixes" it. --- src/libffmpeg/libavcodec/i386/Makefile.am | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libffmpeg/libavcodec/i386/Makefile.am b/src/libffmpeg/libavcodec/i386/Makefile.am index b9d33c3a7..039c50d61 100644 --- a/src/libffmpeg/libavcodec/i386/Makefile.am +++ b/src/libffmpeg/libavcodec/i386/Makefile.am @@ -10,6 +10,9 @@ AM_CPPFLAGS = $(LIBFFMPEG_CPPFLAGS) -I$(top_srcdir)/src/libffmpeg/libavutil -I$( # Avoid "can't find register" failures with -O1 and higher dsputil_mmx.o dsputil_mmx.lo: CFLAGS=$(shell echo @CFLAGS@ | sed -e 's/-funroll-loops//g; s/$$/ -Os/') +if ARCH_X86_32 +dsputil_mmx.o dsputil_mmx.lo: CFLAGS+=-prefer-non-pic +endif # Avoid errors on (at least) amd64 with -O0 fdct_mmx.o fdct_mmx.lo: CFLAGS=`echo @CFLAGS@ | sed -e 's/^/-Os /; s/-O0\?\s/-Os /g'` -- cgit v1.2.3 From cc3709b60de1db641ac66573980e1140a51b2370 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20=27Flameeyes=27=20Petten=C3=B2?= Date: Mon, 14 Apr 2008 21:15:56 +0200 Subject: Fix build with srcdir != builddir. --- misc/Makefile.common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/Makefile.common b/misc/Makefile.common index d23ea5b5e..a0617bbb4 100644 --- a/misc/Makefile.common +++ b/misc/Makefile.common @@ -9,7 +9,7 @@ xinepostdir = $(XINE_PLUGINDIR)/post vidixdir = $(XINE_PLUGINDIR)/vidix $(XINE_LIB): - @cd $(top_srcdir)/src/xine-engine && $(MAKE) + @cd $(top_builddir)/src/xine-engine && $(MAKE) install-data-hook: @if test $$MAKELEVEL -le 4 ; then \ -- cgit v1.2.3 From 333f8c6b59d9f94de1564840fa4475a313e4afa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20=27Flameeyes=27=20Petten=C3=B2?= Date: Mon, 14 Apr 2008 21:29:43 +0200 Subject: Make sure that muting/unmuting the audio without setting the volume does not put the volume to zero. --- src/audio_out/audio_pulse_out.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/audio_out/audio_pulse_out.c b/src/audio_out/audio_pulse_out.c index fa58cf011..5a25db5ff 100644 --- a/src/audio_out/audio_pulse_out.c +++ b/src/audio_out/audio_pulse_out.c @@ -669,9 +669,15 @@ static int ao_pulse_set_property (ao_driver_t *this_gen, int property, int value o = pa_context_set_sink_input_mute(this->context, pa_stream_get_index(this->stream), value, __xine_pa_context_success_callback, this); #else - /* FIXME: breaks (volume=0 after unmuting) unless the volume is - * adjusted first (due to swvolume not being initialised properly) - */ + /* Get the current volume, so we can restore it properly. */ + o = pa_context_get_sink_input_info(this->context, pa_stream_get_index(this->stream), + __xine_pa_sink_info_callback, this); + + if (o) { + wait_for_operation(this, o); + pa_operation_unref(o); + } + if ( value ) pa_cvolume_mute(&this->cvolume, pa_stream_get_sample_spec(this->stream)->channels); else -- cgit v1.2.3 From 6705bdb0329e766bf5bd0bdc881b7b233c24d008 Mon Sep 17 00:00:00 2001 From: Erik Hovland Date: Mon, 14 Apr 2008 21:16:09 +0100 Subject: The code checks dest when it should check *dest. --- src/libsputext/demux_sputext.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsputext/demux_sputext.c b/src/libsputext/demux_sputext.c index acf8e10f6..081a34449 100644 --- a/src/libsputext/demux_sputext.c +++ b/src/libsputext/demux_sputext.c @@ -263,7 +263,7 @@ static char *sub_readtext(char *source, char **dest) { } *dest= (char *)xine_xmalloc (len+1); - if (!dest) + if (!