From ceba19f69179da93e71fc1e582f1d7eb2bd4db16 Mon Sep 17 00:00:00 2001 From: Jan Schmidt Date: Wed, 6 Jun 2007 11:03:24 +0000 Subject: gst/mpegvideoparse/: Fix some silly bugs with calculating the guard sizes. Original commit message from CVS: * gst/mpegvideoparse/mpegpacketiser.c: (mpeg_util_parse_extension_packet), (mpeg_util_parse_sequence_hdr), (mpeg_util_parse_picture_hdr): * gst/mpegvideoparse/mpegvideoparse.c: (mpegvideoparse_handle_sequence), (mpegvideoparse_drain_avail): Fix some silly bugs with calculating the guard sizes. Properly compare the old sequence header structure with the new one. Don't error out on an invalid sequence - just ignore it. --- ChangeLog | 11 +++++++++++ gst/mpegvideoparse/mpegpacketiser.c | 14 +++++++------- gst/mpegvideoparse/mpegvideoparse.c | 20 ++++++++++---------- 3 files changed, 28 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index 81d51657..e6041314 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2007-06-06 Jan Schmidt + + * gst/mpegvideoparse/mpegpacketiser.c: + (mpeg_util_parse_extension_packet), (mpeg_util_parse_sequence_hdr), + (mpeg_util_parse_picture_hdr): + * gst/mpegvideoparse/mpegvideoparse.c: + (mpegvideoparse_handle_sequence), (mpegvideoparse_drain_avail): + Fix some silly bugs with calculating the guard sizes. + Properly compare the old sequence header structure with the new one. + Don't error out on an invalid sequence - just ignore it. + 2007-06-06 Tim-Philipp Müller * gst/real/gstrealvideodec.c: (gst_real_video_dec_decode): diff --git a/gst/mpegvideoparse/mpegpacketiser.c b/gst/mpegvideoparse/mpegpacketiser.c index 318805fd..5685fa7b 100644 --- a/gst/mpegvideoparse/mpegpacketiser.c +++ b/gst/mpegvideoparse/mpegpacketiser.c @@ -487,7 +487,7 @@ mpeg_util_parse_extension_packet (MPEGSeqHdr * hdr, guint8 * data, guint8 * end) { guint8 ext_code; - if (G_UNLIKELY ((end - data - 1) < 1)) + if (G_UNLIKELY (data >= end)) return FALSE; /* short extension packet */ ext_code = data[0] >> 4; @@ -499,7 +499,7 @@ mpeg_util_parse_extension_packet (MPEGSeqHdr * hdr, guint8 * data, guint8 * end) guint8 horiz_size_ext, vert_size_ext; guint8 fps_n_ext, fps_d_ext; - if ((end - data - 1) < 6) + if (G_UNLIKELY ((end - data) < 6)) /* need at least 10 bytes, minus 4 for the start code 000001b5 */ return FALSE; @@ -531,7 +531,7 @@ mpeg_util_parse_sequence_hdr (MPEGSeqHdr * hdr, guint8 * data, guint8 * end) gboolean load_intra_flag; gboolean load_non_intra_flag; - if (G_UNLIKELY ((end - data - 1) < 12)) + if (G_UNLIKELY ((end - data) < 12)) return FALSE; /* Too small to be a sequence header */ code = GST_READ_UINT32_BE (data); @@ -556,14 +556,14 @@ mpeg_util_parse_sequence_hdr (MPEGSeqHdr * hdr, guint8 * data, guint8 * end) constrained_flag = (data[7] >> 2) & 0x01; load_intra_flag = (data[7] >> 1) & 0x01; if (load_intra_flag) { - if (G_UNLIKELY ((end - data - 1) < 