1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-07 11:13:41 +02:00
Commit Graph

47 Commits

Author SHA1 Message Date
Andreas Rheinhardt
a217c1472d avcodec/h2645_parse: Only trim RBSP trailing padding if it exists
It does not exist for NALUs for which the SODB is empty;
it also does not exist for NALUs for which not even
the complete header is present. The former category contains
end of sequence and end of bitstream units. The latter category
consists of one-byte HEVC units (the ordinary H.264 header is only
one byte long).
This commit therefore stops stripping RBSP trailing padding
from the former type of unit and discards the latter type of unit
altogether.

This also fixes an assertion failure: Before this commit, a one-byte
HEVC NALU from an ISOBMFF packet could pass all the checks in
hevc_parse_nal_header() (because the first byte of the size field
of the next unit is mistaken as containing the temporal_id);
yet because the trailing padding bits were stripped, its actually
had a size of less than eight bits; because h2645_parse.c uses
the checked bitstream reader, the get_bits_count() of the GetBitContext
is not 16 in this case; it is not even a multiple of eight
and this can trigger an assert in ff_hevc_decode_nal_sei().

Fixes: Assertion failure
Fixes: 46662/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4947860854013952

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-06-24 18:31:03 +02:00
Andreas Rheinhardt
c22a9ece2e avcodec/h2645_parse: Remove H2645NAL.rbsp_buffer
Forgotten in 03b82b3ab9.

(Moving data to the front is only done to make existing
initializations like H2645NAL nal = { NULL } not emit int->pointer
conversion warnings.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-12-16 02:37:25 +01:00
Michael Niedermayer
ee50f72715 avcodec/h2645_parse: Reduce the initial skipped_bytes_pos size with small inputs
Fixes: OOM
Fixes: 23817/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-6300869057576960
Fixes: 28055/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5706035297517568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-01 20:19:15 +01:00
Andreas Rheinhardt
2c6f532e0a Mark some pointers as const
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-01-01 15:25:48 +01:00
James Almer
23bbb01077 avcodec/h2645_parse: reset the H2645NAL type value before parsing a NAL header
This will prevent reporting a bogus value in the log message when
the header parsing fails.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-08-20 13:50:11 -03:00
James Almer
1e41a9be34 avcodec/h2645_parse: skip empty NAL units earlier
No point in trying to parse nonexistent header bits.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-08-20 13:50:01 -03:00
James Almer
a4d28ea030 avcodec/h2645_parse: always return 0 on successful h{264,evc}_parse_nal_header() calls
HEVC NALs are no longer being skipped based on their nuh_layer_id
value since ad326379c6.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-08-20 13:17:50 -03:00
Andreas Rheinhardt
7272d0c0a9 avcodec/hevc, h2645_parse: Fix HEVC NAL unit names and constants
This commit fixes the names and constants of the reserved NAL units
with nal_unit_type 22 resp. 23. They were "IRAP_IRAP_VLC2x", but are
actually "RSV_IRAP_VLC2x".

This also required a change to cbs_h265_syntax_template.c.

Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-03-24 23:33:24 +01:00
Andriy Gelman
ad326379c6 lavc/h2645_parse: Don't automatically remove nuh_layer_id > 0 packets
HEVC standard supports multi-layer streams (ITU-T H.265 02/2018 Annex
F). Each NAL unit belongs to a particular layer defined by nuh_layer_id
in the header.

Currently, all NAL units that do not belong to a base layer are
automatically removed in ff_h2645_packet_split(). Some data may
therefore be lost when future filters/decoders are designed to support
multi-layer streams.

A better approach is to forward nuh_layer_id > 0 packets and let blocks
down the chain decide how to process them. The condition to remove
packets has been moved to hevcdec and cbs.

Found-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-01-17 17:43:52 -03:00
Andriy Gelman
cebb446911 avcodec/h2645_parse: Reset nal_buffer_size on uninit
Without reseting nal_buffer_size, av_fast_realloc will fail if
ff_h2645_packet_split is called with the unitialized pkt as argument.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-10-14 23:59:56 -03:00
Michael Niedermayer
22bec0d33f avcodec/h2645_parse: Use av_fast_realloc() for nals array
Fixes: Timeout (17sec ->281ms)
Fixes: 17833/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5638346914660352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-10-06 20:00:59 +02:00
Andriy Gelman
78b86c30d3 avcodec/h2645_parse: simplify memset call
Removed (new_size - pkt->nals_allocated) because this value is always 1
during the call.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-09-11 10:23:26 -03:00
James Almer
af70bfbead avcodec/h2645_parse: zero initialize the rbsp buffer
Fixes ticket #8093

Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-08-27 10:56:41 -03:00
Derek Buitenhuis
90b85ab21f h2645_parse: Fix loglevel for NAL header parsing
We don't treat this as an error.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2019-03-19 19:56:19 +00:00
Andreas Rheinhardt
992532ee31 h2645_parse: Make ff_h2645_packet_split reference-compatible
This is in preparation for a patch for cbs_h2645. Now the packet's
rbsp_buffer can be owned by an AVBuffer.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@googlemail.com>
2019-01-23 22:33:43 +00:00
Jun Zhao
b7cd2ab22e lavc/h2645_parse: add h264_nal_unit_name for h264 NAL type.
Signed-off-by: Jun Zhao <mypopydev@gmail.com>
2018-05-16 20:24:48 +08:00
Jun Zhao
7582a907e4 lavc/h2645_parse: rename the nal_unit_name to hevc_nal_unit_name.
Rename the nal_unit_name to hevc_nal_unit_name, will add a
h264_nal_unit_name function.

