[vlc-commits] input: parse `:input-slave" options earlier
vlc/vlc-3.0 | branch: master | Alaric Senat | Thu Apr 22 11:42:12 2021 +0200| [bc53d6edc62772765924118e7e6ed39ac7464a11] | committer: Jean-Baptiste Kempf input: parse `:input-slave" options earlier Move the option parsing right before the input-item slaves copy. This avoid input-slaves unnecessary duplication each time the input is reparsed as the input-item slaves copy itself avoid duplicating. Fixes #19977 (cherry picked from commit 4f7522e620be01a3662bd985aeca1a2b8c4b7ff4) Signed-off-by: Jean-Baptiste Kempf > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=bc53d6edc62772765924118e7e6ed39ac7464a11 --- src/input/input.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/input/input.c b/src/input/input.c index 81cfac86cc..f8c0cf796c 100644 --- a/src/input/input.c +++ b/src/input/input.c @@ -1148,6 +1148,9 @@ static void LoadSlaves( input_thread_t *p_input ) free( psz_autopath ); } +/* Add slaves from the "input-slave" option */ +GetVarSlaves( p_input, _slaves, _slaves ); + /* Add slaves found by the directory demuxer or via libvlc */ input_item_t *p_item = input_priv(p_input)->p_item; vlc_mutex_lock( _item->lock ); @@ -1165,9 +1168,6 @@ static void LoadSlaves( input_thread_t *p_input ) TAB_CLEAN( p_item->i_slaves, p_item->pp_slaves ); vlc_mutex_unlock( _item->lock ); -/* Add slaves from the "input-slave" option */ -GetVarSlaves( p_input, _slaves, _slaves ); - if( i_slaves > 0 ) qsort( pp_slaves, i_slaves, sizeof (input_item_slave_t*), SlaveCompare ); ___ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits
[vlc-commits] Tag 3.0.13 : VLC media player 3.0.13 'Vetinari'
[vlc/vlc-3.0] [branch: refs/tags/3.0.13] Tag:ffb6fa051993bcbccfed481fd9da87699dda842e > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git?a=tag;h=ffb6fa051993bcbccfed481fd9da87699dda842e Tagger: Hugo Beauzée-Luyssen Date: Tue Apr 27 13:59:19 2021 +0200 VLC media player 3.0.13 'Vetinari' This is the fourteenth release of VLC 3.0 branch, named "Vetinari", in reference to the Lord Patrician from Discworld. This updates contains various fixes and improvements: - Fix artifacts in HLS streams - Fix MP4 audio support regressions - Add SSA text scaling support - Add NFSv4 support - Improve SMB2 integration - Improve Direct3D11 rendering smoothness - Add mousewheel horizontal axis support - Security fixes And many more, check our NEWS file for more details! ___ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits
[vlc-commits] core: update_crypto: Ensure we don't overflow while shifting
vlc/vlc-3.0 | branch: master | Hugo Beauzée-Luyssen | Mon Apr 19 11:49:27 2021 +0200| [4cd66139cef61e9a7390db304e99ee80f01bf555] | committer: Hugo Beauzée-Luyssen core: update_crypto: Ensure we don't overflow while shifting (cherry picked from commit 984407ba32a0f3d4ed5dd69510b943003bb3bd63) Signed-off-by: Hugo Beauzée-Luyssen > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=4cd66139cef61e9a7390db304e99ee80f01bf555 --- src/misc/update_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/misc/update_crypto.c b/src/misc/update_crypto.c index d4e65fa2a6..09479468c0 100644 --- a/src/misc/update_crypto.c +++ b/src/misc/update_crypto.c @@ -63,7 +63,7 @@ static inline uint32_t scalar_number( const uint8_t *p, int header_len ) else if( header_len == 2 ) return( (p[0] << 8) + p[1] ); else if( header_len == 4 ) -return( (p[0] << 24) + (p[1] << 16) + (p[2] << 8) + p[3] ); +return( ((uint32_t)p[0] << 24) + (p[1] << 16) + (p[2] << 8) + p[3] ); else abort(); } ___ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits
[vlc-commits] core: update_crypto: Use uint32_t for buffer sizes
vlc/vlc-3.0 | branch: master | Hugo Beauzée-Luyssen | Mon Apr 19 11:46:56 2021 +0200| [4df4378f433fb5b175bf0792f32bb7014f055c10] | committer: Hugo Beauzée-Luyssen core: update_crypto: Use uint32_t for buffer sizes (cherry picked from commit 1778e11aaffc628f62cfb6e35ba9d64b1953620e) Signed-off-by: Hugo Beauzée-Luyssen > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=4df4378f433fb5b175bf0792f32bb7014f055c10 --- src/misc/update_crypto.c | 26 +- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/src/misc/update_crypto.c b/src/misc/update_crypto.c index 87800d11a4..d4e65fa2a6 100644 --- a/src/misc/update_crypto.c +++ b/src/misc/update_crypto.c @@ -54,7 +54,7 @@ #define packet_header_len( c ) ( ( c & 0x03 ) + 1 ) /* number of bytes in a packet header */ -static inline int scalar_number( const uint8_t *p, int header_len ) +static inline uint32_t scalar_number( const uint8_t *p, int header_len ) { assert( header_len == 1 || header_len == 2 || header_len == 4 ); @@ -70,7 +70,7 @@ static inline int scalar_number( const uint8_t *p, int header_len ) /* number of data bytes in a MPI */ -static int mpi_len(const uint8_t *mpi) +static uint32_t mpi_len(const uint8_t *mpi) { return (scalar_number(mpi, 2) + 7) / 8; } @@ -482,15 +482,15 @@ static int verify_signature_rsa( signature_packet_t *sign, public_key_packet_t * gcry_sexp_t key_sexp, hash_sexp, sig_sexp; key_sexp = hash_sexp = sig_sexp = NULL; -int i_n_len = mpi_len( p_key->sig.rsa.n ); -int i_e_len = mpi_len( p_key->sig.rsa.e ); +size_t i_e_len = mpi_len( p_key->sig.rsa.e ); +size_t i_n_len = mpi_len( p_key->sig.rsa.n ); if( gcry_mpi_scan( , GCRYMPI_FMT_USG, p_key->sig.rsa.n + 2, i_n_len, NULL ) || gcry_mpi_scan( , GCRYMPI_FMT_USG, p_key->sig.rsa.e + 2, i_e_len, NULL ) || gcry_sexp_build( _sexp, , key_sexp_s, n, e ) ) goto out; uint8_t *p_s = sign->algo_specific.rsa.s; -int i_s_len = mpi_len( p_s ); +size_t i_s_len = mpi_len( p_s ); if( gcry_mpi_scan( , GCRYMPI_FMT_USG, p_s + 2, i_s_len, NULL ) || gcry_sexp_build( _sexp, , sig_sexp_s, s ) ) goto out; @@ -536,10 +536,10 @@ static int verify_signature_dsa( signature_packet_t *sign, public_key_packet_t * gcry_sexp_t key_sexp, hash_sexp, sig_sexp; key_sexp = hash_sexp = sig_sexp = NULL; -int i_p_len = mpi_len( p_key->sig.dsa.p ); -int i_q_len = mpi_len( p_key->sig.dsa.q ); -int i_g_len = mpi_len( p_key->sig.dsa.g ); -int i_y_len = mpi_len( p_key->sig.dsa.y ); +size_t i_p_len = mpi_len( p_key->sig.dsa.p ); +size_t i_q_len = mpi_len( p_key->sig.dsa.q ); +size_t i_g_len = mpi_len( p_key->sig.dsa.g ); +size_t i_y_len = mpi_len( p_key->sig.dsa.y ); if( gcry_mpi_scan( , GCRYMPI_FMT_USG, p_key->sig.dsa.p + 2, i_p_len, NULL ) || gcry_mpi_scan( , GCRYMPI_FMT_USG, p_key->sig.dsa.q + 2, i_q_len, NULL ) || gcry_mpi_scan( , GCRYMPI_FMT_USG, p_key->sig.dsa.g + 2, i_g_len, NULL ) || @@ -549,14 +549,14 @@ static int verify_signature_dsa( signature_packet_t *sign, public_key_packet_t * uint8_t *p_r = sign->algo_specific.dsa.r; uint8_t *p_s = sign->algo_specific.dsa.s; -int i_r_len = mpi_len( p_r ); -int i_s_len = mpi_len( p_s ); +size_t i_r_len = mpi_len( p_r ); +size_t i_s_len = mpi_len( p_s ); if( gcry_mpi_scan( , GCRYMPI_FMT_USG, p_r + 2, i_r_len, NULL ) || gcry_mpi_scan( , GCRYMPI_FMT_USG, p_s + 2, i_s_len, NULL ) || gcry_sexp_build( _sexp, , sig_sexp_s, r, s ) ) goto out; -int i_hash_len = gcry_md_get_algo_dlen (sign->digest_algo); +unsigned int i_hash_len = gcry_md_get_algo_dlen (sign->digest_algo); if (i_hash_len > i_q_len) i_hash_len = i_q_len; if( gcry_mpi_scan( , GCRYMPI_FMT_USG, p_hash, i_hash_len, NULL ) || @@ -648,7 +648,7 @@ int parse_public_key( const uint8_t *p_key_data, size_t i_key_len, ( i_header_len != 1 && i_header_len != 2 && i_header_len != 4 ) ) goto error; -int i_packet_len = scalar_number( pos, i_header_len ); +size_t i_packet_len = scalar_number( pos, i_header_len ); pos += i_header_len; if( pos + i_packet_len > max_pos ) ___ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits
[vlc-commits] contrib: ffmpeg: fix crash on use after free buffer in MPEG2 DXVA
vlc/vlc-3.0 | branch: master | Steve Lhomme | Fri Feb 12 08:45:53 2021 +0100| [c35f6712bbf133f6a1223012e63a6161c4e79d47] | committer: Hugo Beauzée-Luyssen contrib: ffmpeg: fix crash on use after free buffer in MPEG2 DXVA Signed-off-by: Hugo Beauzée-Luyssen (cherry picked from commit f43cad135a6feccd6422114a00d9bc438e9d5af9) Signed-off-by: Hugo Beauzée-Luyssen > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=c35f6712bbf133f6a1223012e63a6161c4e79d47 --- ...g12dec-don-t-call-hw-end_frame-when-start.patch | 36 ...g12dec-don-t-end-a-slice-without-first_sl.patch | 49 ++ contrib/src/ffmpeg/rules.mak | 2 + 3 files changed, 87 insertions(+) diff --git a/contrib/src/ffmpeg/0001-avcodec-mpeg12dec-don-t-call-hw-end_frame-when-start.patch b/contrib/src/ffmpeg/0001-avcodec-mpeg12dec-don-t-call-hw-end_frame-when-start.patch new file mode 100644 index 00..138ddd83e4 --- /dev/null +++ b/contrib/src/ffmpeg/0001-avcodec-mpeg12dec-don-t-call-hw-end_frame-when-start.patch @@ -0,0 +1,36 @@ +From 3ca2f6e24f4422f789e6483bb782052f7f91e4e4 Mon Sep 17 00:00:00 2001 +From: Steve Lhomme +Date: Fri, 12 Feb 2021 08:20:56 +0100 +Subject: [PATCH 1/2] avcodec/mpeg12dec: don't call hw->end_frame when starting + second field decoding + +This call is unbalanced with a hwaccel->start_frame. It fixes some crashes +because this call ends up using uninitialized memory. Decoding works as +expected after this patch. +--- + libavcodec/mpeg12dec.c | 9 - + 1 file changed, 9 deletions(-) + +diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c +index ac5ac4bca4..88d10e9236 100644 +--- a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c +@@ -1674,15 +1674,6 @@ static int mpeg_field_start(MpegEncContext *s, const uint8_t *buf, int buf_size) + return AVERROR_INVALIDDATA; + } + +-if (s->avctx->hwaccel && +-(s->avctx->slice_flags & SLICE_FLAG_ALLOW_FIELD)) { +-if ((ret = s->avctx->hwaccel->end_frame(s->avctx)) < 0) { +-av_log(avctx, AV_LOG_ERROR, +- "hardware accelerator failed to decode first field\n"); +-return ret; +-} +-} +- + for (i = 0; i < 4; i++) { + s->current_picture.f->data[i] = s->current_picture_ptr->f->data[i]; + if (s->picture_structure == PICT_BOTTOM_FIELD) +-- +2.27.0.windows.1 + diff --git a/contrib/src/ffmpeg/0002-avcodec-mpeg12dec-don-t-end-a-slice-without-first_sl.patch b/contrib/src/ffmpeg/0002-avcodec-mpeg12dec-don-t-end-a-slice-without-first_sl.patch new file mode 100644 index 00..212343d251 --- /dev/null +++ b/contrib/src/ffmpeg/0002-avcodec-mpeg12dec-don-t-end-a-slice-without-first_sl.patch @@ -0,0 +1,49 @@ +From 3eb70589260b6eb0e37265933a15c737023dfd7e Mon Sep 17 00:00:00 2001 +From: Steve Lhomme +Date: Fri, 12 Feb 2021 11:10:03 +0100 +Subject: [PATCH 2/2] avcodec/mpeg12dec: don't end a slice without first_slice + +If first_slice is set that means the first slice/field is not started yet. We +should not end the slice. In particular calling hwaccel->end_frame may crash as +we're ending a frame that was not started. + +We also need to reset first_slice once the slice_end is finished handling +for this check to work. +--- + libavcodec/mpeg12dec.c | 20 +--- + 1 file changed, 13 insertions(+), 7 deletions(-) + +diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c +index 88d10e9236..fdf210fa1b 100644 +--- a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c +@@ -2477,13 +2477,19 @@ static int decode_chunks(AVCodecContext *avctx, AVFrame *picture, + s2->er.error_count += s2->thread_context[i]->er.error_count; + } + +-ret = slice_end(avctx, picture); +-if (ret < 0) +-return ret; +-else if (ret) { +-// FIXME: merge with the stuff in mpeg_decode_slice +-if (s2->last_picture_ptr || s2->low_delay) +-*got_output = 1; ++if (s->first_slice) // not started yet. don't end it ++ret = 0; ++else { ++ret = slice_end(avctx, picture); ++if (ret < 0) ++return ret; ++else if (ret) { ++// FIXME: merge with the stuff in mpeg_decode_slice ++if (s2->last_picture_ptr || s2->low_delay) ++*got_output = 1; ++} ++// slice ended, don't end it again later ++s->first_slice = 1; + } + } + s2->pict_type = 0; +-- +2.27.0.windows.1 + diff --git a/contrib/src/ffmpeg/rules.mak b/contrib/src/ffmpeg/rules.mak index 4db97585ea..7966c653d6 100644 --- a/contrib/src/ffmpeg/rules.mak
[vlc-commits] av1_unpack: check header overflow
vlc/vlc-3.0 | branch: master | Francois Cartegnie | Mon Apr 12 13:39:46 2021 +0200| [86e2cdd41557664e2a13b79be4d415ccd61428ea] | committer: Hugo Beauzée-Luyssen av1_unpack: check header overflow could trigger -1 offset move reported by Zhen Zhou of NSFOCUS Security Team (cherry picked from commit 44200dea8c4d2767886b553a7a5887f2191de88f) Signed-off-by: Hugo Beauzée-Luyssen > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=86e2cdd41557664e2a13b79be4d415ccd61428ea --- modules/demux/av1_unpack.