From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 8D96640466 for ; Wed, 22 Jun 2022 11:05:33 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 217C168B650; Wed, 22 Jun 2022 14:05:31 +0300 (EEST) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-oln040092074010.outbound.protection.outlook.com [40.92.74.10]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3BF4B68B366 for ; Wed, 22 Jun 2022 14:05:25 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A7XWziJ+Fx9+nYPM2CXHWKy4xt4cdaSPueC8ixF00WvUQMfcOLie8I+8rqGjWDEKxofPOSDbLlZhu6IY6gV+Lt89EZE5YxkGY3tvL2bDkuwL4MqNEVABMntbrC8lUEgCGxaW4pHEyu4aYQBqwG+AY++qL+dvFB/COH9g2OYOP6ctS1CXKNWI5Z2lylyucamfOW1HIId67FhhM5Sa8SWiTv3okhqlZpWE1Bm0C3cPq7gsk3tLu9YlvHLm4r/fB9OTIX1olCsrcvLYQJq/6rU/YDbzkbl1HshKHEO7NTSS3JRfCWrCRSqjRwZA5mfboB5S/GhMIiXD0vKjlLdIRCR3Aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EPQGYSQRMVo6DnKdEpTTqlks6UDGackJWaylhIa3+x8=; b=SnLVULIIAsPfZ0SemzpnvnGXT5VdnPMErnNrKSByB6Gb666Erc5MJYWcNkZa+Kd1eJEVsTo42RIjeBglQvyZzywlomZ6ofd1FRZhpUYFDIX9qrB8ADPXkLSC0XYg6HfaCdgMAgydE4hhTzAhZ9GlG7MYrfe2FDCTIlaKujMSpZuxvcIcw0T2CuJJIxYj7078hq3p7CJHrrqCUFO0JZU9HFobQcPeXI9SXKWlhEIqRVwwTcFVgYORVg1N9BBOtAtkdZA8XDGKPGtJR8qmpQJszB5yGpAuZuACBAjT8INYVQMMn6/1Rwp8ABkx+B2Ctcu6SLtDV2lI2hITYjG59ZFrow== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EPQGYSQRMVo6DnKdEpTTqlks6UDGackJWaylhIa3+x8=; b=hhwWmK4tgHYoya2edXZbVqx5qJtqT5FKgYne5KIQcT8E7dkr7YKBaN/3VDqUVNmI9jTE+Z11bMB+76CKbycGuZbSNPdyCeB/6ye5BVkb4Pwdy2XoZfrxAqoKKAmoUQgX4jMCzZoUf0Xf44lN/IyqJnOhQrzVVA1qLqWmMLc1IpyzS9cCK2iFRqLDJ+Jf2uG4c9+l+8UxAWc+8s6T0nSWdE6AGYcorx4dhOoc8+IwmybK3Vqrf/ICCYs04elM3ZO+3H4zguB1VbCozItbBT0CwS8TYDHTQweHMOLLTyu0rEiQysKCG9k1QCZE64rhrPihOBscnOYjLiQXC10mI3qZkA== Received: from DB6PR0101MB2214.eurprd01.prod.exchangelabs.com (2603:10a6:4:42::27) by PR3PR01MB7971.eurprd01.prod.exchangelabs.com (2603:10a6:102:172::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.13; Wed, 22 Jun 2022 11:05:23 +0000 Received: from DB6PR0101MB2214.eurprd01.prod.exchangelabs.com ([fe80::60b9:9f29:40cc:f01c]) by DB6PR0101MB2214.eurprd01.prod.exchangelabs.com ([fe80::60b9:9f29:40cc:f01c%10]) with mapi id 15.20.5353.022; Wed, 22 Jun 2022 11:05:23 +0000 Message-ID: Date: Wed, 22 Jun 2022 13:05:22 +0200 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20220429221826.31666-1-michael@niedermayer.cc> <20220429221826.31666-2-michael@niedermayer.cc> From: Andreas Rheinhardt In-Reply-To: X-TMN: [zp5TDYvNEFZ+sIVYD/4ne+gYzn4fY7v9] X-ClientProxiedBy: AM6PR10CA0019.