- Nov 29, 2016
-
-
Sebastian Dröge authored
-
Sebastian Dröge authored
-
Sebastian Dröge authored
-
- Nov 28, 2016
-
-
-
Sebastian Dröge authored
-
Sebastian Dröge authored
Especially don't put them into GstStructures in one way or another, just ignore them or error out cleanly depending on the importance of their content.
-
Sebastian Dröge authored
Instead of later dereferencing NULL and crashing.
-
- Nov 24, 2016
-
-
These can be called from different threads and both manipulate the pool->buffers array. Lock them properly and let flush_stop move the array contents into a temporary array on the stack to avoid having to call release_buffer under the object lock. https://bugzilla.gnome.org/show_bug.cgi?id=775015
-
If the pool is inactive, it is guaranteed to also be flushing, so the following check will return GST_FLOW_FLUSHING anyway. This can happen if a v4l2src is blocking on DQBUF in create and is sent an EOS event on another thread. In that case the pool is set to flushing/inactive without locking, the v4l2src is unblocked, and may call pool_process with a valid buffer on the already inactive pool. https://bugzilla.gnome.org/show_bug.cgi?id=775014
-
gst_base_src_get_range does not expect a buffer to be returned in the error case, so we are leaking a reference here if create fails. https://bugzilla.gnome.org/show_bug.cgi?id=775014
-
Sebastian Dröge authored
That is, aligned to the basic type for audio and to 32 bytes for video. Fixes crashes if the raw buffers are passed to SIMD processing functions. https://bugzilla.gnome.org/show_bug.cgi?id=774428
-
Sebastian Dröge authored
That is, aligned to to 32 bytes for video. Fixes crashes if the raw buffers are passed to SIMD processing functions. https://bugzilla.gnome.org/show_bug.cgi?id=774428
-
While computing the x and y offsets, it's the video resolution and resized overlay resolution to be used instead of actual overlay image resoltuion. Due to this, the overlay image used to get wrongly overlayed in undesired location https://bugzilla.gnome.org/show_bug.cgi?id=757292
-
- Nov 23, 2016
-
-
Sebastian Dröge authored
Don't assert on this but just ignore these cases.
-
Sebastian Dröge authored
After finding a cluster id in the byte reader, we skip ahead the reader position by one further byte to be able to continue searching from there inside the same chunk if the cluster candidate was a false positive. We have to accomodate for that additional byte when resuming the search, otherwise all following pulls are off-by-one for every resume and we run into an assertion.
-
Sebastian Dröge authored
-
Matthew Waters authored
Solves overreading/writing the given arrays and will error out if the streams asks to do that. Also does more error checking that the stream is valid and won't overrun any allocated arrays. Also mitigate integer overflow errors calculating allocation sizes. https://bugzilla.gnome.org/show_bug.cgi?id=774859
-
We don't own the reference here, it is owned by the caller and given to us for the scope of this function. Leftover mistake from 0.10 porting. https://bugzilla.gnome.org/show_bug.cgi?id=774897
-
- Nov 22, 2016
-
-
Matthew Waters authored
bf43f44f was comparing an unsigned expression to be < 0 which was always false. gstflxdec.c: In function ‘flx_decode_brun’: gstflxdec.c:322:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if ((glong) row - count < 0) { ^ gstflxdec.c:332:33: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if ((glong) row - count < 0) { ^ https://bugzilla.gnome.org/show_bug.cgi?id=774834
-
Matthew Waters authored
Without checking the bounds of the frame we are writing into, we can write off the end of the destination buffer. https://scarybeastsecurity.blogspot.dk/2016/11/0day-exploit-advancing-exploitation.html https://bugzilla.gnome.org/show_bug.cgi?id=774834
-
- Nov 20, 2016
-
-
Tim-Philipp Müller authored
-
- Nov 17, 2016
-
-
Sebastian Dröge authored
-
Sebastian Dröge authored
-
Sebastian Dröge authored
-
Vinod Kesti authored
splitmuxsink requests pad from element using pad template like "video_%u", "audio_%u" and "sink_%d". This is true for most of the muxers. But splitmuxsink not able to request pad to flvmux as flvmux has "audio" and "video" as pad templates. fix: splitmuxsink should fallback to "audio" and "video" when template not found. https://bugzilla.gnome.org/show_bug.cgi?id=774507
-
- Nov 14, 2016
-
-
Sebastian Dröge authored
The accumulator is filled by intersecting with all the pad caps, as such it must be initialized with ANY (like it is before the iteration is started) and not to EMPTY. Fixes the CAPS query always returning EMPTY caps when resyncing happened during the query, e.g. because pads were added/removed.
-
Control messages are used only in multicast mode - to detect if the destination address is not ours and possibly drop the packet. However in non-multicast modes the messages are still allocated and freed even if not used. Therefore request control messages from g_socket_receive_message() only in multicast mode. https://bugzilla.gnome.org/show_bug.cgi?id=772841
-
- Nov 04, 2016
-
-
I've seen problems where the `bytesused` field of `v4l2_buffer` would be a silly number causing the later call to: gst_memory_resize (group->mem[i], 0, group->planes[i].bytesused); to result in this error to be printed: (pulsevideo:11): GStreamer-CRITICAL **: gst_memory_resize: assertion 'size + mem->offset + offset <= mem->maxsize' failed besides causing who-knows what other problems. We make the assumption that this buffer has still been dequeued correctly so just clamp to a valid size so downstream elements won't end up in undefined behaviour. The invalid `v4l2_buffer` I saw from my capture device was: buffer = { index = 0, type = 1, bytesused = 534748928, // <- Invalid flags = 8260, // V4L2_BUF_FLAG_TIMESTAMP_MONOTONIC | V4L2_BUF_FLAG_ERROR | V4L2_BUF_FLAG_DONE field = 01330, // <- Invalid timestamp = { tv_sec = 0, tv_usec = 0 }, timecode = { type = 0, flags = 0, frames = 0 '\000', seconds = 0 '\000', minutes = 0 '\000', hours = 0 '\000', userbits = "\000\000\000" }, sequence = 0, memory = 2, m = { offset = 3537219584, userptr = 140706665836544, // Could be nonsense, not sure planes = 0x7ff8d2d5b000, fd = -757747712 }, length = 2764800, reserved2 = 0, reserved = 0 } This is from gdb with my own annotations added. This was with gst-plugins-good 1.8.1, a Magewell XI100DUSB-HDMI video capture device and kernel 3.13 using a dodgy HDMI cable which is great at breaking HDMI capture devices. I'm using io-mode=userptr and have built gst-plugins-good without libv4l. https://bugzilla.gnome.org/show_bug.cgi?id=769765
-
Improve RFC2326 - chapter C.3 compatibility: In case just a single stream is specified in SDP and the control attribute is missing do not drop the stream but rather assume "a=control:*" https://bugzilla.gnome.org/show_bug.cgi?id=770568
-
Add a check to verify all the output buffers were empty for the session in a timout and log an error. https://bugzilla.gnome.org/show_bug.cgi?id=773269
-
Altough commits 6a16be75, 64f9d08d and 0c7e3a86 fixed some issues they introduced others. This patch fixes the leak of one macroblock for every B fragment. Macroblock structures must not be freed immediately after finding the boundaries as they are stored and used later. However the inital dummy structure (used for finding the first boundary) must be freed. CID #1212156 https://bugzilla.gnome.org/show_bug.cgi?id=773512
-
Fix leaking caps when downstream has not-fixed caps. https://bugzilla.gnome.org/show_bug.cgi?id=773515
-
Some buggy payloaders, e.g. rtph263pay, may use mode B for packets that starts with a picture (or GOB) start code although it's not allowed. Let's be nice and not drop these packets/frames. https://bugzilla.gnome.org/show_bug.cgi?id=773516
-
Sebastian Dröge authored
We would like to check later on EOS if we found a known stream type or not, to possibly post an error message. https://bugzilla.gnome.org/show_bug.cgi?id=773861
-
- Nov 02, 2016
-
-
Jan Schmidt authored
Commit 83e718 added a pad template to splitmux request pads, which means that GstElement now releases the pads on dispose, but after having removed all elements in the bin and unlinked them. Make sure we can handle cleanup in that case without throwing assertions. https://bugzilla.gnome.org/show_bug.cgi?id=773784
-
- Nov 01, 2016
-
-
Tim-Philipp Müller authored
-
Sebastian Dröge authored
-
Sebastian Dröge authored
-