From patchwork Sat Oct 22 21:02:26 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Almer <jamrial@gmail.com>
X-Patchwork-Id: 38917
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:4a86:b0:9d:28a3:170e with SMTP id fn6csp1439313pzb;
        Sat, 22 Oct 2022 14:04:11 -0700 (PDT)
X-Google-Smtp-Source: 
 AMsMyM4IJZtOwzfHHAAdSNEhdu7p6Ps2uk+LQLKq6y8S17ZJ4AK2b2Q8f8LXtCO7Cx9hU2+DRenO
X-Received: by 2002:a05:6402:3551:b0:45d:a52f:2d77 with SMTP id
 f17-20020a056402355100b0045da52f2d77mr24440826edd.67.1666472651538;
        Sat, 22 Oct 2022 14:04:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1666472651; cv=none;
        d=google.com; s=arc-20160816;
        b=HmM6ze71mFg2khqrLTeMMB30JlX6Zdi2c+/6BFlQXiCRgZQuMd3TB7v4Y1BnwQt96y
         UdoQ2eDDwfkOkvbWfz/PALE2kPYfo8my4iD0YVSmukMRzZtUKlGhQBpy2xzmGl203hGL
         WtdmDqpOGyQuuvlgt0AlOLCeNKL2APnVaDdU/sBalzs3GhoGHv9ykfPRJVpXlobEdnJf
         a8/3uiHjdQlU50gbJopBWQePYf1eJWFeScLkLIEOca6KcTqgLr4VQC5+8R0p67E7bQBe
         F9Nb/4Y+JUjGNNIbQrfx9QLkm6m77KU9XGnk0EpOB3uK64eYMA35PhEcFSUUDtNyhBV3
         Wffw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=Ypd47o2IeZRgyTY8fpvPNAFIS02Ykv5uENOMPsQae14=;
        b=R5grZT1+607RnQXMlDQ4L0GRFpn61zNxYuQ+FBIk/Qh25iGQvHs5atiyBXXJR2yrQi
         nYuTADR5E/B7/DJJ294dRin74zrTcT406QSpPXdq7j7JaiNAOQR+krrarFNazjdzLzb5
         b9mraOUsBe10Z3QuTz+mVeNXI4ogfGshscAmA4vzoSkBnKvmod6kRiR46VqGu8Y5ccfm
         kN6MQgmjxYUY/p/O8E++KOGVd9D99UDGYLM8BcxwpWrx/qCD/RpwACLPydaQnSqF0iPv
         9ULq9YgRFBR0i223lNRu13qWuEyUdpMiFWlqpyOO5jPv+qDyv9WEKM4hLY64bModjlLd
         61qQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20210112 header.b=JvRubsU7;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 xc9-20020a170907074900b00730aa841c5bsi23322599ejb.964.2022.10.22.14.04.11;
        Sat, 22 Oct 2022 14:04:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20210112 header.b=JvRubsU7;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id ECA8968BD7D;
	Sun, 23 Oct 2022 00:03:34 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-ot1-f54.google.com (mail-ot1-f54.google.com
 [209.85.210.54])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 28FFD68BD64
 for <ffmpeg-devel@ffmpeg.org>; Sun, 23 Oct 2022 00:03:27 +0300 (EEST)
Received: by mail-ot1-f54.google.com with SMTP id
 d18-20020a05683025d200b00661c6f1b6a4so3867962otu.1
 for <ffmpeg-devel@ffmpeg.org>; Sat, 22 Oct 2022 14:03:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=JJVvoVydZE4O8idKBd24jrjHrRDFfOoh0t93s0/0Npo=;
 b=JvRubsU7ot51AD+ZbMnIVtPF8XCL74/sYNCjZTwAjfhaYULznKCY5Jk0mVx0rkuBMn
 GoDVEhA/K2oa5G0Kie93lFPJNUZlb+U3fRm3WDrgJgVPXx6NRoH53H85yZjceBec5WJ4
 ZaKkbgzo+RW8RzzE6/fp4eZGzcG0jH6Z8VHXZ7YVNS9SjWXFKcShRduNTOCKeKb4V5Ci
 7WLoqi97X/2JLnK5z5uPC6DP3n4RsipJXLi/p5QvcJrwiwa5MkDDmY3rtO9NLx45760Z
 zz/P+yZy+fPrW7DLu6YCwyjLGEtMA6groGZ/bGDI0lX4wxqT3mKOkJhKhqyCM50MnF7F
 b6ZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=JJVvoVydZE4O8idKBd24jrjHrRDFfOoh0t93s0/0Npo=;
 b=Uc5Uqm4vANS0gbw0ZqCoQn55EXXR7zev/GaBBcnTcrSwPo64xo/KbnJKIEjumeG8DR
 4qw7L3crFKa8Fq7Jd35OkhQLHBhvaPT2OggpobR7sNghlEjsJQmPwGUbVo/afkFGx28j
 SeeMX1QoNMR9OuCP1Z9EULeatkaNlp3gJUQ0xn4RJXJvXkFUZnxZahDpZrAAoiedsVI8
 EV6IjJ1kd1sQTnEfORFEvDBN1P7IHL0CVgmCIApUJ66v+FjqolavNX5eopY7L23ZfhLw
 Wfpqg+17fR+Q2Q3trBK1sWflqFa47SGLG27hOO2V5Dt1jzIf0j2ZC+EP0+W+9JZIAm93
 LnuA==
X-Gm-Message-State: ACrzQf3PhXxqV0khi1eyC96VY57BohE+MAuhMGXMaJmP7yskS9rK0DET
 C6oWu8N1aNWXfn/QLIDd78XsPdLoN8c=
X-Received: by 2002:a9d:4d19:0:b0:661:bcef:4683 with SMTP id
 n25-20020a9d4d19000000b00661bcef4683mr13056866otf.37.1666472605466;
 Sat, 22 Oct 2022 14:03:25 -0700 (PDT)
Received: from localhost.localdomain ([191.97.187.183])
 by smtp.gmail.com with ESMTPSA id
 q9-20020a05683033c900b006622d085a7fsm1850663ott.50.2022.10.22.14.03.24
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Oct 2022 14:03:25 -0700 (PDT)
From: James Almer <jamrial@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Sat, 22 Oct 2022 18:02:26 -0300
Message-Id: <20221022210226.2200-5-jamrial@gmail.com>
X-Mailer: git-send-email 2.37.3
In-Reply-To: <20221022210226.2200-1-jamrial@gmail.com>
References: <20221022210226.2200-1-jamrial@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 5/5 v2] avcodec/ac3_parser: improve false
 positive detection when parsing sync frames
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: 1eBpFkBd1a85

