xine-lib: fixes including a use-after free and a free(uninited pointer),

from upstream via Brad

multimedia/xine-lib/Makefile

@@ -1,7 +1,7 @@
 COMMENT=	multimedia decoding library
 
 DISTNAME=	xine-lib-1.2.12
-REVISION=	0
+REVISION=	1
 CATEGORIES=	multimedia
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=xine/}
 EXTRACT_SUFX=	.tar.xz
@@ -61,6 +61,8 @@ CFLAGS+=	-ffast-math
 
 MAKE_ENV=	V=1
 
+FIX_CRLF_FILES=	src/demuxers/asfheader.c
+
 USE_GMAKE=	Yes
 CONFIGURE_STYLE= autoconf
 AUTOCONF_VERSION= 2.69

multimedia/xine-lib/patches/patch-src_demuxers_asfheader_c

@@ -0,0 +1,15 @@
+Fix freeing uninitialized pointer (error path)
+bf940cd3fc5773a1dd63ff52657a3829cf31f80f
+
+Index: src/demuxers/asfheader.c
+--- src/demuxers/asfheader.c.orig
++++ src/demuxers/asfheader.c
+@@ -415,7 +415,7 @@ static int asf_header_parse_stream_extended_properties
+ 
+   /* get stream names */
+   if (asf_stream_extension->stream_name_count) {
+-    asf_stream_extension->stream_names = malloc (asf_stream_extension->stream_name_count * sizeof (void*));
++    asf_stream_extension->stream_names = calloc (asf_stream_extension->stream_name_count, sizeof (void*));
+     for (i = 0; i < asf_stream_extension->stream_name_count; i++) {
+       char *name;
+       uint16_t length;

multimedia/xine-lib/patches/patch-src_demuxers_demux_smjpeg_c

@@ -0,0 +1,68 @@
+- Use int64_t when calculating pts
+  7fd1885d7c3be202ed48609ee3f63ed1b642df9f
+- Fix use-after-free
+  af586f66a0d446c2ca9d3967a4fcdd534dbd0759
+
+Index: src/demuxers/demux_smjpeg.c
+--- src/demuxers/demux_smjpeg.c.orig
++++ src/demuxers/demux_smjpeg.c
+@@ -75,6 +75,7 @@ typedef struct {
+   /* video information */
+   unsigned int         video_type;
+   xine_bmiheader       bih;
++  int64_t              last_frame_pts;
+ 
+   /* audio information */
+   unsigned int         audio_type;
+@@ -194,7 +195,6 @@ static int demux_smjpeg_send_chunk(demux_plugin_t *thi
+   unsigned int remaining_sample_bytes;
+   unsigned char preamble[SMJPEG_CHUNK_PREAMBLE_SIZE];
+   off_t current_file_pos;
+-  int64_t last_frame_pts = 0;
+   unsigned int audio_frame_count = 0;
+ 
+   /* load the next sample */
+@@ -228,9 +228,7 @@ static int demux_smjpeg_send_chunk(demux_plugin_t *thi
+    * Therefore, manually compute the pts values for the audio samples.
+    */
+   if (chunk_tag == sndD_TAG) {
+-    pts = audio_frame_count;
+-    pts *= 90000;
+-    pts /= (this->audio_sample_rate * this->audio_channels);
++    pts = INT64_C(90000) * audio_frame_count / ((int64_t)this->audio_sample_rate * this->audio_channels);
+     audio_frame_count += ((remaining_sample_bytes - 4) * 2);
+   } else {
+     pts = _X_BE_32(&preamble[4]);
+@@ -255,12 +253,12 @@ static int demux_smjpeg_send_chunk(demux_plugin_t *thi
+       buf->extra_info->input_time = pts / 90;
+       buf->pts = pts;
+ 
+-      if (last_frame_pts) {
++      if (this->last_frame_pts) {
+         buf->decoder_flags |= BUF_FLAG_FRAMERATE;
+-        buf->decoder_info[0] = buf->pts - last_frame_pts;
++        buf->decoder_info[0] = buf->pts - this->last_frame_pts;
+       }
+ 
+-      if ((int)remaining_sample_bytes > buf->max_size)
++      if (remaining_sample_bytes > (unsigned)buf->max_size)
+         buf->size = buf->max_size;
+       else
+         buf->size = remaining_sample_bytes;
+@@ -294,7 +292,7 @@ static int demux_smjpeg_send_chunk(demux_plugin_t *thi
+   }
+ 
+   if (chunk_tag == vidD_TAG)
+-    last_frame_pts = buf->pts;
++    this->last_frame_pts = pts;
+ 
+   return this->status;
+ }
+@@ -359,6 +357,7 @@ static int demux_smjpeg_seek (demux_plugin_t *this_gen
+ 
+     this->status = DEMUX_OK;
+   }
++  this->last_frame_pts = 0;
+ 
+   return this->status;
+ }

multimedia/xine-lib/patches/patch-src_post_visualizations_tdaudioanalyzer_c

@@ -0,0 +1,15 @@
+Use int64_t when calculating pts
+7fd1885d7c3be202ed48609ee3f63ed1b642df9f
+
+Index: src/post/visualizations/tdaudioanalyzer.c
+--- src/post/visualizations/tdaudioanalyzer.c.orig
++++ src/post/visualizations/tdaudioanalyzer.c
+@@ -846,7 +846,7 @@ static void tdaan_port_put_buffer (
+   if (pts) {
+     int offs = (this->ring_put - this->ring_get) & RING_MASK;
+     offs    -= this->samples_per_frame >> 1;
+-    pts     -= 90000 * offs / (int)port->rate;
++    pts     -= INT64_C(90000) * offs / (int)port->rate;
+   }
+   /* buffer incoming audio */
+   do {

multimedia/xine-lib/patches/patch-src_xine-utils_utils_c

@@ -1,5 +1,8 @@
-Make use of clock_gettime() on OpenBSD. Until we have per-process
-timers and can enable _POSIX_TIMERS in unistd.h.
+- Make use of clock_gettime() on OpenBSD. Until we have per-process
+  timers and can enable _POSIX_TIMERS in unistd.h.
+
+- Fix fd lead (error path)
+  ef445262b10938eb7c0373d42fef0f465a3fb479
 
 Index: src/xine-utils/utils.c
 --- src/xine-utils/utils.c.orig
@@ -14,3 +17,21 @@ Index: src/xine-utils/utils.c
    static int xmc_mode = 0;
  
    do {
+@@ -1299,11 +1300,15 @@ xine_fast_text_t *xine_fast_text_load (const char *fil
+   f = fopen (filename, "rb");
+   if (!f)
+     return NULL;
+-  if (fseek (f, 0, SEEK_END))
++  if (fseek (f, 0, SEEK_END)) {
++    fclose(f);
+     return NULL;
++  }
+   filesize = ftell (f);
+-  if (fseek (f, 0, SEEK_SET))
++  if (fseek (f, 0, SEEK_SET)) {
++    fclose(f);
+     return NULL;
++  }
+ 
+   if (filesize > max_size)
+     filesize = max_size;