File sec-010-notincludedyet.diff of Package xine-lib

Overview Repositories Revisions Requests Users Attributes Meta

File sec-010-notincludedyet.diff of Package xine-lib

diff -ur xine-lib-1.1.15-pre/src/demuxers/demux_matroska.c xine-lib-1.1.15-post/src/demuxers/demux_matroska.c
--- xine-lib-1.1.15-pre/src/demuxers/demux_matroska.c	2009-01-23 17:30:19.000000000 +0100
+++ xine-lib-1.1.15-post/src/demuxers/demux_matroska.c	2009-01-23 17:25:48.000000000 +0100
@@ -1320,7 +1320,8 @@
       _x_bmiheader_le2me(bih);
       
       /* add bih extra data */
-      memcpy(bih + 1, track->codec_private, track->codec_private_len);
+      if (track->codec_private_len > 0)
+        memcpy(bih + 1, track->codec_private, track->codec_private_len);
       free(track->codec_private);
       track->codec_private = (uint8_t *)bih;
       track->codec_private_len = bih->biSize;
@@ -1344,7 +1345,8 @@
       _x_bmiheader_le2me(bih);
       
       /* add bih extra data */
-      memcpy(bih + 1, track->codec_private, track->codec_private_len);
+      if (track->codec_private_len > 0)
+        memcpy(bih + 1, track->codec_private, track->codec_private_len);
       free(track->codec_private);
       track->codec_private = (uint8_t *)bih;
       track->codec_private_len = bih->biSize;
diff -ur xine-lib-1.1.15-pre/src/demuxers/demux_real.c xine-lib-1.1.15-post/src/demuxers/demux_real.c
--- xine-lib-1.1.15-pre/src/demuxers/demux_real.c	2009-01-23 17:30:19.000000000 +0100
+++ xine-lib-1.1.15-post/src/demuxers/demux_real.c	2009-01-23 17:25:48.000000000 +0100
@@ -785,7 +783,7 @@
        * header giving bits per sample, sample rate and number of channels.
        * The second is the codec initialisation data found at the end of
        * the type specific data for the audio stream */
-      if(buf->type == BUF_AUDIO_AAC) {
+      if(buf->type == BUF_AUDIO_AAC && mdpr->type_specific_len >= 79) {
         const uint16_t version = _X_BE_16(mdpr->type_specific_data + 4);
         
         if(version != 5) {
@@ -814,8 +812,9 @@
         buf->decoder_info_ptr[2] = buf->content;
         buf->size                = 0;
                         
-        memcpy(buf->content, mdpr->type_specific_data + 79,
-               buf->decoder_info[2]);
+	if (mdpr->type_specific_len >= 79 + buf->decoder_info[2])
+          memcpy(buf->content, mdpr->type_specific_data + 79,
+                 buf->decoder_info[2]);
 
       } else if(buf->type == BUF_AUDIO_MP3ADU) {
 	buf->decoder_flags |= BUF_FLAG_STDHEADER | BUF_FLAG_FRAME_END;
diff -ur xine-lib-1.1.15-pre/src/libmusepack/idtag.c xine-lib-1.1.15-post/src/libmusepack/idtag.c
--- xine-lib-1.1.15-pre/src/libmusepack/idtag.c	2008-04-17 18:48:58.000000000 +0200
+++ xine-lib-1.1.15-post/src/libmusepack/idtag.c	2009-01-23 17:25:53.000000000 +0100
@@ -53,7 +53,8 @@
         return 0;  
     }
     
-    r->read(r->data, tmp, sizeof(tmp));
+    if (r->read(r->data, tmp, sizeof(tmp)) != sizeof (tmp))
+	return 0;
 
     // check id3-tag
     if ( 0 != memcmp ( tmp, "ID3", 3) )
diff -ur xine-lib-1.1.15-pre/src/libmusepack/mpc_decoder.c xine-lib-1.1.15-post/src/libmusepack/mpc_decoder.c
--- xine-lib-1.1.15-pre/src/libmusepack/mpc_decoder.c	2008-04-17 18:48:58.000000000 +0200
+++ xine-lib-1.1.15-post/src/libmusepack/mpc_decoder.c	2009-01-23 17:25:53.000000000 +0100
@@ -69,7 +69,8 @@
 //------------------------------------------------------------------------------
 static mpc_int32_t f_read(mpc_decoder *d, void *ptr, size_t size) 
 { 
-    return d->r->read(d->r->data, ptr, size); 
+    off_t res = d->r->read(d->r->data, ptr, size); 
+    return res > 0 ? res : 0;
 };
 
 static mpc_bool_t f_seek(mpc_decoder *d, mpc_int32_t offset) 
diff -ur xine-lib-1.1.15-pre/src/xine-engine/demux.c xine-lib-1.1.15-post/src/xine-engine/demux.c
--- xine-lib-1.1.15-pre/src/xine-engine/demux.c	2008-06-15 01:15:00.000000000 +0200
+++ xine-lib-1.1.15-post/src/xine-engine/demux.c	2009-01-23 17:25:53.000000000 +0100
@@ -427,7 +427,7 @@
   int read_size;
   unsigned char *buf;
 
