Commit graph

9043 commits

Author SHA1 Message Date
Heekyoung Seo
f7c033f4ec qtdemux: Check node length of video sample description
Add check for node length of video sample description and its fields and
for the XiTh atom.

Also unify the code a bit.

https://bugzilla.gnome.org/show_bug.cgi?id=775794
2016-12-14 10:17:41 +02:00
Heekyoung Seo
a5bfaf8a79 qtdemux: Enable xvid/mp2 codec support
Add support for xvid video and mp2 audio, add m2v1 fourcc.

https://bugzilla.gnome.org/show_bug.cgi?id=775794
2016-12-14 10:17:23 +02:00
Sebastian Dröge
63938ef730 gst: Don't declare variables inside the for loop header
This is a C99 feature.
2016-12-13 22:32:46 +02:00
Sebastian Dröge
fe2ae2c0f7 scaletempo: Ensure to reinit buffers whenever they were not allocated yet
That is, whenever we go through start/stop we have to ensure that on the
next opportunity the buffers are reallocated again. Otherwise the
buffers might be NULL because the element was reused with the same
configuration as before (i.e. set_caps() wouldn't have reinited the
buffers).

https://bugzilla.gnome.org/show_bug.cgi?id=775898
2016-12-11 13:27:27 +02:00
Sebastian Dröge
524e43e118 flxdec: Only send SEGMENT events after CAPS
I.e., don't just forward the event but delay it if we don't have caps on
the srcpad yet.
2016-12-09 17:55:39 +02:00
Sebastian Dröge
a08e72547d flxdec: Unref and unmap buffers in all code paths as needed
https://bugzilla.gnome.org/show_bug.cgi?id=775888
2016-12-09 17:49:40 +02:00
Garima Gaur
c3cdae4d6e monoscope: Unref allocation query after finished with it
https://bugzilla.gnome.org/show_bug.cgi?id=775752
2016-12-07 14:20:34 +02:00
Sebastian Dröge
96aaf889af flxdec: Allocate 0-initialized memory for the decoded frame
Otherwise we might leak arbitrary information from the uninitialized
memory if not every pixel is written.

https://scarybeastsecurity.blogspot.gr/2016/12/1days-0days-pocs-more-gstreamer-flic.html
2016-12-06 07:48:47 +02:00
Matt Staples
bc2adef550 rtspsrc: Fix session cleanup when handling redirect on PLAY
Redirect on PLAY wasn't doing the necessary session cleanup. Fixed by
removing code from gst_rtspsrc_send that changed the state varable upon
encountering a redirect. Better to let the redirect handlers in
gst_rtspsrc_retrieve_sdp and gst_rtspsrc_play do their own
state-dependent cleanup.

https://bugzilla.gnome.org/show_bug.cgi?id=775543
2016-12-05 18:23:31 +02:00
Aleix Conchillo Flaque
bc9f06f37b rtspsrc: always send teardown request
Allow CMD_CLOSE to cancel all commands not only CMD_PAUSE
and ignore CMD_WAIT while closing.

https://bugzilla.gnome.org/show_bug.cgi?id=748360
2016-12-05 11:32:43 +02:00
Edward Hervey
e5158ca496 jitterbuffer: Don't leak duplicate items
When providing items with a seqnum, there is a (very small) probability
that an element with the same seqnum already exists. Don't forget
to free that item if it wasn't inserted.

And avoid returning undefined values when dealing with duplicate items
2016-12-02 09:01:57 +01:00
Edward Hervey
50bb6630f5 qtdemux: Sanitize unknown codec caps
We might have non-printable characters in the unknown fourcc, replace
them with '_', in the same way we do it for unknown tags.
2016-12-02 08:52:06 +01:00
Sebastian Dröge
9a4b1e9cdc avidemux: Free vprp chunk also if it existed but we made no use of it
https://bugzilla.gnome.org/show_bug.cgi?id=775479
2016-12-01 20:04:28 +02:00
Sebastian Dröge
7d6cf17498 matroskademux: Fix memory leak when parsing attachments
gst_tag_image_data_to_image_sample() does not take ownership of the
passed memory, so don't set it to NULL to allow us to free it later.

https://bugzilla.gnome.org/show_bug.cgi?id=775472
2016-12-01 17:38:33 +02:00
Sebastian Dröge
d3bc50bc8f matroskademux: Unify zlib/bzip2 decompress loops with the ones from qtdemux
Especially, simplify the code a bit.
2016-12-01 14:56:18 +02:00
Sebastian Dröge
6939399e96 qtdemux: Increase inflate buffer in bigger steps
1024 bytes is quite small, let's do 4096 bytes (or one page).
Also remove redundant if, we're always in that case when getting here.
2016-12-01 14:44:26 +02:00
Sebastian Dröge
b79655d3c9 qtdemux: Ensure that size of the pasp atom is as much as we need
https://bugzilla.gnome.org/show_bug.cgi?id=775455
2016-12-01 14:30:49 +02:00
Sebastian Dröge
d46cc8df6c qtdemux: Free compressed moov node and it's corresponding decompressed data
https://bugzilla.gnome.org/show_bug.cgi?id=775455
2016-12-01 14:30:10 +02:00
Sebastian Dröge
b4d6b2af8e qtdemux: Check size of compressed MOOV header against available data
And actually read the size of the cmvd atom from the right position.