A two byte sync word is not enough to ensure we got a real syncframe, nor are
all the range checks we do in the first seven bytes. Do therefore an integrity
check for the sync frame in order to prevent the parser from filling avctx with
bogus information.

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavcodec/aac_ac3_parser.c | 4 ++++
 libavcodec/aac_ac3_parser.h | 2 ++
 libavcodec/ac3_parser.c     | 1 +
 3 files changed, 7 insertions(+)

diff --git a/libavcodec/aac_ac3_parser.c b/libavcodec/aac_ac3_parser.c
index e89b12baf9..2b0ee61b6d 100644
--- a/libavcodec/aac_ac3_parser.c
+++ b/libavcodec/aac_ac3_parser.c
@@ -113,6 +113,10 @@ get_next:
                     buf_size -= hdr.frame_size;
                     continue;
                 }
+                /* Check for false positives since the syncword is not enough.
+                   See section 6.1.2 of A/52. */
+                if (av_crc(s->crc_ctx, 0, buf + 2, hdr.frame_size - 2))
+                    return i;
                 break;
             }
 
diff --git a/libavcodec/aac_ac3_parser.h b/libavcodec/aac_ac3_parser.h
index 560bba54f5..bc16181a19 100644
--- a/libavcodec/aac_ac3_parser.h
+++ b/libavcodec/aac_ac3_parser.h
@@ -24,6 +24,7 @@
 #define AVCODEC_AAC_AC3_PARSER_H
 
 #include <stdint.h>
+#include "libavutil/crc.h"
 #include "avcodec.h"
 #include "parser.h"
 
@@ -42,6 +43,7 @@ typedef struct AACAC3ParseContext {
     int header_size;
     int (*sync)(uint64_t state, int *need_next_header, int *new_frame_start);
 
+    const AVCRC *crc_ctx;
     int remaining_size;
     uint64_t state;
 
diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c
index 8885e1c72e..13b8d3b7d8 100644
--- a/libavcodec/ac3_parser.c
+++ b/libavcodec/ac3_parser.c
@@ -246,6 +246,7 @@ static av_cold int ac3_parse_init(AVCodecParserContext *s1)
 {
     AACAC3ParseContext *s = s1->priv_data;
     s->header_size = AC3_HEADER_SIZE;
+    s->crc_ctx = av_crc_get_table(AV_CRC_16_ANSI);
     s->sync = ac3_sync;
     return 0;
 }