From patchwork Wed Jul 24 08:20:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Olivier Maignial X-Patchwork-Id: 14051 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 9230F44948B for ; Wed, 24 Jul 2019 11:26:31 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7039B68A641; Wed, 24 Jul 2019 11:26:31 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CE60A689A7A for ; Wed, 24 Jul 2019 11:26:24 +0300 (EEST) Received: by mail-wr1-f66.google.com with SMTP id n9so20863437wrr.4 for ; Wed, 24 Jul 2019 01:26:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile-fr.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=uDxRWxLVCDC8V7hTEA/GvQGzCVfQkNfrQOE/jQJsaqw=; b=kz7RGXKHql74u2VlXZGcMpHjQL1rsyrwn722pu8cxGl9MktQF9Fl1jNjkidg9vwxR3 eMi1PNHywbC6Bqq+tDzmM/xyVSwpnen95H+4O88yyrAxDv4Rph0TLELUqpaehmX8cSD3 x9INNAXS8yq8FKjVWWfGHODXM7zm2Jp0tjJx3scF5b2XNfH8iTSHSO9M7Y6D7BSuSEJD A9fC1nmktXVZAuPR7pZA9EOo9TuRNJqGUDxLyaytDtuZS+RUNNbokkBqx/KZqwxKUmTa JgAsnk/E5OEX0i4SL7tSQyVaLqM4iNJRZpuVmP3V6+wxRk/zKjmlkiwUAvLaHHk4ZGah MO2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=uDxRWxLVCDC8V7hTEA/GvQGzCVfQkNfrQOE/jQJsaqw=; b=iXrZ12f4QuUpJHkioirnNu2/AfdpkRIvAy/fZC/SZp768AS6+TOsuO6fGQvI/suIiH WMaCYagJeyXcVYJ2Uwb1UrLTPbZ5RWphhNr2bzHvQm+0o7vAZBUncuRkyRtoD5IoCzUL QvduSXZV4tpBqEOCTDOabbhRFHLBuAti6unRY6a5SFmXHbWsYWL8GYEuw2kLupBQ/+Cp u7re46mFfp4CwMXsstW9fYq17fsH1AIL9kR7Iy+2Uzl0q44NY05J3FlwJVh6Kdxk7mzg B9Z31JLOM5o8JQJgn/erQAw51CRU8JQ3WRMgwEnXnahc6biiHZUG5ARAcSNeaNasxXd4 iGMw== X-Gm-Message-State: APjAAAVlOaCh7dFhlkZN9Brfn8rF8MgrRM54GBJB5pxjF6z9Mx+FEhZQ a6nmlxoATBn+tQYBhuniGtpVOD/SuyA= X-Google-Smtp-Source: APXvYqyavRnVf49HNGD4IwUgDulES4jh/w0U3NhAYZxrEb97xGdLKfX8bfIHuH5kHOxWgoCk3tXUnQ== X-Received: by 2002:a05:6000:112:: with SMTP id o18mr5089582wrx.153.1563956422760; Wed, 24 Jul 2019 01:20:22 -0700 (PDT) Received: from P-TLS-SASUKE-OLMAI.tagtec.fr (myfox-157-50.fib.nerim.net. [194.79.157.50]) by smtp.gmail.com with ESMTPSA id v124sm48000704wmf.23.2019.07.24.01.20.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 24 Jul 2019 01:20:22 -0700 (PDT) From: Olivier Maignial To: ffmpeg-devel@ffmpeg.org Date: Wed, 24 Jul 2019 10:20:14 +0200 Message-Id: <1563956414-11659-1-git-send-email-olivier.maignial@smile.fr> X-Mailer: git-send-email 2.7.4 Subject: [FFmpeg-devel] [PATCH v8] Fix integer parameters size check in SDP fmtp line X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Olivier Maignial MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" === PROBLEM === I was trying to record h264 + aac streams from an RTSP server to mp4 file. using this command line: ffmpeg -v verbose -y -i "rtsp:///my_resources" -codec copy -bsf:a aac_adtstoasc test.mp4 FFmpeg then fail to record audio and output this logs: [rtsp @ 0xcda1f0] The profile-level-id field size is invalid (40) [rtsp @ 0xcda1f0] Error parsing AU headers ... [rtsp @ 0xcda1f0] Could not find codec parameters for stream 1 (Audio: aac, 48000 Hz, 1 channels): unspecified sample format In SDP provided by my RTSP server I had this fmtp line: a=fmtp:98 streamType=5; profile-level-id=40; mode=AAC-hbr; config=1188; sizeLength=13; indexLength=3; indexDeltaLength=3; In FFmpeg code, I found a check introduced by commit 24130234cd9dd733116d17b724ea4c8e12ce097a. It disallows values greater than 32 for fmtp line parameters. RFC-4566 (SDP: Session Description Protocol) do not give any limit of size on interger parameters given in an fmtp line. However, In