Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1
xine-lib
sec-009-various.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File sec-009-various.diff of Package xine-lib
changeset: 9641:7b472fa486db user: Thomas Viehmann <tv@beamnet.de> date: Sun Jan 04 21:11:44 2009 +0100 files: src/demuxers/demux_matroska.c description: fail to set up codec when fifo is not set up When a track's fifo is not set up (typically because the track type is invalid), do not call init_codec, as all implementations dereference track->fifo, segfaulting if it is NULL. diff -r 4982c9920f42 -r 7b472fa486db src/demuxers/demux_matroska.c --- a/src/demuxers/demux_matroska.c Sun Jan 04 17:21:46 2009 +0000 +++ b/src/demuxers/demux_matroska.c Sun Jan 04 21:11:44 2009 +0100 @@ -1484,9 +1484,14 @@ break; } - if (init_codec) + if (init_codec) { + if (! track->fifo) { + xprintf(this->stream->xine, XINE_VERBOSITY_LOG, + "demux_matroska: Error: fifo not set up for track of type type %" PRIu32 "\n", track->track_type); + return 0; + } init_codec(this, track); - + } } } changeset: 9642:f775929597b1 user: Matthias Hopf <mhopf@suse.de> date: Wed Dec 31 19:22:16 2008 +0100 files: src/demuxers/demux_aac.c src/demuxers/demux_ac3.c src/demuxers/demux_dts.c src/demuxers/demux_mpc.c src/demuxers/demux_nsf.c src/demuxers/demux_ogg.c src/demuxers/demux_shn.c src/demuxers/demux_slave.c src/demuxers/demux_ts.c src/demuxers/demux_tta.c src/demuxers/demux_vox.c description: handle read errors when forwarding in multiple demuxers Add checks for negative return values in aac,ac3,dts,mpc, nsf,ogg,shn,slave,ts,tta,vox demuxers. Some input plugins (e.g. file) return negative error codes from read, this should be treated as no (more) data available. This is particularly the negative size is then assigned to buf->size, potentially causing overflows elsewhere. The patch also removes the duplication of the (previously) == 0 handler in demux_ac3. diff -r 7b472fa486db -r f775929597b1 src/demuxers/demux_aac.c --- a/src/demuxers/demux_aac.c Sun Jan 04 21:11:44 2009 +0100 +++ b/src/demuxers/demux_aac.c Wed Dec 31 19:22:16 2008 +0100 @@ -173,7 +173,7 @@ buf->extra_info->input_time = (8*current_pos) / (bitrate/1000); bytes_read = this->input->read(this->input, buf->content, buf->max_size); - if (bytes_read == 0) { + if (bytes_read <= 0) { buf->free_buffer(buf); this->status = DEMUX_FINISHED; return this->status; diff -r 7b472fa486db -r f775929597b1 src/demuxers/demux_ac3.c --- a/src/demuxers/demux_ac3.c Sun Jan 04 21:11:44 2009 +0100 +++ b/src/demuxers/demux_ac3.c Wed Dec 31 19:22:16 2008 +0100 @@ -311,13 +311,7 @@ this->frame_size); } - if (buf->size == 0) { - buf->free_buffer(buf); - this->status = DEMUX_FINISHED; - return this->status; - } - - if (buf->size == 0) { + if (buf->size <= 0) { buf->free_buffer(buf); this->status = DEMUX_FINISHED; return this->status; diff -r 7b472fa486db -r f775929597b1 src/demuxers/demux_dts.c --- a/src/demuxers/demux_dts.c Sun Jan 04 21:11:44 2009 +0100 +++ b/src/demuxers/demux_dts.c Wed Dec 31 19:22:16 2008 +0100 @@ -272,7 +272,7 @@ this->frame_size); } - if (buf->size == 0) { + if (buf->size <= 0) { buf->free_buffer(buf); this->status = DEMUX_FINISHED; return this->status; diff -r 7b472fa486db -r f775929597b1 src/demuxers/demux_mpc.c --- a/src/demuxers/demux_mpc.c Sun Jan 04 21:11:44 2009 +0100 +++ b/src/demuxers/demux_mpc.c Wed Dec 31 19:22:16 2008 +0100 @@ -209,7 +209,7 @@ /* Read data */ bytes_read = this->input->read(this->input, buf->content, bytes_to_read); - if(bytes_read == 0) { + if(bytes_read <= 0) { buf->free_buffer(buf); this->status = DEMUX_FINISHED; return this->status; diff -r 7b472fa486db -r f775929597b1 src/demuxers/demux_nsf.c --- a/src/demuxers/demux_nsf.c Sun Jan 04 21:11:44 2009 +0100 +++ b/src/demuxers/demux_nsf.c Wed Dec 31 19:22:16 2008 +0100 @@ -124,7 +124,7 @@ buf->type = BUF_AUDIO_NSF; bytes_read = this->input->read(this->input, buf->content, buf->max_size); - if (bytes_read == 0) { + if (bytes_read <= 0) { /* the file has been completely loaded, free the buffer and start * sending control buffers */ buf->free_buffer(buf); diff -r 7b472fa486db -r f775929597b1 src/demuxers/demux_ogg.c --- a/src/demuxers/demux_ogg.c Sun Jan 04 21:11:44 2009 +0100 +++ b/src/demuxers/demux_ogg.c Wed Dec 31 19:22:16 2008 +0100 @@ -237,7 +237,7 @@ while (ogg_sync_pageout(&this->oy,&this->og)!=1) { buffer = ogg_sync_buffer(&this->oy, CHUNKSIZE); bytes = this->input->read(this->input, buffer, CHUNKSIZE); - if (bytes == 0) { + if (bytes <= 0) { if (total == 0) { lprintf("read_ogg_packet read nothing\n"); return 0; diff -r 7b472fa486db -r f775929597b1 src/demuxers/demux_shn.c --- a/src/demuxers/demux_shn.c Sun Jan 04 21:11:44 2009 +0100 +++ b/src/demuxers/demux_shn.c Wed Dec 31 19:22:16 2008 +0100 @@ -88,7 +88,7 @@ buf->pts = 0; bytes_read = this->input->read(this->input, buf->content, buf->max_size); - if (bytes_read == 0) { + if (bytes_read <= 0) { buf->free_buffer(buf); this->status = DEMUX_FINISHED; return this->status; diff -r 7b472fa486db -r f775929597b1 src/demuxers/demux_slave.c --- a/src/demuxers/demux_slave.c Sun Jan 04 21:11:44 2009 +0100 +++ b/src/demuxers/demux_slave.c Wed Dec 31 19:22:16 2008 +0100 @@ -90,10 +90,11 @@ /* fill the scratch buffer */ n = this->input->read(this->input, &this->scratch[this->scratch_used], SCRATCH_SIZE - this->scratch_used); - this->scratch_used += n; + if (n > 0) + this->scratch_used += n; this->scratch[this->scratch_used] = '\0'; - if( !n ) { + if (n <= 0) { lprintf("connection closed\n"); this->status = DEMUX_FINISHED; return 0; diff -r 7b472fa486db -r f775929597b1 src/demuxers/demux_ts.c --- a/src/demuxers/demux_ts.c Sun Jan 04 21:11:44 2009 +0100 +++ b/src/demuxers/demux_ts.c Wed Dec 31 19:22:16 2008 +0100 @@ -1573,7 +1573,7 @@ do { read_length = this->input->read(this->input, this->buf, PKT_SIZE * NPKT_PER_READ); - if (read_length % PKT_SIZE) { + if (read_length < 0 || read_length % PKT_SIZE) { xprintf (this->stream->xine, XINE_VERBOSITY_DEBUG, "demux_ts: read returned %d bytes (not a multiple of %d!)\n", read_length, PKT_SIZE); diff -r 7b472fa486db -r f775929597b1 src/demuxers/demux_tta.c --- a/src/demuxers/demux_tta.c Sun Jan 04 21:11:44 2009 +0100 +++ b/src/demuxers/demux_tta.c Wed Dec 31 19:22:16 2008 +0100 @@ -126,6 +126,10 @@ /* buf->extra_info->input_time = this->current_sample / this->samplerate; */ bytes_read = this->input->read(this->input, buf->content, ( bytes_to_read > buf->max_size ) ? buf->max_size : bytes_to_read); + if (bytes_read < 0) { + this->status = DEMUX_FINISHED; + break; + } buf->size = bytes_read; diff -r 7b472fa486db -r f775929597b1 src/demuxers/demux_vox.c --- a/src/demuxers/demux_vox.c Sun Jan 04 21:11:44 2009 +0100 +++ b/src/demuxers/demux_vox.c Wed Dec 31 19:22:16 2008 +0100 @@ -77,7 +77,7 @@ buf = this->audio_fifo->buffer_pool_alloc (this->audio_fifo); buf->type = BUF_AUDIO_DIALOGIC_IMA; bytes_read = this->input->read(this->input, buf->content, buf->max_size); - if (bytes_read == 0) { + if (bytes_read <= 0) { buf->free_buffer(buf); this->status = DEMUX_FINISHED; return this->status; changeset: 9643:e9a9edb622f8 user: Matthias Hopf <mhopf@suse.de> date: Wed Dec 31 22:36:35 2008 +0100 files: src/demuxers/demux_matroska.c description: check that track's codec_private_len fits in signed variables when decoding matroska while codec_private_len is unsigned, the size is later used to calculate the signed xine_bmiheader.size diff -r f775929597b1 -r e9a9edb622f8 src/demuxers/demux_matroska.c --- a/src/demuxers/demux_matroska.c Wed Dec 31 19:22:16 2008 +0100 +++ b/src/demuxers/demux_matroska.c Wed Dec 31 22:36:35 2008 +0100 @@ -1302,6 +1302,9 @@ xine_bmiheader *bih; lprintf("MATROSKA_CODEC_ID_V_MPEG4_*\n"); + if (track->codec_private_len > 0x7fffffff - sizeof(xine_bmiheader)) + track->codec_private_len = 0x7fffffff - sizeof(xine_bmiheader); + /* create a bitmap info header struct for MPEG 4 */ bih = malloc(sizeof(xine_bmiheader) + track->codec_private_len); bih->biSize = sizeof(xine_bmiheader) + track->codec_private_len; @@ -1323,6 +1326,9 @@ xine_bmiheader *bih; lprintf("MATROSKA_CODEC_ID_V_MPEG4_AVC\n"); + if (track->codec_private_len > 0x7fffffff - sizeof(xine_bmiheader)) + track->codec_private_len = 0x7fffffff - sizeof(xine_bmiheader); + /* create a bitmap info header struct for h264 */ bih = malloc(sizeof(xine_bmiheader) + track->codec_private_len); bih->biSize = sizeof(xine_bmiheader) + track->codec_private_len; changeset: 9644:65f524e14623 user: Thomas Viehmann <tv@beamnet.de> date: Wed Dec 31 22:47:32 2008 +0100 files: src/demuxers/demux_mng.c description: check for negative return values of read when demuxing mng streams Some input plugins (e.g. file) return negative error codes from read, this should be treated as no (more) data available. This is particularly bad because the error code is assigned to an unsigned integer variable for use by the caller. Based on a patch by Matthias Hopf <mhopf@suse.de> diff -r e9a9edb622f8 -r 65f524e14623 src/demuxers/demux_mng.c --- a/src/demuxers/demux_mng.c Wed Dec 31 22:36:35 2008 +0100 +++ b/src/demuxers/demux_mng.c Wed Dec 31 22:47:32 2008 +0100 @@ -104,7 +104,12 @@ static mng_bool mymng_read_stream(mng_handle mngh, mng_ptr buffer, mng_uint32 size, mng_uint32 *bytesread){ demux_mng_t *this = (demux_mng_t*)mng_get_userdata(mngh); - *bytesread = this->input->read(this->input, buffer, size); + off_t n = this->input->read(this->input, buffer, size); + if (n < 0) { + *bytesread = 0; + return MNG_FALSE; + } + *bytesread = n; return MNG_TRUE; } changeset: 9645:9f367688cc08 user: Thomas Viehmann <tv@beamnet.de> date: Thu Jan 01 01:45:15 2009 +0100 files: src/demuxers/demux_mod.c description: check for negative/too large return values of get_size when demuxing mod streams get_size might return -1 (e.g. for streams whose size is unknown), but demux_mod is not able to handle this. This is particularly bad because it is later assigned to unsigned types (demux_mod_t.filesize is size_t). Based on a patch by Matthias Hopf <mhopf@suse.de>. diff -r 65f524e14623 -r 9f367688cc08 src/demuxers/demux_mod.c --- a/src/demuxers/demux_mod.c Wed Dec 31 22:47:32 2008 +0100 +++ b/src/demuxers/demux_mod.c Thu Jan 01 01:45:15 2009 +0100 @@ -130,9 +130,16 @@ /* returns 1 if the MOD file was opened successfully, 0 otherwise */ static