From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id B43A842BE1 for ; Sat, 30 Apr 2022 20:45:19 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0452468B252; Sat, 30 Apr 2022 23:45:17 +0300 (EEST) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-oln040092073083.outbound.protection.outlook.com [40.92.73.83]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6A73A68A466 for ; Sat, 30 Apr 2022 23:45:10 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V9X3PaZFoc3upPGRJe+s0CjZqytO9kANU748hu92YmgJQIJ0NcvwsBdQfKV/VhurTTwKQmd1untoq0CNgiA8cZWPIK41YEJ5xv2QR4jtBYPGrQhmDFwsHviPAN1NERfBUUN8K4LC5+l3+y5WVhw6vfOoydq33zVRHjdtZ8IZOyMCU0srod9DKPVoZXUBtnc9b0jlkMqlQUxrBGwn+Rl0aG8BpUj4tFzeqHOMvh/s502dtTqz8myy7TlHFMpVW7wvN9UluvRwds+cw1kSO2Bc9WwfqmQas+Sk7NuvjnZRONGNM1yLn/KouytukICTKhkKjKbfIlbAJ4IyXqD2CDgfOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=u4Jp/waF/v5OZxd6RiZt/pIlmnPTB4F9jslHsd97pBs=; b=fqpUpT/NfzbE9B/geZQeawzJTmCccU4xEflPA1pExos99GX8bOpx+Eimw5Qcr3Pb8Ywrsz1qyk57DlqeJA2MDvbEhmuADIjDvHSX2QzZK0j3+gpMaCzJ7UsQ+PLNCPvZp7M7VkDZgBLwt2VfSkgYCcrN2ezM4Rh/8gwNj8W/8SQwrqmYpnOOCGQuYI08ssJIld1ZIXyPCr7qu3KcgWrTWCS6H2QcqSYMX1mhrOSQjnLAeQjULvW5rWzSbfqdUhsGClCUQjGHve9ChIbrpsCt/j0H8U7RdCHdY5Ckzy3XaxAKz68ZyP0On0SO3H9bycLuSFeDsTOAwvcJ4mw1OhYYbA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u4Jp/waF/v5OZxd6RiZt/pIlmnPTB4F9jslHsd97pBs=; b=R6QlGpZ9plnWx7YlMrH6kkVrz4ASSO6i2KVVLKDBt9cO3tqxiqF7uLKiOKus1EGeV9l4hT3mwOd2Q6pBgizCgysq9ZCHVl8kJ3Vakdd/SvR8RWkmMZH4uz2Lgkkvs1QCwqMqKZKiFRaGs26gx9dSFxjL0xIHRRyGfnlgoNLbLMU1EPEqTSnE37gjsMGKvzy9TUh2chSmvUwS/IzwWMcs4l2p8t2bH3PcLkvg10dZ9XWIDfJqqX3SiNJN+Z6P2qBX0PVe9KGAVLkRCU6WQvH86NWTelSxFMb5DR6vYofVdktOnspwPLQOXQ3+CIDwEUfYc+6+P36kcnfZgaaaopUdhA== Received: from AS8PR01MB7944.eurprd01.prod.exchangelabs.com (2603:10a6:20b:373::5) by DB3PR0102MB3531.eurprd01.prod.exchangelabs.com (2603:10a6:8:7::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5186.23; Sat, 30 Apr 2022 20:45:07 +0000 Received: from AS8PR01MB7944.eurprd01.prod.exchangelabs.com ([fe80::1854:2c30:7ba1:c431]) by AS8PR01MB7944.eurprd01.prod.exchangelabs.com ([fe80::1854:2c30:7ba1:c431%6]) with mapi id 15.20.5186.021; Sat, 30 Apr 2022 20:45:07 +0000 Message-ID: Date: Sat, 30 Apr 2022 22:45:04 +0200 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20220429221826.31666-1-michael@niedermayer.cc> <20220429221826.31666-2-michael@niedermayer.cc> From: Andreas Rheinhardt In-Reply-To: <20220429221826.31666-2-michael@niedermayer.cc> X-TMN: [bJRdglIIUMgsU3m0LxIaQ3Ogs+sZ4ekE] X-ClientProxiedBy: ZR0P278CA0043.