https://bugzilla.gnome.org/show_bug.cgi?id=775752

Otherwise we might leak arbitrary information from the uninitialized
memory if not every pixel is written.

https://scarybeastsecurity.blogspot.gr/2016/12/1days-0days-pocs-more-gstreamer-flic.html

Redirect on PLAY wasn't doing the necessary session cleanup. Fixed by
removing code from gst_rtspsrc_send that changed the state varable upon
encountering a redirect. Better to let the redirect handlers in
gst_rtspsrc_retrieve_sdp and gst_rtspsrc_play do their own
state-dependent cleanup.

https://bugzilla.gnome.org/show_bug.cgi?id=775543

Allow CMD_CLOSE to cancel all commands not only CMD_PAUSE
and ignore CMD_WAIT while closing.

https://bugzilla.gnome.org/show_bug.cgi?id=748360

From f980fd9 to 39ac2f5

When providing items with a seqnum, there is a (very small) probability
that an element with the same seqnum already exists. Don't forget
to free that item if it wasn't inserted.

And avoid returning undefined values when dealing with duplicate items

We might have non-printable characters in the unknown fourcc, replace
them with '_', in the same way we do it for unknown tags.

https://bugzilla.gnome.org/show_bug.cgi?id=775479

gst_tag_image_data_to_image_sample() does not take ownership of the
passed memory, so don't set it to NULL to allow us to free it later.

https://bugzilla.gnome.org/show_bug.cgi?id=775472

Especially, simplify the code a bit.

1024 bytes is quite small, let's do 4096 bytes (or one page).
Also remove redundant if, we're always in that case when getting here.

https://bugzilla.gnome.org/show_bug.cgi?id=775455

https://bugzilla.gnome.org/show_bug.cgi?id=775455

And actually read the size of the cmvd atom from the right position.

https://bugzilla.gnome.org/show_bug.cgi?id=775455

Handle errors cleanly, deallocate all memory and return the actual size
of the inflated data.

https://bugzilla.gnome.org/show_bug.cgi?id=775455

Also error out cleanly if mapping the buffer failed.

https://bugzilla.gnome.org/show_bug.cgi?id=775450

We can't simply assume that the length of the tag value as given
inside the stream is correct but should also check against the amount of
data we have actually available.

https://bugzilla.gnome.org/show_bug.cgi?id=775451

https://bugzilla.gnome.org/show_bug.cgi?id=775071

Read interlacing and TFF/BFF information from the 'fiel' atom and pass it
into the caps

https://bugzilla.gnome.org/show_bug.cgi?id=775414

qtdemux.c: In function ‘qtdemux_parse_trak’:
qtdemux.c:10184:38: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 9 has type ‘gint {aka const int}’ [-Werror=format=]
           GST_DEBUG_OBJECT (qtdemux, "Found jpeg: len %u, need %lu", len,
                                      ^

off_t is a signed integer type provided by sys/types.h on posix systems.
Replace with gint for building on non-posix systems (like windows).

https://bugzilla.gnome.org/show_bug.cgi?id=775287

The functions from math.h may be implemented in libm.

https://bugzilla.gnome.org/show_bug.cgi?id=774876

This reverts commit 05a89613.

Let's not put in stuff that needs unreleased Meson. This can go in
for the next cycle.

https://bugzilla.gnome.org/show_bug.cgi?id=775219

Especially don't put them into GstStructures in one way or another, just
ignore them or error out cleanly depending on the importance of their
content.

Instead of later dereferencing NULL and crashing.

If an element queries the number of retransmission buffers pushed
*while* the push is still taking place (and before the object lock
is taken just after) it would end up with the wrong statistic
being reported.

Increment it just before the push, avoids races when getting statistics

https://bugzilla.gnome.org/show_bug.cgi?id=768723

https://bugzilla.gnome.org/show_bug.cgi?id=775110

These can be called from different threads and both manipulate the
pool->buffers array. Lock them properly and let flush_stop move the
array contents into a temporary array on the stack to avoid having
to call release_buffer under the object lock.

https://bugzilla.gnome.org/show_bug.cgi?id=775015

If the pool is inactive, it is guaranteed to also be flushing, so the
following check will return GST_FLOW_FLUSHING anyway.
This can happen if a v4l2src is blocking on DQBUF in create and is sent
an EOS event on another thread. In that case the pool is set to
flushing/inactive without locking, the v4l2src is unblocked, and may
call pool_process with a valid buffer on the already inactive pool.

https://bugzilla.gnome.org/show_bug.cgi?id=775014

gst_base_src_get_range does not expect a buffer to be returned in
the error case, so we are leaking a reference here if create fails.

https://bugzilla.gnome.org/show_bug.cgi?id=775014

CID 1394492.

And trivial cleanup

https://bugzilla.gnome.org/show_bug.cgi?id=774840

https://bugzilla.gnome.org/show_bug.cgi?id=774840

https://bugzilla.gnome.org/show_bug.cgi?id=774840

39f7e522 was setting the buffer duration
to 0 if is not valid, under the assumption that this is "the last"
buffer and no others are coming next. This is wrong, last_buf is the
previous buffer and not the very last one.

4e3c13c8 was setting DTS to 0 if there
was none. This will set DTS to 0 for all e.g. audio streams, completely
messing up calculations if streams don't start at 0.

https://bugzilla.gnome.org/show_bug.cgi?id=774840

https://bugzilla.gnome.org/show_bug.cgi?id=774840

Solves overreading/writing the given arrays and will error out if the
streams asks to do that.

Also does more error checking that the stream is valid and won't
overrun any allocated arrays.  Also mitigate integer overflow errors
calculating allocation sizes.

https://bugzilla.gnome.org/show_bug.cgi?id=774859

We don't own the reference here, it is owned by the caller and given to
us for the scope of this function. Leftover mistake from 0.10 porting.

https://bugzilla.gnome.org/show_bug.cgi?id=774897