From c50695c14b0856d0cd2573a0b9a0c0f40a6d8270 Mon Sep 17 00:00:00 2001 From: Mark Nauwelaerts Date: Mon, 6 Dec 2010 17:45:38 +0100 Subject: [PATCH 1/4] jpegdec: avoid infinite loop when resyncing Fixes #635734 (partly). --- ext/jpeg/gstjpegdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ext/jpeg/gstjpegdec.c b/ext/jpeg/gstjpegdec.c index 50febc4e61..fedf25e798 100644 --- a/ext/jpeg/gstjpegdec.c +++ b/ext/jpeg/gstjpegdec.c @@ -498,6 +498,7 @@ gst_jpeg_dec_parse_image_data (GstJpegDec * dec) if (noffset < 0) { /* ignore and continue resyncing until we hit the end * of our data or find a sync point that looks okay */ + offset++; continue; } GST_DEBUG ("found sync at 0x%x", offset + 2); From 04fae48d1da38e41f9b65f4a91de89f538a1775f Mon Sep 17 00:00:00 2001 From: Mark Nauwelaerts Date: Mon, 6 Dec 2010 18:16:19 +0100 Subject: [PATCH 2/4] jpegdec: discard incomplete image ... as determined when finding SOI next image before an EOI. Based on patch by David Hoyt Fixes #635734. --- ext/jpeg/gstjpegdec.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/ext/jpeg/gstjpegdec.c b/ext/jpeg/gstjpegdec.c index fedf25e798..987827bf54 100644 --- a/ext/jpeg/gstjpegdec.c +++ b/ext/jpeg/gstjpegdec.c @@ -382,9 +382,10 @@ gst_jpeg_dec_parse_tag_has_entropy_segment (guint8 tag) return FALSE; } -/* returns image length in bytes if parsed - * successfully, otherwise 0 */ -static guint +/* returns image length in bytes if parsed successfully, + * otherwise 0 if more data needed, + * if < 0 the absolute value needs to be flushed */ +static gint gst_jpeg_dec_parse_image_data (GstJpegDec * dec) { guint size; @@ -445,8 +446,15 @@ gst_jpeg_dec_parse_image_data (GstJpegDec * dec) dec->parse_resync = FALSE; dec->parse_offset = 0; return (offset + 4); + } else if (value == 0xd8) { + /* Skip this frame if we found another SOI marker */ + GST_DEBUG ("0x%08x: SOI marker before EOI, skipping", offset + 2); + dec->parse_resync = FALSE; + dec->parse_offset = 0; + return -(offset + 2); } + if (value >= 0xd0 && value <= 0xd7) frame_len = 0; else { @@ -1149,7 +1157,8 @@ gst_jpeg_dec_chain (GstPad * pad, GstBuffer * buf) #endif guchar *outdata; guchar *base[3], *last[3]; - guint img_len, outsize; + gint img_len; + guint outsize; gint width, height; gint r_h, r_v; guint code, hdr_ok; @@ -1187,6 +1196,7 @@ gst_jpeg_dec_chain (GstPad * pad, GstBuffer * buf) goto need_more_data; } +again: if (!gst_jpeg_dec_ensure_header (dec)) goto need_more_data; @@ -1201,8 +1211,12 @@ gst_jpeg_dec_chain (GstPad * pad, GstBuffer * buf) * is not aligned to buffer boundaries */ img_len = gst_jpeg_dec_parse_image_data (dec); - if (img_len == 0) + if (img_len == 0) { goto need_more_data; + } else if (img_len < 0) { + gst_adapter_flush (dec->adapter, -img_len); + goto again; + } } dec->rem_img_len = img_len; From 9ee2e9ede56c43dfe38241d6b230791c6205e8b0 Mon Sep 17 00:00:00 2001 From: Mark Nauwelaerts Date: Mon, 6 Dec 2010 18:17:24 +0100 Subject: [PATCH 3/4] jpegdec: add debug to notify when skipping to jpeg header --- ext/jpeg/gstjpegdec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ext/jpeg/gstjpegdec.c b/ext/jpeg/gstjpegdec.c index 987827bf54..0518783e99 100644 --- a/ext/jpeg/gstjpegdec.c +++ b/ext/jpeg/gstjpegdec.c @@ -368,8 +368,11 @@ gst_jpeg_dec_ensure_header (GstJpegDec * dec) return FALSE; } + if (offset > 0) { + GST_LOG_OBJECT (dec, "Skipping %u bytes.", offset); + gst_adapter_flush (dec->adapter, offset); + } GST_DEBUG_OBJECT (dec, "Found JPEG header"); - gst_adapter_flush (dec->adapter, offset); return TRUE; } From c882b3f34004ce26e890f2894ef7d7e4dcebe6c0 Mon Sep 17 00:00:00 2001 From: Alessandro Decina Date: Mon, 6 Dec 2010 19:59:49 +0100 Subject: [PATCH 4/4] qtdemux: fix compiler warnings on OSX. --- gst/qtdemux/qtdemux.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gst/qtdemux/qtdemux.c b/gst/qtdemux/qtdemux.c index 40744185f9..3d5498e80b 100644 --- a/gst/qtdemux/qtdemux.c +++ b/gst/qtdemux/qtdemux.c @@ -1986,11 +1986,11 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun, gint64 * base_offset) { guint64 timestamp; - gint32 data_offset; + gint32 data_offset = 0; guint32 flags, first_flags = 0, samples_count; gint i; guint8 *data; - guint entry_size, dur_offset, size_offset, flags_offset, ct_offset; + guint entry_size, dur_offset, size_offset, flags_offset = 0, ct_offset = 0; QtDemuxSample *sample; gboolean ismv = FALSE; @@ -2078,7 +2078,7 @@ qtdemux_parse_trun (GstQTDemux * qtdemux, GstByteReader * trun, QTDEMUX_MAX_SAMPLE_INDEX_SIZE / sizeof (QtDemuxSample)) goto index_too_big; - GST_DEBUG_OBJECT (qtdemux, "allocating n_samples %u (%u MB)", + GST_DEBUG_OBJECT (qtdemux, "allocating n_samples %u (%lu MB)", stream->n_samples, (stream->n_samples * sizeof (QtDemuxSample)) >> 20); /* create a new array of samples if it's the first sample parsed */ @@ -4970,7 +4970,7 @@ qtdemux_find_atom (GstQTDemux * qtdemux, guint64 * offset, } else { GST_LOG_OBJECT (qtdemux, "skipping atom '%" GST_FOURCC_FORMAT "' at %" G_GUINT64_FORMAT, - GST_FOURCC_ARGS (fourcc), offset); + GST_FOURCC_ARGS (fourcc), *offset); *offset += *length; } }