https://bugzilla.gnome.org/show_bug.cgi?id=775455
2016-12-01 14:29:21 +02:00
Sebastian Dröge
5e4883094b qtdemux: Fix zlib inflate loop
Handle errors cleanly, deallocate all memory and return the actual size
of the inflated data.

https://bugzilla.gnome.org/show_bug.cgi?id=775455
2016-12-01 14:27:55 +02:00
Sebastian Dröge
87a2c140ca aacparse: Make sure we have enough data in the codec_data to be able to parse it
Also error out cleanly if mapping the buffer failed.

https://bugzilla.gnome.org/show_bug.cgi?id=775450
2016-12-01 13:38:52 +02:00
Sebastian Dröge
d0949baf3d qtdemux: Fix out of bounds read in tag parsing code
We can't simply assume that the length of the tag value as given
inside the stream is correct but should also check against the amount of
data we have actually available.

https://bugzilla.gnome.org/show_bug.cgi?id=775451
2016-12-01 13:32:22 +02:00
Garima Gaur
50e7096a86 rtp: Fix some memory leaks in usage of gst_pad_get_current_caps()
https://bugzilla.gnome.org/show_bug.cgi?id=775071
2016-12-01 13:04:03 +02:00
Vivia Nikolaidou
f8bf3a84ef qtdemux: Read interlacing information from 'fiel' atom
Read interlacing and TFF/BFF information from the 'fiel' atom and pass it
into the caps

https://bugzilla.gnome.org/show_bug.cgi?id=775414
2016-11-30 18:52:20 +02:00
Sebastian Dröge
499c5139bd qtdemux: Fix compiler warning
qtdemux.c: In function ‘qtdemux_parse_trak’:
qtdemux.c:10184:38: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 9 has type ‘gint {aka const int}’ [-Werror=format=]
           GST_DEBUG_OBJECT (qtdemux, "Found jpeg: len %u, need %lu", len,
                                      ^
2016-11-29 13:55:40 +02:00
Scott D Phillips
4ec5daba5f qtdemux: Change off_t type to gint
off_t is a signed integer type provided by sys/types.h on posix systems.
Replace with gint for building on non-posix systems (like windows).

https://bugzilla.gnome.org/show_bug.cgi?id=775287
2016-11-29 13:12:24 +02:00
Sebastian Dröge
ef42288f3f avidemux: Ensure that tags are valid UTF-8 before adding them to the taglist
https://bugzilla.gnome.org/show_bug.cgi?id=775219
2016-11-28 13:51:41 +02:00
Sebastian Dröge
f48fef2f77 multipartdemux: Post an error message on the bus if we got EOS without having added any pads 2016-11-28 12:22:49 +02:00
Sebastian Dröge
d0f608f60b vrawpay: Error out cleanly if mapping the video frame fails
Instead of later dereferencing NULL and crashing.
2016-11-28 09:30:25 +02:00
Edward Hervey
91f5b4eaa2 rtprtxsend: Update statistics before pushing
If an element queries the number of retransmission buffers pushed
*while* the push is still taking place (and before the object lock
is taken just after) it would end up with the wrong statistic
being reported.

Increment it just before the push, avoids races when getting statistics

https://bugzilla.gnome.org/show_bug.cgi?id=768723
2016-11-27 11:15:49 +01:00
Sebastian Dröge
34db78b645 rtpbin: Handle create_session() returning NULL in bundle code
CID 1394492.
2016-11-23 18:34:04 +02:00
Sebastian Dröge
01682ae95b qtmux: Make sure to only change DTS of writable buffers
And trivial cleanup

https://bugzilla.gnome.org/show_bug.cgi?id=774840
2016-11-23 18:17:06 +02:00
Sebastian Dröge
01e45b25b7 qtmux: Error out much earlier if we don't have a valid PTS
https://bugzilla.gnome.org/show_bug.cgi?id=774840
2016-11-23 18:17:06 +02:00
Sebastian Dröge
6fb5f85354 qtmux: Only use buffer durations if they are actually valid
https://bugzilla.gnome.org/show_bug.cgi?id=774840
2016-11-23 18:17:06 +02:00
Sebastian Dröge
351f2fca0a qtmux: Revert commits that set DTS and duration on buffers unconditionally
39f7e52266 was setting the buffer duration
to 0 if is not valid, under the assumption that this is "the last"
buffer and no others are coming next. This is wrong, last_buf is the
previous buffer and not the very last one.

4e3c13c87c was setting DTS to 0 if there
was none. This will set DTS to 0 for all e.g. audio streams, completely
messing up calculations if streams don't start at 0.

https://bugzilla.gnome.org/show_bug.cgi?id=774840
2016-11-23 18:17:06 +02:00
Sebastian Dröge
9acc0b5d0e qtmux: Only write "gap" edit list if there is a non-zero gap
https://bugzilla.gnome.org/show_bug.cgi?id=774840
2016-11-23 18:17:06 +02:00
Matthew Waters
153a8ae752 flxdec: rewrite logic based on GstByteReader/Writer
Solves overreading/writing the given arrays and will error out if the
streams asks to do that.

Also does more error checking that the stream is valid and won't
overrun any allocated arrays.  Also mitigate integer overflow errors
calculating allocation sizes.

https://bugzilla.gnome.org/show_bug.cgi?id=774859
2016-11-23 21:14:35 +11:00
Sebastian Dröge
45dcd0b9cc flxdec: Don't unref() parent in the chain function
We don't own the reference here, it is owned by the caller and given to
us for the scope of this function. Leftover mistake from 0.10 porting.

https://bugzilla.gnome.org/show_bug.cgi?id=774897
2016-11-23 11:20:49 +02:00
Sebastian Dröge
5d4c71d76e matroskademux: Fix cluster searching if we search multiple times in one chunk
After finding a cluster id in the byte reader, we skip ahead the reader
position by one further byte to be able to continue searching from there
inside the same chunk if the cluster candidate was a false positive.

We have to accomodate for that additional byte when resuming the search,
otherwise all following pulls are off-by-one for every resume and we run
into an assertion.
2016-11-22 20:24:59 +02:00
Sebastian Dröge
c0da05df38 matroska: Add size checks to the parsing of FLAC headers 2016-11-22 20:02:42 +02:00
Matthew Waters
fec77de8cb flxdec: fix some warnings comparing unsigned < 0
bf43f44fcf was comparing an unsigned
expression to be < 0 which was always false.

gstflxdec.c: In function ‘flx_decode_brun’:
gstflxdec.c:322:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
         if ((glong) row - count < 0) {
                                 ^
gstflxdec.c:332:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
         if ((glong) row - count < 0) {
                                 ^

https://bugzilla.gnome.org/show_bug.cgi?id=774834
2016-11-22 23:49:18 +11:00
Vivia Nikolaidou
91de259b74 qtmux: Enable up to 16 unpositioned raw audio channels
https://bugzilla.gnome.org/show_bug.cgi?id=774789
2016-11-22 14:05:35 +02:00
Matthew Waters
bf43f44fcf flxdec: add some write bounds checking
Without checking the bounds of the frame we are writing into, we can
write off the end of the destination buffer.

https://scarybeastsecurity.blogspot.dk/2016/11/0day-exploit-advancing-exploitation.html

https://bugzilla.gnome.org/show_bug.cgi?id=774834
2016-11-22 22:42:41 +11:00
David Evans
45843ab9a2 qtdemux: Be sure not to read off end of FLAC dfLa box
https://bugzilla.gnome.org/show_bug.cgi?id=773712
2016-11-21 17:51:14 +02:00
Nicola Murino
0ef3a71b89 matroskademux: add support for skipping invalid data in push mode
https://bugzilla.gnome.org/show_bug.cgi?id=774566
2016-11-21 13:38:08 +02:00
Nicola Murino
20ed9e8237 matroskaparse: add support for skipping invalid data
https://bugzilla.gnome.org/show_bug.cgi?id=774566
2016-11-21 13:38:08 +02:00
Sebastian Dröge
058ab0df1d rtspsrc: Move to new helper function to parse authentication responses
https://bugzilla.gnome.org/show_bug.cgi?id=774416
2016-11-21 09:40:08 +02:00
christophecvr
fc3022da1c qtdemux: Fix wrong compiler warning with gcc 6.2
| ../../../git/gst/isomp4/qtdemux.c: In function 'qtdemux_parse_tree':
| ../../../git/gst/isomp4/qtdemux.c:10224:24: error: 'size' may be used uninitialized in this function [-Werror=maybe-uninitialized]
|                  offset += size;
|                         ^~
| ../../../git/gst/isomp4/qtdemux.c:10197:25: note: 'size' was declared here
|                  guint32 size, tag;
|                          ^~~~

https://bugzilla.gnome.org/show_bug.cgi?id=774747
2016-11-21 09:33:05 +02:00
Sebastian Dröge
b8265e95a7 avidemux: Ensure that raw video have properly aligned buffers
That is, aligned to to 32 bytes for video. Fixes crashes if the raw
buffers are passed to SIMD processing functions.

https://bugzilla.gnome.org/show_bug.cgi?id=774428
2016-11-20 13:14:08 +02:00
Sebastian Dröge
bb35f15d44 qtdemux: Ensure that raw audio and video have properly aligned buffers
That is, aligned to the basic type for audio and to 32 bytes for video.
Fixes crashes if the raw buffers are passed to SIMD processing functions.

https://bugzilla.gnome.org/show_bug.cgi?id=774428
2016-11-20 13:08:27 +02:00