From patchwork Wed Jul 24 17:15:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 14059 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 7B8C7448079 for ; Wed, 24 Jul 2019 20:24:54 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5E0C66898AC; Wed, 24 Jul 2019 20:24:54 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1C40F689B32 for ; Wed, 24 Jul 2019 20:24:47 +0300 (EEST) Received: by mail-wr1-f67.google.com with SMTP id n9so47937866wru.0 for ; Wed, 24 Jul 2019 10:24:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=iDAVpt+HXATi0yn9JTsWP6CMIGbp8SzE6UeSl6/J15w=; b=lUJQbEC0r0MhVPrWLbvY9n1D7BxX+W9LjEg9/yLulN2JtirOAqI05rvg9ViP5SYK8H 53Pf/0V2Lixo28TBup2EBL+7OFzN/P/1dnLf9xwvQCQYM20vBwuKZpHu/fzJypa0/M+J x8YMsuldYVxMQ+DoMCy+nYHht7EGicMGUjFpUc50Ofdwooy+tLtB5WaNUr1mEHS8P4Db zWCviJhBmboSFN3CgEs6uk3ylDRbGnRf9V2cqyOGtF3ciqujLIPa2HKIwtuUn6krSc9s iUcmC2K2aS9DZceKdYHdlW0WcsevlM7IP4TQAeTl+SPMVSazhAk+xZ3QHjHvjsL+ULT4 puew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=iDAVpt+HXATi0yn9JTsWP6CMIGbp8SzE6UeSl6/J15w=; b=Lo0T6kA+F8tWcoiH2/6x6gfAj2VnRWUkHQfZHF2/nDWnEedoSIu200xA+F312WS05Q QBJXBGLdwrYOomJS60P5dUBdPXzBgifbLjZgnnAQIQggI/f9gCuuPFjQNz2rd77PY0JM lrpbuFVrlR2V3D4BknG7ET+tSy6MJ3onolqYUAr6MFnbju2BvNK8nMUsWIzgVe4ygC5B JffvMqwqKX7XhEhz+dU8p2ogktF5aa21TOUX/9WEsfYEJ1jE1mkri0i3kGdS+6tr35bg UV0kKE6OguolTz5K78QMAvznTgYTQHHqUkryouz8xmO1QonkT0/DEhAeVUFNc1OkXZ7g Z+KQ== X-Gm-Message-State: APjAAAVN4xaXfa8OQiM/cVdybOhCAR+zgkec4CO65D263tSbjIKO5YWI 8rlAIgeZfT2TzpRudQr9eFJQplg/ X-Google-Smtp-Source: APXvYqyQVAh1uG8BzwSNV0EFcJzfZ9rc454PKTjVIU/y2fcyEeUQaguN8aNNGq5ZzYp9MGq1dE4XWw== X-Received: by 2002:adf:ed11:: with SMTP id a17mr1231750wro.112.1563989086437; Wed, 24 Jul 2019 10:24:46 -0700 (PDT) Received: from localhost.localdomain (ipbcc08b8f.dynamic.kabel-deutschland.de. [188.192.139.143]) by smtp.gmail.com with ESMTPSA id l8sm82829930wrg.40.2019.07.24.10.24.45 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 24 Jul 2019 10:24:46 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 24 Jul 2019 19:15:55 +0200 Message-Id: <20190724171557.10037-3-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190724171557.10037-1-andreas.rheinhardt@gmail.com> References: <20190724074358.GU3219@michaelspb> <20190724171557.10037-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 4/6] h264_mp4toannexb_bsf: Don't forget numOfPictureParameterSets X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The format of an AVCDecoderConfigurationRecord, the out-of-band extradata of H.264 in mp4, is as follows: First four bytes containing version, profile and level, one byte for the length size and one byte each for the number of SPS, followed by the SPS (each with its own size field), followed by a byte containing the number of PPS followed by the PPS with their size fields. While the number of SPS/PPS may be zero, the bytes containing these numbers are mandatory. Yet the byte containing the number of PPS has been ignored in two places: 1. In the initial check for whether the extradata can contain an AVCDecoderConfigurationRecord. The minimum size is 7, not 6. 2. No check is made for whether the extradata ended right after the last byte of the last SPS of the SPS array. Instead the first byte of the padding is read as if it were part of the extradata and contained the number of PPS (namely zero, given that the padding is zeroed). No error or warning was ever raised. This has been changed. Such truncated extradata is now considered invalid; the check for 2. has been incorporated into the general size check. Signed-off-by: Andreas Rheinhardt --- libavcodec/h264_mp4toannexb_bsf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/h264_mp4toannexb_bsf.c b/libavcodec/h264_mp4toannexb_bsf.c index aa5ca8d102..0f46ad907c 100644 --- a/libavcodec/h264_mp4toannexb_bsf.c +++ b/libavcodec/h264_mp4toannexb_bsf.c @@ -95,8 +95,8 @@ static int h264_extradata_to_annexb(AVBSFContext *ctx, const int padding) extradata += 2; total_size += unit_size + 4; av_assert1(total_size <= INT_MAX - padding); - if (extradata_end - extradata < unit_size) { - av_log(ctx, AV_LOG_ERROR, "Packet header is not contained in global extradata, " + if (extradata_end - extradata < unit_size + !sps_done) { + av_log(ctx, AV_LOG_ERROR, "Global extradata truncated, " "corrupted stream or invalid MP4/AVCC bitstream\n"); av_free(out); return AVERROR(EINVAL); @@ -148,7 +148,7 @@ static int h264_mp4toannexb_init(AVBSFContext *ctx) (extra_size >= 4 && AV_RB32(ctx->par_in->extradata) == 1)) { av_log(ctx, AV_LOG_VERBOSE, "The input looks like it is Annex B already\n"); - } else if (extra_size >= 6) { + } else if (extra_size >= 7) { ret = h264_extradata_to_annexb(ctx, AV_INPUT_BUFFER_PADDING_SIZE); if (ret < 0) return ret;