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/demux/av1_unpack.h b/modules/demux/av1_unpack.h index af7f056abf..dcaaa85f34 100644 --- a/modules/demux/av1_unpack.h +++ b/modules/demux/av1_unpack.h @@ -55,6 +55,8 @@ static inline block_t * AV1_Unpack_Sample_ExpandSize(block_t *p_block) if(AV1_OBUHasSizeField(p_obu)) continue; const uint8_t i_header = 1 + AV1_OBUHasExtensionField(p_obu); +if(i_header > i_obu) +break; const uint8_t i_sizelen = leb128_expected(i_obu - i_header); const size_t i_obu_offset = p_obu - p_block->p_buffer; ___ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits
[vlc-commits] qt: playlist_controller: Ensure the path points to a directory
vlc/vlc-3.0 | branch: master | Lukas Euler | Fri Feb 12 11:55:14 2021 +0100| [7e92daadfa0723d1b423d2caeee6929bb6880374] | committer: Hugo Beauzée-Luyssen qt: playlist_controller: Ensure the path points to a directory Not doing so could end up opening a file with the default application associated with it, instead of opening a folder, leading to a potential remote code execution. Reported-by: Fabian Bräunlein Reported-by: Lukas Euler Signed-off-by: Hugo Beauzée-Luyssen > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=7e92daadfa0723d1b423d2caeee6929bb6880374 --- modules/gui/qt/components/playlist/standardpanel.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/gui/qt/components/playlist/standardpanel.cpp b/modules/gui/qt/components/playlist/standardpanel.cpp index 3d6fe6e6a8..6e7ba66cca 100644 --- a/modules/gui/qt/components/playlist/standardpanel.cpp +++ b/modules/gui/qt/components/playlist/standardpanel.cpp @@ -322,8 +322,10 @@ void StandardPLPanel::popupAction( QAction *action ) temp = model->getURI( index ); if( ! temp.isEmpty() ) path = vlc_uri2path( temp.toLatin1().constData() ); if( path == NULL ) return; +temp = QFileInfo( qfu( path ) ).absolutePath(); +if( !QFileInfo( temp ).isDir() ) return; QDesktopServices::openUrl( -QUrl::fromLocalFile( QFileInfo( qfu( path ) ).absolutePath() ) ); +QUrl::fromLocalFile( temp ) ); free( path ); break; ___ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits
[vlc-commits] kate: remove invalid clean
vlc/vlc-3.0 | branch: master | Thomas Guillem | Tue Jan 12 15:26:33 2021 +0100| [acf7da63f1ebebc1ee6e40e6077783634d5ad063] | committer: Hugo Beauzée-Luyssen kate: remove invalid clean palette doesn't need to be freed since it's stack allocated. Signed-off-by: Hugo Beauzée-Luyssen (cherry picked from commit 73f7b186190ecf5811594b16c7eac4520159ef2d) Signed-off-by: Hugo Beauzée-Luyssen > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=acf7da63f1ebebc1ee6e40e6077783634d5ad063 --- modules/codec/kate.c | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/codec/kate.c b/modules/codec/kate.c index 5f7784791d..cbcb0090c4 100644 --- a/modules/codec/kate.c +++ b/modules/codec/kate.c @@ -1169,7 +1169,6 @@ static subpicture_t *SetupSimpleKateSPU( decoder_t *p_dec, subpicture_t *p_spu, CreateKatePalette( fmt.p_palette, ev->palette ); p_bitmap_region = subpicture_region_New( ); -video_format_Clean( ); if( !p_bitmap_region ) { msg_Err( p_dec, "cannot allocate SPU region" ); ___ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits