diff mbox series

[FFmpeg-devel,5/5,v2] avcodec/ac3_parser: improve false positive detection when parsing sync frames

Message ID 20221022210226.2200-5-jamrial@gmail.com
State Accepted
Commit 4c35bb53f94e4de88a0919346f24d34f8387771c
Headers show
Series [FFmpeg-devel,1/5,v2] avcodec/ac3dec: split off code discarding garbage at the beginning of a packet | expand

Checks

Context Check Description
andriy/commit_msg_x86 warning Please wrap lines in the body of the commit message between 60 and 72 characters.
yinshiyou/commit_msg_loongarch64 warning Please wrap lines in the body of the commit message between 60 and 72 characters.
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 fail Make fate failed
andriy/make_x86 success Make finished
andriy/make_fate_x86 fail Make fate failed

Commit Message

James Almer Oct. 22, 2022, 9:02 p.m. UTC 
A two byte sync word is not enough to ensure we got a real syncframe, nor are
all the range checks we do in the first seven bytes. Do therefore an integrity
check for the sync frame in order to prevent the parser from filling avctx with
bogus information.

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavcodec/aac_ac3_parser.c | 4 ++++
 libavcodec/aac_ac3_parser.h | 2 ++
 libavcodec/ac3_parser.c     | 1 +
 3 files changed, 7 insertions(+)
diff mbox series

Patch

diff --git a/libavcodec/aac_ac3_parser.c b/libavcodec/aac_ac3_parser.c
index e89b12baf9..2b0ee61b6d 100644
--- a/libavcodec/aac_ac3_parser.c
+++ b/libavcodec/aac_ac3_parser.c
@@ -113,6 +113,10 @@  get_next:
                     buf_size -= hdr.frame_size;
                     continue;
                 }
+                /* Check for false positives since the syncword is not enough.
+                   See section 6.1.2 of A/52. */
+                if (av_crc(s->crc_ctx, 0, buf + 2, hdr.frame_size - 2))
+                    return i;
                 break;
             }
 
diff --git a/libavcodec/aac_ac3_parser.h b/libavcodec/aac_ac3_parser.h
index 560bba54f5..bc16181a19 100644
--- a/libavcodec/aac_ac3_parser.h
+++ b/libavcodec/aac_ac3_parser.h
@@ -24,6 +24,7 @@ 
 #define AVCODEC_AAC_AC3_PARSER_H
 
 #include <stdint.h>
+#include "libavutil/crc.h"
 #include "avcodec.h"
 #include "parser.h"
 
@@ -42,6 +43,7 @@  typedef struct AACAC3ParseContext {
     int header_size;
     int (*sync)(uint64_t state, int *need_next_header, int *new_frame_start);
 
+    const AVCRC *crc_ctx;
     int remaining_size;
     uint64_t state;
 
diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c
index 8885e1c72e..13b8d3b7d8 100644
--- a/libavcodec/ac3_parser.c
+++ b/libavcodec/ac3_parser.c
@@ -246,6 +246,7 @@  static av_cold int ac3_parse_init(AVCodecParserContext *s1)
 {
     AACAC3ParseContext *s = s1->priv_data;
     s->header_size = AC3_HEADER_SIZE;
+    s->crc_ctx = av_crc_get_table(AV_CRC_16_ANSI);
     s->sync = ac3_sync;
     return 0;
 }