diff --git a/precheckin_cripple_tarball.sh b/precheckin_cripple_tarball.sh index 15af4e0..b46f36b 100644 --- a/precheckin_cripple_tarball.sh +++ b/precheckin_cripple_tarball.sh @@ -58,7 +58,7 @@ pushd $tmp/$tarbase >/dev/null || exit 1 echo 1>&2 "Crippling..." -c_subdirs="dxr3 liba52 libdts libfaad libffmpeg libmad libmpeg2 libspucc libspudec libspudvb libw32dll input/vcd libxineadec/gsm610 libxineadec/nosefart" +c_subdirs="dxr3 liba52 libdts libfaad libffmpeg libmad libmpeg2 libspucc libspudec libspudvb libw32dll input/vcd libxineadec/gsm610 libxineadec/nosefart combined/ffmpeg" c_demuxers="xineplug_dmx_asf.la asfheader.h asfheader.c demux_asf.c xineplug_dmx_mpeg.la demux_mpeg.c xineplug_dmx_mpeg_block.la demux_mpeg_block.c xineplug_dmx_mpeg_ts.la demux_ts.c xineplug_dmx_mpeg_elem.la demux_elem.c xineplug_dmx_mpeg_pes.la demux_mpeg_pes.c xineplug_dmx_yuv4mpeg2.la demux_yuv4mpeg2.c" c_input="xineplug_inp_mms.la input_mms.c mms.c mmsh.c ../demuxers/asfheader.c mms.h mmsh.h xineplug_inp_vcdo.la input_vcd.c vcd" c_libxineadec="xineplug_decode_gsm610.la xineplug_decode_nsf.la gsm610.c nsf.c gsm610 nosefart" @@ -74,6 +74,8 @@ do_nukeentry src/input/Makefile.am "$c_input" do_remove src/input "$c_input" do_nukeentry src/libxineadec/Makefile.am "$c_libxineadec" do_remove src/libxineadec "$c_libxineadec" +do_nukeentry src/combined/Makefile.am "ffmpeg" +do_remove src/combined "ffmpeg" do_nukeentry src/post/planar/Makefile.am "pp\.c \S*/libpostproc/libpostprocess\.la" do_nukeline src/post/planar/planar.c "pp_init_plugin pp_special_info" do_remove src/post/planar "pp.c" diff --git a/xine-lib-1.1.11-crippled.tar.bz2 b/xine-lib-1.1.11-crippled.tar.bz2 deleted file mode 100644 index 60e9548..0000000 --- a/xine-lib-1.1.11-crippled.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5ebbe7eac3eea9cdcea19cdc206343dcff301ee3b1947c789938f75e76783805 -size 5065527 diff --git a/xine-lib-1.1.11.1-crippled.tar.bz2 b/xine-lib-1.1.11.1-crippled.tar.bz2 new file mode 100644 index 0000000..d844584 --- /dev/null +++ b/xine-lib-1.1.11.1-crippled.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4d91dd6834abb45ab5472d0cfadaab1c2ab48e904607a9a7193ed82226a3d333 +size 5055586 diff --git a/xine-lib-CVE-2008-1482.diff b/xine-lib-CVE-2008-1482.diff deleted file mode 100644 index b40dccd..0000000 --- a/xine-lib-CVE-2008-1482.diff +++ /dev/null @@ -1,562 +0,0 @@ -# HG changeset patch -# User Darren Salt -# Date 1206237088 0 -# Node ID a3f2772fd14b57e0557ef45797ff04c768657a7e -# Parent 65c1570fcf1dfcb8e5fc1d6b8ed8a296ab776e9d -Check for failure of various memory allocations. (SA29484) -Ref. http://aluigi.altervista.org/adv/xinehof-adv.txt - -diff --git a/src/demuxers/demux_film.c b/src/demuxers/demux_film.c ---- a/src/demuxers/demux_film.c -+++ b/src/demuxers/demux_film.c -@@ -257,6 +257,8 @@ static int open_film_file(demux_film_t * - film->sample_count = _X_BE_32(&film_header[i + 12]); - film->sample_table = - xine_xmalloc(film->sample_count * sizeof(film_sample_t)); -+ if (!film->sample_table) -+ goto film_abort; - for (j = 0; j < film->sample_count; j++) { - - film->sample_table[j].sample_offset = -@@ -333,11 +335,14 @@ static int open_film_file(demux_film_t * - free(film->interleave_buffer); - film->interleave_buffer = - xine_xmalloc(film->sample_table[0].sample_size); -+ if (!film->interleave_buffer) -+ goto film_abort; - } - break; - - default: - xine_log(film->stream->xine, XINE_LOG_MSG, _("unrecognized FILM chunk\n")); -+ film_abort: - free (film->interleave_buffer); - free (film->sample_table); - free (film_header); -diff --git a/src/demuxers/demux_flv.c b/src/demuxers/demux_flv.c ---- a/src/demuxers/demux_flv.c -+++ b/src/demuxers/demux_flv.c -@@ -85,7 +85,7 @@ typedef struct { - off_t filesize; - - flv_index_entry_t *index; -- int num_indices; -+ unsigned int num_indices; - - unsigned int cur_pts; - -@@ -209,7 +209,7 @@ static int parse_flv_var(demux_flv_t *th - unsigned char *end = buf + size; - char *str; - unsigned char type; -- int len, num; -+ unsigned int len, num; - - if (size < 1) - return 0; -@@ -283,6 +283,8 @@ static int parse_flv_var(demux_flv_t *th - str = tmp + 2; - tmp += len + 2; - len = parse_flv_var(this, tmp, end-tmp, str, len); -+ if (!len) -+ return 0; - tmp += len; - } - if (*tmp++ != FLV_DATA_TYPE_ENDOBJECT) -@@ -298,6 +300,8 @@ static int parse_flv_var(demux_flv_t *th - str = tmp + 2; - tmp += len + 2; - len = parse_flv_var(this, tmp, end-tmp, str, len); -+ if (!len) -+ return 0; - tmp += len; - } - break; -@@ -310,6 +314,8 @@ static int parse_flv_var(demux_flv_t *th - if (this->index) - free(this->index); - this->index = xine_xmalloc(num*sizeof(flv_index_entry_t)); -+ if (!this->index) -+ return 0; - this->num_indices = num; - } - for (num = 0; num < this->num_indices && tmp < end; num++) { -@@ -326,6 +332,8 @@ static int parse_flv_var(demux_flv_t *th - if (this->index) - free(this->index); - this->index = xine_xmalloc(num*sizeof(flv_index_entry_t)); -+ if (!this->index) -+ return 0; - this->num_indices = num; - } - for (num = 0; num < this->num_indices && tmp < end; num++) { -@@ -339,6 +347,8 @@ static int parse_flv_var(demux_flv_t *th - } - while (num-- && tmp < end) { - len = parse_flv_var(this, tmp, end-tmp, NULL, 0); -+ if (!len) -+ return 0; - tmp += len; - } - break; -@@ -360,7 +370,7 @@ static void parse_flv_script(demux_flv_t - unsigned char *end = buf + size; - int len; - -- if (this->input->read(this->input, buf, size ) != size) { -+ if (!buf || this->input->read(this->input, buf, size ) != size) { - this->status = DEMUX_FINISHED; - free(buf); - return; -diff --git a/src/demuxers/demux_qt.c b/src/demuxers/demux_qt.c ---- a/src/demuxers/demux_qt.c -+++ b/src/demuxers/demux_qt.c -@@ -739,38 +739,52 @@ static void parse_meta_atom(qt_info *inf - if (current_atom == ART_ATOM) { - string_size = _X_BE_32(&meta_atom[i + 4]) - 16 + 1; - info->artist = xine_xmalloc(string_size); -- strncpy(info->artist, &meta_atom[i + 20], string_size - 1); -- info->artist[string_size - 1] = 0; -+ if (info->artist) { -+ strncpy(info->artist, &meta_atom[i + 20], string_size - 1); -+ info->artist[string_size - 1] = 0; -+ } - } else if (current_atom == NAM_ATOM) { - string_size = _X_BE_32(&meta_atom[i + 4]) - 16 + 1; - info->name = xine_xmalloc(string_size); -- strncpy(info->name, &meta_atom[i + 20], string_size - 1); -- info->name[string_size - 1] = 0; -+ if (info->name) { -+ strncpy(info->name, &meta_atom[i + 20], string_size - 1); -+ info->name[string_size - 1] = 0; -+ } - } else if (current_atom == ALB_ATOM) { - string_size = _X_BE_32(&meta_atom[i + 4]) - 16 + 1; - info->album = xine_xmalloc(string_size); -- strncpy(info->album, &meta_atom[i + 20], string_size - 1); -- info->album[string_size - 1] = 0; -+ if (info->album) { -+ strncpy(info->album, &meta_atom[i + 20], string_size - 1); -+ info->album[string_size - 1] = 0; -+ } - } else if (current_atom == GEN_ATOM) { - string_size = _X_BE_32(&meta_atom[i + 4]) - 16 + 1; - info->genre = xine_xmalloc(string_size); -- strncpy(info->genre, &meta_atom[i + 20], string_size - 1); -- info->genre[string_size - 1] = 0; -+ if (info->genre) { -+ strncpy(info->genre, &meta_atom[i + 20], string_size - 1); -+ info->genre[string_size - 1] = 0; -+ } - } else if (current_atom == TOO_ATOM) { - string_size = _X_BE_32(&meta_atom[i + 4]) - 16 + 1; - info->comment = xine_xmalloc(string_size); -- strncpy(info->comment, &meta_atom[i + 20], string_size - 1); -- info->comment[string_size - 1] = 0; -+ if (info->comment) { -+ strncpy(info->comment, &meta_atom[i + 20], string_size - 1); -+ info->comment[string_size - 1] = 0; -+ } - } else if (current_atom == WRT_ATOM) { - string_size = _X_BE_32(&meta_atom[i + 4]) - 16 + 1; - info->composer = xine_xmalloc(string_size); -- strncpy(info->composer, &meta_atom[i + 20], string_size - 1); -- info->composer[string_size - 1] = 0; -+ if (info->composer) { -+ strncpy(info->composer, &meta_atom[i + 20], string_size - 1); -+ info->composer[string_size - 1] = 0; -+ } - } else if (current_atom == DAY_ATOM) { - string_size = _X_BE_32(&meta_atom[i + 4]) - 16 + 1; - info->year = xine_xmalloc(string_size); -- strncpy(info->year, &meta_atom[i + 20], string_size - 1); -- info->year[string_size - 1] = 0; -+ if (info->year) { -+ strncpy(info->year, &meta_atom[i + 20], string_size - 1); -+ info->year[string_size - 1] = 0; -+ } - } - } - -@@ -1549,32 +1563,29 @@ static qt_error parse_reference_atom (re - current_atom = _X_BE_32(&ref_atom[i]); - - if (current_atom == RDRF_ATOM) { -+ size_t string_size = _X_BE_32(&ref_atom[i + 12]); -+ size_t url_offset = 0; -+ -+ if (string_size >= current_atom_size || i + string_size >= ref_atom_size) -+ return QT_NOT_A_VALID_FILE; - - /* if the URL starts with "http://", copy it */ -- if (strncmp(&ref_atom[i + 16], "http://", 7) == 0 -- || strncmp(&ref_atom[i + 16], "rtsp://", 7) == 0) { -- -- /* URL is spec'd to terminate with a NULL; don't trust it */ -- ref->url = xine_xmalloc(_X_BE_32(&ref_atom[i + 12]) + 1); -- strncpy(ref->url, &ref_atom[i + 16], _X_BE_32(&ref_atom[i + 12])); -- ref->url[_X_BE_32(&ref_atom[i + 12]) - 1] = '\0'; -- -- } else { -- -- int string_size; -- -- if (base_mrl) -- string_size = strlen(base_mrl) + _X_BE_32(&ref_atom[i + 12]) + 1; -- else -- string_size = _X_BE_32(&ref_atom[i + 12]) + 1; -- -- /* otherwise, append relative URL to base MRL */ -- ref->url = xine_xmalloc(string_size); -- if (base_mrl) -- strcpy(ref->url, base_mrl); -- strncat(ref->url, &ref_atom[i + 16], _X_BE_32(&ref_atom[i + 12])); -- ref->url[string_size - 1] = '\0'; -- } -+ if ( memcmp(&ref_atom[i + 16], "http://", 7) && -+ memcmp(&ref_atom[i + 16], "rtsp://", 7) && -+ base_mrl ) -+ url_offset = strlen(base_mrl); -+ -+ /* otherwise, append relative URL to base MRL */ -+ string_size += url_offset; -+ -+ ref->url = xine_xmalloc(string_size + 1); -+ -+ if ( url_offset ) -+ strcpy(ref->url, base_mrl); -+ -+ memcpy(ref->url + url_offset, &ref_atom[i + 16], _X_BE_32(&ref_atom[i + 12])); -+ -+ ref->url[string_size] = '\0'; - - debug_atom_load(" qt rdrf URL reference:\n %s\n", ref->url); - -@@ -1993,8 +2004,12 @@ static void parse_moov_atom(qt_info *inf - info->references = (reference_t *)realloc(info->references, - info->reference_count * sizeof(reference_t)); - -- parse_reference_atom(&info->references[info->reference_count - 1], -- &moov_atom[i - 4], info->base_mrl); -+ error = parse_reference_atom(&info->references[info->reference_count - 1], -+ &moov_atom[i - 4], info->base_mrl); -+ if (error != QT_OK) { -+ info->last_error = error; -+ return; -+ } - - } else { - debug_atom_load(" qt: unknown atom into the moov atom (0x%08X)\n", current_atom); -diff --git a/src/demuxers/demux_real.c b/src/demuxers/demux_real.c ---- a/src/demuxers/demux_real.c -+++ b/src/demuxers/demux_real.c -@@ -175,7 +175,8 @@ static void real_parse_index(demux_real_ - off_t original_pos = this->input->get_current_pos(this->input); - unsigned char index_chunk_header[INDEX_CHUNK_HEADER_SIZE]; - unsigned char index_record[INDEX_RECORD_SIZE]; -- int i, entries, stream_num; -+ int i; -+ unsigned int entries, stream_num; - real_index_entry_t **index; - - while(next_index_chunk) { -@@ -230,10 +231,11 @@ static void real_parse_index(demux_real_ - } - } - -- if(index && entries) { -+ if(index && entries) - /* Allocate memory for index */ - *index = xine_xmalloc(entries * sizeof(real_index_entry_t)); - -+ if(index && entries && *index) { - /* Read index */ - for(i = 0; i < entries; i++) { - if(this->input->read(this->input, index_record, INDEX_RECORD_SIZE) -diff --git a/src/demuxers/demux_wc3movie.c b/src/demuxers/demux_wc3movie.c ---- a/src/demuxers/demux_wc3movie.c -+++ b/src/demuxers/demux_wc3movie.c -@@ -389,6 +389,12 @@ static int open_mve_file(demux_mve_t *th - /* load the palette chunks */ - this->palettes = xine_xmalloc(this->number_of_shots * PALETTE_SIZE * - sizeof(palette_entry_t)); -+ -+ if (!this->shot_offsets || !this->palettes) { -+ free (this->shot_offsets); -+ return 0; -+ } -+ - for (i = 0; i < this->number_of_shots; i++) { - /* make sure there was a valid palette chunk preamble */ - if (this->input->read(this->input, preamble, PREAMBLE_SIZE) != -@@ -460,8 +466,9 @@ static int open_mve_file(demux_mve_t *th - - case BNAM_TAG: - /* load the name into the stream attributes */ -- title = realloc (title, chunk_size); -- if (this->input->read(this->input, title, chunk_size) != chunk_size) { -+ free (title); -+ title = malloc (chunk_size); -+ if (!title || this->input->read(this->input, title, chunk_size) != chunk_size) { - free (title); - free (this->palettes); - free (this->shot_offsets); -diff --git a/src/demuxers/ebml.c b/src/demuxers/ebml.c ---- a/src/demuxers/ebml.c -+++ b/src/demuxers/ebml.c -@@ -424,10 +424,15 @@ int ebml_check_header(ebml_parser_t *ebm - - case EBML_ID_DOCTYPE: { - char *text = malloc(elem.len + 1); -+ if (!text) -+ return 0; - - text[elem.len] = '\0'; - if (!ebml_read_ascii (ebml, &elem, text)) -- return 0; -+ { -+ free (text); -+ return 0; -+ } - - lprintf("doctype: %s\n", text); - if (ebml->doctype) -# HG changeset patch -# User Darren Salt -# Date 1206287553 0 -# Node ID 6f9e9feb84e595be0482395722bc784764713fb3 -# Parent a3f2772fd14b57e0557ef45797ff04c768657a7e -Replace various malloc(x*sizeof(y)) with calloc(x,sizeof(y)). - -diff --git a/src/demuxers/demux_film.c