From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id A4B0743BDC for ; Fri, 21 Oct 2022 12:56:48 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0C0FF68BE8C; Fri, 21 Oct 2022 15:56:41 +0300 (EEST) Received: from mail-ot1-f53.google.com (mail-ot1-f53.google.com [209.85.210.53]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 32A1F68BE85 for ; Fri, 21 Oct 2022 15:56:34 +0300 (EEST) Received: by mail-ot1-f53.google.com with SMTP id f4-20020a9d0384000000b0066208c73094so1789001otf.0 for ; Fri, 21 Oct 2022 05:56:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LRLXINPhxKQ6hSCUzDmEgMI7uId5Jk5vZRi6M3ePxaM=; b=N9V433UHCHKBuutA4Je4qGtA6L3Qqth96FQlvamFYJl0MwJPNkKTy8Jhsb+prfd5Us xflYQSbORsD5pD9hG3A7Eq+7DWdnnLLFq4Wb90IUMFKmLgkbicLxNRw/HxU6xOmBfQml qr+V8WsicxlS6gn1hwSeAJJNmwvePGuQOrOOqd+XJOo//V+Cuxc3n815wSn3vh9HH954 Jisvyi950q9LhcZks5JO+oXk5JqNHIOcg/fyo3Pk1QNK8uitokzCkELciOolANnWuEPD 608nXqn4SC519MrVR7Oy2WdVb24fmtCNMcxsMcHGSEkEYLopj9mWqgUyYojfxK5iNTCx CUiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LRLXINPhxKQ6hSCUzDmEgMI7uId5Jk5vZRi6M3ePxaM=; b=4ehLkleomTj3AL4Fx7tEaqs/ZH2r4QfClddBtd6ngFp7rYbRQyQB4lhMigXRPRfqSb 0QOPK8nEEY5YLpsdwmkl9KVZkMq7T02DJNAKnPSXCCZuYEYbprziH+HylnhJMkiIdKvc AxaQvuDwuJKmlVmZWgOEIgZlGj3GRwu76X65b9P2fp7+l8T3BvayZQ5+iHRT5l2eEUeT 48dkgDv340J8/heUqnU8hhFOz1bDmI1fO+BJuTMDCra+DLcK5AjcdFgBsZrpXbj3MxFh cC2lZZbzZmYJih3qDOFhfL5ey7uqiS7rsYzTGpGI2ZJ2Psikrk+8b0PhWICaLqebAsDb ClNQ== X-Gm-Message-State: ACrzQf0gd9P9baGNCLK5r+i1XBYl4C+71zcOwh6uo46M6v4xthBYnM9P egPBLLquBii3GbJGW4fL291IXwPvUFg= X-Google-Smtp-Source: AMsMyM63RAovvUFv+4BCtvKjS7p6aPCjuVAoMhemTuRRBR0WhHjFQnvxN+yrcVhuLXk615Bs4xuhwg== X-Received: by 2002:a9d:4798:0:b0:661:bdda:d2b2 with SMTP id b24-20020a9d4798000000b00661bddad2b2mr9608432otf.310.1666356992551; Fri, 21 Oct 2022 05:56:32 -0700 (PDT) Received: from localhost.localdomain ([191.97.187.183]) by smtp.gmail.com with ESMTPSA id s17-20020a4ac811000000b00480dccc0c2asm3735994ooq.14.2022.10.21.05.56.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Oct 2022 05:56:32 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Fri, 21 Oct 2022 09:56:04 -0300 Message-Id: <20221021125604.1107-2-jamrial@gmail.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221021125604.1107-1-jamrial@gmail.com> References: <20221021125604.1107-1-jamrial@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/2] avcodec/ac3_parser: improve false positive detection when parsing sync frames X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: A two byte sync word is not enough to ensure we got a real syncframe, nor are all the range checks we do in the first seven bytes. Do therefore an integrity check for the sync frame in order to prevent the parser from filling avctx with bogus information. Signed-off-by: James Almer --- libavcodec/aac_ac3_parser.c | 38 +++++++++++++++++++++++++++++++++---- libavcodec/aac_ac3_parser.h | 2 ++ libavcodec/ac3_parser.c | 1 + 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/libavcodec/aac_ac3_parser.c