File sec-010-notincludedyet.diff of Package xine-lib
diff -ur xine-lib-1.1.15-pre/src/demuxers/demux_matroska.c xine-lib-1.1.15-post/src/demuxers/demux_matroska.c
--- xine-lib-1.1.15-pre/src/demuxers/demux_matroska.c 2009-01-23 17:30:19.000000000 +0100
+++ xine-lib-1.1.15-post/src/demuxers/demux_matroska.c 2009-01-23 17:25:48.000000000 +0100
@@ -1320,7 +1320,8 @@
_x_bmiheader_le2me(bih);
/* add bih extra data */
- memcpy(bih + 1, track->codec_private, track->codec_private_len);
+ if (track->codec_private_len > 0)
+ memcpy(bih + 1, track->codec_private, track->codec_private_len);
free(track->codec_private);
track->codec_private = (uint8_t *)bih;
track->codec_private_len = bih->biSize;
@@ -1344,7 +1345,8 @@
_x_bmiheader_le2me(bih);
/* add bih extra data */
- memcpy(bih + 1, track->codec_private, track->codec_private_len);
+ if (track->codec_private_len > 0)
+ memcpy(bih + 1, track->codec_private, track->codec_private_len);
free(track->codec_private);
track->codec_private = (uint8_t *)bih;
track->codec_private_len = bih->biSize;
diff -ur xine-lib-1.1.15-pre/src/demuxers/demux_real.c xine-lib-1.1.15-post/src/demuxers/demux_real.c
--- xine-lib-1.1.15-pre/src/demuxers/demux_real.c 2009-01-23 17:30:19.000000000 +0100
+++ xine-lib-1.1.15-post/src/demuxers/demux_real.c 2009-01-23 17:25:48.000000000 +0100
@@ -785,7 +783,7 @@
* header giving bits per sample, sample rate and number of channels.
* The second is the codec initialisation data found at the end of
* the type specific data for the audio stream */
- if(buf->type == BUF_AUDIO_AAC) {
+ if(buf->type == BUF_AUDIO_AAC && mdpr->type_specific_len >= 79) {
const uint16_t version = _X_BE_16(mdpr->type_specific_data + 4);
if(version != 5) {
@@ -814,8 +812,9 @@
buf->decoder_info_ptr[2] = buf->content;
buf->size = 0;
- memcpy(buf->content, mdpr->type_specific_data + 79,
- buf->decoder_info[2]);
+ if (mdpr->type_specific_len >= 79 + buf->decoder_info[2])
+ memcpy(buf->content, mdpr->type_specific_data + 79,
+ buf->decoder_info[2]);
} else if(buf->type == BUF_AUDIO_MP3ADU) {
buf->decoder_flags |= BUF_FLAG_STDHEADER | BUF_FLAG_FRAME_END;
diff -ur xine-lib-1.1.15-pre/src/libmusepack/idtag.c xine-lib-1.1.15-post/src/libmusepack/idtag.c
--- xine-lib-1.1.15-pre/src/libmusepack/idtag.c 2008-04-17 18:48:58.000000000 +0200
+++ xine-lib-1.1.15-post/src/libmusepack/idtag.c 2009-01-23 17:25:53.000000000 +0100
@@ -53,7 +53,8 @@
return 0;
}
- r->read(r->data, tmp, sizeof(tmp));
+ if (r->read(r->data, tmp, sizeof(tmp)) != sizeof (tmp))
+ return 0;
// check id3-tag
if ( 0 != memcmp ( tmp, "ID3", 3) )
diff -ur xine-lib-1.1.15-pre/src/libmusepack/mpc_decoder.c xine-lib-1.1.15-post/src/libmusepack/mpc_decoder.c
--- xine-lib-1.1.15-pre/src/libmusepack/mpc_decoder.c 2008-04-17 18:48:58.000000000 +0200
+++ xine-lib-1.1.15-post/src/libmusepack/mpc_decoder.c 2009-01-23 17:25:53.000000000 +0100
@@ -69,7 +69,8 @@
//------------------------------------------------------------------------------
static mpc_int32_t f_read(mpc_decoder *d, void *ptr, size_t size)
{
- return d->r->read(d->r->data, ptr, size);
+ off_t res = d->r->read(d->r->data, ptr, size);
+ return res > 0 ? res : 0;
};
static mpc_bool_t f_seek(mpc_decoder *d, mpc_int32_t offset)
diff -ur xine-lib-1.1.15-pre/src/xine-engine/demux.c xine-lib-1.1.15-post/src/xine-engine/demux.c
--- xine-lib-1.1.15-pre/src/xine-engine/demux.c 2008-06-15 01:15:00.000000000 +0200