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:1d::12) To AS8PR01MB7944.eurprd01.prod.exchangelabs.com (2603:10a6:20b:373::5) X-Microsoft-Original-Message-ID: <97b04601-ab8b-e1ec-5d1a-b2928ffc42c9@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: aa9f93ac-2d7c-4e20-a190-08da2aea4eab X-MS-TrafficTypeDiagnostic: DB3PR0102MB3531:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nE0P0s/9UCi4JjE9XWGuE12zEf7UH5PziWP9WF2AZpwvTHNd7d8VGkKyp21JFTfnFBAgPmEAcac5yHK7a0/UMGZRfRVQO9CoHmphNLOu9nQbOx4zDHOIbci/S2FGIF3w3cJUjIfXubL9IpA9TcjRrH3kGJ/HSB/ndP8ZkVq6z9avYiAiWRTpixTf6bRCVXzUv44llscqE5Kco/iohX/EEq8KcmFrBXzeslkNAAECAmW3MuvtJjK60V9SQlnc6OwBjsMki1d9Cut/WCD0pIR0mqJi16RFy3OV/U2Y2N9kGTRG4cbjdrygyXyAw4EMX+xTAVz2vsgBAhFwujvywgNPtPRGCTaMDJMzFAiHwfw2hXZuAZGeW8ue3DAJKSSDZDQ4PYSOH/HgZjCaYPpr/DxxV8tjqMawZcNkfEwE9Uuzlulaow0SILCPRHT330qUhbtz/ScTh/wx8/pqUZe9SCwwHd0su9N1peVMdalKAm+wmnxXP/NjL7JfXvhjTNZFf9RG05AJlnBQDyvv+Q5y0PP0gBxtjT+xAuaPv7/UJTlquNNbpt5FfiYtWkqfjUpZtMuoXwSLqz63Bdso1G9CafQiMnmGxh8vJFU6hPvF67vn0jDPAmatk2TN7Oh5fJXUnUQj X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZEpBdXQ1dFlrTGdwOTFUdkZFdVhXd3BJZDNJRzhRdFFxQTJLUkRCM0s1bTFK?= =?utf-8?B?aUhNZVMrTVMxQkE1c2p6MUxyMGs1M3ZmQndscXRGK245STJLdCtPaVFKYVFS?= =?utf-8?B?Y2JLZGpHWHp2eVhBMFZ5anBTc1FhRTFUaXB6TW1jT21LKyszUGc4emZCVzFY?= =?utf-8?B?NWhteU8xdXViVE9Jd0U5aUkxODJKK1phRUdpbHA3U0NpUzYzZU90L0d3SmFv?= =?utf-8?B?NWNsdzF2WHgrY0tNd0x5UDd1SDkzNVYvQnZOMFNXMHljc0lRUFk2ZSsrZU9G?= =?utf-8?B?RGZ5ank2NmRXMXZNYkduTUppT1dxZnBvajVGS2hCMDZKbElqdlYyRW51aFdX?= =?utf-8?B?OWw1OEpTTWpYd0toYXZBcHZpVW5aUUZESHlxNG0wdXdmQWZYTGFDMlJIcWZl?= =?utf-8?B?enZZRUhWblpkdVlzbUZnN2NvZEZFTjBhcndKbGM1UTRxajFjOURiVXp5eHVJ?= =?utf-8?B?Tlora0NmSjd4YnRwYTFDK0Vocm95MEE2Q2RLZmltbkgyblVtZXFBSi9FbnFq?= =?utf-8?B?N2VvdUt5MUg5Q0owZWtvYTR2R0t0eDc3bFJ4WEtCenhLaEI4alcvUm51bUQy?= =?utf-8?B?Z2U4bXRGN2dpWXpOTkNRRU9SeGlNQkZjc2t0MkpuWUFvazRyRWFDcUNCZmhV?= =?utf-8?B?aFRzMS85eUVTeE5BWXpWbG9wRnFvN2psQSs0VGRwenpwY0VidlU5Z29uRVIw?= =?utf-8?B?VDVqSUhybFBONmhqcDFVYnRCZU9RUGMybThhUmVCblU2YllucFgrbU5kYVR0?= =?utf-8?B?OUV6bWkyczlJcU1wT2doVFBqZmxtRFlLQmJTeGRzZUlKS2dFR3d0blZ2YXlR?= =?utf-8?B?MmxiTllKN3JBUTMyWkxQdUM1d2QyaFphVmdhWW45SDdzRFFuYkJ6NEFxdVhy?