From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 2097D42051 for ; Fri, 24 Jun 2022 09:53:35 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 708E568B6E8; Fri, 24 Jun 2022 12:53:33 +0300 (EEST) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05olkn2048.outbound.protection.outlook.com [40.92.91.48]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 323B268B320 for ; Fri, 24 Jun 2022 12:53:26 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L6TkO8sDU0l85TEzoyHi9iAOzR5scyZDztZU3UnU4UODRLVG/UHEy5I9Vb19nlmFWpCG2veLVfVrVxHYUBwO+YnGggmyXAHssbvy/dDktMIwNLmVS6FZmtNnJ5Lq3j6Mm46ExuIGyw/O0GIpxLLQNq/WQFaaSn5fadw+behFSprEP+1lnGb4F1K8xfU7d+Wmks98Tl6DqQWai2KZNNf/KEDTUvT2Rf+A4SNcQNMSVMISZBxSZpH/9/Qfk3PgmBDfk6j/6sNmXA95uGTnwXyYnjSzaqWD/g+z7bw0EgEQJMGpKfjGUbqNjwWrZYRrh2pC9cVcjojuvbwS/tbSxLxp8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xYHYvQTWsjq/SGNT0eR7bQWe+kveyWyaw1N8cDRF5Aw=; b=SavX3XvHcsRI/ApGjYxZUqSnmQ/1mwmTtH0s6VWlfUqkH6ZlNqVDp2BtIpfr25yCYewjuOARqbRfJsEARMSj0AnbLhGTJjk5GnZ3WGBQlNJnWBiwUeaWIM0xYBLiw+1GwdKsAmHBqqQm47SB0oBxzKG9NdM2nv4tC/27wWzan7e8zitK5T9FCRE18FIJa6VOGfNnR3QU14HWvEQzVdDJMxY9y23yWqgLoV0rFThrPxa4MLrU0PAzwAK9hGo/ZefkUehNvt+64G66a57klmEpedzWa18s9ZY0XjW5k74ZcxI2ik+q4jUTlAx8TpWzxEDofrXcU1w85/wvNpi3xVzj0w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xYHYvQTWsjq/SGNT0eR7bQWe+kveyWyaw1N8cDRF5Aw=; b=DqYOqD8FtF4xyiUooHzTMu/WkfOo0WKfp9QJqscPrkiPwKHxDe3FvGLHpBtMCTyGvLEExmDaRp14mv//INFSZmGe/D0lQSxTXJxFOY0hNQDSYLZ9giFiKTtzNzWUuAea6Amyxge/gWn37MM7rRsLLg3OUFC+eDTnXylF8ghkSPm6reuyiGq4o55TSqb1O+82e7dFs2XEI3VGe/pxNRGys2Ljk2mVBjwbEkt74W5CX9NsTDHYUS5Lj6UcxnDuaJ0OVLi69VuEnYGWbueOwXsea6E3u+arC7E0qTyZMHWu4WPUFfUhblQRS5r2QIT9x0SbVs1pGGKGtFGOIMWpEL8IIg== Received: from DB6PR0101MB2214.eurprd01.prod.exchangelabs.com (2603:10a6:4:42::27) by DB8PR01MB5803.eurprd01.prod.exchangelabs.com (2603:10a6:10:10f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5373.15; Fri, 24 Jun 2022 09:53:25 +0000 Received: from DB6PR0101MB2214.eurprd01.prod.exchangelabs.com ([fe80::60b9:9f29:40cc:f01c]) by DB6PR0101MB2214.eurprd01.prod.exchangelabs.com ([fe80::60b9:9f29:40cc:f01c%10]) with mapi id 15.20.5353.022; Fri, 24 Jun 2022 09:53:25 +0000 Message-ID: Date: Fri, 24 Jun 2022 11:53:23 +0200 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: From: Andreas Rheinhardt In-Reply-To: X-TMN: [2m+0E5BW9XPpj2F08fNtE4S9sB/QiGFz] X-ClientProxiedBy: ZR0P278CA0198.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:44::12) To DB6PR0101MB2214.eurprd01.prod.exchangelabs.com (2603:10a6:4:42::27) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b536afe0-f8bd-49e1-cf11-08da55c7615e X-MS-TrafficTypeDiagnostic: DB8PR01MB5803:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /R+2WhCQIXXVJspWBd038DxWWDIYIzm3WQPvXZYULRHBmlFUmlflS2dvTjQ7htHH34cr6Q/CuxBylO9RfbF/Zt01viFtokrwUKvKDtmeQhtcZRo4hS8AxJ1QdbYNSBKt+ZGJ8NKErW7630uYAQ6uKQsRY+27eqkeX0De3BNEPYVBsZWrK17CbFGsR8X41gFCfXEZcrPwnBjVDVZGqX+3T0Oth9UxGEf91AWlvEcUKo+xYP3qYnbLPZRNVwzQHWaC6JADLYqLzSuVWy8A8dCGVfOKnTDmaNUNmV7DumOiXSk50zmFMfD2XYmjqvu+KejD+P6J43Hcf0ODYU2yTwSVOFiUTsw/mnk7hUnnWdfCXLUB00PMxVum8XNOctLkfuLUIFskgq8erSQItfraGtkeUKr82NxGRm2DiLhG3EI7qnm39nCOj3Jlwe1cI3sUmqqENsHOUWRoSHKJSv3647lNpaW4OAjAUgGBKD3PazOs4W3fpeNCpNzqV1qfjFEUgugtlrZQMztiQgSwcJQlqrArkCSV0a1c0yo+RE7ka2M4cg73ErPFEnJSVpJhAegMZVmUGP2d4o+ilgUY4nXpsYqTnjeVkfUSPq589QHUb2Roz/hMPB+9+U3C0xaFaN28W8TD X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?c1l1VFZSOW9SK2FPcGxSMVNMNWdiTVlZNENScVh6bTltS0xYSTZpRTJGamVq?