- May 24, 2019
-
-
Hugo Beauzée-Luyssen authored -
From the release notes of 1.6.36: "Fixes some build issues, adds a couple of small optimizations (ARM png_do_expand_palette(), Intel SSE2 memcpy()), and updates the license (identical terms to the zlib license, with the old license appended in the manner of the Python Software Foundation License version 2, and the list of contributing authors moved to a separate AUTHORS file)." 1.6.37: This release fixed CVE-2019-7317, although our png module is not using this API. (cherry picked from commit a643b2fa) (cherry picked from commit 6bfeb1d8) Signed-off-by:
Jean-Baptiste Kempf <jb@videolan.org>
-
When repeat/loop is enabled, and items fail to play, VLC enters an infinite liveloop and floods errors. We cannot just stop on errors, because retrying indefinitely may be the expected behavior: <https://trac.videolan.org/vlc/ticket/18582#comment:3> Instead, wait some delay before starting the next item, depending on the number of consecutive errors: - 1st error: 100ms - 2nd error: 200ms - 3rd error: 400ms - 4th error: 800ms - 5th error: 1.6s - further errors: 3.2s A single successful playback resets the errors counter. Note-from-committer: -------------------- This is not a complete and correct fix, but this hides the issue for our users for the vast majority of the cases. Once a proper fix is done, please revert this. Ref #5901 Fixes #6245 #6339 #7305 #7798 #8893 #9230 #11066 #11961 #12104 #12909 #13878 #14679 #15805 #16697 #17660 #18582 #18942 #19284 #19313 #20365 #21564 #21672 #21897 #22118
-
- May 23, 2019
-
-
David authored
In theory, some objects are only released during drain of the autorelease pool (i.e. at the place of the closing bracket of the @autorelease block). Some of those objects might need getInf() in their dealloc code, so this pointer should stay available at this stage. Should fix crash id 8f0bb1b4-fa5a-4d92-bcb3-9f6c0130fc86. (cherry picked from commit fdbf7317) Signed-off-by:
David Fuhrmann <dfuhrmann@videolan.org>
-
Hugo Beauzée-Luyssen authored
-
Hugo Beauzée-Luyssen authored
https://hackerone.com/reports/513704 (cherry picked from commit c6b07d7c) Signed-off-by:
Hugo Beauzée-Luyssen <hugo@beauzee.fr>
-
Hugo Beauzée-Luyssen authored
(cherry picked from commit 5ef3830f) Signed-off-by:
-
Hugo Beauzée-Luyssen authored
(cherry picked from commit 81023659) Signed-off-by:
-
https://hackerone.com/reports/504722 Signed-off-by:
-
Hugo Beauzée-Luyssen authored
https://hackerone.com/reports/504484 (cherry picked from commit de2d5605) Signed-off-by:
-
Hugo Beauzée-Luyssen authored
Leading to an out of bound read https://hackerone.com/reports/501971 https://hackerone.com/reports/484398 (cherry picked from commit 2e7d1075) Signed-off-by:
-
Hugo Beauzée-Luyssen authored
https://hackerone.com/reports/503218 (cherry picked from commit 1c1923d8) Signed-off-by:
-
Hugo Beauzée-Luyssen authored
https://hackerone.com/reports/503218 (cherry picked from commit af75fb6f) Signed-off-by:
-
https://hackerone.com/reports/504469 Signed-off-by:
-
Hugo Beauzée-Luyssen authored
https://hackerone.com/reports/502816 https://hackerone.com/reports/507858 (cherry picked from commit 16d40d9f) Signed-off-by:
-
Hugo Beauzée-Luyssen authored
https://hackerone.com/reports/513470 (cherry picked from commit 30e0a2fd) Signed-off-by:
-
(cherry picked from commit 5ce2f287) Signed-off-by:
-
(cherry picked from commit 889fbe9a) Signed-off-by:
-
https://hackerone.com/reports/496376 Signed-off-by:
-
The UpnpResolveURL APi is very hard to use correctly and can result in buffer overflow issues. Use the UpnpResolveURL2 API instead and fix two small buffer overflows. https://hackerone.com/reports/494841 Signed-off-by:
Will Newton <will.newton@gmail.com> Signed-off-by:
-
Hugo Beauzée-Luyssen authored
DoReordering is bound by frame.channels, but the source array was bound by AOUT_MAX_CHAN https://hackerone.com/reports/503208 (cherry picked from commit f256bf04) Signed-off-by:
-
Hugo Beauzée-Luyssen authored
https://hackerone.com/reports/503663 (cherry picked from commit ca3eb137) Signed-off-by:
-
Hugo Beauzée-Luyssen authored
https://hackerone.com/reports/504668 (cherry picked from commit 824ffaae) Signed-off-by:
-
https://hackerone.com/reports/501938 Signed-off-by:
-
https://hackerone.com/reports/502579 Signed-off-by:
-
Hugo Beauzée-Luyssen authored
https://hackerone.com/reports/503242 (cherry picked from commit 6f8e90c2) Signed-off-by:
-
https://hackerone.com/reports/495092 Signed-off-by:
-
https://hackerone.com/reports/492882 Signed-off-by:
-
Hugo Beauzée-Luyssen authored
https://hackerone.com/reports/484787 (cherry picked from commit fd3acfe9) Signed-off-by:
-
https://hackerone.com/reports/493336 Signed-off-by:
-
In all cases we use priv->sub_packet_size which if much further than the first 28 bytes. https://hackerone.com/reports/492886 Signed-off-by:
-
https://hackerone.com/reports/493336 Signed-off-by:
-
Make sure we don't use negative values or a value when the extra buffer allocation failed. https://hackerone.com/reports/493436 Signed-off-by:
-
https://hackerone.com/reports/491495 (cherry picked from commit d1d41b3f) Signed-off-by:
-
Hugo Beauzée-Luyssen authored
https://hackerone.com/reports/491570 (cherry picked from commit 040038da) Signed-off-by:
-
Hugo Beauzée-Luyssen authored
Signed-off-by:
-
The pitch is similar to the full picture, but there's half the lines. Compared to I420 where the second/third planes have half width and half height. https://hackerone.com/reports/485437 Signed-off-by:
-
We own the block though CMediaBufferCreate(), it will be released when the CMediaBuffer is released by the DMO. Introduced in a8b249bc https://hackerone.com/reports/484387 Signed-off-by:
-
Hugo Beauzée-Luyssen authored
-
(cherry picked from commit 289041f4) Signed-off-by:
-