+++ xine-lib-1.1.15-post/src/xine-engine/demux.c 2009-01-23 17:25:53.000000000 +0100
@@ -427,7 +427,7 @@
int read_size;
unsigned char *buf;
- if (!input || !size || size > MAX_PREVIEW_SIZE)
+ if (!input || size <= 0 || size > MAX_PREVIEW_SIZE)
return 0;
if (input->get_capabilities(input) & INPUT_CAP_SEEKABLE) {
@@ -437,8 +437,10 @@
} else if (input->get_capabilities(input) & INPUT_CAP_PREVIEW) {
buf = malloc(MAX_PREVIEW_SIZE);
read_size = input->get_optional_data(input, buf, INPUT_OPTIONAL_DATA_PREVIEW);
- read_size = MIN (read_size, size);
- memcpy(buffer, buf, read_size);
+ if (read_size > 0) {
+ read_size = MIN (read_size, size);
+ memcpy(buffer, buf, read_size);
+ }
free(buf);
} else {
return 0;
diff -ur xine-lib-1.1.15-pre/src/xine-engine/input_cache.c xine-lib-1.1.15-post/src/xine-engine/input_cache.c
--- xine-lib-1.1.15-pre/src/xine-engine/input_cache.c 2008-06-15 01:15:00.000000000 +0200
+++ xine-lib-1.1.15-post/src/xine-engine/input_cache.c 2009-01-23 17:25:53.000000000 +0100
@@ -69,6 +69,9 @@
lprintf("cache_plugin_read: len=%"PRId64"\n", len);
this->read_call++;
+ if (len < 0)
+ return -1;
+
/* optimized for common cases */
if (len <= (this->buf_len - this->buf_pos)) {
/* all bytes are in the buffer */
@@ -191,8 +194,15 @@
if (buf) {
buf->type = BUF_DEMUX_BLOCK;
- assert(todo <= buf->max_size);
+ if (todo > buf->max_size) {
+ buf->free_buffer (buf);
+ return NULL;
+ }
read_len = cache_plugin_read (this_gen, buf->content, todo);
+ if (read_len < 0) {
+ buf->free_buffer (buf);
+ return NULL;
+ }
buf->size = read_len;
}
} else {
diff -ur xine-lib-1.1.15-pre/src/xine-engine/input_rip.c xine-lib-1.1.15-post/src/xine-engine/input_rip.c
--- xine-lib-1.1.15-pre/src/xine-engine/input_rip.c 2008-06-15 01:15:00.000000000 +0200
+++ xine-lib-1.1.15-post/src/xine-engine/input_rip.c 2009-01-23 17:25:53.000000000 +0100
@@ -141,7 +141,7 @@
}
/* really to read/catch */
- if (nread_orig + nwrite) {
+ if (nread_orig + nwrite > 0) {
lprintf(" => read %"PRId64" bytes from input plugin\n", nread_orig + nwrite);
/* read from main input plugin */
@@ -239,8 +239,12 @@
nread_orig = this->regular ? 0 : nread;
/* create own block by RIP if needed */
- if (npreview + nread_file) {
+ if (npreview + nread_file > 0) {
buf = fifo->buffer_pool_alloc(fifo);
+ if (npreview + nread_file > buf->size) {
+ buf->free_buffer (buf);
+ return NULL;
+ }
buf->content = buf->mem;
buf->type = BUF_DEMUX_BLOCK;
@@ -263,7 +267,7 @@
}
/* really to read/catch */
- if (nread_orig + nwrite) {
+ if (nread_orig + nwrite > 0) {
/* read from main input plugin */
if (buf) {
lprintf(" => read %"PRId64" bytes from input plugin (block)\n", nread_orig + nwrite);
@@ -636,14 +640,21 @@
blocksize = main_plugin->get_blocksize(main_plugin);
buf = main_plugin->read_block(main_plugin, stream->video_fifo, blocksize);
- this->preview_size = buf->size;
- this->preview = malloc(this->preview_size);
- memcpy(this->preview, buf->content, this->preview_size);
+ if (buf) {
+ this->preview_size = buf->size;
+ this->preview = malloc(this->preview_size);
+ memcpy(this->preview, buf->content, this->preview_size);
- buf->free_buffer(buf);
+ buf->free_buffer(buf);
+ }
} else {
this->preview = malloc(MAX_PREVIEW_SIZE);
this->preview_size = main_plugin->read(main_plugin, this->preview, MAX_PREVIEW_SIZE);
+ if (this->preview_size <= 0) {
+ free (this->preview);
+ this->preview = NULL;
+ this->preview_size = 0;
+ }
}
} else {
this->preview = NULL;