= =?utf-8?B?OHkxQnVoZWdZUDBrZDdoRitKN0dSM1l1VW9vYmtWclZnZ2tGUVNOaGl6MGI1?= =?utf-8?B?emk0MHpweVNYR3FRaW5EOWlOcUZsdHNRbHdhWVJkSGpma1hlQ3FDU0pjbWRl?= =?utf-8?B?VkxucVY5Znc2L2l1dmcvMnpXRVpSTEV5bm12RFE5M1VIakh2OXJ1YlpBTlBr?= =?utf-8?B?SFZjN2xXalEwVmlDQnBPem1TK0lvRjdZeG1GQTJwSzVIUDZ4Z0lzTFB3UmVF?= =?utf-8?B?TFhSaHg0Rzc1S0FqUVZLbFQ4Slp4bnBROTF0WjMwWmRTMGVIY1ZJVnFmbmNM?= =?utf-8?B?TVo4Skljc240THdMQnYvTE9nYmZGMnB3WnNkRmFjYUorcVc0M1ZHN3kwQ28z?= =?utf-8?B?OUVTeXhjQWxHd1FWNkp2L215WThUeFRORnM4STZTK244Zzh4Y3ZqOE9iU3kv?= =?utf-8?B?WGZqaHNzWmNlSHlON25naU9Ick4yc0FvMDBuMTVEMEhVdHJzeVY5U3RObVN5?= =?utf-8?B?cU90b1l6ZmFEaURIRW5CdTVQZElOdzJzS3didTh6bzE3NmNxakw3WlhLTDRs?= =?utf-8?B?eUFpeTZmUXFtTGZpblZMaDBmYlFQZUU2bjFlZDVDV0ptVlJraEhJN0dVUStq?= =?utf-8?B?eVdmK0xyRGcvbTg2MCt6bFhtMVhCZnFkaUs2c2FrNU1QNU5ySHJPZXFiRHlp?= =?utf-8?B?cVBJUzU3Sk5hRGdieDM4aHFBSlNNVGt6Ty9FM2E0c05nTnRRL0NwYWp1OHdK?= =?utf-8?B?RG5CMStNZkZPWTlpaTNJNU9vd0J3NHk0SHF0KzlJKzdBTWc4NVhlMUp6MVFs?= =?utf-8?B?cFFsU3dlWDZjWlFxUEZlcDZ5b0NvT0o3RElWeGN5ajMySzlYUExKM0JMN0Ny?= =?utf-8?B?OVRwQmVJN0FaZW5NbkoreGJqWUZ0WDdyYWRlVXpIT2k4eVJMRjJjTmtPSjdX?= =?utf-8?B?YitxaW5Dalk0TlVjSy8vUWN2c2tqNCtWZnU1a0ZyejdDNS9qcUNRMW9kcjh1?= =?utf-8?B?dkpCTjZhazVYbmNhZFJkSkR2bW4vRFlMWmRROC9IaTI4YWM4SjUxZ0VYd2lE?= =?utf-8?B?S0FtSU9JL1BCYXdaSENKcHJiTW1VbDZVcStTQWxjTC9pak9nMmFPTTFocWQv?= =?utf-8?B?MENaZnFWSzZHdUlPRHE2MU4wK3ZTamZpQ3czc041ZGtkZjZNd2JrcTRKUXIw?= =?utf-8?B?VEdZZzBxdkN2ZlhoRno3UnRxelBvUS8rR1NOZXRwbG85RG9vYXlVSmEvZDc2?= =?utf-8?B?Vmg2K2JwY1V2NEw0eDVpckxtbElVWWJtRVZZVTRsNTdLNTNhODZIVlF5Z2lC?= =?utf-8?B?OHpkWUdMQmdoancyS2pBZW40UlVJNzZSNkpHZWRlemtEZ09Wa2RaQ1BYR3dF?= =?utf-8?B?T2s3R256ZU1IclM3b0NJcUs0TElMNG1OaTIybWdhSWRCUUhEN005STQ5MWx6?= =?utf-8?B?TjR2NVVVclNaektOK1lVZjFGbG1KNUpRWEx5b0gybDZnMUlGMFVnc2hsdnhj?= =?utf-8?B?MmNUaUQyK3djZjljZzZUa21MNHJnSWM3S1BPUm90cUJGWkF4U2gzS2lDVVli?= =?utf-8?B?SjVobXlzYTY3bmFIOEMwNlM3YkcxSVQvSUFVZDRLWTNLaWtEdVpFTHBLaE11?= =?utf-8?B?ZkJNSStkUWNZUld4OHNmajJJS0VWRkFBUWs1aUNVb3dKUFUrK1M5aVVEajla?= =?utf-8?B?RFhuRGV0N1NNdFVqNUZBZnAvT2lpWkNzeU4wM0xFcVoxMU5rWkdTcGVtcTRZ?= =?utf-8?Q?YQcodmmsDENHoDV/cI=3D?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b536afe0-f8bd-49e1-cf11-08da55c7615e X-MS-Exchange-CrossTenant-AuthSource: DB6PR0101MB2214.eurprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jun 2022 09:53:24.9771 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR01MB5803 Subject: Re: [FFmpeg-devel] [PATCH] avcodec/h2645_parse: Only trim RBSP trailing padding if it exists X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Andreas Rheinhardt: > It does not exist for NALUs for which the SODB is empty; > it also does not exist for NALUs for which not even > the complete header is present. The former category contains > end of sequence and end of bitstream units. The latter category > consists of one-byte HEVC units (the ordinary H.264 header is only > one byte long). > This commit therefore stops stripping RBSP trailing padding > from the former type of unit and discards the latter type of unit > altogether. > > This also fixes an assertion failure: Before this commit, a one-byte > HEVC NALU from an ISOBMFF packet could pass all the checks in > hevc_parse_nal_header() (because the first byte of the size field > of the next unit is mistaken as containing the temporal_id); > yet because the trailing padding bits were stripped, its actually > had a size of less than eight bits; because h2645_parse.c uses > the checked bitstream reader, the get_bits_count() of the GetBitContext > is not 16 in this case; it is not even a multiple of eight > and this can trigger an assert in ff_hevc_decode_nal_sei(). > > Fixes: Assertion failure > Fixes: 46662/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4947860854013952 > > Signed-off-by: Andreas Rheinhardt > --- > libavcodec/h2645_parse.c | 26 ++++++++++++++++---------- > 1 file changed, 16 insertions(+), 10 deletions(-) > > diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c > index 03780680c6..dca91b24f3 100644 > --- a/libavcodec/h2645_parse.c > +++ b/libavcodec/h2645_parse.c > @@ -259,10 +259,10 @@ static const char *h264_nal_unit_name(int nal_type) > return h264_nal_type_name[nal_type]; > } > > -static int get_bit_length(H2645NAL *nal, int skip_trailing_zeros) > +static int get_bit_length(H2645NAL *nal, int min_size, int skip_trailing_zeros) > { > int size = nal->size; > - int v; > + int trailing_padding = 0; > > while (skip_trailing_zeros && size > 0 && nal->data[size - 1] == 0) > size--; > @@ -270,18 +270,23 @@ static int get_bit_length(H2645NAL *nal, int skip_trailing_zeros) > if (!size) > return 0; > > - v = nal->data[size - 1]; > + if (size <= min_size) { > + if (nal->size < min_size) > + return AVERROR_INVALIDDATA; > + size = min_size; > + } else { > + int v = nal->data[size - 1]; > + /* remove the stop bit and following trailing zeros, > + * or nothing for damaged bitstreams */ > + if (v) > + trailing_padding = ff_ctz(v) + 1; > + } > > if (size > INT_MAX / 8) > return AVERROR(ERANGE); > size *= 8; > > - /* remove the stop bit and following trailing zeros, > - * or nothing for damaged bitstreams */ > - if (v) > - size -= ff_ctz(v) + 1; > - > - return size; > + return size - trailing_padding; > } > > /** > @@ -491,7 +496,8 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length, > bytestream2_peek_be32(&bc) == 0x000001E0) > skip_trailing_zeros = 0; > > - nal->size_bits = get_bit_length(nal, skip_trailing_zeros); > + nal->size_bits = get_bit_length(nal, 1 + (codec_id == AV_CODEC_ID_HEVC), > + skip_trailing_zeros); > > if (nal->size <= 0 || nal->size_bits <= 0) > continue; Given that Michael has confirmed that it works (see https://ffmpeg.org/pipermail/ffmpeg-devel/2022-June/297978.html) I will apply this tonight unless there are objections. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".