From patchwork Sat Dec 14 22:19:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 16787 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 92684448D61 for ; Sun, 15 Dec 2019 00:25:58 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7FD7268990A; Sun, 15 Dec 2019 00:25:58 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5A114689259 for ; Sun, 15 Dec 2019 00:25:50 +0200 (EET) Received: by mail-wm1-f45.google.com with SMTP id f4so2074613wmj.1 for ; Sat, 14 Dec 2019 14:25:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=h+aajV4LO2IAiu9eHULgG3v+N2FAdNL8wUMdog6BMsA=; b=rIZvi3I+KVBbT8E4/8YBRVH/bJ9gZKw/KN0QrfKI3aSnLIiZsuVUfTLQUw4zlyzbGo a25fk3Tj+4CO6M+plbiFmtj4c8m8Hpa6MuvpwlBX814UgvqCu/saO4OazPIDt1mA+o7C MJjZf6948wCneXbGZuoD1uZCasr0n33JVzKt+69S3oq7VxbNdpdAlZmmvBE82p3cYaje UBm85n9otQXSsHImWei/SvWY+97YnTkjYnmLHWTQ/ac5LnFMUYyoy6IWyjxIfD3veNCr JblBTiDQlMSDHHdFq7WCVbiRQwG0P5TYZsTFc51dbDeYRW1wbetV4ohf/47xfojdCYU5 je+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=h+aajV4LO2IAiu9eHULgG3v+N2FAdNL8wUMdog6BMsA=; b=ZK0+xTh1HdIvxabTDvBdaXE/LEaiwg6bgAgbbikoNGAGyEU9Rb12OfIrkdR6AQv/tU /RJaN5KPgfnbY83j0WQP7JNiuavjHPs0ALUSnXXikvoTG5nH6iKtHN3Ma90D/7z2aD/b 8CL80uYpyyUy2vIkIaDG+E7XSMYcpnADCUY/uCfACi6gdPSj+MH3VhPiR/qAp5y58Oox dThopPQhi2Dcg4OjDDQt0r+3O1K0OqrkeXI9+IU7Xe/SUMQEgXMaFzKKkWS3E8dPF8LP rRQ3l3ZC6fT/tKMmhaEF5S46etQuGaDwaH+AH075WBsY3wbzUQ3HpLt2JsgoMjAfuKof 8Q+g== X-Gm-Message-State: APjAAAV/Y32SOUVrIaE8ysvzO+zATi8KIZOB2T56MR2uv4c8SI6McmYe OM0vmRMrJcWFvkCkBd9QEbFWYlAe X-Google-Smtp-Source: APXvYqzf1BpbFBSiL5+/ojbp8TzgN+dtEyB6ATuJneJvY/rjZqHGGSfYq+7BR+603GBTg9oQnKvaNw== X-Received: by 2002:a7b:c934:: with SMTP id h20mr21236869wml.103.1576362349432; Sat, 14 Dec 2019 14:25:49 -0800 (PST) Received: from sblaptop.fritz.box (ipbcc08e23.dynamic.kabel-deutschland.de. [188.192.142.35]) by smtp.gmail.com with ESMTPSA id v3sm15063771wml.47.2019.12.14.14.25.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Dec 2019 14:25:49 -0800 (PST) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 14 Dec 2019 23:19:18 +0100 Message-Id: <20191214221926.16074-6-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191214221926.16074-1-andreas.rheinhardt@gmail.com> References: <20191214221926.16074-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v2 06/14] h264_mp4toannexb: Don't forget numOfPictureParameterSets X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The format of an AVCDecoderConfigurationRecord, the out-of-band extradata of H.264 in mp4, is as follows: First four bytes containing version, profile and level, one byte for the length size and one byte each for the number of SPS, followed by the SPS (each with its own size field), followed by a byte containing the number of PPS followed by the PPS with their size fields. While the number of SPS/PPS may be zero, the bytes containing these numbers are mandatory. Yet the byte containing the number of PPS has been ignored in two places: 1. In the initial check for whether the extradata can contain an AVCDecoderConfigurationRecord. The minimum size is 7, not 6. 2. No check is made for whether the extradata ended right after the last byte of the last SPS of the SPS array. Instead the first byte of the padding is read as if it were part of the extradata and contained the number of PPS (namely zero, given that the padding is zeroed). No error or warning was ever raised. This has been changed. Such truncated extradata is now considered invalid; the check for 2. has been incorporated into the general size check. Signed-off-by: Andreas Rheinhardt --- libavcodec/h264_mp4toannexb_bsf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/h264_mp4toannexb_bsf.c b/libavcodec/h264_mp4toannexb_bsf.c index f809c6b3ad..cd6d73d118 100644 --- a/libavcodec/h264_mp4toannexb_bsf.c +++ b/libavcodec/h264_mp4toannexb_bsf.c @@ -102,8 +102,8 @@ static int h264_extradata_to_annexb(AVBSFContext *ctx, const int padding) unit_size = bytestream2_get_be16u(gb); total_size += unit_size + 4; av_assert1(total_size <= INT_MAX - padding); - if (bytestream2_get_bytes_left(gb) < unit_size) { - av_log(ctx, AV_LOG_ERROR, "Packet header is not contained in global extradata, " + if (bytestream2_get_bytes_left(gb) < unit_size + !sps_done) { + av_log(ctx, AV_LOG_ERROR, "Global extradata truncated, " "corrupted stream or invalid MP4/AVCC bitstream\n"); av_free(out); return AVERROR_INVALIDDATA; @@ -154,7 +154,7 @@ static int h264_mp4toannexb_init(AVBSFContext *ctx) (extra_size >= 4 && AV_RB32(ctx->par_in->extradata) == 1)) { av_log(ctx, AV_LOG_VERBOSE, "The input looks like it is Annex B already\n"); - } else if (extra_size >= 6) { + } else if (extra_size >= 7) { ret = h264_extradata_to_annexb(ctx, AV_INPUT_BUFFER_PADDING_SIZE); if (ret < 0) return ret;