From 19f1bfdf40ec7143c7fc3d5d2c330bec8a0bc967 Mon Sep 17 00:00:00 2001 From: Avuton Olrich Date: Wed, 15 Jul 2009 13:36:41 -0700 Subject: Modify version string to post-release version 0.15.2~git --- NEWS | 3 +++ 1 file changed, 3 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index bf9401d6c..d6da68e72 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +ver 0.15.2 (2009/??/??) + + ver 0.15.1 (2009/07/15) * decoders: - flac: fix assertion failure in tag_free() call -- cgit v1.2.3 From a988b9b0259e7d0b1090913087369dd504cd0f45 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Sat, 18 Jul 2009 22:45:56 +0200 Subject: ape: check the tag size (fixes integer underflow) The expression "tagLen - size > 0" may result in an integer underflow and a buffer overflow, when "size" is larger than "tagLen". "size" is read from the input file, and must not be trusted. This patch changes the expression to "tagLen > size", which is a lot safer. --- NEWS | 2 ++ 1 file changed, 2 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index d6da68e72..66ad2cfed 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,6 @@ ver 0.15.2 (2009/??/??) +* tags: + - ape: check the tag size (fixes integer underflow) ver 0.15.1 (2009/07/15) -- cgit v1.2.3 From 0ce727d5d459c2319edc507eb2e71af8a1c9d5dc Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Sun, 19 Jul 2009 17:38:46 +0200 Subject: ape: added protection against large memory allocations The function tag_ape_load() retrieves a 32 bit unsigned integer from the input file, and passes it to g_malloc(). This is dangerous, and may be used for a denial of service attack on MPD. --- NEWS | 1 + 1 file changed, 1 insertion(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 66ad2cfed..8e2c59b78 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,7 @@ ver 0.15.2 (2009/??/??) * tags: - ape: check the tag size (fixes integer underflow) + - ape: added protection against large memory allocations ver 0.15.1 (2009/07/15) -- cgit v1.2.3 From 322ef3cb805dacff84aea1e18a840e2bbf8cc881 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Wed, 22 Jul 2009 12:57:03 +0200 Subject: mad: skip ID3 frames when libid3tag is disabled When libid3tag is disabled, the libmad decoder plugin is unable to identify ID3 frames. If the file starts with an (unidentified) ID3 frame, it assumes that the file is not a valid MP3 song. This patch solves this by adding minimal stubs for the ID3 functions. --- NEWS | 2 ++ 1 file changed, 2 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 8e2c59b78..674cf61d9 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,8 @@ ver 0.15.2 (2009/??/??) * tags: - ape: check the tag size (fixes integer underflow) - ape: added protection against large memory allocations +* decoders: + - mad: skip ID3 frames when libid3tag is disabled ver 0.15.1 (2009/07/15) -- cgit v1.2.3 From 47ed89bd4c6499d475d5f16cb89d7be95763670c Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Wed, 22 Jul 2009 13:31:48 +0200 Subject: decoder/flac: parse all replaygain tags The FLAC replaygain parser used the "||" operator. This made the code stop after the first value which was found. --- NEWS | 1 + 1 file changed, 1 insertion(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 674cf61d9..374c58d80 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,7 @@ ver 0.15.2 (2009/??/??) - ape: added protection against large memory allocations * decoders: - mad: skip ID3 frames when libid3tag is disabled + - flac: parse all replaygain tags ver 0.15.1 (2009/07/15) -- cgit v1.2.3 From e44f31391234607ce0e95d69903142e71d61c813 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 14 Aug 2009 11:51:35 +0200 Subject: update: free empty path string (memleak) When you pass an empty string to directory_update_init(), it was not freed by update_task(). --- NEWS | 1 + 1 file changed, 1 insertion(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 374c58d80..d312b6d97 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,7 @@ ver 0.15.2 (2009/??/??) * decoders: - mad: skip ID3 frames when libid3tag is disabled - flac: parse all replaygain tags +* update: free empty path string (memleak) ver 0.15.1 (2009/07/15) -- cgit v1.2.3 From 1c4f407a6db4c4795bbbc354f5cf311762fb8e33 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 14 Aug 2009 11:51:42 +0200 Subject: decoder/flac: don't allocate cuesheet twice (memleak) The function flac_cue_track() first calls FLAC__metadata_object_new(), then overwrites this pointer with FLAC__metadata_get_cuesheet(). This allocate two FLAC__StreamMetadata objects, but the first pointer is lost, and never freed. --- NEWS | 1 + 1 file changed, 1 insertion(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index d312b6d97..3da38e8d4 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,7 @@ ver 0.15.2 (2009/??/??) * decoders: - mad: skip ID3 frames when libid3tag is disabled - flac: parse all replaygain tags + - flac: don't allocate cuesheet twice (memleak) * update: free empty path string (memleak) -- cgit v1.2.3 From 5d6f7803e1059f527a70e541ed3945c19bd78c90 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 14 Aug 2009 11:51:51 +0200 Subject: update: free temporary string in container scan (memleak) The return value of map_directory_child_fs() must be freed. --- NEWS | 1 + 1 file changed, 1 insertion(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 3da38e8d4..68d700bac 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ ver 0.15.2 (2009/??/??) - flac: parse all replaygain tags - flac: don't allocate cuesheet twice (memleak) * update: free empty path string (memleak) +* update: free temporary string in container scan (memleak) ver 0.15.1 (2009/07/15) -- cgit v1.2.3 From 7dddd9beda2bb0505758bb6a32cae6feb3215733 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 14 Aug 2009 11:52:00 +0200 Subject: directory: free empty directories after removing them (memleak) dirvec_delete() does not free the object, we have to call directory_free() afterwards. --- NEWS | 1 + 1 file changed, 1 insertion(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 68d700bac..d10ac66e7 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,7 @@ ver 0.15.2 (2009/??/??) - flac: don't allocate cuesheet twice (memleak) * update: free empty path string (memleak) * update: free temporary string in container scan (memleak) +* directory: free empty directories after removing them (memleak) ver 0.15.1 (2009/07/15) -- cgit v1.2.3 From 7133f560ec24c90671a40c9f9bc9cea6eb31cc17 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 14 Aug 2009 11:52:12 +0200 Subject: output: fixed shout stuck pause bug Explicitly make the output thread leave the ao_pause() loop. This patch is a workaround, and the "pause" flag is not managed in a thread-safe way, but that's good enough for now. --- NEWS | 2 ++ 1 file changed, 2 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index d10ac66e7..e0f6a433d 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,8 @@ ver 0.15.2 (2009/??/??) - mad: skip ID3 frames when libid3tag is disabled - flac: parse all replaygain tags - flac: don't allocate cuesheet twice (memleak) +* output: + - shout: fixed stuck pause bug * update: free empty path string (memleak) * update: free temporary string in container scan (memleak) * directory: free empty directories after removing them (memleak) -- cgit v1.2.3 From f38ce5408b5d0126b8cfe730c91d5203ee59a987 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 14 Aug 2009 11:52:36 +0200 Subject: output/shout: minimize the unpause latency During the pause loop, manually sleep for 500ms if shout_delay() returns a value greater than that. Don't exhaust libshout's buffer. --- NEWS | 1 + 1 file changed, 1 insertion(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index e0f6a433d..4442c70ef 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,7 @@ ver 0.15.2 (2009/??/??) - flac: don't allocate cuesheet twice (memleak) * output: - shout: fixed stuck pause bug + - shout: minimize the unpause latency * update: free empty path string (memleak) * update: free temporary string in container scan (memleak) * directory: free empty directories after removing them (memleak) -- cgit v1.2.3 From 5715534b530cfed0d6650b0fb34cfcb17da4088b Mon Sep 17 00:00:00 2001 From: Avuton Olrich Date: Sat, 15 Aug 2009 11:57:50 -0700 Subject: mpd version 0.15.2 --- NEWS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 4442c70ef..d460f0c9d 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -ver 0.15.2 (2009/??/??) +ver 0.15.2 (2009/08/15) * tags: - ape: check the tag size (fixes integer underflow) - ape: added protection against large memory allocations -- cgit v1.2.3