-  if (!input || !size || size > MAX_PREVIEW_SIZE)
+  if (!input || size <= 0 || size > MAX_PREVIEW_SIZE)
     return 0;
 
   if (input->get_capabilities(input) & INPUT_CAP_SEEKABLE) {
@@ -437,8 +437,10 @@
   } else if (input->get_capabilities(input) & INPUT_CAP_PREVIEW) {
     buf = malloc(MAX_PREVIEW_SIZE);
     read_size = input->get_optional_data(input, buf, INPUT_OPTIONAL_DATA_PREVIEW);
-    read_size = MIN (read_size, size);
-    memcpy(buffer, buf, read_size);
+    if (read_size > 0) {
+      read_size = MIN (read_size, size);
+      memcpy(buffer, buf, read_size);
+    }
     free(buf);
   } else {
     return 0;
diff -ur xine-lib-1.1.15-pre/src/xine-engine/input_cache.c xine-lib-1.1.15-post/src/xine-engine/input_cache.c
--- xine-lib-1.1.15-pre/src/xine-engine/input_cache.c	2008-06-15 01:15:00.000000000 +0200
+++ xine-lib-1.1.15-post/src/xine-engine/input_cache.c	2009-01-23 17:25:53.000000000 +0100
@@ -69,6 +69,9 @@
   lprintf("cache_plugin_read: len=%"PRId64"\n", len);
   this->read_call++;
 
+  if (len < 0)
+    return -1;
+
   /* optimized for common cases */
   if (len <= (this->buf_len - this->buf_pos)) {
     /* all bytes are in the buffer */
@@ -191,8 +194,15 @@
     if (buf) {
       buf->type = BUF_DEMUX_BLOCK;
    
-      assert(todo <= buf->max_size);
+      if (todo > buf->max_size) {
+	buf->free_buffer (buf);
+	return NULL;
+      }
       read_len = cache_plugin_read (this_gen, buf->content, todo);
+      if (read_len < 0) {
+	buf->free_buffer (buf);
+	return NULL;
+      }
       buf->size = read_len;
     }
   } else {
diff -ur xine-lib-1.1.15-pre/src/xine-engine/input_rip.c xine-lib-1.1.15-post/src/xine-engine/input_rip.c
--- xine-lib-1.1.15-pre/src/xine-engine/input_rip.c	2008-06-15 01:15:00.000000000 +0200
+++ xine-lib-1.1.15-post/src/xine-engine/input_rip.c	2009-01-23 17:25:53.000000000 +0100
@@ -141,7 +141,7 @@
   }
 
   /* really to read/catch */
-  if (nread_orig + nwrite) {
+  if (nread_orig + nwrite > 0) {
     lprintf(" => read %"PRId64" bytes from input plugin\n", nread_orig + nwrite);
 
     /* read from main input plugin */
@@ -239,8 +239,12 @@
   nread_orig = this->regular ? 0 : nread;
 
   /* create own block by RIP if needed */
-  if (npreview + nread_file) {
+  if (npreview + nread_file > 0) {
     buf = fifo->buffer_pool_alloc(fifo);
+    if (npreview + nread_file > buf->size) {
+      buf->free_buffer (buf);
+      return NULL;
+    }
     buf->content = buf->mem;
     buf->type = BUF_DEMUX_BLOCK;
 
@@ -263,7 +267,7 @@
   }
 
   /* really to read/catch */
-  if (nread_orig + nwrite) {
+  if (nread_orig + nwrite > 0) {
     /* read from main input plugin */
     if (buf) {
       lprintf(" => read %"PRId64" bytes from input plugin (block)\n", nread_orig + nwrite);
@@ -636,14 +640,21 @@
       blocksize = main_plugin->get_blocksize(main_plugin);
       buf = main_plugin->read_block(main_plugin, stream->video_fifo, blocksize);
 
-      this->preview_size = buf->size;
-      this->preview = malloc(this->preview_size);
-      memcpy(this->preview, buf->content, this->preview_size);
+      if (buf) {
+        this->preview_size = buf->size;
+        this->preview = malloc(this->preview_size);
+        memcpy(this->preview, buf->content, this->preview_size);
     
-      buf->free_buffer(buf);
+        buf->free_buffer(buf);
+      }
     } else {
       this->preview = malloc(MAX_PREVIEW_SIZE);
       this->preview_size = main_plugin->read(main_plugin, this->preview, MAX_PREVIEW_SIZE);
+      if (this->preview_size <= 0) {
+	free (this->preview);
+	this->preview = NULL;
+	this->preview_size = 0;
+      }
     }
   } else {
     this->preview = NULL;

Places

File sec-010-notincludedyet.diff of Package xine-lib

Places