From 0293f54d06916b3fca1d8dd526b25b92e2ee5f37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Stadler?= Date: Sun, 5 Apr 2009 03:50:19 +0300 Subject: baseparse: Fix push mode seeking (aacparse, amrparse) Sending the flush-start event forward before taking the stream lock actually works, in contrast to deadlocking in downstream preroll_wait (hunk 1). After that we get the chain function being stuck in a busy loop. This is fixed by updating the minimum frame size inside the synchronization loop because the subclass asks for more data in this way (hunk 2). Finally, this leads to a very probable crash because the subclass can find a valid frame with a size greater than the currently available data in the adapter. This makes the subsequent gst_adapter_take_buffer call return NULL, which is not expected (hunk 3). --- gst/aacparse/gstbaseparse.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'gst/aacparse') diff --git a/gst/aacparse/gstbaseparse.c b/gst/aacparse/gstbaseparse.c index 4940a8e4..ee94ccd2 100644 --- a/gst/aacparse/gstbaseparse.c +++ b/gst/aacparse/gstbaseparse.c @@ -605,10 +605,11 @@ gst_base_parse_sink_eventfunc (GstBaseParse * parse, GstEvent * event) case GST_EVENT_FLUSH_START: parse->priv->flushing = TRUE; + handled = gst_pad_push_event (parse->srcpad, event); /* Wait for _chain() to exit by taking the srcpad STREAM_LOCK */ GST_PAD_STREAM_LOCK (parse->srcpad); - handled = gst_pad_push_event (parse->srcpad, event); GST_PAD_STREAM_UNLOCK (parse->srcpad); + break; case GST_EVENT_FLUSH_STOP: @@ -896,12 +897,12 @@ gst_base_parse_chain (GstPad * pad, GstBuffer * buffer) while (!parse->priv->flushing) { tmpbuf = gst_buffer_new (); - GST_BASE_PARSE_LOCK (parse); - min_size = parse->priv->min_frame_size; - GST_BASE_PARSE_UNLOCK (parse); - /* Synchronization loop */ for (;;) { + GST_BASE_PARSE_LOCK (parse); + min_size = parse->priv->min_frame_size; + GST_BASE_PARSE_UNLOCK (parse); + /* Collect at least min_frame_size bytes */ if (gst_adapter_available (parse->adapter) < min_size) { GST_DEBUG_OBJECT (parse, "not enough data available (only %d bytes)", @@ -923,6 +924,12 @@ gst_base_parse_chain (GstPad * pad, GstBuffer * buffer) skip = -1; if (bclass->check_valid_frame (parse, tmpbuf, &fsize, &skip)) { + if (gst_adapter_available (parse->adapter) < fsize) { + GST_DEBUG_OBJECT (parse, + "found valid frame but not enough data available (only %d bytes)", + gst_adapter_available (parse->adapter)); + goto done; + } break; } if (skip > 0) { -- cgit v1.2.1