From patchwork Tue Oct 20 11:03:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 23111 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 2950944A5AB for ; Tue, 20 Oct 2020 14:03:48 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E4C4568B9F5; Tue, 20 Oct 2020 14:03:47 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 33ADA68B9DA for ; Tue, 20 Oct 2020 14:03:42 +0300 (EEST) Received: by mail-wm1-f68.google.com with SMTP id q5so1387476wmq.0 for ; Tue, 20 Oct 2020 04:03:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=wX6QVn0YTvZ7N1LqHt7ZGEc5KvDpXo2CuDFQVo0w4dQ=; b=Hpr02adla1JeQUAAF2Ur5RWWwyiTpnqvr67Z3kPVpiM/bX8tMKSgw37/RfjO7fD2rs ViRF1/DdICK+SO1LMEbGnsJded0MT3OzB+qYPtGgH10nsi2f5nXt1gV6C7/yAs9bl9GF zMmxRZn9oAPa6a7vdmxnBMTc3b5m/r/hRVkTrMMFLJPWFD4ZB4jCPtTaM3/TycbgFl7/ a8pCJEoTYbnusXMSs+bhi8PJmehHPBBxvWHbdkpdj3g3vLFNeazC1+xHJvs1PCI+JJZN X4xCtxGIMnwABDipLy9jG2Yle5nJU+hv89TkEfg8m4fDlEzdR8B3uJwcZAW+NMnLF10g P6aA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=wX6QVn0YTvZ7N1LqHt7ZGEc5KvDpXo2CuDFQVo0w4dQ=; b=K69q2cspK1iUemxR/FwVjVEyxKtmw0kYe/5jA7jgTOucqoW7qu0INqoQ67LGafTT0s 4b14khUQ49dzVQiD5rL47viyMBSc0VI/a7JGzqYqPGAvkUlkHhM1DdSOGY/wnPgT8AB9 XohkmY5hitg/swXguY/pqr+O7phk9LmxsfpnNHiyK75eLEXEBeDVF7WSrMBjRnE3+NJ/ nnHKx+FVV6m7mql1VH+B7I960itJBxbD8VXBYDbGOMvyxvYVk2oFOQiXLUPbiprLu8hE XUnVCa90hUQAd6Ko1iU91bPNWmls/jUQ/dHxgDs/IxhcjogqTrQDf86/H2kTGsuFTYsI uhHg== X-Gm-Message-State: AOAM533UP4jq9dL3RiB/NZQKE0vzY8OuS1JXBo2uozgDADsIBtMfHzgG 9EvdnyVU6qhW5WxoPEJ75veKvK/kZt0= X-Google-Smtp-Source: ABdhPJzSWOWrJMt0UwJgjxhUGmsroLqGpDsIrzORkyfWE79RINEO/HQ9xWcjarP3BFlhrpMq3+5FOg== X-Received: by 2002:a1c:a509:: with SMTP id o9mr1897494wme.33.1603191821244; Tue, 20 Oct 2020 04:03:41 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1aa4b.dynamic.kabel-deutschland.de. [188.193.170.75]) by smtp.gmail.com with ESMTPSA id c18sm2413075wrq.5.2020.10.20.04.03.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Oct 2020 04:03:40 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Tue, 20 Oct 2020 13:03:31 +0200 Message-Id: <20201020110334.197116-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 1/4] avformat/hlsenc: Fix extradata length check X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Commit a2b1dd0ce301450a47c972745a6b33c4c273aa5d added support for parsing annex B HEVC extradata to extract profile and level information. Yet it only checks for there to be enough data left for the startcode and the first byte of the NAL unit header and not for the full NAL unit header; it simply presumes the second byte of the NAL unit header to be present and skips it. Then the remaining size of the extradata is calculated which ends up negative if the second byte of the NAL unit header is not present. Yet when calling ff_nal_unit_extract_rbsp() it will be converted to an uint32_t and end up as UINT32_MAX which will cause mayhem. This is solved by making sure that there is always enough remaining extradata that could (pending 0x03 escapes) contain the data that we are interested in. Signed-off-by: Andreas Rheinhardt --- libavformat/hlsenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c index 8e4cc36d50..49c4ab5966 100644 --- a/libavformat/hlsenc.c +++ b/libavformat/hlsenc.c @@ -349,7 +349,7 @@ static void write_codec_attr(AVStream *st, VariantStream *vs) level = st->codecpar->level; /* check the boundary of data which from current position is small than extradata_size */ - while (data && (data - st->codecpar->extradata + 5) < st->codecpar->extradata_size) { + while (data && (data - st->codecpar->extradata + 19) < st->codecpar->extradata_size) { /* get HEVC SPS NAL and seek to profile_tier_level */ if (!(data[0] | data[1] | data[2]) && data[3] == 1 && ((data[4] & 0x42) == 0x42)) { int remain_size = 0;