b/libavcodec/aac_ac3_parser.c index b14b1e31f9..1279db6e05 100644 --- a/libavcodec/aac_ac3_parser.c +++ b/libavcodec/aac_ac3_parser.c @@ -24,8 +24,11 @@ #include "libavutil/channel_layout.h" #include "libavutil/common.h" +#include "libavutil/intreadwrite.h" #include "parser.h" #include "aac_ac3_parser.h" +#include "ac3_parser.h" +#include "ac3_parser_internal.h" int ff_aac_ac3_parse(AVCodecParserContext *s1, AVCodecContext *avctx, @@ -79,10 +82,6 @@ get_next: *poutbuf = buf; *poutbuf_size = buf_size; - /* update codec info */ - if(s->codec_id) - avctx->codec_id = s->codec_id; - if (got_frame) { /* Due to backwards compatible HE-AAC the sample rate, channel count, and total number of samples found in an AAC ADTS header are not @@ -90,6 +89,34 @@ get_next: duration in seconds is still correct (as is the number of bits in the frame). */ if (avctx->codec_id != AV_CODEC_ID_AAC) { + int offset = ff_ac3_find_syncword(buf, buf_size); + + if (offset < 0) + return i; + + buf += offset; + buf_size -= offset; + while (buf_size > 0) { + uint16_t frame_size; + uint8_t bsid; + int ret = av_ac3_parse_header(buf, buf_size, &bsid, &frame_size); + + if (ret < 0 || frame_size > buf_size) + return i; + + /* Check for false positives since the syncword is not enough, + and only for the last syncframe in the buffer, as that was + used to fill AACAC3ParseContext. See section 6.1.2 of A/52. */ + if (buf_size > frame_size) { + buf += frame_size; + buf_size -= frame_size; + continue; + } + if (av_crc(s->crc_ctx, 0, buf + 2, frame_size - 4) != AV_RL16(buf + frame_size - 2)) + return i; + break; + } + avctx->sample_rate = s->sample_rate; if (!CONFIG_EAC3_DECODER || avctx->codec_id != AV_CODEC_ID_EAC3) { av_channel_layout_uninit(&avctx->ch_layout); @@ -110,6 +137,9 @@ FF_ENABLE_DEPRECATION_WARNINGS avctx->audio_service_type = s->service_type; } + if(s->codec_id) + avctx->codec_id = s->codec_id; + /* Calculate the average bit rate */ s->frame_number++; if (!CONFIG_EAC3_DECODER || avctx->codec_id != AV_CODEC_ID_EAC3) { diff --git a/libavcodec/aac_ac3_parser.h b/libavcodec/aac_ac3_parser.h index 8b93cbf84f..9d56606f2e 100644 --- a/libavcodec/aac_ac3_parser.h +++ b/libavcodec/aac_ac3_parser.h @@ -24,6 +24,7 @@ #define AVCODEC_AAC_AC3_PARSER_H #include +#include "libavutil/crc.h" #include "avcodec.h" #include "parser.h" @@ -44,6 +45,7 @@ typedef struct AACAC3ParseContext { int (*sync)(uint64_t state, struct AACAC3ParseContext *hdr_info, int *need_next_header, int *new_frame_start); + const AVCRC *crc_ctx; int channels; int sample_rate; int bit_rate; diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c index 425e1b4742..ecbc63ce9a 100644 --- a/libavcodec/ac3_parser.c +++ b/libavcodec/ac3_parser.c @@ -260,6 +260,7 @@ static av_cold int ac3_parse_init(AVCodecParserContext *s1) { AACAC3ParseContext *s = s1->priv_data; s->header_size = AC3_HEADER_SIZE; + s->crc_ctx = av_crc_get_table(AV_CRC_16_ANSI); s->sync = ac3_sync; return 0; } -- 2.37.3 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".