From patchwork Fri Jul 12 06:40:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Olivier Maignial X-Patchwork-Id: 13906 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 2A8614499FA for ; Fri, 12 Jul 2019 09:46:03 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0866168ACA1; Fri, 12 Jul 2019 09:46:03 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BA6A068AA0D for ; Fri, 12 Jul 2019 09:45:56 +0300 (EEST) Received: by mail-wm1-f68.google.com with SMTP id z23so3590098wma.4 for ; Thu, 11 Jul 2019 23:45:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile-fr.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=D0O2al37eMgU1n3AJfxz0Y445ID6HHhh7yqb6/LGYCc=; b=WccWF3k3EO+lkgMFbyBAZc/ywHKq71p1mhRcgnS9v1rATlmEkCtmnlg1Ma1vGcAJG9 ad6ukDLlOzeDipvEc06pAlRC7fkqq5gbIeBZPO2lGHD2/mMvJ5PO1sgKZFBdBihWKm6J zwV5y4HHGhu+EZbF388nR4vw6i9QoS3JxOv+4HAQNEjyOScO17N+8sTV/wwJcFRIlnq4 cIHDuZ48csIU7ipgNiqQDKQpNdyGT3qqhvW9BP9kP1IdcoHYifN4b3sMkA0nQ4/yQCR9 iRX4ByJC2vIhCXIIljo9SKb712qo0yyeryeQqp9v5GmnSPT8BAGwm1I+j6zPuDp5Cqn6 oNOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=D0O2al37eMgU1n3AJfxz0Y445ID6HHhh7yqb6/LGYCc=; b=rvCM8hDZ75nEsSIyHvJUto0SsxANsyPfSAyhloXkO6lsPvr0Iqeno4Ka80SgSCM43+ uJM3qusleBFte5dQHwBLsohF/yAv4o/Kowyw6WOGhoZ3lkVbg3B4zsX4EyYes+T5fMWj pr4WHt0hmUIp7wpVAac5j4mWfBTWkvM2wgg2o3N+fwtt5tfM3lOCcDvlHjspNZoTIQ/A wATYY5o1be9zx5k4BmIoxxZ1a4k660+ERDiDegpi5h07lMuSs95m8fsa/v2fHt+l0+pV aAvDYp5r5WRXTlWvOa149AIZyVi8iiLgnBxI56NHZcxFP9zBGGK9qNLffURwVkDJ2KZv sr/w== X-Gm-Message-State: APjAAAUXlM9wgkaCkyMMbo8c1/waTKf1l7Jn48e1mw2nHbDU90q6KqbM wAOvQ6eJZ6qrjdsjuEJIi8J0/6y5voM= X-Google-Smtp-Source: APXvYqzmF6X3rH9NAbm1882cI4gO6cA0J376f6YJ3tJTaEByK5uetthyY5EyItb/A4JMjgz4VW/JNg== X-Received: by 2002:a1c:eb16:: with SMTP id j22mr7675894wmh.140.1562913646058; Thu, 11 Jul 2019 23:40:46 -0700 (PDT) Received: from P-TLS-SASUKE-OLMAI.tagtec.fr (myfox-157-50.fib.nerim.net. [194.79.157.50]) by smtp.gmail.com with ESMTPSA id c3sm7680326wrx.19.2019.07.11.23.40.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 11 Jul 2019 23:40:45 -0700 (PDT) From: Olivier Maignial To: ffmpeg-devel@ffmpeg.org Date: Fri, 12 Jul 2019 08:40:40 +0200 Message-Id: <1562913640-17395-1-git-send-email-olivier.maignial@smile.fr> X-Mailer: git-send-email 2.7.4 Subject: [FFmpeg-devel] [PATCH v6] Fix integer parameters size check in SDP fmtp line X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Olivier Maignial MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" === PROBLEM === I was trying to record h264 + aac streams from an RTSP server to mp4 file. using this command line: ffmpeg -v verbose -y -i "rtsp:///my_resources" -codec copy -bsf:a aac_adtstoasc test.mp4 FFmpeg then fail to record audio and output this logs: [rtsp @ 0xcda1f0] The profile-level-id field size is invalid (40) [rtsp @ 0xcda1f0] Error parsing AU headers ... [rtsp @ 0xcda1f0] Could not find codec parameters for stream 1 (Audio: aac, 48000 Hz, 1 channels): unspecified sample format In SDP provided by my RTSP server I had this fmtp line: a=fmtp:98 streamType=5; profile-level-id=40; mode=AAC-hbr; config=1188; sizeLength=13; indexLength=3; indexDeltaLength=3; In FFmpeg code, I found a check introduced by commit 24130234cd9dd733116d17b724ea4c8e12ce097a. It disallows values greater than 32 for fmtp line parameters. However, In RFC-6416 (RTP Payload Format for MPEG-4 Audio/Visual Streams) give examples of "profile-level-id" values for AAC, up to 55. Furthermore, RFC-4566 (SDP: Session Description Protocol) do not give any limit of size on interger parameters given in fmtp line. === FIX === Instead of prohibit values over 32, I propose to check the possible integer overflow. The use of strtoll allow to check the string validity and the possible overflow. Value is then checked against INT32_MIN and INT32_MAX. Using INT32_MIN/MAX ensure to have the same behavior on 32 or 64 bits platforms. This patch fix my problem and I now can record my RTSP AAC stream to mp4. It has passed the full fate tests suite sucessfully. Signed-off-by: Olivier Maignial --- Changes V6 --> V7: - Use long long int and strtoll. LLONG_MAX is always greather than INT32_MIN while LONG_MAX can be equal to INT32_MAX. It allows to accept full INT32 range. - Avoid to use errno libavformat/rtpdec_mpeg4.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/libavformat/rtpdec_mpeg4.c b/libavformat/rtpdec_mpeg4.c index 4f70599..f1cbedf 100644 --- a/libavformat/rtpdec_mpeg4.c +++ b/libavformat/rtpdec_mpeg4.c @@ -289,15 +289,18 @@ static int parse_fmtp(AVFormatContext *s, for (i = 0; attr_names[i].str; ++i) { if (!av_strcasecmp(attr, attr_names[i].str)) { if (attr_names[i].type == ATTR_NAME_TYPE_INT) { - int val = atoi(value); - if (val > 32) { + char *end_ptr = NULL; + long long int val = strtoll(value, &end_ptr, 10); + if (end_ptr == value || end_ptr[0] != '\0' || + val < INT32_MIN || val > INT32_MAX) { av_log(s, AV_LOG_ERROR, - "The %s field size is invalid (%d)\n", - attr, val); + "The %s field value is not a valid number, or overflows int32: %s\n", + attr, value); return AVERROR_INVALIDDATA; } + *(int *)((char *)data+ - attr_names[i].offset) = val; + attr_names[i].offset) = (int) val; } else if (attr_names[i].type == ATTR_NAME_TYPE_STR) { char *val = av_strdup(value); if (!val)