(*dest)) return ERR; strncpy(*dest, source, len); -- cgit v1.2.3 From 1dde93f3dfd535813c291ff22ea678f47a455590 Mon Sep 17 00:00:00 2001 From: Erik Hovland Date: Mon, 14 Apr 2008 21:17:45 +0100 Subject: strchr can return null. It should be checked. --- src/libsputext/demux_sputext.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libsputext/demux_sputext.c b/src/libsputext/demux_sputext.c index 081a34449..ee7f6122e 100644 --- a/src/libsputext/demux_sputext.c +++ b/src/libsputext/demux_sputext.c @@ -544,6 +544,8 @@ static subtitle_t *sub_read_line_ssa(demux_sputext_t *this,subtitle_t *current) line3) < 9 ); line2=strchr(line3, ','); + if (!line2) + return NULL; for (comma = 4; comma < max_comma; comma ++) { -- cgit v1.2.3 From a795b2039b013f4ccfca2de76bd892ac77e49be1 Mon Sep 17 00:00:00 2001 From: Erik Hovland Date: Mon, 14 Apr 2008 21:19:36 +0100 Subject: Title array has only five entries. It can be overrun. --- src/libsputext/demux_sputext.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/libsputext/demux_sputext.c b/src/libsputext/demux_sputext.c index ee7f6122e..c80e2b496 100644 --- a/src/libsputext/demux_sputext.c +++ b/src/libsputext/demux_sputext.c @@ -902,7 +902,10 @@ static subtitle_t *sub_read_line_jacobsub(demux_sputext_t *this, subtitle_t *cur } } *q = '\0'; - current->text[current->lines] = strdup(line1); + if (current->lines < SUB_MAX_TEXT) + current->text[current->lines] = strdup(line1); + else + xprintf (this->stream->xine, XINE_VERBOSITY_DEBUG, "Too many lines in a subtitle\n"); } current->lines++; return current; -- cgit v1.2.3 From 60349ff93d445baa1573d0db536838bb8305a80c Mon Sep 17 00:00:00 2001 From: Colin Gibbs Date: Mon, 14 Apr 2008 21:24:20 +0100 Subject: divide by zero in demux_qt.c On some m4a files I get a divide by zero. bytes_per_packet in this case is zero. I'm not sure what the real problem is but skipping the assignment in that case works fine. --- src/demuxers/demux_qt.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/demuxers/demux_qt.c b/src/demuxers/demux_qt.c index 851b0aef5..16a6c7bf2 100644 --- a/src/demuxers/demux_qt.c +++ b/src/demuxers/demux_qt.c @@ -1207,10 +1207,11 @@ static qt_error parse_trak_atom (qt_trak *trak, if (_X_BE_32(&trak_atom[atom_pos + 0x2C])) trak->stsd_atoms[k].audio.bytes_per_sample = _X_BE_32(&trak_atom[atom_pos + 0x2C]); - trak->stsd_atoms[k].audio.samples_per_frame = - (trak->stsd_atoms[k].audio.bytes_per_frame / - trak->stsd_atoms[k].audio.bytes_per_packet) * - trak->stsd_atoms[k].audio.samples_per_packet; + if (trak->stsd_atoms[k].audio.bytes_per_packet) + trak->stsd_atoms[k].audio.samples_per_frame = + (trak->stsd_atoms[k].audio.bytes_per_frame / + trak->stsd_atoms[k].audio.bytes_per_packet) * + trak->stsd_atoms[k].audio.samples_per_packet; } /* see if the trak deserves a promotion to VBR */ -- cgit v1.2.3 From a13815e68127caa42c0f1040506755ba18f83f4c Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Mon, 14 Apr 2008 21:28:26 +0100 Subject: Remove a memset() rendered pointless by use of calloc(). --- src/demuxers/demux_qt.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/demuxers/demux_qt.c b/src/demuxers/demux_qt.c index 16a6c7bf2..0988c1dff 100644 --- a/src/demuxers/demux_qt.c +++ b/src/demuxers/demux_qt.c @@ -952,7 +952,6 @@ static qt_error parse_trak_atom (qt_trak *trak, last_error = QT_NO_MEMORY; goto free_trak; } - memset(trak->stsd_atoms, 0, trak->stsd_atoms_count * sizeof(properties_t)); atom_pos = i + 0x10; properties_offset = 0x0C; -- cgit v1.2.3 From 035a78427ad774878e168f35e515d5d7417501fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20=27Flameeyes=27=20Petten=C3=B2?= Date: Mon, 14 Apr 2008 22:38:03 +0200 Subject: Add boundary check on speex mode, see bug #83. --HG-- extra : transplant_source : %80%19%15%EAL%B3%1EAl%11RF%E7%BB%7FHa%2A%C5%1A --- ChangeLog | 2 ++ src/libxineadec/xine_speex_decoder.c | 9 +++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 981e4961c..940b08dce 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ xine-lib (1.1.12) 2008-??-?? + * Security fixes: + - Insufficient boundary check in speex audio decoder. (CVE-2008-1686) * Fixed and improved the PulseAudio driver. * Fixed a regression in 1.1.11.1 which broke Quicktime container handling. * And another, this time in the Matroska demuxer. diff --git a/src/libxineadec/xine_speex_decoder.c b/src/libxineadec/xine_speex_decoder.c index aa8234385..2804b1308 100644 --- a/src/libxineadec/xine_speex_decoder.c +++ b/src/libxineadec/xine_speex_decoder.c @@ -204,7 +204,7 @@ static void speex_decode_data (audio_decoder_t *this_gen, buf_element_t *buf) { if (!this->st) { SpeexMode * spx_mode; SpeexHeader * spx_header; - int modeID; + unsigned int modeID; int bitrate; speex_bits_init (&this->bits); @@ -216,7 +216,12 @@ static void speex_decode_data (audio_decoder_t *this_gen, buf_element_t *buf) { return; } - modeID = spx_header->mode; + modeID = (unsigned int)spx_header->mode; + if (modeID >= SPEEX_NB_MODES) { + xprintf(this->stream->xine, XINE_VERBOSITY_DEBUG, LOG_MODULE ": invalid mode ID %u\n", modeID); + return; + } + spx_mode = (SpeexMode *) speex_mode_list[modeID]; if (spx_mode->bitstream_version != spx_header->mode_bitstream_version) { -- cgit v1.2.3 From 7e4fcb93c8be282637349828cfef7d199c606ad2 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Mon, 14 Apr 2008 23:35:17 +0100 Subject: Added tag xine-lib-1_1_12-release for changeset 66e1654718fb --- .hgtags | 1 + 1 file changed, 1 insertion(+) diff --git a/.hgtags b/.hgtags index c49fa0205..3b80be60a 100644 --- a/.hgtags +++ b/.hgtags @@ -68,3 +68,4 @@ b6be674453e922114b55d4613cb197c77d19f094 xine-lib-1_1_9-release 0e9e4df266f639ac7ba9e0c204f205686b56d5f9 xine-lib-1_1_10_1-release 10a6bc10e58f45f6cb79f634bdb6b7daa3167742 xine-lib-1_1_11-release 2a2cc543b27b64a6587dfaef4f1d986eb2f2710a xine-lib-1_1_11_1-release +66e1654718fb0581846d60c60bc09ae3b6b8c0cf xine-lib-1_1_12-release -- cgit v1.2.3 From 0b320ed1b145e9de6c55d435c98fb7da8a80e672 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Mon, 14 Apr 2008 23:36:28 +0100 Subject: Start 1.1.13; add date for 1.1.12 release. --- ChangeLog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 940b08dce..affa153e4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ -xine-lib (1.1.12) 2008-??-?? +xine-lib (1.1.13) 2008-??-?? + +xine-lib (1.1.12) 2008-04-14 * Security fixes: - Insufficient boundary check in speex audio decoder. (CVE-2008-1686) * Fixed and improved the PulseAudio driver. -- cgit v1.2.3 From c440431caef75667ce807f49ec72e029d7e5037f Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Tue, 15 Apr 2008 01:05:22 +0100 Subject: Install xine-list-1.1.1 in the libxine1 .deb. --- debian/libxine1.install | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/libxine1.install b/debian/libxine1.install index 7fd9ade02..ab8a5901f 100644 --- a/debian/libxine1.install +++ b/debian/libxine1.install @@ -7,3 +7,4 @@ usr/share/locale usr/share/xine usr/share/doc/libxine1/hackersguide/* usr/share/bug/libxine1/presubj +usr/share/man/man1/xine-list*.1 -- cgit v1.2.3