Commit graph

16382 commits

Author SHA1 Message Date
Sebastian Dröge
a08e72547d flxdec: Unref and unmap buffers in all code paths as needed
https://bugzilla.gnome.org/show_bug.cgi?id=775888
2016-12-09 17:49:40 +02:00
Arun Raghavan
1ea9735afb v4l2object: Don't set empty interlace-mode list
If for some reason we fail to probe formats (all try_fmt calls fail, for
example), this is not a critical error, but we end up with an empty list
of interlace modes. This causes all subsequent negotiation to fail.

This patch fixes interlace-mode setting to be skipped if we failed to
detect any.

https://bugzilla.gnome.org/show_bug.cgi?id=775702
2016-12-08 10:13:39 +05:30
Garima Gaur
c3cdae4d6e monoscope: Unref allocation query after finished with it
https://bugzilla.gnome.org/show_bug.cgi?id=775752
2016-12-07 14:20:34 +02:00
Sebastian Dröge
96aaf889af flxdec: Allocate 0-initialized memory for the decoded frame
Otherwise we might leak arbitrary information from the uninitialized
memory if not every pixel is written.

https://scarybeastsecurity.blogspot.gr/2016/12/1days-0days-pocs-more-gstreamer-flic.html
2016-12-06 07:48:47 +02:00
Matt Staples
bc2adef550 rtspsrc: Fix session cleanup when handling redirect on PLAY
Redirect on PLAY wasn't doing the necessary session cleanup. Fixed by
removing code from gst_rtspsrc_send that changed the state varable upon
encountering a redirect. Better to let the redirect handlers in
gst_rtspsrc_retrieve_sdp and gst_rtspsrc_play do their own
state-dependent cleanup.

https://bugzilla.gnome.org/show_bug.cgi?id=775543
2016-12-05 18:23:31 +02:00
Aleix Conchillo Flaque
bc9f06f37b rtspsrc: always send teardown request
Allow CMD_CLOSE to cancel all commands not only CMD_PAUSE
and ignore CMD_WAIT while closing.

https://bugzilla.gnome.org/show_bug.cgi?id=748360
2016-12-05 11:32:43 +02:00
Edward Hervey
757ce9791d Automatic update of common submodule
From f980fd9 to 39ac2f5
2016-12-03 08:19:27 +01:00
Edward Hervey
e5158ca496 jitterbuffer: Don't leak duplicate items
When providing items with a seqnum, there is a (very small) probability
that an element with the same seqnum already exists. Don't forget
to free that item if it wasn't inserted.

And avoid returning undefined values when dealing with duplicate items
2016-12-02 09:01:57 +01:00
Edward Hervey
50bb6630f5 qtdemux: Sanitize unknown codec caps
We might have non-printable characters in the unknown fourcc, replace
them with '_', in the same way we do it for unknown tags.
2016-12-02 08:52:06 +01:00
Sebastian Dröge
9a4b1e9cdc avidemux: Free vprp chunk also if it existed but we made no use of it
https://bugzilla.gnome.org/show_bug.cgi?id=775479
2016-12-01 20:04:28 +02:00
Sebastian Dröge
7d6cf17498 matroskademux: Fix memory leak when parsing attachments
gst_tag_image_data_to_image_sample() does not take ownership of the
passed memory, so don't set it to NULL to allow us to free it later.

https://bugzilla.gnome.org/show_bug.cgi?id=775472
2016-12-01 17:38:33 +02:00
Sebastian Dröge
d3bc50bc8f matroskademux: Unify zlib/bzip2 decompress loops with the ones from qtdemux
Especially, simplify the code a bit.
2016-12-01 14:56:18 +02:00
Sebastian Dröge
6939399e96 qtdemux: Increase inflate buffer in bigger steps
1024 bytes is quite small, let's do 4096 bytes (or one page).
Also remove redundant if, we're always in that case when getting here.
2016-12-01 14:44:26 +02:00
Sebastian Dröge
b79655d3c9 qtdemux: Ensure that size of the pasp atom is as much as we need
https://bugzilla.gnome.org/show_bug.cgi?id=775455
2016-12-01 14:30:49 +02:00
Sebastian Dröge
d46cc8df6c qtdemux: Free compressed moov node and it's corresponding decompressed data
https://bugzilla.gnome.org/show_bug.cgi?id=775455
2016-12-01 14:30:10 +02:00
Sebastian Dröge
b4d6b2af8e qtdemux: Check size of compressed MOOV header against available data
And actually read the size of the cmvd atom from the right position.

https://bugzilla.gnome.org/show_bug.cgi?id=775455
2016-12-01 14:29:21 +02:00
Sebastian Dröge
5e4883094b qtdemux: Fix zlib inflate loop
Handle errors cleanly, deallocate all memory and return the actual size
of the inflated data.

https://bugzilla.gnome.org/show_bug.cgi?id=775455
2016-12-01 14:27:55 +02:00
Sebastian Dröge
87a2c140ca aacparse: Make sure we have enough data in the codec_data to be able to parse it
Also error out cleanly if mapping the buffer failed.

https://bugzilla.gnome.org/show_bug.cgi?id=775450
2016-12-01 13:38:52 +02:00
Sebastian Dröge
d0949baf3d qtdemux: Fix out of bounds read in tag parsing code
We can't simply assume that the length of the tag value as given
inside the stream is correct but should also check against the amount of
data we have actually available.

https://bugzilla.gnome.org/show_bug.cgi?id=775451
2016-12-01 13:32:22 +02:00
Garima Gaur
50e7096a86 rtp: Fix some memory leaks in usage of gst_pad_get_current_caps()
https://bugzilla.gnome.org/show_bug.cgi?id=775071
2016-12-01 13:04:03 +02:00
Vivia Nikolaidou
f8bf3a84ef qtdemux: Read interlacing information from 'fiel' atom
Read interlacing and TFF/BFF information from the 'fiel' atom and pass it
into the caps

https://bugzilla.gnome.org/show_bug.cgi?id=775414
2016-11-30 18:52:20 +02:00
Sebastian Dröge
499c5139bd qtdemux: Fix compiler warning
qtdemux.c: In function ‘qtdemux_parse_trak’:
qtdemux.c:10184:38: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 9 has type ‘gint {aka const int}’ [-Werror=format=]
           GST_DEBUG_OBJECT (qtdemux, "Found jpeg: len %u, need %lu", len,
                                      ^
2016-11-29 13:55:40 +02:00
Scott D Phillips
4ec5daba5f qtdemux: Change off_t type to gint
off_t is a signed integer type provided by sys/types.h on posix systems.
Replace with gint for building on non-posix systems (like windows).

https://bugzilla.gnome.org/show_bug.cgi?id=775287
2016-11-29 13:12:24 +02:00
Scott D Phillips
d95ba51136 meson: add libm to has_function checks
The functions from math.h may be implemented in libm.

https://bugzilla.gnome.org/show_bug.cgi?id=774876
2016-11-29 00:28:54 +05:30
Nirbheek Chauhan
6df682c6f9 Revert "meson: dv plugin now works on MSVC"
This reverts commit 05a89613fe.

Let's not put in stuff that needs unreleased Meson. This can go in
for the next cycle.
2016-11-28 19:57:55 +05:30
Sebastian Dröge
ef42288f3f avidemux: Ensure that tags are valid UTF-8 before adding them to the taglist
https://bugzilla.gnome.org/show_bug.cgi?id=775219
2016-11-28 13:51:41 +02:00
Sebastian Dröge
f48fef2f77 multipartdemux: Post an error message on the bus if we got EOS without having added any pads 2016-11-28 12:22:49 +02:00
Sebastian Dröge
37f991f06e souphttpsrc: Handle non-UTF8 headers and error reasons more gracefully
Especially don't put them into GstStructures in one way or another, just
ignore them or error out cleanly depending on the importance of their
content.
2016-11-28 12:00:09 +02:00
Sebastian Dröge
d0f608f60b vrawpay: Error out cleanly if mapping the video frame fails
Instead of later dereferencing NULL and crashing.
2016-11-28 09:30:25 +02:00
Edward Hervey
91f5b4eaa2 rtprtxsend: Update statistics before pushing
If an element queries the number of retransmission buffers pushed
*while* the push is still taking place (and before the object lock
is taken just after) it would end up with the wrong statistic
being reported.

Increment it just before the push, avoids races when getting statistics

https://bugzilla.gnome.org/show_bug.cgi?id=768723
2016-11-27 11:15:49 +01:00
Tim-Philipp Müller
da025dc810 common: use https protocol for common submodule
https://bugzilla.gnome.org/show_bug.cgi?id=775110
2016-11-26 11:23:05 +00:00
Philipp Zabel
86f243bb12 gstv4l2bufferpool: lock flush_stop against regular qbuf
These can be called from different threads and both manipulate the
pool->buffers array. Lock them properly and let flush_stop move the
array contents into a temporary array on the stack to avoid having
to call release_buffer under the object lock.

https://bugzilla.gnome.org/show_bug.cgi?id=775015
2016-11-24 11:47:07 -05:00
Philipp Zabel
6b5807654b gstv4l2bufferpool: remove critical error message when process is called on an inactive pool
If the pool is inactive, it is guaranteed to also be flushing, so the
following check will return GST_FLOW_FLUSHING anyway.
This can happen if a v4l2src is blocking on DQBUF in create and is sent
an EOS event on another thread. In that case the pool is set to
flushing/inactive without locking, the v4l2src is unblocked, and may
call pool_process with a valid buffer on the already inactive pool.

https://bugzilla.gnome.org/show_bug.cgi?id=775014
2016-11-24 11:47:07 -05:00
Philipp Zabel
65826f819a v4l2src: release buffer if create fails
gst_base_src_get_range does not expect a buffer to be returned in
the error case, so we are leaking a reference here if create fails.

https://bugzilla.gnome.org/show_bug.cgi?id=775014
2016-11-24 11:47:07 -05:00
Sebastian Dröge
34db78b645 rtpbin: Handle create_session() returning NULL in bundle code
CID 1394492.
2016-11-23 18:34:04 +02:00
Sebastian Dröge
01682ae95b qtmux: Make sure to only change DTS of writable buffers
And trivial cleanup

https://bugzilla.gnome.org/show_bug.cgi?id=774840
2016-11-23 18:17:06 +02:00
Sebastian Dröge
01e45b25b7 qtmux: Error out much earlier if we don't have a valid PTS
https://bugzilla.gnome.org/show_bug.cgi?id=774840
2016-11-23 18:17:06 +02:00
Sebastian Dröge
6fb5f85354 qtmux: Only use buffer durations if they are actually valid
https://bugzilla.gnome.org/show_bug.cgi?id=774840
2016-11-23 18:17:06 +02:00
Sebastian Dröge
351f2fca0a qtmux: Revert commits that set DTS and duration on buffers unconditionally
39f7e52266 was setting the buffer duration
to 0 if is not valid, under the assumption that this is "the last"
buffer and no others are coming next. This is wrong, last_buf is the
previous buffer and not the very last one.

4e3c13c87c was setting DTS to 0 if there
was none. This will set DTS to 0 for all e.g. audio streams, completely
messing up calculations if streams don't start at 0.

https://bugzilla.gnome.org/show_bug.cgi?id=774840
2016-11-23 18:17:06 +02:00
Sebastian Dröge
9acc0b5d0e qtmux: Only write "gap" edit list if there is a non-zero gap
https://bugzilla.gnome.org/show_bug.cgi?id=774840
2016-11-23 18:17:06 +02:00
Matthew Waters
153a8ae752 flxdec: rewrite logic based on GstByteReader/Writer
Solves overreading/writing the given arrays and will error out if the
streams asks to do that.

Also does more error checking that the stream is valid and won't
overrun any allocated arrays.  Also mitigate integer overflow errors
calculating allocation sizes.

https://bugzilla.gnome.org/show_bug.cgi?id=774859
2016-11-23 21:14:35 +11:00
Sebastian Dröge
45dcd0b9cc flxdec: Don't unref() parent in the chain function
We don't own the reference here, it is owned by the caller and given to
us for the scope of this function. Leftover mistake from 0.10 porting.

https://bugzilla.gnome.org/show_bug.cgi?id=774897
2016-11-23 11:20:49 +02:00
Sebastian Dröge
ae2dd54a24 vpxdec: libvpx's release buffer is sometimes called with fb->priv==NULL
Don't assert on this but just ignore these cases.
2016-11-22 20:33:29 +02:00
Sebastian Dröge
5d4c71d76e matroskademux: Fix cluster searching if we search multiple times in one chunk
After finding a cluster id in the byte reader, we skip ahead the reader
position by one further byte to be able to continue searching from there
inside the same chunk if the cluster candidate was a false positive.

We have to accomodate for that additional byte when resuming the search,
otherwise all following pulls are off-by-one for every resume and we run
into an assertion.
2016-11-22 20:24:59 +02:00
Sebastian Dröge
c0da05df38 matroska: Add size checks to the parsing of FLAC headers 2016-11-22 20:02:42 +02:00
Matthew Waters
fec77de8cb flxdec: fix some warnings comparing unsigned < 0
bf43f44fcf was comparing an unsigned
expression to be < 0 which was always false.

gstflxdec.c: In function ‘flx_decode_brun’:
gstflxdec.c:322:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
         if ((glong) row - count < 0) {
                                 ^
gstflxdec.c:332:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
         if ((glong) row - count < 0) {
                                 ^

https://bugzilla.gnome.org/show_bug.cgi?id=774834
2016-11-22 23:49:18 +11:00
Vivia Nikolaidou
91de259b74 qtmux: Enable up to 16 unpositioned raw audio channels
https://bugzilla.gnome.org/show_bug.cgi?id=774789
2016-11-22 14:05:35 +02:00
Matthew Waters
bf43f44fcf flxdec: add some write bounds checking
Without checking the bounds of the frame we are writing into, we can
write off the end of the destination buffer.

https://scarybeastsecurity.blogspot.dk/2016/11/0day-exploit-advancing-exploitation.html

https://bugzilla.gnome.org/show_bug.cgi?id=774834
2016-11-22 22:42:41 +11:00
David Evans
45843ab9a2 qtdemux: Be sure not to read off end of FLAC dfLa box
https://bugzilla.gnome.org/show_bug.cgi?id=773712
2016-11-21 17:51:14 +02:00
Nicola Murino
0ef3a71b89 matroskademux: add support for skipping invalid data in push mode
https://bugzilla.gnome.org/show_bug.cgi?id=774566
2016-11-21 13:38:08 +02:00