64)) + if (G_UNLIKELY ((end - data) < 64)) return FALSE; data += 64; } load_non_intra_flag = data[7] & 0x01; if (load_non_intra_flag) { - if (G_UNLIKELY ((end - data - 1) < 64)) + if (G_UNLIKELY ((end - data) < 64)) return FALSE; data += 64; } @@ -574,7 +574,7 @@ mpeg_util_parse_sequence_hdr (MPEGSeqHdr * hdr, guint8 * data, guint8 * end) /* Read MPEG-2 sequence extensions */ data = mpeg_util_find_start_code (&sync_word, data, end); while (data != NULL) { - if (G_UNLIKELY ((end - data - 1) < 1)) + if (G_UNLIKELY (data >= end)) return FALSE; /* data points at the last byte of the start code */ @@ -595,7 +595,7 @@ mpeg_util_parse_picture_hdr (MPEGPictureHdr * hdr, guint8 * data, guint8 * end) { guint32 code; - if (G_UNLIKELY ((end - data - 1) < 6)) + if (G_UNLIKELY ((end - data) < 6)) return FALSE; /* Packet too small */ code = GST_READ_UINT32_BE (data); diff --git a/gst/mpegvideoparse/mpegvideoparse.c b/gst/mpegvideoparse/mpegvideoparse.c index 6c776c54..cd5fd699 100644 --- a/gst/mpegvideoparse/mpegvideoparse.c +++ b/gst/mpegvideoparse/mpegvideoparse.c @@ -206,7 +206,7 @@ mpegvideoparse_handle_sequence (MpegVideoParse * mpegvideoparse, if (G_UNLIKELY (!mpeg_util_parse_sequence_hdr (&new_hdr, cur, end))) return FALSE; - if (memcmp (&mpegvideoparse, &new_hdr, sizeof (MPEGSeqHdr)) != 0) { + if (memcmp (&mpegvideoparse->seq_hdr, &new_hdr, sizeof (MPEGSeqHdr)) != 0) { GstCaps *caps; GstBuffer *seq_buf; @@ -216,9 +216,6 @@ mpegvideoparse_handle_sequence (MpegVideoParse * mpegvideoparse, gst_buffer_replace (&mpegvideoparse->seq_hdr_buf, seq_buf); gst_buffer_unref (seq_buf); - /* And update the new_hdr into our stored version */ - mpegvideoparse->seq_hdr = new_hdr; - caps = gst_caps_new_simple ("video/mpeg", "systemstream", G_TYPE_BOOLEAN, FALSE, "parsed", G_TYPE_BOOLEAN, TRUE, @@ -232,6 +229,9 @@ mpegvideoparse_handle_sequence (MpegVideoParse * mpegvideoparse, GST_DEBUG ("New mpegvideoparse caps: %" GST_PTR_FORMAT, caps); if (!gst_pad_set_caps (mpegvideoparse->srcpad, caps)) return FALSE; + + /* And update the new_hdr into our stored version */ + mpegvideoparse->seq_hdr = new_hdr; } return TRUE; @@ -312,8 +312,12 @@ mpegvideoparse_drain_avail (MpegVideoParse * mpegvideoparse) if (mpegvideoparse->seq_hdr.mpeg_version == 0) { if (cur->flags & MPEG_BLOCK_FLAG_SEQUENCE) { /* Found a sequence header */ - if (!mpegvideoparse_handle_sequence (mpegvideoparse, buf)) - goto error; + if (!mpegvideoparse_handle_sequence (mpegvideoparse, buf)) { + GST_DEBUG_OBJECT (mpegvideoparse, + "Invalid sequence header. Dropping buffer."); + gst_buffer_unref (buf); + buf = NULL; + } } else { if (buf) { GST_DEBUG_OBJECT (mpegvideoparse, @@ -364,10 +368,6 @@ mpegvideoparse_drain_avail (MpegVideoParse * mpegvideoparse) }; return res; -error: - if (buf != NULL) - gst_buffer_unref (buf); - return GST_FLOW_ERROR; } static GstFlowReturn -- cgit v1.2.1