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:209:89::32) To DB6PR0101MB2214.eurprd01.prod.exchangelabs.com (2603:10a6:4:42::27) X-Microsoft-Original-Message-ID: <1c785989-d458-cf04-9086-1ed1c881f37a@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3e1c3522-8269-4be8-3106-08da543f1aaf X-MS-TrafficTypeDiagnostic: PR3PR01MB7971:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 93jHryBovHr64kkla934LG7PVLmF2mLh7p1CAUjuy3OgL/V2uivTH+Of/rcR/EAnOV9SXj3CWgQ0rxWi0gaAgEKYwQ0LwvgS3FN3Ewm++E7hvfbOXzDdFXJepUIxrZ0g3+MF6a5QSW1aje9QP6JAoUPRokh7E6bkP461oWrqtipc4YojA7O/96H30aX5Y51lMhWQ+bZynKwqsKEEUckYiRAr7m19CGr23s3Dvsct5+7VAhxdfYwoeshq/URMbvEstKwlr+DWGTywKDGeUqd4Z8IOvg0N/jr2/TeodGsTiRduIrEh1+OY66kGGN7wyfnrfF70WapDLAPcAR7+Gq8767pLjWpdRmxi6R9zPPSrpOKzx1oCZ1sSjJIBgD3eFQCGUR2BpcMIHYLNdd4DcFI6zWAInRHBirY1W4SkNfhYXFxfGBzwiKLxKWgmI3XtaOb+zBhmpZAoJQ0cYNf+jimvkgMpNFUlaY5iKHUdszQ5ducJsAk8adXwrPD+wxHULCvGPvOjv3fuKtj5qR+7I+Tu8fVxgr/ZIMuFkpjxDM4P25Ry6JbQQZtNEz8ztGYo7Q0/yOjIMa0i/Ad0Al+rgp7npkLwjtFt2bRnzHVFZeLEMk1qeRo3lugGUkTtmuIfH59oMm5HXVcOm5zYhDLcg/XFd2D3cBW1NNjB4kPXBNU6R6o= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?OC9BQk9hYXhHRWpuc3RvRk1CK3lJaXdNVW9POEFJKzZyT2wySGFIb2wwVG1o?= =?utf-8?B?bEpMVmZYV0ljNlZHdDNNQlUvc0NSbGpaOVdheVp3QTZ5MFZqVitOMXM3ZmVa?= =?utf-8?B?d0haYklCcUljYUlXRlhXeVlpT1cyU2VsUmpJNFcxWXlUQ2IwdnNCOFhYWW91?= =?utf-8?B?RnZCd0pmc24xMjExclJYRDFPdjAvWWxXdFRRL0NreTNLUUM3OWg0cDJLRlow?= =?utf-8?B?bjJVWFZ1ejZWb3RWOFZyZ3ZEMlU4eHpQODZVUUYvKzhhMnVFdE52aHJUcFFI?= =?utf-8?B?R2VlNFovOW5qZ3B4MmVQb2RBdGZhcDlBVDIvYTc1TlZhTHlHUnM4UWp2VUZ0?= =?utf-8?B?NHJiVnRJMHdHNDFOVzVTSGVpNkNTUDVLK3NSRkJwOHA1SG9McVIrRytqZVVP?= =?utf-8?B?QlJhemhLZlpUU0xyVlV4SEVvclpUSDNSaGE4endKMXdiWDR0NnZnaWdOWGpr?= =?utf-8?B?WW15R0FJaEdETjdQM3luVlJTKyttOTh6KzBmNjBHY0phZ2ZxTTZDTHpvNGhF?= =?utf-8?B?U1d0aEtZa0U4ZG9sR0d2b1BIWkZtdWFDbU13LzA5Rk40dUNIb01kR3pnSDFr?= =?utf-8?B?Zm9URDA4aFEzaTRCQ25ZTG83aU5Hem9QZVJyR08rdTg1TDJtaGg5bTlLdFpn?= =?utf-8?B?M1dONlFGU1dhbEt1QjlyYUFUOEg1cEFzS0ErdmxIS3BsdGNFVkRBWC9PMm5H?= =?utf-8?B?TnVLTkR1aTU3eXNFekFhalBCK3o3RXlvMnkvQW95bytNVjlCSE5sZ2tKV25n?= =?utf-8?B?NlRETXplVTVHTHFsOTF1alRPOUoyYkJhY2hDTDcycHVwOURia2I4YTZwSlBM?= =?utf-8?B?VmRnRGd2SzA3Um5wYnNYN0JpU1FWUkdQcitWVldUQTdjNkwwNnovYkJubUZw?= =?utf-8?B?VWJUaVArVFpiSVJtYUF4ZDVDOVU3ZkNUOHdKRzVDd1hCR3JDQ2VnUGZaTitX?= =?utf-8?B?ci9tb050Y3YvNnFUTmltWDBLN0trc3ZkNVplMVZVc3BGNDdXWFZBS3IzcEJS?= =?utf-8?B?WnhjM3AvbVNzWk5yKzBvVUVMamlDa3duUjIzb0FyQ2NUa05HbFhVUEl5NFJC?= =?utf-8?B?OTVtSmdlZWdFTnJ3UVhkT3hmY0RINFRiMWlzMVIyakF2REI0dVBxb1hiSGJU?= =?utf-8?B?ZmtnS0l3Wk9xT3pWTnY1dk1HYlpkUWJkaFJzcmtyVnZXRnI4dlVXZ0ZETk5s?= =?utf-8?B?UkFaV213aFJzSGR3L3hlRXlsQ2JLQzdZNlJhRFBNMkxuVHBvZzFkQmY0Zi95?= =?utf-8?B?Rkg0UERjZHNMT3d1eldLZmIvZmYvbnl4MVphcHNISFVpaWFQcHdDUXc1bmQ4?