= =?utf-8?B?L3E2VFJncnFYR2wwdmI2RjZkbmx4Ti9OaHFEUU9IcHpmR0lGU1lDT0trMitD?= =?utf-8?B?V1hiVzFDSU05NDlGcFg5V1E5ZjUrMUlkNHJZbVpNYy83SGxFanVybmRHSXdD?= =?utf-8?B?TkQrWXVzajFFT1l1K3dYajBSbzVDYnd2NklUZEJpQldleHllS0ZNU1dBTUpY?= =?utf-8?B?TkJSR3hrZSs2SDdmN0dRSWlZZXo3YVBaZ3N5K0gzdlZhNGE2SVB6Wk1odVRq?= =?utf-8?B?cWhvOUZxNUNaaExHaTA3MVNEV3E4emJYaEVyNVd4cEd1aDlGeGxIdVdhcTJD?= =?utf-8?B?aGVGOHhuK3VOOHNqQkRVVDhSQ3d4YU9MRDh6MEVvN3dzc1ErM3JLL0UzL29F?= =?utf-8?B?TmNyVm01NXFTVmpoWXc2WWZkWjJTUGNhcWFQZElWRm9KelJhZEVJbXQ3QlpE?= =?utf-8?B?L2F6TXN5V0NCcUhnT1FGVlhNZS9UWFZ0SEtoem12Z0FiRllUZGN6ZTJLajBv?= =?utf-8?B?d09zeXdDaHhNNEdhZ2VhRC9kNGZjN3QrUWdiZkpoaFFrZkV0UFB4Z3hnQU9i?= =?utf-8?B?cTBPLzVUakhDbUhpK2JEWVBLSkR1Qy9wRGs4YVJsWVlzNnpZd1o0TTB1WTJC?= =?utf-8?B?R1dhNHl0bGtia0E4QWxLbm1jMkdKaEhEb1hIUmNzNlBsTUdtVEhYN1hNZHRr?= =?utf-8?B?REdCQ3RTNll0Wk9rOThNMXlNWXdyZDMzSEphMDJQaDdhd1lNRkQ5SndFdE9i?= =?utf-8?B?S1pNb2lyZ1F3VGNPS3RvWTNSekJ5NzNHaitlaEJWaENmcUg3RFJwSDhUaHlr?= =?utf-8?B?N3lYTnJJeWYxUjZEOXd5NDBPaDF4Um1EQTVmcTBrWjE3a3lFOXhMUXdXWDU3?= =?utf-8?B?Z0xJVlY1S2lEbmZuNlNJeEhqRWtEYVh5dDMvRFFwR1ljWlU0VGhUUlFvWUlY?= =?utf-8?B?aTFjMWVoZWxiM1RkNmd2MENpMGpwY3VtVncyWU9TZDBjZy9ZaktLN2doRlVy?= =?utf-8?B?OTkwNE1jU3NqUlBFR0YwN1lTeEhaSTh1NVNyMTVFWFdvdW9iTGszR0EvLzB5?= =?utf-8?B?eU1WTHZQQzBlUzNIZkpJcGhhN0JCVUF2MkNVVDNCeER6Sk1KVUtBYURHVVZN?= =?utf-8?B?WC9nRDE0YzNRPT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: aa9f93ac-2d7c-4e20-a190-08da2aea4eab X-MS-Exchange-CrossTenant-AuthSource: AS8PR01MB7944.eurprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2022 20:45:07.3041 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0102MB3531 Subject: Re: [FFmpeg-devel] [PATCH 2/2] avcodec/h2645_parse: Check HEVC NAL size X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Michael Niedermayer: > Fixes: Assertion failure > Fixes: 46662/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4947860854013952 > > This also results in more frames to be decoded from fate samples > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/h2645_parse.c | 2 +- > .../ref/fate/hevc-conformance-NoOutPrior_A_Qualcomm_1 | 10 ++++++++++ > tests/ref/fate/hevc-conformance-RAP_B_Bossen_1 | 3 +++ > 3 files changed, 14 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c > index 03780680c6..78ab22b76e 100644 > --- a/libavcodec/h2645_parse.c > +++ b/libavcodec/h2645_parse.c > @@ -292,7 +292,7 @@ static int hevc_parse_nal_header(H2645NAL *nal, void *logctx) > { > GetBitContext *gb = &nal->gb; > > - if (get_bits1(gb) != 0) > + if (get_bits_left(gb) < 16 || get_bits1(gb) != 0) > return AVERROR_INVALIDDATA; > > nal->type = get_bits(gb, 6); > diff --git a/tests/ref/fate/hevc-conformance-NoOutPrior_A_Qualcomm_1 b/tests/ref/fate/hevc-conformance-NoOutPrior_A_Qualcomm_1 > index 0c930f6556..3283925e38 100644 > --- a/tests/ref/fate/hevc-conformance-NoOutPrior_A_Qualcomm_1 > +++ b/tests/ref/fate/hevc-conformance-NoOutPrior_A_Qualcomm_1 > @@ -25,6 +25,16 @@ > 0, 19, 19, 1, 599040, 0x4227009b > 0, 20, 20, 1, 599040, 0x1bda8be4 > 0, 21, 21, 1, 599040, 0xd1d5dcb4 > +0, 22, 22, 1, 599040, 0x58b2edb3 > +0, 23, 23, 1, 599040, 0xd1f795d8 > +0, 24, 24, 1, 599040, 0x3331d5e6 > +0, 25, 25, 1, 599040, 0x5e5ec2c9 > +0, 26, 26, 1, 599040, 0x3b907bf5 > +0, 27, 27, 1, 599040, 0xefcbf471 > +0, 28, 28, 1, 599040, 0x2769a578 > +0, 29, 29, 1, 599040, 0x812ce986 > +0, 30, 30, 1, 599040, 0xf07c212c > +0, 31, 31, 1, 599040, 0xb5476890 > 0, 32, 32, 1, 599040, 0x00a0249f > 0, 33, 33, 1, 599040, 0x7263f7cf > 0, 34, 34, 1, 599040, 0x47054be4 > diff --git a/tests/ref/fate/hevc-conformance-RAP_B_Bossen_1 b/tests/ref/fate/hevc-conformance-RAP_B_Bossen_1 > index e661ff245e..776267b59c 100644 > --- a/tests/ref/fate/hevc-conformance-RAP_B_Bossen_1 > +++ b/tests/ref/fate/hevc-conformance-RAP_B_Bossen_1 > @@ -70,6 +70,9 @@ > 0, 64, 64, 1, 149760, 0x3362678b > 0, 65, 65, 1, 149760, 0x6e7fc851 > 0, 66, 66, 1, 149760, 0x33f96449 > +0, 67, 67, 1, 149760, 0xd9d05007 > +0, 75, 75, 1, 149760, 0x477f2cf2 > +0, 76, 76, 1, 149760, 0xe1f9ccd0 > 0, 77, 77, 1, 149760, 0xb3ba8cfb > 0, 78, 78, 1, 149760, 0x64787995 > 0, 79, 79, 1, 149760, 0xc10de4c4 get_bit_length currently presumes every NALU to contain rbsp_trailing_bits. Yet this is not true for the End of Sequence/Bitstream units which are just headers without RBSP. For these units, get_bit_length might truncate them -- it does so for end of sequence units in H.264. It would not be a serious issue for H.265, as the semantics of nuh_temporal_id_plus1 require nuh_temporal_id_plus1 to be 1 for End of Sequence/Bitstream units. Nevertheless I think this should be coupled with a patch that does not truncate the NAL unit if it is just a header. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".