1
0
mirror of https://github.com/mpv-player/mpv synced 2024-12-27 01:22:30 +00:00
mpv/video
wm4 11d35b72a6 x11: fix X property out of bounds memory reads
The size overflow check was inverted: instead of allowing reading only
the first dst_size bytes of the property, it allowed copying past the
property buffer (as returned by xlib). xlib doesn't return the size of
the buffer in bytes, so it has to be computed and checked manually.

Wouldn't it be great if C allowed me to write the overflow check in a
readable way, so it doesn't trick me into writing dumb security bugs?

Relying on X security is even dumber than creating a X security bug,
though, so this was not a real problem. But I found that one specific
call tried to read more than what the property provided, so reduce that.

Also, len*ib obviously can't overflow, so there's an additional layer of
dumb to this whole thing.

While we're at dumb things, why the hell does xlib use "long" for 32 bit
types. It's a god damn pain.
2019-12-18 07:12:53 +01:00
..
decode vd_lavc: add gross workaround for nvdec/libavcodec broken API issue 2019-12-18 01:56:50 +01:00
filter vf_gpu: render subtitles 2019-11-30 18:09:31 +01:00
out x11: fix X property out of bounds memory reads 2019-12-18 07:12:53 +01:00
csputils.c csputils: fix outdated comment 2019-10-20 16:00:32 +02:00
csputils.h video: add pure gamma TRC curves for 2.0, 2.4 and 2.6. 2019-09-27 13:21:41 +02:00
d3d.c video: remove mp_image_params.hw_flags field 2019-10-17 22:43:14 +02:00
d3d.h video: move d3d.c out of decode sub directory 2017-12-01 17:58:56 +01:00
fmt-conversion.c test: add dumping of img_format metadata 2019-11-08 21:22:49 +01:00
fmt-conversion.h
hwdec.c video: rewrite filtering glue code 2018-01-30 03:10:27 -08:00
hwdec.h video: remove mp_image_params.hw_flags field 2019-10-17 22:43:14 +02:00
image_loader.c screenshot, vo_image: use global swscale/zimg parameters 2019-10-31 15:44:09 +01:00
image_loader.h
image_writer.c screenshot, vo_image: use global swscale/zimg parameters 2019-10-31 15:44:09 +01:00
image_writer.h screenshot, vo_image: use global swscale/zimg parameters 2019-10-31 15:44:09 +01:00
img_format.c img_format: remove some unneeded alpha flag handling 2019-11-08 21:22:49 +01:00
img_format.h img_format: remove some unneeded alpha flag handling 2019-11-08 21:22:49 +01:00
mp_image_pool.c mp_image_pool: expose a function for reporting hw download format 2019-10-02 21:07:14 +02:00
mp_image_pool.h mp_image_pool: expose a function for reporting hw download format 2019-10-02 21:07:14 +02:00
mp_image.c mp_image: copy closed captions when copying attributes 2019-10-25 22:38:00 +02:00
mp_image.h video, demux: rip out unused spherical metadata code 2019-10-17 22:49:26 +02:00
sws_utils.c sws_utils: remove some unnecessary sws bug work around 2019-11-03 22:48:49 +01:00
sws_utils.h sws_utils, zimg: destroy vo_x11 and vo_drm performance 2019-10-31 16:51:12 +01:00
vaapi.c vaapi: remove hacks for pre-libva2 log callbacks 2019-10-18 15:37:16 +02:00
vaapi.h vo_gpu: hwdec_vaapi: Suppress format errors when probing 2019-07-08 01:57:02 +02:00
vdpau_functions.inc
vdpau_mixer.c
vdpau_mixer.h
vdpau.c hwdec: remove unused fields 2017-12-21 19:31:36 +01:00
vdpau.h vd_lavc, vdpau, vaapi: restore emulated API avoidance 2017-12-02 04:53:51 +01:00
zimg.c DOCS/contribute.md, zimg: remove 2 instances of an extraneous "s" 2019-11-07 22:53:13 +01:00
zimg.h sws_utils, zimg: destroy vo_x11 and vo_drm performance 2019-10-31 16:51:12 +01:00