[vlc-commits] [Git][videolan/vlc][3.0.x] 5 commits: mms: use const in mms_ParsePacket()
Jean-Baptiste Kempf (@jbk)
gitlab at videolan.org
Wed Jun 5 15:59:55 UTC 2024
Jean-Baptiste Kempf pushed to branch 3.0.x at VideoLAN / VLC
Commits:
f26a1f5d by Thomas Guillem at 2024-06-05T17:57:01+02:00
mms: use const in mms_ParsePacket()
(cherry picked from commit da84f3830856256d64073c31675cba7f6905919f)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
- - - - -
6835f6d1 by Thomas Guillem at 2024-06-05T17:57:01+02:00
mms: decrease i_packet_length in only one place
(cherry picked from commit 67b2b79534d3f6a48a4fc363615a4221993ccc95)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
- - - - -
6a9e214d by Thomas Guillem at 2024-06-05T17:57:01+02:00
mms: return -1 in case of error
The function calling mms_ParsePacket() is expecting -1 (for error) or a
valid positive integer for success.
(cherry picked from commit f1e521b494bc87a254c6a6a47d27a528e35b5ca0)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
- - - - -
e7f98f36 by Thomas Guillem at 2024-06-05T17:57:01+02:00
mms: fix potential integer overflow
That could lead to a heap buffer overflow.
Thanks Andreas Fobian for the security report.
(cherry picked from commit 467b24dd0f9b0b3d8ba11dd813b393892f7f1ed2)
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
- - - - -
dd8bfdba by Jean-Baptiste Kempf at 2024-06-05T17:58:05+02:00
Update NEWS for 3.0.21
- - - - -
2 changed files:
- NEWS
- modules/access/mms/mmstu.c
Changes:
=====================================
NEWS
=====================================
@@ -4,10 +4,15 @@ Changes between 3.0.20 and 3.0.21:
Decoders:
* Improve Opus ambisonic support
* Fix some ASS subtitle rendering issues
+ * Fix Opus in MP4 behaviour
+ * Fix VAAPI hw decoding with some drivers
+
+Input:
+ * Add support for HTTP content range handling according to RFC 9110
+ * Fix some HLS Adaptive Streaming not working in audio-only mode
Video Output:
* Super Resolution scaling with AMD GPUs
- * Add D3D11 option to use NVIDIA TrueHDR to generate HDR from SDR sources
* The D3D11 HDR option can also turn on/off HDR for all sources regardless of
the display
* Improve subtitles rendering on Apple platforms of notably Asian languages
@@ -15,6 +20,7 @@ Video Output:
Video Filter:
* New AMD VQ Enhancer filter
+ * Add D3D11 option to use NVIDIA TrueHDR to generate HDR from SDR sources
Audio Output:
* Fix regression on macOS causing crashes when using audio devices
@@ -23,9 +29,6 @@ Audio Output:
Services Discovery:
* Fix exposed UPnP directory URL schemes to be compliant with RFC 3986
-Input:
- * Add support for HTTP content range handling according to RFC 9110
-
Contrib:
* Update FFmpeg to 4.4.4
* Update dav1d to 1.4.2
@@ -34,6 +37,12 @@ Contrib:
libVLC:
* the HWND passed to libvlc_media_player_set_hwnd must have the WS_CLIPCHILDREN
style set.
+ * Fix crashes when using caopengllayer
+
+Misc:
+ * Fix various warnings, leaks and potential crashes
+ * Fix security integer overflow in MMS module
+
Changes between 3.0.19 and 3.0.20:
----------------------------------
=====================================
modules/access/mms/mmstu.c
=====================================
@@ -1253,7 +1253,7 @@ static int mms_ParseCommand( stream_t *p_access,
}
static int mms_ParsePacket( stream_t *p_access,
- uint8_t *p_data, size_t i_data,
+ const uint8_t *p_data, size_t i_data,
size_t *pi_used )
{
access_sys_t *p_sys = p_access->p_sys;
@@ -1313,21 +1313,24 @@ static int mms_ParsePacket( stream_t *p_access,
#endif
}
p_sys->i_packet_seq_num = i_packet_seq_num + 1;
+ i_packet_length -= 8; // don't bother with preheader
if( i_packet_id == p_sys->i_header_packet_id_type )
{
- uint8_t *p_reaced = realloc( p_sys->p_header,
- p_sys->i_header + i_packet_length - 8 );
+ size_t new_header_size;
+ if( add_overflow( p_sys->i_header, i_packet_length, &new_header_size ) )
+ return -1;
+ uint8_t *p_reaced = realloc( p_sys->p_header, new_header_size );
if( !p_reaced )
- return VLC_ENOMEM;
+ return -1;
- memcpy( &p_reaced[p_sys->i_header], p_data + 8, i_packet_length - 8 );
+ memcpy( &p_reaced[p_sys->i_header], p_data + 8, i_packet_length );
p_sys->p_header = p_reaced;
- p_sys->i_header += i_packet_length - 8;
+ p_sys->i_header = new_header_size;
/* msg_Dbg( p_access,
"receive header packet (%d bytes)",
- i_packet_length - 8 ); */
+ i_packet_length ); */
return MMS_PACKET_HEADER;
}
@@ -1337,15 +1340,15 @@ static int mms_ParsePacket( stream_t *p_access,
p_sys->i_media = 0;
p_sys->i_media_used = 0;
- p_sys->p_media = malloc( i_packet_length - 8 ); // don't bother with preheader
+ p_sys->p_media = malloc( i_packet_length );
if( !p_sys->p_media )
- return VLC_ENOMEM;
+ return -1;
- p_sys->i_media = i_packet_length - 8;
+ p_sys->i_media = i_packet_length;
memcpy( p_sys->p_media, p_data + 8, p_sys->i_media );
/* msg_Dbg( p_access,
"receive media packet (%d bytes)",
- i_packet_length - 8 ); */
+ i_packet_length ); */
return MMS_PACKET_MEDIA;
}
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/f5a1aa0988e33856ade7660f73259692c5d51cb0...dd8bfdbabe8ae3974ca3864ad3125879f523e3a2
--
This project does not include diff previews in email notifications.
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/f5a1aa0988e33856ade7660f73259692c5d51cb0...dd8bfdbabe8ae3974ca3864ad3125879f523e3a2
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the vlc-commits
mailing list