Hello community,
here is the log from the commit of package lightmediascanner for
openSUSE:Factory checked in at 2019-08-28 18:36:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lightmediascanner (Old)
and /work/SRC/openSUSE:Factory/.lightmediascanner.new.7948 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lightmediascanner"
Wed Aug 28 18:36:14 2019 rev:2 rq:726590 version:0.5.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/lightmediascanner/lightmediascanner.changes
2017-09-13 22:31:07.332960531 +0200
+++
/work/SRC/openSUSE:Factory/.lightmediascanner.new.7948/lightmediascanner.changes
2019-08-28 18:36:17.221275307 +0200
@@ -1,0 +2,23 @@
+Tue Aug 27 19:37:42 UTC 2019 - Alexei Podvalsky <[email protected]>
+
+- Update to 0.5.2:
+ * Fix a regression in lms_db_cache_resize
+ * lighmediascanner_process: check the return of 'read()'.
+ * wave: move in file before going to the next field.
+ * Fix Coverity CID116112 - Untrusted pointer write
+ * Fix Coverity CID116116 - Untrusted value as argument
+ * Fix Coverity CID116111 - Untrusted value as argument
+ * Fix Coverity CID116109 - Missing break in switch
+ * Fix Coverity CID116106 - Logically dead code
+ * Fix Coverity CID116115 - Integer overflowed argument
+ * Fix Coverity CID116086 - Explicit null dereference.
+ * Fix Coverity Issues (CID116113, CID116114, CID116118,
+ CID116120)
+ * Fix Coverity CID116102 - Dereference after null check
+ * Fix Coverity CID116110 - Resource Leak
+ * Fix Coverity CID116117 - Resource Leak
+ * Fix Coverity CID116119 - Resource Leak
+ * Fix Coverity CID116121 - Resource Leak
+ * Merge pull request #18 from phako/master
+
+-------------------------------------------------------------------
Old:
----
lightmediascanner-release_0.5.1.tar.gz
New:
----
lightmediascanner-release_0.5.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lightmediascanner.spec ++++++
--- /var/tmp/diff_new_pack.DrSTUD/_old 2019-08-28 18:36:18.021275168 +0200
+++ /var/tmp/diff_new_pack.DrSTUD/_new 2019-08-28 18:36:18.021275168 +0200
@@ -18,7 +18,7 @@
%define sover 0
Name: lightmediascanner
-Version: 0.5.1
+Version: 0.5.2
Release: 0
Summary: Lightweight media scanner
License: LGPL-2.1
@@ -66,8 +66,6 @@
%prep
%setup -q -n %{name}-release_%{version}
-sed -i 's/CODEC_ID_MP3/AV_CODEC_ID_MP3/' $(grep -rl CODEC_ID_MP3)
-
%build
export CFLAGS="%{optflags} -I$(pkg-config --variable=includedir libavformat)"
NOCONFIGURE=yes
++++++ lightmediascanner-release_0.5.1.tar.gz ->
lightmediascanner-release_0.5.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lightmediascanner-release_0.5.1/NEWS
new/lightmediascanner-release_0.5.2/NEWS
--- old/lightmediascanner-release_0.5.1/NEWS 2015-01-20 19:51:34.000000000
+0100
+++ new/lightmediascanner-release_0.5.2/NEWS 2019-08-19 14:21:49.000000000
+0200
@@ -1,3 +1,11 @@
+ver 0.5.2:
+ Fix a regression in lms_db_cache_resize
+ lighmediascanner_process: check the return of 'read()'.
+ wave: move in file before going to the next field.
+ Make realloc() usage more robust.
+ Port to libav 10 API
+ Many Covertiy (mostly harmless) bugfixes
+
ver 0.5.1:
Remove dependency on zlib, not required anymore.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lightmediascanner-release_0.5.1/configure.ac
new/lightmediascanner-release_0.5.2/configure.ac
--- old/lightmediascanner-release_0.5.1/configure.ac 2015-01-20
19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/configure.ac 2019-08-19
14:21:49.000000000 +0200
@@ -1,4 +1,4 @@
-AC_INIT(lightmediascanner, 0.5.1,
https://github.com/profusion/lightmediascanner/)
+AC_INIT(lightmediascanner, 0.5.2,
https://github.com/profusion/lightmediascanner/)
AC_PREREQ(2.60)
AC_CONFIG_SRCDIR(configure.ac)
AC_CANONICAL_BUILD
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lightmediascanner-release_0.5.1/src/bin/test.c
new/lightmediascanner-release_0.5.2/src/bin/test.c
--- old/lightmediascanner-release_0.5.1/src/bin/test.c 2015-01-20
19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/bin/test.c 2019-08-19
14:21:49.000000000 +0200
@@ -348,8 +348,6 @@
r = lms_process_single_process(lms, path);
else if (method == 2)
r = lms_process(lms, path);
- else
- r = -1;
if (r != 0) {
if (verbose)
@@ -482,6 +480,7 @@
"ERROR: invalid method=%s, should be 'mono' (1) or "
"'dual' (2). Default is dual.\n",
optarg);
+ break;
case 'v':
if (optarg)
verbose = !!atoi(optarg);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner.c
new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner.c
--- old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner.c
2015-01-20 19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner.c
2019-08-19 14:21:49.000000000 +0200
@@ -292,6 +292,7 @@
lms_parser_add(lms_t *lms, const char *so_path)
{
struct parser *parser;
+ void *tmp;
if (!lms)
return NULL;
@@ -304,12 +305,13 @@
return NULL;
}
- lms->parsers = realloc(lms->parsers,
- (lms->n_parsers + 1) * sizeof(struct parser));
- if (!lms->parsers) {
+ tmp = realloc(lms->parsers,
+ (lms->n_parsers + 1) * sizeof(struct parser));
+ if (!tmp) {
perror("realloc");
return NULL;
}
+ lms->parsers = tmp;
parser = lms->parsers + lms->n_parsers;
if (_parser_load(parser, so_path) != 0) {
@@ -378,18 +380,17 @@
return 0;
} else {
int dif;
+ void *tmp;
dif = lms->n_parsers - i;
if (dif)
memmove(parser, parser + 1, dif * sizeof(struct parser));
- lms->parsers = realloc(lms->parsers,
- lms->n_parsers * sizeof(struct parser));
- if (!lms->parsers) {
- lms->n_parsers = 0;
+ tmp = realloc(lms->parsers,
+ lms->n_parsers * sizeof(struct parser));
+ if (!tmp)
return -1;
- }
-
+ lms->parsers = tmp;
return 0;
}
}
@@ -785,6 +786,8 @@
errmsg = dlerror();
if (errmsg) {
fprintf(stderr, "ERROR: could not dlopen() %s\n", errmsg);
+ if (dl_handle)
+ dlclose(dl_handle);
return NULL;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_charset_conv.c
new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_charset_conv.c
---
old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_charset_conv.c
2015-01-20 19:51:34.000000000 +0100
+++
new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_charset_conv.c
2019-08-19 14:21:49.000000000 +0200
@@ -293,13 +293,20 @@
*p_str = ostr;
outbuf = realloc(*p_str, *p_len + 1);
- if (!outbuf)
- perror("realloc");
- else
+ if (outbuf)
*p_str = outbuf;
+ else {
+ perror("realloc");
+ if (*p_len > 0)
+ (*p_len)--;
+ else {
+ free(*p_str);
+ *p_str = NULL;
+ return 0;
+ }
+ }
(*p_str)[*p_len] = '\0';
-
return 0;
}
@@ -355,8 +362,10 @@
if (_conv(lcc->convs[i], p_str, p_len, outstr, outlen) == 0)
return 0;
- if (lcc->fallback == (iconv_t)-1)
+ if (lcc->fallback == (iconv_t)-1) {
+ free(outstr);
return -5;
+ }
fprintf(stderr,
"WARNING: could not convert '%*s' to any charset, use fallback\n",
@@ -408,8 +417,10 @@
if (_conv(lcc->convs[i], p_str, p_len, outstr, outlen) == 0)
return 0;
- if (lcc->fallback == (iconv_t)-1)
+ if (lcc->fallback == (iconv_t)-1) {
+ free(outstr);
return -5;
+ }
fprintf(stderr,
"WARNING: could not convert '%*s' to any charset, use fallback\n",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_check.c
new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_check.c
--- old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_check.c
2015-01-20 19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_check.c
2019-08-19 14:21:49.000000000 +0200
@@ -171,8 +171,8 @@
if (ci.path_len == -1)
return 0;
- if (ci.path_len > PATH_SIZE) {
- fprintf(stderr, "ERROR: path too long (%d/%d)\n",
+ if (ci.path_len > PATH_SIZE || ci.path_len < 0) {
+ fprintf(stderr, "ERROR: invalid path size (%d) (min: 0, max: %d)\n",
ci.path_len, PATH_SIZE);
return -2;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_db_audio.c
new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_db_audio.c
--- old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_db_audio.c
2015-01-20 19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_db_audio.c
2019-08-19 14:21:49.000000000 +0200
@@ -336,15 +336,15 @@
lms_db_audio_t *lda;
void *p;
+ if (!db)
+ return NULL;
+
if (lms_db_cache_get(&_cache, db, &p) == 0) {
lda = p;
lda->_references++;
return lda;
}
- if (!db)
- return NULL;
-
if (_db_create_tables_if_required(db) != 0) {
fprintf(stderr, "ERROR: could not create tables.\n");
return NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_db_common.c
new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_db_common.c
--- old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_db_common.c
2015-01-20 19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_db_common.c
2019-08-19 14:21:49.000000000 +0200
@@ -404,17 +404,16 @@
}
static int
-lms_db_cache_resize(struct lms_db_cache *cache, int new_size)
+lms_db_cache_resize(struct lms_db_cache *cache, unsigned int new_size)
{
- cache->size = new_size;
- cache->entries = realloc(cache->entries,
- cache->size * sizeof(*cache->entries));
- if (cache->size && !cache->entries) {
+ void *tmp = realloc(cache->entries,
+ new_size * sizeof(*cache->entries));
+ if (new_size > 0 && !tmp) {
perror("realloc");
- cache->size = 0;
return -1;
}
-
+ cache->size = new_size;
+ cache->entries = tmp;
return 0;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_db_image.c
new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_db_image.c
--- old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_db_image.c
2015-01-20 19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_db_image.c
2019-08-19 14:21:49.000000000 +0200
@@ -163,15 +163,15 @@
lms_db_image_t *ldi;
void *p;
+ if (!db)
+ return NULL;
+
if (lms_db_cache_get(&_cache, db, &p) == 0) {
ldi = p;
ldi->_references++;
return ldi;
}
- if (!db)
- return NULL;
-
if (_db_create_table_if_required(db) != 0) {
fprintf(stderr, "ERROR: could not create table.\n");
return NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_db_playlist.c
new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_db_playlist.c
--- old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_db_playlist.c
2015-01-20 19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_db_playlist.c
2019-08-19 14:21:49.000000000 +0200
@@ -115,15 +115,15 @@
lms_db_playlist_t *ldp;
void *p;
+ if (!db)
+ return NULL;
+
if (lms_db_cache_get(&_cache, db, &p) == 0) {
ldp = p;
ldp->_references++;
return ldp;
}
- if (!db)
- return NULL;
-
if (_db_create_table_if_required(db) != 0) {
fprintf(stderr, "ERROR: could not create table.\n");
return NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_db_video.c
new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_db_video.c
--- old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_db_video.c
2015-01-20 19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_db_video.c
2019-08-19 14:21:49.000000000 +0200
@@ -300,15 +300,15 @@
lms_db_video_t *ldv;
void *p;
+ if (!db)
+ return NULL;
+
if (lms_db_cache_get(&_cache, db, &p) == 0) {
ldv = p;
ldv->_references++;
return ldv;
}
- if (!db)
- return NULL;
-
if (_db_create_table_if_required(db) != 0) {
fprintf(stderr, "ERROR: could not create table.\n");
return NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_dlna.c
new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_dlna.c
--- old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_dlna.c
2015-01-20 19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_dlna.c
2019-08-19 14:21:49.000000000 +0200
@@ -239,17 +239,24 @@
char *tmp, *p;
const char *profile = NULL, *level = NULL;
+ if (!video)
+ return NULL;
+
tmp = strdupa(video->codec.str);
p = strstr(tmp, "-p");
if (p) {
p[0] = '\0';
- profile = p + 2;
+ p += 2;
+ profile = p;
+ } else {
+ p = tmp;
}
- p = strstr(profile, "-l");