int open_mod_file(demux_mod_t *this) { int total_read; + off_t input_length; /* Get size and create buffer */ - this->filesize = this->input->get_length(this->input); + input_length = this->input->get_length(this->input); + /* Avoid potential issues with signed variables and e.g. read() returning -1 */ + if (input_length > 0x7FFFFFFF || input_length < 0) { + xine_log(this->stream->xine, XINE_LOG_PLUGIN, "modplug - size overflow\n"); + return 0; + } + this->filesize = input_length; this->buffer = (char *)malloc(this->filesize); if(!this->buffer) { xine_log(this->stream->xine, XINE_LOG_PLUGIN, "modplug - allocation failure\n"); changeset: 9646:f0a755a6d529 user: Matthias Hopf <mhopf@suse.de> date: Thu Jan 01 19:25:07 2009 +0100 files: src/libsputext/demux_sputext.c description: check length parameter against buffer length in libsputext read_line_from_input Currently, this is satisfied in all locations where it is called, but it is more prudent to add the check. diff -r 9f367688cc08 -r f0a755a6d529 src/libsputext/demux_sputext.c --- a/src/libsputext/demux_sputext.c Thu Jan 01 01:45:15 2009 +0100 +++ b/src/libsputext/demux_sputext.c Thu Jan 01 19:25:07 2009 +0100 @@ -147,7 +147,7 @@ static char *read_line_from_input(demux_sputext_t *this, char *line, off_t len) { off_t nread = 0; - if ((len - this->buflen) > 512) { + if ((len - this->buflen) > 512 && len < SUB_BUFSIZE) { if((nread = this->input->read(this->input, &this->buf[this->buflen], len - this->buflen)) < 0) { xprintf(this->stream->xine, XINE_VERBOSITY_DEBUG, "read failed.\n"); changeset: 9647:e6efc6d56696 user: Matthias Hopf <mhopf@suse.de> date: Wed Dec 31 22:57:02 2008 +0100 files: src/demuxers/demux_mpeg.c description: handle read errors when demuxing mpeg data Some input plugins (e.g. file) return negative error codes from read, this should be treated as no (more) data available. diff -r f0a755a6d529 -r e6efc6d56696 src/demuxers/demux_mpeg.c --- a/src/demuxers/demux_mpeg.c Thu Jan 01 19:25:07 2009 +0100 +++ b/src/demuxers/demux_mpeg.c Wed Dec 31 22:57:02 2008 +0100 @@ -920,7 +920,7 @@ if (pos == len) { len = this->input->read(this->input, dummy_buf, sizeof(dummy_buf)); pos = 0; - if (len == 0) { + if (len <= 0) { this->status = DEMUX_FINISHED; break; } changeset: 9648:8e125da9ecbe user: Matthias Hopf <mhopf@suse.de> date: Wed Dec 31 20:47:08 2008 +0100 files: src/demuxers/demux_matroska.c description: abort if buffer for matroska block data cannot be allocated return error when the allocation function returns NULL Otherwise xine might be induced to segfault by bad user data. diff -r e6efc6d56696 -r 8e125da9ecbe src/demuxers/demux_matroska.c --- a/src/demuxers/demux_matroska.c Wed Dec 31 22:57:02 2008 +0100 +++ b/src/demuxers/demux_matroska.c Wed Dec 31 20:47:08 2008 +0100 @@ -1823,6 +1823,11 @@ alloc_block_data(this, len); /* block datas */ + if (! this->block_data) { + xprintf(this->stream->xine, XINE_VERBOSITY_LOG, + "demux_matroska: memory allocation error\n"); + return 0; + } if (this->input->read(this->input, this->block_data, len) != len) { off_t pos = this->input->get_current_pos(this->input); xprintf(this->stream->xine, XINE_VERBOSITY_LOG, changeset: 9649:6ca110d14a99 user: Matthias Hopf <mhopf@suse.de> date: Wed Dec 31 22:56:18 2008 +0100 files: src/demuxers/demux_mpeg.c description: check return value of input->read_block for NULL in mpeg demuxing diff -r 8e125da9ecbe -r 6ca110d14a99 