RFC-6416 (RTP Payload Format for MPEG-4 Audio/Visual Streams) give examples of "profile-level-id" values for AAC, up to 55. === FIX === As each parameter may have its own min and max values I propose to introduce a range for each parameter. For this patch I used RFC-3640 and ISO/IEC 14496-1 as reference for validity ranges. This patch fix my problem and I now can record my RTSP AAC stream to mp4. It has passed the full fate tests suite sucessfully. Signed-off-by: Olivier Maignial --- Changes v7 --> v8: Indroduced a per parameter validity range libavformat/rtpdec_mpeg4.c | 45 +++++++++++++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 12 deletions(-) diff --git a/libavformat/rtpdec_mpeg4.c b/libavformat/rtpdec_mpeg4.c index 4f70599..08e5b98 100644 --- a/libavformat/rtpdec_mpeg4.c +++ b/libavformat/rtpdec_mpeg4.c @@ -70,6 +70,12 @@ typedef struct AttrNameMap { const char *str; uint16_t type; uint32_t offset; + + /** Range for integer values */ + struct Range { + int min; + int max; + } range; } AttrNameMap; /* All known fmtp parameters and the corresponding RTPAttrTypeEnum */ @@ -77,18 +83,24 @@ typedef struct AttrNameMap { #define ATTR_NAME_TYPE_STR 1 static const AttrNameMap attr_names[] = { { "SizeLength", ATTR_NAME_TYPE_INT, - offsetof(PayloadContext, sizelength) }, + offsetof(PayloadContext, sizelength), + {0, 32} }, // SizeLength number of bits used to encode AU-size integer value { "IndexLength", ATTR_NAME_TYPE_INT, - offsetof(PayloadContext, indexlength) }, + offsetof(PayloadContext, indexlength), + {0, 32} }, // IndexLength number of bits used to encode AU-Index integer value { "IndexDeltaLength", ATTR_NAME_TYPE_INT, - offsetof(PayloadContext, indexdeltalength) }, + offsetof(PayloadContext, indexdeltalength), + {0, 32} }, // IndexDeltaLength number of bits to encode AU-Index-delta integer value { "profile-level-id", ATTR_NAME_TYPE_INT, - offsetof(PayloadContext, profile_level_id) }, + offsetof(PayloadContext, profile_level_id), + {INT32_MIN, INT32_MAX} }, // It differs depending on StreamType { "StreamType", ATTR_NAME_TYPE_INT, - offsetof(PayloadContext, streamtype) }, + offsetof(PayloadContext, streamtype), + {0x00, 0x3F} }, // Values from ISO/IEC 14496-1, 'StreamType Values' table { "mode", ATTR_NAME_TYPE_STR, - offsetof(PayloadContext, mode) }, - { NULL, -1, -1 }, + offsetof(PayloadContext, mode), + {0} }, + { NULL, -1, -1, {0} }, }; static void close_context(PayloadContext *data) @@ -289,15 +301,24 @@ static int parse_fmtp(AVFormatContext *s, for (i = 0; attr_names[i].str; ++i) { if (!av_strcasecmp(attr, attr_names[i].str)) { if (attr_names[i].type == ATTR_NAME_TYPE_INT) { - int val = atoi(value); - if (val > 32) { + char *end_ptr = NULL; + long long int val = strtoll(value, &end_ptr, 10); + if (end_ptr == value || end_ptr[0] != '\0') { av_log(s, AV_LOG_ERROR, - "The %s field size is invalid (%d)\n", - attr, val); + "The %s field value is not a valid number: %s\n", + attr, value); return AVERROR_INVALIDDATA; } + if (val < attr_names[i].range.min || + val > attr_names[i].range.max) { + av_log(s, AV_LOG_ERROR, + "fmtp field %s should be in range [%d,%d] (provided value: %lld)", + attr, attr_names[i].range.min, attr_names[i].range.max, val); + return AVERROR_INVALIDDATA; + } + *(int *)((char *)data+ - attr_names[i].offset) = val; + attr_names[i].offset) = (int) val; } else if (attr_names[i].type == ATTR_NAME_TYPE_STR) { char *val = av_strdup(value); if (!val)