+ p = strstr(p, "-l");
if (p) {
p[0] = '\0';
- level = p + 2;
+ p += 2;
+ level = p;
}
curr = video_rules;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_process.c
new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_process.c
--- old/lightmediascanner-release_0.5.1/src/lib/lightmediascanner_process.c
2015-01-20 19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/lib/lightmediascanner_process.c
2019-08-19 14:21:49.000000000 +0200
@@ -131,8 +131,9 @@
if (*plen == -1)
return 0;
- if (*plen > PATH_SIZE) {
- fprintf(stderr, "ERROR: path too long (%d/%d)\n", *plen, PATH_SIZE);
+ if (*plen > PATH_SIZE || *plen < 0) {
+ fprintf(stderr, "ERROR: invalid path size (%d) (min: 0, max: %d)\n",
+ *plen, PATH_SIZE);
return -2;
}
@@ -616,8 +617,15 @@
return 0;
else if (pfd->revents & POLLIN) {
char c;
+ ssize_t s;
- read(pfd->fd, &c, sizeof(c));
+ s = read(pfd->fd, &c, sizeof(c));
+ if (s == 0)
+ return 0;
+ else if (s < 0) {
+ perror("read");
+ return -1;
+ }
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/plugins/generic/generic.c
new/lightmediascanner-release_0.5.2/src/plugins/generic/generic.c
--- old/lightmediascanner-release_0.5.1/src/plugins/generic/generic.c
2015-01-20 19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/plugins/generic/generic.c
2019-08-19 14:21:49.000000000 +0200
@@ -86,7 +86,7 @@
};
static const struct codec_container_descriptor _codec_list[] = {
- {CODEC_ID_MP3, &_codec_mpeg1layer3},
+ {AV_CODEC_ID_MP3, &_codec_mpeg1layer3},
{AV_CODEC_ID_WMAV1, &_codec_audio_asf},
{AV_CODEC_ID_WMAV2, &_codec_audio_asf},
{AV_CODEC_ID_WMAPRO, &_codec_audio_asf},
@@ -251,7 +251,7 @@
static const struct codec_container _codecs[] = {
{
- .id = CODEC_ID_MP3,
+ .id = AV_CODEC_ID_MP3,
.get_codec = _get_common_codec,
.get_container = NULL,
},
@@ -435,8 +435,8 @@
s->video.width = ctx->width;
s->video.height = ctx->height;
- if (stream->r_frame_rate.den)
- s->video.framerate = stream->r_frame_rate.num /
stream->r_frame_rate.den;
+ if (stream->avg_frame_rate.den)
+ s->video.framerate = stream->avg_frame_rate.num /
stream->avg_frame_rate.den;
snprintf(aspect_ratio, sizeof(aspect_ratio), "%d:%d",
ctx->sample_aspect_ratio.num, ctx->sample_aspect_ratio.den);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/plugins/jpeg/jpeg.c
new/lightmediascanner-release_0.5.2/src/plugins/jpeg/jpeg.c
--- old/lightmediascanner-release_0.5.1/src/plugins/jpeg/jpeg.c 2015-01-20
19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/plugins/jpeg/jpeg.c 2019-08-19
14:21:49.000000000 +0200
@@ -159,7 +159,10 @@
return -4;
found++;
} else if (buf[1] == JPEG_MARKER_COMM && !info->title.str) {
- if (_jpeg_com_process(fd, len, &info->title) != 0)
+ /* abort if COMM is too big, it's unexpected and we suspect
+ * it's a broken or malicious JPEG header.
+ */
+ if (len > 1024 || _jpeg_com_process(fd, len, &info->title) != 0)
return -5;
found++;
} else if (buf[1] == JPEG_MARKER_SOS)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/plugins/pls/pls.c
new/lightmediascanner-release_0.5.2/src/plugins/pls/pls.c
--- old/lightmediascanner-release_0.5.1/src/plugins/pls/pls.c 2015-01-20
19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/plugins/pls/pls.c 2019-08-19
14:21:49.000000000 +0200
@@ -311,6 +311,7 @@
if (_pls_parse(fd, finfo, &info) != 0) {
fprintf(stderr,
"WARNING: could not parse playlist '%s'.\n", finfo->path);
+ close(fd);
return -1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lightmediascanner-release_0.5.1/src/plugins/wave/wave.c
new/lightmediascanner-release_0.5.2/src/plugins/wave/wave.c
--- old/lightmediascanner-release_0.5.1/src/plugins/wave/wave.c 2015-01-20
19:51:34.000000000 +0100
+++ new/lightmediascanner-release_0.5.2/src/plugins/wave/wave.c 2019-08-19
14:21:49.000000000 +0200
@@ -123,6 +123,15 @@
break;
size = le32toh(size);
+ if (size > 1024) {
+ /* we don't expect any info field to be that big. */
+ if (lseek(fd, size, SEEK_CUR) < 0) {
+ perror("lseek");
+ return -1;
+ }
+ maxsize -= size;
+ goto next_field;
+ }
if (memcmp(chunkid, "INAM", 4) == 0)
str = &info->title;
@@ -148,7 +157,10 @@
* size */
while (maxsize > 0 && read(fd, chunkid, 1) == 1) {
if (chunkid[0] != '\0') {
- lseek(fd, -1, SEEK_CUR);
+ if (lseek(fd, -1, SEEK_CUR) < 0) {
+ perror("lseek");
+ return -1;
+ }
break;
}
maxsize--;