= =?utf-8?B?TjMrUVNlRUd0NlVLakpmZE5lZEFOTVVVZlpZVlhrUWU3VGtJRTlOVUxmYUFq?= =?utf-8?B?RjNpSmVZckd1VVVhVFZDTFZINDNockN4Mm84VEViUENadHhUZW80NklSRDY3?= =?utf-8?B?NWQ4b1lTRDBHZWZzZjkzMnhnKzZQUHkyN090aXMzTHBoVUMxa2JNaUl3RjZp?= =?utf-8?B?Nm55UUxpb1IydjFVbnVJeEJuZjhhd0twa2ZGdnY0UTAzYlFCSERTV2ZTb1Iz?= =?utf-8?B?MCtuaG5tL1lHbXpsOXN4RjhrT1VTRWZ1cEMzQ044SWI2MUNTdktEQlBXS3Zp?= =?utf-8?B?S0ZZQnYwLzhXZjRBTy93RVZzdU5iZ1JCazlsZEh0L0kzeUtwVjdzWHFHaFNl?= =?utf-8?B?VHJ5WWVLcXgxa243QmRiWXRKZDRKcEFHUllyeGpwa0h4alBIVzNkV3liVkVa?= =?utf-8?B?bUNMRlM4QWx3ckNwaVhMMEtLSkcwU2pzWmEzdmhhTE8xTzl6dm1oWTkzTWhu?= =?utf-8?B?eWJsRzU5VXZpeHIwcSsvVFYyOVR2RTJqS0lRd0x0Szlha1IvaWlhak5VUWNz?= =?utf-8?B?Sk9MSHRzMFNUSGNMejlmMzhXNzM4NUsvVUdvbG1jSytjcFBNK05DR0xrNkR4?= =?utf-8?B?eHU5cjBOTVJpYlRqSHJuU3krYnJ4bFh4dzFEQ1BLekJ5TW9KU05JdWZadXJY?= =?utf-8?B?ckVZb1ZWUTd3PT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3e1c3522-8269-4be8-3106-08da543f1aaf X-MS-Exchange-CrossTenant-AuthSource: DB6PR0101MB2214.eurprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jun 2022 11:05:23.6676 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR01MB7971 Subject: Re: [FFmpeg-devel] [PATCH 2/2] avcodec/h2645_parse: Check HEVC NAL size X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Andreas Rheinhardt: > Michael Niedermayer: >> Fixes: Assertion failure >> Fixes: 46662/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4947860854013952 >> >> This also results in more frames to be decoded from fate samples >> >> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >> Signed-off-by: Michael Niedermayer >> --- >> libavcodec/h2645_parse.c | 2 +- >> .../ref/fate/hevc-conformance-NoOutPrior_A_Qualcomm_1 | 10 ++++++++++ >> tests/ref/fate/hevc-conformance-RAP_B_Bossen_1 | 3 +++ >> 3 files changed, 14 insertions(+), 1 deletion(-) >> >> diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c >> index 03780680c6..78ab22b76e 100644 >> --- a/libavcodec/h2645_parse.c >> +++ b/libavcodec/h2645_parse.c >> @@ -292,7 +292,7 @@ static int hevc_parse_nal_header(H2645NAL *nal, void *logctx) >> { >> GetBitContext *gb = &nal->gb; >> >> - if (get_bits1(gb) != 0) >> + if (get_bits_left(gb) < 16 || get_bits1(gb) != 0) >> return AVERROR_INVALIDDATA; >> >> nal->type = get_bits(gb, 6); >> diff --git a/tests/ref/fate/hevc-conformance-NoOutPrior_A_Qualcomm_1 b/tests/ref/fate/hevc-conformance-NoOutPrior_A_Qualcomm_1 >> index 0c930f6556..3283925e38 100644 >> --- a/tests/ref/fate/hevc-conformance-NoOutPrior_A_Qualcomm_1 >> +++ b/tests/ref/fate/hevc-conformance-NoOutPrior_A_Qualcomm_1 >> @@ -25,6 +25,16 @@ >> 0, 19, 19, 1, 599040, 0x4227009b >> 0, 20, 20, 1, 599040, 0x1bda8be4 >> 0, 21, 21, 1, 599040, 0xd1d5dcb4 >> +0, 22, 22, 1, 599040, 0x58b2edb3 >> +0, 23, 23, 1, 599040, 0xd1f795d8 >> +0, 24, 24, 1, 599040, 0x3331d5e6 >> +0, 25, 25, 1, 599040, 0x5e5ec2c9 >> +0, 26, 26, 1, 599040, 0x3b907bf5 >> +0, 27, 27, 1, 599040, 0xefcbf471 >> +0, 28, 28, 1, 599040, 0x2769a578 >> +0, 29, 29, 1, 599040, 0x812ce986 >> +0, 30, 30, 1, 599040, 0xf07c212c >> +0, 31, 31, 1, 599040, 0xb5476890 >> 0, 32, 32, 1, 599040, 0x00a0249f >> 0, 33, 33, 1, 599040, 0x7263f7cf >> 0, 34, 34, 1, 599040, 0x47054be4 >> diff --git a/tests/ref/fate/hevc-conformance-RAP_B_Bossen_1 b/tests/ref/fate/hevc-conformance-RAP_B_Bossen_1 >> index e661ff245e..776267b59c 100644 >> --- a/tests/ref/fate/hevc-conformance-RAP_B_Bossen_1 >> +++ b/tests/ref/fate/hevc-conformance-RAP_B_Bossen_1 >> @@ -70,6 +70,9 @@ >> 0, 64, 64, 1, 149760, 0x3362678b >> 0, 65, 65, 1, 149760, 0x6e7fc851 >> 0, 66, 66, 1, 149760, 0x33f96449 >> +0, 67, 67, 1, 149760, 0xd9d05007 >> +0, 75, 75, 1, 149760, 0x477f2cf2 >> +0, 76, 76, 1, 149760, 0xe1f9ccd0 >> 0, 77, 77, 1, 149760, 0xb3ba8cfb >> 0, 78, 78, 1, 149760, 0x64787995 >> 0, 79, 79, 1, 149760, 0xc10de4c4 > > get_bit_length currently presumes every NALU to contain > rbsp_trailing_bits. Yet this is not true for the End of > Sequence/Bitstream units which are just headers without RBSP. For these > units, get_bit_length might truncate them -- it does so for end of > sequence units in H.264. It would not be a serious issue for H.265, as > the semantics of nuh_temporal_id_plus1 require nuh_temporal_id_plus1 to > be 1 for End of Sequence/Bitstream units. Nevertheless I think this > should be coupled with a patch that does not truncate the NAL unit if it > is just a header. > 1. I just sent a patch implementing the above: https://ffmpeg.org/pipermail/ffmpeg-devel/2022-June/297923.html Please confirm that it actually fixes the testcase its commit message claims to fix. 2. The RAP_B_Bossen_1 and NoOutPrior_A_Qualcomm_1 (where the testcases change due to your patch) contain completely fine end of sequence NALUs. Because they are valid, stripping them (as your patch does) is not ok (e.g. these units would even be discarded when using hevc_metadata). There are two bugs with these units: a) Our parser puts them at the beginning of their NALUs, yet they should be at the end of the (preceding) NALU. b) When remuxing the samples to Matroska with mkvmerge (which puts these units at the end of their packets), the output is the same as with raw input, i.e. decoder still misses some frames. So somehow these units confuse the decoder. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".