src/demuxers/demux_mpeg.c --- a/src/demuxers/demux_mpeg.c Wed Dec 31 20:47:08 2008 +0100 +++ b/src/demuxers/demux_mpeg.c Wed Dec 31 22:56:18 2008 +0100 @@ -279,6 +279,10 @@ if((this->dummy_space[0] & 0xE0) == 0x20) { buf = this->input->read_block (this->input, this->video_fifo, len-1); + if (! buf) { + this->status = DEMUX_FINISHED; + return; + } track = (this->dummy_space[0] & 0x1f); @@ -298,6 +302,10 @@ int spu_id = this->dummy_space[1] & 0x03; buf = this->input->read_block (this->input, this->video_fifo, len-1); + if (! buf) { + this->status = DEMUX_FINISHED; + return; + } buf->type = BUF_SPU_SVCD + spu_id; buf->pts = pts; @@ -318,6 +326,10 @@ if((this->dummy_space[0] & 0xfc) == 0x00) { buf = this->input->read_block (this->input, this->video_fifo, len-1); + if (! buf) { + this->status = DEMUX_FINISHED; + return; + } buf->type = BUF_SPU_CVD + (this->dummy_space[0] & 0x03); buf->pts = pts; @@ -376,6 +388,10 @@ i = this->input->read (this->input, this->dummy_space+1, 6); buf = this->input->read_block (this->input, this->video_fifo, len-7); + if (! buf) { + this->status = DEMUX_FINISHED; + return; + } buf->type = BUF_AUDIO_LPCM_BE + track; buf->decoder_flags |= BUF_FLAG_SPECIAL; changeset: 9650:bc3deae30583 user: Thomas Viehmann <tv@beamnet.de> date: Thu Jan 01 18:12:40 2009 +0100 files: src/demuxers/demux_yuv_frames.c description: check return value of input->read_block for NULL in yuv_frames demuxing Based on a patch by Matthias Hopf <mhopf@suse.de>. diff -r 6ca110d14a99 -r bc3deae30583 src/demuxers/demux_yuv_frames.c --- a/src/demuxers/demux_yuv_frames.c Wed Dec 31 22:56:18 2008 +0100 +++ b/src/demuxers/demux_yuv_frames.c Thu Jan 01 18:12:40 2009 +0100 @@ -126,13 +126,19 @@ if(_x_stream_info_get(this->stream, XINE_STREAM_INFO_HAS_AUDIO)) { buf = this->input->read_block(this->input, this->audio_fifo, 0); - this->audio_fifo->put(this->audio_fifo, buf); + if (buf) + this->audio_fifo->put(this->audio_fifo, buf); + else + this->status = DEMUX_FINISHED; } if(_x_stream_info_get(this->stream, XINE_STREAM_INFO_HAS_VIDEO)) { buf = this->input->read_block(this->input, this->video_fifo, 0); - this->video_fifo->put(this->video_fifo, buf); + if (buf) + this->video_fifo->put(this->video_fifo, buf); + else + this->status = DEMUX_FINISHED; } this->status = DEMUX_OK; changeset: 9651:b01a02595343 user: Matthias Hopf <mhopf@suse.de> date: Wed Dec 31 22:29:44 2008 +0100 files: src/demuxers/demux_matroska.c description: check size before accessing memory in matroska decoding check the size of allocated buffers to prevent out of bound access diff -r bc3deae30583 -r b01a02595343 src/demuxers/demux_matroska.c --- a/src/demuxers/demux_matroska.c Thu Jan 01 18:12:40 2009 +0100 +++ b/src/demuxers/demux_matroska.c Wed Dec 31 22:29:44 2008 +0100 @@ -607,6 +607,8 @@ int i; uint8_t *data; + if (track->codec_private_len < 3) + return; nb_lace = track->codec_private[0]; if (nb_lace != 2) return; @@ -614,6 +616,8 @@ frame[0] = track->codec_private[1]; frame[1] = track->codec_private[2]; frame[2] = track->codec_private_len - frame[0] - frame[1] - 3; + if (frame[2] < 0) + return; data = track->codec_private + 3; for (i = 0; i < 3; i++) { @@ -1288,12 +1292,14 @@ if (!strcmp(track->codec_id, MATROSKA_CODEC_ID_V_VFW_FOURCC)) { xine_bmiheader *bih; - lprintf("MATROSKA_CODEC_ID_V_VFW_FOURCC\n"); - bih = (xine_bmiheader*)track->codec_private; - _x_bmiheader_le2me(bih); + if (track->codec_private_len >= sizeof(xine_bmiheader)) { + lprintf("MATROSKA_CODEC_ID_V_VFW_FOURCC\n"); + bih = (xine_bmiheader*)track->codec_private; + _x_bmiheader_le2me(bih); - track->buf_type = _x_fourcc_to_buf_video(bih->biCompression); - init_codec = init_codec_video; + track->buf_type = _x_fourcc_to_buf_video(bih->biCompression); + init_codec = init_codec_video; + } } else if (!strcmp(track->codec_id, MATROSKA_CODEC_ID_V_UNCOMPRESSED)) { } else if ((!strcmp(track->codec_id, MATROSKA_CODEC_ID_V_MPEG4_SP)) || @@ -1405,11 +1411,13 @@ xine_waveformatex *wfh; lprintf("MATROSKA_CODEC_ID_A_ACM\n"); - wfh = (xine_waveformatex*)track->codec_private; - _x_waveformatex_le2me(wfh); + if (track->codec_private_len >= sizeof(xine_waveformatex)) { + wfh = (xine_waveformatex*)track->codec_private; + _x_waveformatex_le2me(wfh); - track->buf_type = _x_formattag_to_buf_audio(wfh->wFormatTag); - init_codec = init_codec_audio; + track->buf_type = _x_formattag_to_buf_audio(wfh->wFormatTag); + init_codec = init_codec_audio; + } } else if (!strncmp(track->codec_id, MATROSKA_CODEC_ID_A_AAC, sizeof(MATROSKA_CODEC_ID_A_AAC) - 1)) { lprintf("MATROSKA_CODEC_ID_A_AAC\n"); changeset: 9652:a57d5ef86b65 user: Matthias Hopf <mhopf@suse.de> date: Thu Jan 01 01:58:17 2009 +0100 files: src/demuxers/demux_qt.c description: Avoid underflow in input size calculation for compressed atoms if the atom size is shorter than the header size, do not try to decompress anything, as this would lead to zlib reading out of bound data. diff -r b01a02595343 -r a57d5ef86b65 src/demuxers/demux_qt.c --- a/src/demuxers/demux_qt.c Wed Dec 31 22:29:44 2008 +0100 +++ b/src/demuxers/demux_qt.c Thu Jan 01 01:58:17 2009 +0100 @@ -2208,7 +2208,7 @@ } /* check if moov is compressed */ - if (_X_BE_32(&moov_atom[12]) == CMOV_ATOM) { + if (_X_BE_32(&moov_atom[12]) == CMOV_ATOM && moov_atom_size >= 0x28) { info->compressed_header = 1; changeset: 9653:51b80fd2b82d user: Thomas Viehmann <tv@beamnet.de> date: Thu Jan 01 16:57:18 2009 +0100 files: src/demuxers/demux_real.c description: check for buffers smaller than headers in real demuxer check buffer lengths to avoid out of bound access when decoding the header. Based on a patch by Matthias Hopf <mhopf@suse.de>. diff -r a57d5ef86b65 -r 51b80fd2b82d src/demuxers/demux_real.c --- a/src/demuxers/demux_real.c Thu Jan 01 01:58:17 2009 +0100 +++ b/src/demuxers/demux_real.c Thu Jan 01 16:57:18 2009 +0100 @@ -318,9 +318,15 @@ } static void real_parse_audio_specific_data (demux_real_t *this, - real_stream_t * stream, - uint8_t * data) + real_stream_t * stream) { + if (stream->mdpr->type_specific_len < 46) { + xprintf (this->stream->xine, XINE_VERBOSITY_LOG, + "demux_real: audio data size smaller than header length!\n"); + return; + } + + uint8_t * data = stream->mdpr->type_specific_data; const uint32_t coded_frame_size = _X_BE_32 (data+24); const uint16_t codec_data_length = _X_BE_16 (data+40); const uint16_t coded_frame_size2 = _X_BE_16 (data+42); @@ -543,11 +549,11 @@ this->audio_streams[this->num_audio_streams].mdpr = mdpr; real_parse_audio_specific_data (this, - &this->audio_streams[this->num_audio_streams], - mdpr->type_specific_data); + &this->audio_streams[this->num_audio_streams]); this->num_audio_streams++; - } else if(_X_BE_32(mdpr->type_specific_data + 4) == VIDO_TAG) { + } else if(_X_BE_32(mdpr->type_specific_data + 4) == VIDO_TAG && + mdpr->type_specific_len >= 34) { if(this->num_video_streams == MAX_VIDEO_STREAMS) { xprintf(this->stream->xine, XINE_VERBOSITY_DEBUG, changeset: 9654:69ef62c10d36 user: Matthias Hopf <mhopf@suse.de> date: Wed Dec 31 20:09:01 2008 +0100 files: src/demuxers/demux_asf.c description: handle read errors/insufficient data when forwarding asf data do not forward data if there is not enough diff -r 51b80fd2b82d -r 69ef62c10d36 src/demuxers/demux_asf.c --- a/src/demuxers/demux_asf.c Thu Jan 01 16:57:18 2009 +0100 +++ b/src/demuxers/demux_asf.c Wed Dec 31 20:09:01 2008 +0100 @@ -738,7 +738,10 @@ bufsize = stream->fifo->buffer_pool_buf_size; buf = stream->fifo->buffer_pool_alloc (stream->fifo); - this->input->read (this->input, buf->content, bufsize); + if (this->input->read (this->input, buf->content, bufsize) != bufsize) { + xprintf (this->stream->xine, XINE_VERBOSITY_DEBUG, "demux_asf: input buffer starved\n"); + return ; + } lprintf ("data: %d %d %d %d\n", buf->content[0], buf->content[1], buf->content[2], buf->content[3]); @@ -817,7 +820,10 @@ if( stream->frag_offset + frag_len > DEFRAG_BUFSIZE ) { xprintf (this->stream->xine, XINE_VERBOSITY_DEBUG, "demux_asf: buffer overflow on defrag!\n"); } else { - this->input->read (this->input, &stream->buffer[stream->frag_offset], frag_len); + if (this->input->read (this->input, &stream->buffer[stream->frag_offset], frag_len) != frag_len) { + xprintf (this->stream->xine, XINE_VERBOSITY_DEBUG, "demux_asf: input buffer starved\n"); + return ; + } stream->frag_offset += frag_len; } changeset: 9655:0f6cd8e52b35 user: Matthias Hopf <mhopf@suse.de> date: Wed Dec 31 23:01:54 2008 +0100 files: src/demuxers/demux_mpeg_block.c src/demuxers/demux_mpeg_pes.c description: check number of bytes read by input->read in demuxing mpeg block/pes input->read may return negative error codes or read less than we want so we should check for the right return value instead of just not 0 diff -r 69ef62c10d36 -r 0f6cd8e52b35 src/demuxers/demux_mpeg_block.c --- a/src/demuxers/demux_mpeg_block.c Wed Dec 31 20:09:01 2008 +0100 +++ b/src/demuxers/demux_mpeg_block.c Wed Dec 31 23:01:54 2008 +0100 @@ -1190,14 +1190,14 @@ input_plugin_t *input) { input->seek(input, 2048, SEEK_SET); - if (!input->read(input, this->scratch, 4)) + if (input->read(input, this->scratch, 4) != 4) return 0; if (this->scratch[0] || this->scratch[1] || (this->scratch[2] != 0x01) || (this->scratch[3] != 0xba)) { input->seek(input, 2324, SEEK_SET); - if (!input->read(input, this->scratch, 4)) + if (input->read(input, this->scratch, 4) != 4) return 0; if (this->scratch[0] || this->scratch[1] || (this->scratch[2] != 0x01) || (this->scratch[3] != 0xba)) @@ -1417,7 +1417,7 @@ } input->seek(input, 0, SEEK_SET); - if (input->read(input, this->scratch, this->blocksize)) { + if (input->read(input, this->scratch, this->blocksize) == this->blocksize) { lprintf("open_plugin:read worked\n"); if (this->scratch[0] || this->scratch[1] diff -r 69ef62c10d36 -r 0f6cd8e52b35 src/demuxers/demux_mpeg_pes.c --- a/src/demuxers/demux_mpeg_pes.c Wed Dec 31 20:09:01 2008 +0100 +++ b/src/demuxers/demux_mpeg_pes.c Wed Dec 31 23:01:54 2008 +0100 @@ -1687,7 +1687,7 @@ if (((input->get_capabilities(input) & INPUT_CAP_SEEKABLE) != 0) ) { input->seek(input, 0, SEEK_SET); - if (input->read(input, (char *)this->scratch, 6)) { + if (input->read(input, (char *)this->scratch, 6) == 6) { lprintf("open_plugin:read worked\n"); if (this->scratch[0] || this->scratch[1]
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor