[vlc-commits] [Git][videolan/vlc][3.0.x] 92 commits: demux: ty: fix all warnings
Thomas Guillem (@tguillem)
gitlab at videolan.org
Thu Sep 11 09:27:53 UTC 2025
Thomas Guillem pushed to branch 3.0.x at VideoLAN / VLC
Commits:
00d35e21 by François Cartegnie at 2025-09-11T09:40:02+02:00
demux: ty: fix all warnings
(cherry picked from commit 52dbf22859e581fa5af74600247e9a0340d47c38)
Signed-off-by: Thomas Guillem <thomas at gllm.fr>
- - - - -
3e8d17d7 by Rémi Denis-Courmont at 2025-09-11T09:40:02+02:00
ty: fix signedness warning, missing limit check
(cherry picked from commit 9bd797a5c408da38551eb3269f9bfad141894059)
Signed-off-by: Thomas Guillem <thomas at gllm.fr>
- - - - -
40395e7b by Steve Lhomme at 2025-09-11T09:40:02+02:00
ty: replace skip size comparisons by skip size equality check
Compiler may generate better code and we really want to skip exactly that
amount. This will also bring some consistency with the other
vlc_stream_Read(NULL) callers.
(Partially cherry picked from commit e889e7326b3dcba59e290d82050527b1f54d6e53)
Signed-off-by: Thomas Guillem <thomas at gllm.fr>
- - - - -
a78e4083 by Thomas Guillem at 2025-09-11T09:40:02+02:00
demux: ty: fix leak in case of error
(cherry picked from commit 02921db96886fd82f94efa72fbbe4c1b7f32e5c4)
Signed-off-by: Thomas Guillem <thomas at gllm.fr>
- - - - -
a74759b1 by Thomas Guillem at 2025-09-11T09:40:02+02:00
demux: ty: define REC_SIZE
- - - - -
50cbdd05 by Thomas Guillem at 2025-09-11T09:40:02+02:00
demux: ty: define CHUNK_HEADER_SIZE
- - - - -
9f2d2d2f by Thomas Guillem at 2025-09-11T09:40:02+02:00
demux: ty: check i_num_recs
- - - - -
ede7bf74 by Thomas Guillem at 2025-09-11T09:40:02+02:00
demux: ty: handle possible errors from analyse_chunk
- - - - -
c2808a8f by Thomas Guillem at 2025-09-11T09:40:02+02:00
demux: ty: check buffer size
Prevent potential out of bound reads at the end of input.
- - - - -
e487d821 by Thomas Guillem at 2025-09-11T09:40:02+02:00
demux: ty: prevent out of bound read
- - - - -
beaa2622 by Thomas Guillem at 2025-09-11T09:40:02+02:00
demux: ty: remove xmalloc usage in get_chunk_header()
- - - - -
96811307 by Thomas Guillem at 2025-09-11T09:40:02+02:00
demux: ty: check l_rec_size
prevent that the sum of all l_rec_size don't go past the CHUNK.
Fixes #28771
- - - - -
a00cc493 by Steve Lhomme at 2025-09-11T09:40:02+02:00
spudec: don't generate a region for 0 width/height
Fixes #28983
- - - - -
f38423a1 by Steve Lhomme at 2025-09-11T09:40:02+02:00
substx3g: only replace \r on existing characters in the string
psz_subtitle is null terminated and doesn't always have the
same size as i_psz_bytelength.
Fixes #28965
- - - - -
b6b3b8ab by Steve Lhomme at 2025-09-11T09:40:02+02:00
svcdsub: avoid writing past the line pitch
Since we add +1 to i_count, we must remove it from the max value.
Fixes #28961
- - - - -
96788d37 by Thomas Guillem at 2025-09-11T09:40:02+02:00
dts: check rate and frame_length
Fixes #28977
- - - - -
cb28cb72 by Steve Lhomme at 2025-09-11T09:40:02+02:00
demux: avi: avoid rescaling with 0 rate
The result would end up being 0 anyway, but since 8c59fc7af4ad5c52168cb12b8bd296c4494df345
The newscale is also used for divisions.
Fixes [#28974](https://github.com/FilipRoseen-refp/vlc/issues/28974)
- - - - -
ce2af8f8 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: avi: fix AVI_StreamBytesSet() being called with potential negative value
- - - - -
634d4b0d by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: avi: fix AVI_StreamChunkSet() being called with potential negative/large value
- - - - -
dbf08d00 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: avi: fix potential negative chunk position usage
If we let AVI_PTSToChunk() report errors with negative values, a positive
i_dpts may result in a negative i_chunks_count.
We don't need to check i_dpts is positive anymore.
- - - - -
65e04179 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: avi: return -1 for errors in AVI_PTSToChunk()/AVI_PTSToByte()
All callsites are checked.
demuxctx.i_toread is already assuming -1 is some sort of error.
- - - - -
96a6e495 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: wav: reject ADPCM with negative number of samples
Fixes #28978
- - - - -
a2f4edfe by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: wav: reject IMA with negative number of samples
- - - - -
77b4bcd7 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: wav: ensure i_frame_samples is always positive
- - - - -
87697f2a by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: wav: simplify unnecessary negative checks
And simplify associated logs.
- - - - -
ce603eeb by Steve Lhomme at 2025-09-11T09:40:03+02:00
codec: webvtt: exit reduce loop when no reduction happens
The assert was there to ensure we don't loop indefinitely on a reduction
that does not happen.
We can check directly if it happened or not.
Fixes #28981
- - - - -
23f4a5ee by Thomas Guillem at 2025-09-11T09:40:03+02:00
mjpeg: fetch separator length once
- - - - -
298e0a83 by Thomas Guillem at 2025-09-11T09:40:03+02:00
mjpeg: fix heap-buffer-overflow
Fixes #29009
- - - - -
6f24087e by François Cartegnie at 2025-09-11T09:40:03+02:00
demux: avi: ensure max_streams limits
refs #28975
- - - - -
4beb515c by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: libasf: error on preroll conversion overflow
If the uint64_t is too big, the conversion to vlc_tick_t will be bogus.
We can't use such a huge preroll.
Fixes #29005
- - - - -
d009b577 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: libavi: avoid potential unsigned shift issue
biClrUsed is a uint32_t.
Fixes #29007
- - - - -
214fc295 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: mp4: read the sample description index as unsigned
Fixes #29008
- - - - -
c793ca95 by François Cartegnie at 2025-09-11T09:40:03+02:00
codec: webvtt: fix potential null deref
refs #28987
- - - - -
3a6dd613 by François Cartegnie at 2025-09-11T09:40:03+02:00
codec: webvtt: fix potential NULL derefs
refs #28988
- - - - -
81b2dc3d by Steve Lhomme at 2025-09-11T09:40:03+02:00
codec: webvtt: parse timestamps as signed values
sscanf("-1:00:27.500", "%u:%2u:%2u.%3u") returns a large for the negative value.
This happens on Windows and in Linux too [^1].
The returned timestamp is negative (matching what the text says).
That bogus timestamps is then discarded as invalid.
Fixes #28994
[^1]: https://godbolt.org/z/YWEYzPeGq
- - - - -
e37c298f by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: webvtt: avoid cast removing const
- - - - -
5e62dbb9 by Steve Lhomme at 2025-09-11T09:40:03+02:00
spudec: don't read/write past the RLE pixeldata
Fixes #28960
No error is generated, we just store valid data.
If we end up reading too much we will not issue a region for the subpicture.
- - - - -
cc08e838 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: mp4: accumulate all trun for a given track
Before the previous array was leaking and we were writing too
far in the array.
Fixes #28959
- - - - -
f596de79 by François Cartegnie at 2025-09-11T09:40:03+02:00
aout_ChannelReorder: always use limited range for reorder
aout_CheckChannelReorder <= aout_ChannelReorder
refs #28968
- - - - -
d86797d6 by Thomas Guillem at 2025-09-11T09:40:03+02:00
modules: packetizer: enforce type
Backportable version of 0463a37586aceebd09c1c294446d0c3b15a5fc4b
(without any CORE API change)
Fixes #28972
- - - - -
f421dd3b by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: asf: fix unitialized free on error
The goto may occur before the variables are initialized,
consecutive to 3758d15c000c9ec10711ca7e9580e43ba09601df.
Fixes #29058
- - - - -
5de04cd4 by François Cartegnie at 2025-09-11T09:40:03+02:00
packetizer: dts: fix dead loop
refs #29063
- - - - -
7485e3c7 by Rémi Denis-Courmont at 2025-09-11T09:40:03+02:00
mms: fix connection response string parsing
- Do not assume 16-bits unaligned reads work.
- Do not assume little endianess.
- Do not assume ASCII strings.
(cherry picked from commit a77e5fb55d0c32dcca07ee6067a9959caa2e4a7a)
- - - - -
6d2de75b by Rémi Denis-Courmont at 2025-09-11T09:40:03+02:00
mmstu: do not keep useless strings around
They are only printed in debug at start-up.
(cherry picked from commit 282163420fced9e638a21ff26d227b9e5bdaddef)
- - - - -
d8d09e7c by Rémi Denis-Courmont at 2025-09-11T09:40:03+02:00
mmstu: add proper boundary checks
This removes nonsensical arithmetic with pointer representation.
(cherry picked from commit da4d817d41024d32580aeecb5cfc1acf6fe81dcc)
- - - - -
ffcc2707 by Rémi Denis-Courmont at 2025-09-11T09:40:03+02:00
mms: fix signed warning
(cherry picked from commit 324958967b62104375438093d08e91d8d2c70324)
- - - - -
f956e243 by Thomas Guillem at 2025-09-11T09:40:03+02:00
avi: fix Integer-overflow in AVI_Rescale
Fixes #29001
- - - - -
384a3b27 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux/mkv: avoid casting to KaxCluster if it's not the right type
Fixes #29042
- - - - -
f40e2df4 by Tristan Matthews at 2025-09-11T09:40:03+02:00
demux: mkv: check earlier that current segment is valid
Fixes #29017
- - - - -
532e81b9 by François Cartegnie at 2025-09-11T09:40:03+02:00
demux: ogg: fix potential double free
refs #29220
- - - - -
859df557 by François Cartegnie at 2025-09-11T09:40:03+02:00
codec: cc: don't assume input size is checked by caller
refs #29216
- - - - -
ae1938e7 by François Cartegnie at 2025-09-11T09:40:03+02:00
packetizer: hevc: hvcc->annexb output prefix size is always 4
refs #29217
- - - - -
331007e5 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux/mkv: discard extra elements provided when reading a master element
If this happens that means we're leaking the upper element that was found.
It's not part of the data we want to read and went further than expected.
Fixes #29043
- - - - -
e9f7ff28 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux/mkv: fix header leak on error
Fixes #29044
- - - - -
354cffb7 by Thomas Guillem at 2025-09-11T09:40:03+02:00
wav: fix use of uninitialised value
This could lead to the wav probing to succeed without a valid fmt.
Fixes #28772
- - - - -
b3453533 by Steve Lhomme at 2025-09-11T09:40:03+02:00
packetizer: dts: fix busy loop with empty returned blocks
Fixes #29046
- - - - -
424aa4f6 by Thomas Guillem at 2025-09-11T09:40:03+02:00
codec: webvtt: subsvtt: fix SEGV
node->psz_attrs can be NULL, cf. CreateDomNodes().
Fixes #29049
- - - - -
57b68c97 by Steve Lhomme at 2025-09-11T09:40:03+02:00
asx: fix potential null dereference
Ref. #29114
- - - - -
5372fa64 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: mp4: don't use the i_nztime if it's invalid
It may be invalid when set via FragGetDemuxTimeFromTracksTime().
Ref. #28997
- - - - -
83f789b1 by Steve Lhomme at 2025-09-11T09:40:03+02:00
gme: handle es_out_Add() failure
Ref. #29114
- - - - -
dcb35866 by Steve Lhomme at 2025-09-11T09:40:03+02:00
packetizer: h264: check the default ref_idx values are valid
Reference values should only go up to 31:
> num_ref_idx_l0_default_active_minus1 specifies how > num_ref_idx_l0_active_minus1 is inferred for P, SP, and B slices
with num_ref_idx_active_override_flag equal to 0. The value of num_ref_idx_l0_default_active_minus1 shall be in the
range of 0 to 31, inclusive.
num_ref_idx_l1_default_active_minus1 specifies how num_ref_idx_l1_active_minus1 is inferred for B slices with
num_ref_idx_active_override_flag equal to 0. The value of num_ref_idx_l1_default_active_minus1 shall be in the range
of 0 to 31, inclusive.
- - - - -
87513b4c by Steve Lhomme at 2025-09-11T09:40:03+02:00
packetizer: h264: use the default ref_idx is the read value is too big
Reference values should only go up to 31:
> num_ref_idx_l0_default_active_minus1 specifies how
> num_ref_idx_l0_active_minus1 is inferred for P, SP, and B slices
> with num_ref_idx_active_override_flag equal to 0. The value of
> num_ref_idx_l0_default_active_minus1 shall be in the range of 0 to 31, inclusive.
> num_ref_idx_l1_default_active_minus1 specifies how num_ref_idx_l1_active_minus1
> is inferred for B slices with num_ref_idx_active_override_flag equal to 0.
> The value of num_ref_idx_l1_default_active_minus1 shall be in the range
> of 0 to 31, inclusive.
This is for the default values but it also applies to the read slice values.
Fixes #29050
- - - - -
76e98161 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: subtitle: sort items in demux master mode
We don't want the PCR to go back and forth.
Fixes #29051
- - - - -
2a4690a0 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: subtitle: return a vlc_tick_t from ParseRealTime
We should not mix VLC_EGENERIC and a vlc_tick_t return value.
We shift directly the value with VLC_TICK_0 when we have the value
as done in other parsers.
The invalid -1 value is used as in other parsers.
- - - - -
da171a5b by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: subtitle: avoid using uninitialized variables in ParseRealTime
The value may have been set by previous calls but we should not use it.
- - - - -
8bd8a148 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: subtitle: keep parsed fields private
And we don't need to initialize them.
- - - - -
2487ba27 by Steve Lhomme at 2025-09-11T09:40:03+02:00
demux: subtitle: only parse end time if it's found
We should not parse uninitialized buffers.
- - - - -
170f71cd by Steve Lhomme at 2025-09-11T09:40:03+02:00
codec: webvtt: limit the recursive calls to GetTimedTags/ConvertNodesToSegments()
With malicious files it's possible to overflow the stack.
50 levels of nested tags ought to be enough for anyone.
Fixes #28993.
No ruby support in VLC 3.0 compared to the same patch on VLC 4.0.
- - - - -
9bcd8647 by Steve Lhomme at 2025-09-11T09:40:03+02:00
codec: webvtt: inline webvtt_region_ClearCues calls into webvtt_region_Delete()
- - - - -
223f8554 by Steve Lhomme at 2025-09-11T09:40:03+02:00
codec: webvtt: inline Delete calls in webvtt_domnode_ChainDelete()
So we can see the recursions.
- - - - -
2d7b038d by Steve Lhomme at 2025-09-11T09:40:03+02:00
codec: webvtt: always free the current node in webvtt_domnode_ChainDelete()
It doesn't matter which type it has.
- - - - -
8532a9dd by Steve Lhomme at 2025-09-11T09:40:03+02:00
codec: webvtt: split the code to acutally Delete webvtt_dom_node_t data
So we don't use recursions. We only need an extra loop on the child elements
to delete. But it will not cause a recursion.
- - - - -
1ea22658 by Steve Lhomme at 2025-09-11T09:40:03+02:00
mms: clarify reading boundaries
We need to take in account how much buffer is available to write.
Given we were requesting at least half our (arbitrary) buffer size, we might as
well request to fill the whole available buffer.
This is equivalent to the previous code since i_tcp is always
> MMS_BUFFER_SIZE/2 - p_sys->i_buffer_tcp
And i_udp is always
> MMS_BUFFER_SIZE/2 - p_sys->i_buffer_udp
- - - - -
7c1b7970 by Steve Lhomme at 2025-09-11T09:40:03+02:00
mms: initialize the error states in mms_ParseCommand()
The pi_used may have been used uninitialized.
- - - - -
d0b2e534 by Steve Lhomme at 2025-09-11T09:40:03+02:00
mms: check errors before allocating the output buffer in mms_ParseCommand
And set the state when there's an error by default.
- - - - -
c91c4d46 by Steve Lhomme at 2025-09-11T09:40:03+02:00
mmx: only allocate the length we will use in mms_ParseCommand()
- - - - -
08e35bf2 by Thomas Guillem at 2025-09-11T09:40:04+02:00
codec: webvtt: fix SEGV
psz can be NULL, cf. CSSGrammar.y
Fixes #29047
- - - - -
9e76bfac by Steve Lhomme at 2025-09-11T09:40:04+02:00
demux: mkv: check bogus block reading
We should not use the block data if it was not fully read.
- - - - -
deae8a9d by Steve Lhomme at 2025-09-11T09:40:04+02:00
spudec: don't read Nibble past our buffer
We read in the buffer with an offset of 4.
Fixes https://code.videolan.org/videolan/vlc/-/issues/29234
- - - - -
8b191f39 by Steve Lhomme at 2025-09-11T09:40:04+02:00
demux: subtitle: always end the filled buffer
strstr() expects a nul terminated string.
Fixes https://code.videolan.org/videolan/vlc/-/issues/29235
- - - - -
28663bc7 by François Cartegnie at 2025-09-11T09:40:04+02:00
codec: webvtt: fix heap read overflow on empty string match
refs #29233
- - - - -
8e7503ad by François Cartegnie at 2025-09-11T09:40:04+02:00
codec: webvtt: early exit on empty class
- - - - -
1af979fc by Steve Lhomme at 2025-09-11T09:40:04+02:00
demux: libmp4: avoid allowing an index bigger than the array contains
It should not happen in the for loop, but better safe than sorry.
- - - - -
102b1966 by Steve Lhomme at 2025-09-11T09:40:04+02:00
demux: libmp4: keep stss sample numbers as they are in the file
Adapt the only place it's used in the code to account for the -1 difference.
Fixes #28982
- - - - -
6f1a5903 by François Cartegnie at 2025-09-11T09:40:04+02:00
contrib: dvbpsi: fix out-of-bounds read
(cherry picked from commit 5e024041bfcb2f51bfd27d122efe2199aeeea216)
- - - - -
8d8c79b4 by Felix Paul Kühne at 2025-09-11T09:40:04+02:00
doc: update for 2025
- - - - -
d7a66640 by Felix Paul Kühne at 2025-09-11T09:40:04+02:00
configure.ac: prepare for 3.0.22
- - - - -
f5f7d5ff by Steve Lhomme at 2025-09-11T09:40:04+02:00
configure: prepare 3.0.22-rc1
- - - - -
1aa88517 by Felix Paul Kühne at 2025-09-11T09:40:04+02:00
NEWS: prepare for 3.0.22
- - - - -
7d92d2b7 by Steve Lhomme at 2025-09-11T09:40:04+02:00
NEWS: update for 3.0.22
- - - - -
68522c26 by Felix Paul Kühne at 2025-09-11T10:07:18+02:00
video_filter/amf: drop shortcut l10n
The module shortcut name should not be translatable.
- - - - -
76d714c3 by Tristan Matthews at 2025-09-11T10:07:18+02:00
flac: handle NULL streaminfo
Fixes https://issues.oss-fuzz.com/issues/443965736
- - - - -
30 changed files:
- NEWS
- configure.ac
- + contrib/src/dvbpsi/0001-dvbpsi_packet_push-compute-sizes-using-pointer-to-en.patch
- + contrib/src/dvbpsi/0002-dvbpsi_packet_push-check-adaptation-field-length.patch
- + contrib/src/dvbpsi/0003-dvbpsi_packet_push-check-section-pointers-field.patch
- + contrib/src/dvbpsi/0004-dvbpsi_packet_push-check-section-length.patch
- contrib/src/dvbpsi/rules.mak
- doc/Makefile.am
- modules/access/dcp/dcp.cpp
- modules/access/mms/mmstu.c
- modules/access/mms/mmstu.h
- modules/audio_output/waveout.c
- modules/codec/aes3.c
- modules/codec/cc.h
- modules/codec/cvdsub.c
- modules/codec/daala.c
- modules/codec/kate.c
- modules/codec/lpcm.c
- modules/codec/oggspots.c
- modules/codec/rawvideo.c
- modules/codec/speex.c
- modules/codec/spudec/parse.c
- modules/codec/spudec/spudec.c
- modules/codec/substx3g.c
- modules/codec/svcdsub.c
- modules/codec/theora.c
- modules/codec/vorbis.c
- modules/codec/webvtt/CSSGrammar.y
- modules/codec/webvtt/css_style.c
- modules/codec/webvtt/subsvtt.c
The diff was not included because it is too large.
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/9f1d03dd3cdcb2372f9e1a84c308442ba2ea25b6...76d714c3df6e4e0eeb0bbbb13fb23f7eb1aa7014
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/9f1d03dd3cdcb2372f9e1a84c308442ba2ea25b6...76d714c3df6e4e0eeb0bbbb13fb23f7eb1aa7014
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the vlc-commits
mailing list