b/src/demuxers/demux_film.c ---- a/src/demuxers/demux_film.c -+++ b/src/demuxers/demux_film.c -@@ -256,7 +256,7 @@ static int open_film_file(demux_film_t * - film->frequency = _X_BE_32(&film_header[i + 8]); - film->sample_count = _X_BE_32(&film_header[i + 12]); - film->sample_table = -- xine_xmalloc(film->sample_count * sizeof(film_sample_t)); -+ calloc(film->sample_count, sizeof(film_sample_t)); - if (!film->sample_table) - goto film_abort; - for (j = 0; j < film->sample_count; j++) { -diff --git a/src/demuxers/demux_flac.c b/src/demuxers/demux_flac.c ---- a/src/demuxers/demux_flac.c -+++ b/src/demuxers/demux_flac.c -@@ -164,7 +164,7 @@ static int open_flac_file(demux_flac_t * - case 3: - lprintf ("SEEKTABLE metadata, %d bytes\n", block_length); - flac->seekpoint_count = block_length / FLAC_SEEKPOINT_SIZE; -- flac->seekpoints = xine_xmalloc(flac->seekpoint_count * -+ flac->seekpoints = calloc(flac->seekpoint_count, - sizeof(flac_seekpoint_t)); - for (i = 0; i < flac->seekpoint_count; i++) { - if (flac->input->read(flac->input, buffer, FLAC_SEEKPOINT_SIZE) != FLAC_SEEKPOINT_SIZE) -diff --git a/src/demuxers/demux_flv.c b/src/demuxers/demux_flv.c ---- a/src/demuxers/demux_flv.c -+++ b/src/demuxers/demux_flv.c -@@ -313,7 +313,7 @@ static int parse_flv_var(demux_flv_t *th - if (!this->index || this->num_indices != num) { - if (this->index) - free(this->index); -- this->index = xine_xmalloc(num*sizeof(flv_index_entry_t)); -+ this->index = calloc(num, sizeof(flv_index_entry_t)); - if (!this->index) - return 0; - this->num_indices = num; -@@ -331,7 +331,7 @@ static int parse_flv_var(demux_flv_t *th - if (!this->index || this->num_indices != num) { - if (this->index) - free(this->index); -- this->index = xine_xmalloc(num*sizeof(flv_index_entry_t)); -+ this->index = calloc(num, sizeof(flv_index_entry_t)); - if (!this->index) - return 0; - this->num_indices = num; -diff --git a/src/demuxers/demux_mpgaudio.c b/src/demuxers/demux_mpgaudio.c ---- a/src/demuxers/demux_mpgaudio.c -+++ b/src/demuxers/demux_mpgaudio.c -@@ -460,7 +460,7 @@ static vbri_header_t* parse_vbri_header( - lprintf("entry_frames: %d\n", vbri->entry_frames); - - if ((ptr + (vbri->toc_entries + 1) * vbri->entry_size) >= (buf + bufsize)) return 0; -- vbri->toc = xine_xmalloc (sizeof(int) * (vbri->toc_entries + 1)); -+ vbri->toc = calloc (vbri->toc_entries + 1, sizeof (int)); - if (!vbri->toc) { - free (vbri); - return NULL; -diff --git a/src/demuxers/demux_qt.c b/src/demuxers/demux_qt.c ---- a/src/demuxers/demux_qt.c -+++ b/src/demuxers/demux_qt.c -@@ -911,8 +911,8 @@ static qt_error parse_trak_atom (qt_trak - debug_atom_load(" qt elst atom (edit list atom): %d entries\n", - trak->edit_list_count); - -- trak->edit_list_table = (edit_list_table_t *)xine_xmalloc( -- trak->edit_list_count * sizeof(edit_list_table_t)); -+ trak->edit_list_table = (edit_list_table_t *)calloc( -+ trak->edit_list_count, sizeof(edit_list_table_t)); - if (!trak->edit_list_table) { - last_error = QT_NO_MEMORY; - goto free_trak; -@@ -947,7 +947,7 @@ static qt_error parse_trak_atom (qt_trak - - /* allocate space for each of the properties unions */ - trak->stsd_atoms_count = _X_BE_32(&trak_atom[i + 8]); -- trak->stsd_atoms = xine_xmalloc(trak->stsd_atoms_count * sizeof(properties_t)); -+ trak->stsd_atoms = calloc(trak->stsd_atoms_count, sizeof(properties_t)); - if (!trak->stsd_atoms) { - last_error = QT_NO_MEMORY; - goto free_trak; -@@ -1345,8 +1345,8 @@ static qt_error parse_trak_atom (qt_trak - - /* allocate space and load table only if sample size is 0 */ - if (trak->sample_size == 0) { -- trak->sample_size_table = (unsigned int *)malloc( -- trak->sample_size_count * sizeof(unsigned int)); -+ trak->sample_size_table = (unsigned int *)calloc( -+ trak->sample_size_count, sizeof(unsigned int)); - if (!trak->sample_size_table) { - last_error = QT_NO_MEMORY; - goto free_trak; -@@ -1376,8 +1376,8 @@ static qt_error parse_trak_atom (qt_trak - debug_atom_load(" qt stss atom (sample sync atom): %d sync samples\n", - trak->sync_sample_count); - -- trak->sync_sample_table = (unsigned int *)malloc( -- trak->sync_sample_count * sizeof(unsigned int)); -+ trak->sync_sample_table = (unsigned int *)calloc( -+ trak->sync_sample_count, sizeof(unsigned int)); - if (!trak->sync_sample_table) { - last_error = QT_NO_MEMORY; - goto free_trak; -@@ -1405,8 +1405,8 @@ static qt_error parse_trak_atom (qt_trak - debug_atom_load(" qt stco atom (32-bit chunk offset atom): %d chunk offsets\n", - trak->chunk_offset_count); - -- trak->chunk_offset_table = (int64_t *)malloc( -- trak->chunk_offset_count * sizeof(int64_t)); -+ trak->chunk_offset_table = (int64_t *)calloc( -+ trak->chunk_offset_count, sizeof(int64_t)); - if (!trak->chunk_offset_table) { - last_error = QT_NO_MEMORY; - goto free_trak; -@@ -1433,8 +1433,8 @@ static qt_error parse_trak_atom (qt_trak - debug_atom_load(" qt co64 atom (64-bit chunk offset atom): %d chunk offsets\n", - trak->chunk_offset_count); - -- trak->chunk_offset_table = (int64_t *)malloc( -- trak->chunk_offset_count * sizeof(int64_t)); -+ trak->chunk_offset_table = (int64_t *)calloc( -+ trak->chunk_offset_count, sizeof(int64_t)); - if (!trak->chunk_offset_table) { - last_error = QT_NO_MEMORY; - goto free_trak; -@@ -1464,8 +1464,8 @@ static qt_error parse_trak_atom (qt_trak - debug_atom_load(" qt stsc atom (sample-to-chunk atom): %d entries\n", - trak->sample_to_chunk_count); - -- trak->sample_to_chunk_table = (sample_to_chunk_table_t *)malloc( -- trak->sample_to_chunk_count * sizeof(sample_to_chunk_table_t)); -+ trak->sample_to_chunk_table = (sample_to_chunk_table_t *)calloc( -+ trak->sample_to_chunk_count, sizeof(sample_to_chunk_table_t)); - if (!trak->sample_to_chunk_table) { - last_error = QT_NO_MEMORY; - goto free_trak; -@@ -1499,8 +1499,8 @@ static qt_error parse_trak_atom (qt_trak - debug_atom_load(" qt stts atom (time-to-sample atom): %d entries\n", - trak->time_to_sample_count); - -- trak->time_to_sample_table = (time_to_sample_table_t *)malloc( -- (trak->time_to_sample_count+1) * sizeof(time_to_sample_table_t)); -+ trak->time_to_sample_table = (time_to_sample_table_t *)calloc( -+ trak->time_to_sample_count+1, sizeof(time_to_sample_table_t)); - if (!trak->time_to_sample_table) { - last_error = QT_NO_MEMORY; - goto free_trak; -@@ -1697,8 +1697,7 @@ static qt_error build_frame_table(qt_tra - /* in this case, the total number of frames is equal to the number of - * entries in the sample size table */ - trak->frame_count = trak->sample_size_count; -- trak->frames = (qt_frame *)malloc( -- trak->frame_count * sizeof(qt_frame)); -+ trak->frames = (qt_frame *)calloc(trak->frame_count, sizeof(qt_frame)); - if (!trak->frames) - return QT_NO_MEMORY; - trak->current_frame = 0; -@@ -1710,7 +1709,7 @@ static qt_error build_frame_table(qt_tra - pts_index_countdown = - trak->time_to_sample_table[pts_index].count; - -- media_id_counts = xine_xmalloc(trak->stsd_atoms_count * sizeof(int)); -+ media_id_counts = calloc(trak->stsd_atoms_count, sizeof(int)); - if (!media_id_counts) - return QT_NO_MEMORY; - memset(media_id_counts, 0, trak->stsd_atoms_count * sizeof(int)); -@@ -1848,8 +1847,7 @@ static qt_error build_frame_table(qt_tra - /* in this case, the total number of frames is equal to the number of - * chunks */ - trak->frame_count = trak->chunk_offset_count; -- trak->frames = (qt_frame *)malloc( -- trak->frame_count * sizeof(qt_frame)); -+ trak->frames = (qt_frame *)calloc(trak->frame_count, sizeof(qt_frame)); - if (!trak->frames) - return QT_NO_MEMORY; - -diff --git a/src/demuxers/demux_real.c b/src/demuxers/demux_real.c ---- a/src/demuxers/demux_real.c -+++ b/src/demuxers/demux_real.c -@@ -233,7 +233,7 @@ static void real_parse_index(demux_real_ - - if(index && entries) - /* Allocate memory for index */ -- *index = xine_xmalloc(entries * sizeof(real_index_entry_t)); -+ *index = calloc(entries, sizeof(real_index_entry_t)); - - if(index && entries && *index) { - /* Read index */ -diff --git a/src/demuxers/demux_tta.c b/src/demuxers/demux_tta.c ---- a/src/demuxers/demux_tta.c -+++ b/src/demuxers/demux_tta.c -@@ -87,7 +87,7 @@ static int open_tta_file(demux_tta_t *th - return 0; - } - -- this->seektable = xine_xmalloc(sizeof(uint32_t)*this->totalframes); -+ this->seektable = calloc(this->totalframes, sizeof(uint32_t)); - this->input->read(this->input, this->seektable, sizeof(uint32_t)*this->totalframes); - - /* Skip the CRC32 */ -diff --git a/src/demuxers/demux_vmd.c b/src/demuxers/demux_vmd.c ---- a/src/demuxers/demux_vmd.c -+++ b/src/demuxers/demux_vmd.c -@@ -168,7 +168,7 @@ static int open_vmd_file(demux_vmd_t *th - return 0; - } - -- this->frame_table = xine_xmalloc(this->frame_count * sizeof(vmd_frame_t)); -+ this->frame_table = calloc(this->frame_count, sizeof(vmd_frame_t)); - - current_offset = this->data_start = _X_LE_32(&vmd_header[20]); - this->data_size = toc_offset - this->data_start; -diff --git a/src/demuxers/demux_wc3movie.c b/src/demuxers/demux_wc3movie.c ---- a/src/demuxers/demux_wc3movie.c -+++ b/src/demuxers/demux_wc3movie.c -@@ -378,7 +378,7 @@ static int open_mve_file(demux_mve_t *th - this->number_of_shots = _X_LE_32(&preamble[0]); - - /* allocate space for the shot offset index and set offsets to 0 */ -- this->shot_offsets = xine_xmalloc(this->number_of_shots * sizeof(off_t)); -+ this->shot_offsets = calloc(this->number_of_shots, sizeof(off_t)); - this->current_shot = 0; - for (i = 0; i < this->number_of_shots; i++) - this->shot_offsets[i] = 0; -@@ -387,7 +387,7 @@ static int open_mve_file(demux_mve_t *th - this->input->seek(this->input, 12, SEEK_CUR); - - /* load the palette chunks */ -- this->palettes = xine_xmalloc(this->number_of_shots * PALETTE_SIZE * -+ this->palettes = calloc(this->number_of_shots, PALETTE_SIZE * - sizeof(palette_entry_t)); - - if (!this->shot_offsets || !this->palettes) { diff --git a/xine-lib.changes b/xine-lib.changes index 5daa762..abb73c3 100644 --- a/xine-lib.changes +++ b/xine-lib.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Mar 31 12:25:04 CEST 2008 - mhopf@suse.de + +- Update to 1.1.11.1: + * Added a few more memory allocation checks to the above demuxers. + * WAV file playback fix: don't assume that the first chunk is "fmt ". + * Don't try to play partial 24-bit AIFF frames (decoder would lose data). + * Fixed AIFF comment chunk handling and sample rate reading. + * LPCM fixes: input over-reading, conversion of 24-bit samples. +- Updated precheckin_cripple_tarball.sh + ------------------------------------------------------------------- Tue Mar 25 19:26:50 CET 2008 - mhopf@suse.de diff --git a/xine-lib.spec b/xine-lib.spec index 828a5cc..72a7b0c 100644 --- a/xine-lib.spec +++ b/xine-lib.spec @@ -1,5 +1,5 @@ # -# spec file for package xine-lib (Version 1.1.11) +# spec file for package xine-lib (Version 1.1.11.1) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -33,8 +33,8 @@ BuildRequires: ImageMagick-devel SDL-devel aalib-devel arts-devel cdparanoia cu BuildRequires: mad-devel %endif Recommends: opensuse-codecs-installer -Version: 1.1.11 -Release: 2 +Version: 1.1.11.1 +Release: 1 %define abiversion 1.20 Summary: Video Player with Plug-Ins Group: Productivity/Multimedia/Video/Players @@ -52,7 +52,6 @@ Source13: lcd.tar.bz2 Source99: precheckin_cripple_tarball.sh # *** xine-lib: Bugfixes Patch26: xine-lib-doc-fix-X11R6.diff -Patch30: xine-lib-CVE-2008-1482.diff # *** Addons Patch50: vdr-xine-lib-0.8.1.diff.bz2 Patch51: vdr-xine-SUSE.diff @@ -90,6 +89,7 @@ Authors: %if %BUILD_XINE != 1 %package -n xine-devel +License: GPL v2 or later Summary: Development environment for Xine-based media players Group: Development/Libraries/C and C++ Requires: glibc-devel freetype2-devel zlib-devel xine-lib = %version @@ -118,6 +118,7 @@ Authors: Guenter Bartsch %package -n xine-extra +License: GPL v2 or later Summary: Optional Xine plugins Group: Productivity/Multimedia/Video/Players Requires: xine-lib = %version @@ -137,6 +138,7 @@ Authors: %if %BUILD_XINE != 0 %package -n xine-internal +License: GPL v2 or later; Public Domain, Freeware # these libs are possibly illegal and may not work without libdvdcss anyway Summary: xine plugins for watching DVDs, DivX and more Group: SUSE internal @@ -169,7 +171,6 @@ else fi cd xine-lib-%version %patch26 -%patch30 -p1 %patch50 -p1 %patch51 -p1 %patch52 -p1 @@ -450,6 +451,14 @@ echo "/usr/share/xine/mad" >> files.internal %endif %changelog +* Mon Mar 31 2008 mhopf@suse.de +- Update to 1.1.11.1: + * Added a few more memory allocation checks to the above demuxers. + * WAV file playback fix: don't assume that the first chunk is "fmt ". + * Don't try to play partial 24-bit AIFF frames (decoder would lose data). + * Fixed AIFF comment chunk handling and sample rate reading. + * LPCM fixes: input over-reading, conversion of 24-bit samples. +- Updated precheckin_cripple_tarball.sh * Tue Mar 25 2008 mhopf@suse.de - Security fix for bnc#372877: integer overflows in malloc CVE-2008-1482 @@ -723,7 +732,7 @@ echo "/usr/share/xine/mad" >> files.internal - Update to vdr-xine 0.7.6 (adapted to 1.1.1) * Mon Dec 05 2005 lmuelle@suse.de - Revert libsmbclient renameing. -* Mon Nov 14 2005 lmuelle@suse.de +* Tue Nov 15 2005 lmuelle@suse.de - Use samba-libs instead of libsmbclient. * Thu Oct 27 2005 adrian@suse.de - xine-internal needs xine-mad now