Signed-off-by: Jun Zhao <mypopydev@gmail.com>
2018-05-16 20:24:48 +08:00
Jun Zhao
48c5ac8b0f lavc/h2645_parse: log more HEVC NAL type.
Signed-off-by: Jun Zhao <mypopydev@gmail.com>
2018-05-16 20:24:48 +08:00
James Almer
9a09f4c54a avcodec/h2645_parse: skip NALUs with no content after stripping all the trailing zeros
The GetBitContext is effectively empty in them.

Signed-off-by: James Almer <jamrial@gmail.com>
2018-05-14 18:09:32 -03:00
Michael Niedermayer
7562567f41 avcodec/h2645_parse: Replace RNXYA by RNXY in ff_h2645_extract_rbsp()
Fixes misaligned accesses
Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-25 23:09:47 +02:00
Kieran Kunhya
03b82b3ab9 h2645_parse: Allocate a single buffer per packet
Drastically reduces memory usage on pathological streams.
Fixes ticket #6789
2017-11-04 18:06:45 +00:00
James Almer
07cf202614 Merge commit '83b2b34d06e74cc8775ba3d833f9782505e17539'
* commit '83b2b34d06e74cc8775ba3d833f9782505e17539':
  h2645_parse: use the bytestream2 API for packet splitting

Merged-by: James Almer <jamrial@gmail.com>
2017-10-20 19:04:53 -03:00
James Almer
6397815be0 Merge commit 'c359d624d3efc3fd1d83210d78c4152bd329b765'
* commit 'c359d624d3efc3fd1d83210d78c4152bd329b765':
  hevcdec: move decoder-independent declarations into a separate header

Merged-by: James Almer <jamrial@gmail.com>
2017-03-23 14:27:48 -03:00
Clément Bœsch
038e6aef7a Merge commit '4abe3b049d987420eb891f74a35af2cebbf52144'
* commit '4abe3b049d987420eb891f74a35af2cebbf52144':
  hevc: rename hevc.[ch] to hevcdec.[ch]

Merged-by: Clément Bœsch <u@pkh.me>
2017-03-23 16:48:41 +01:00
Anton Khirnov
83b2b34d06 h2645_parse: use the bytestream2 API for packet splitting
The code does some nontrivial jumping around in the buffer, so it is
safer to use a checked API rather than do everything manually.

Fixes a bug in nalff parsing, where the length field is currently not
counted in the buffer size check, resulting in possible overreads with
invalid files.

CC: libav-stable@libav.org
Bug-Id: 1002
Found-By: Kamil Frankowicz
2017-03-12 20:42:12 +01:00
Michael Niedermayer
15dd56c093 avcodec/h2645_parse: fix nal size
Found-by: <durandal_1707>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-08-20 00:40:43 +02:00
Michael Niedermayer
528171ba84 avcodec/h2645_parse: Use get_nalsize() in ff_h2645_packet_split()
This fixes several regressions in h.264

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-08-20 00:39:07 +02:00
Michael Niedermayer
382a68b008 vcodec/h2645_parse: Clear buffer padding
Fixes use of uninitialized memory
Fixes: 044100cb22845944988a4bd821ff8074/asan_heap-oob_329927a_1366_c3de34ce9217dac820fbb46171031bbb.jsv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-08-18 23:36:18 +02:00
Michael Niedermayer
cc13bc8c4f avcodec/h2645: Fix NAL unit padding
The parser changes have lost the support for the needed padding, this adds it back
Fixes out of array reads
Fixes: 03ea21d271abc8acf428d42ace51d8b4/asan_heap-oob_3358eef_5692_16f0cc01ab5225e9ce591659e5c20e35.mkv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-08-18 23:36:18 +02:00
Vittorio Giovara
61bd0ed781 h264: Log more information about invalid NALu size 2016-07-13 18:18:46 -04:00
Janne Grunau
17c99b6158 h2645_parse: handle embedded Annex B NAL units in size prefixed NAL units
Fixes a regression in ca2f19b9cc with some mov/mp4 files. The files have
several NAL units in the supposed single NAL unit after the size field.
Annex B start code prefixes are used to separate them. The first NAL unit
is correctly parsed but the buffer does not point to the next size field.
Instead semi random data (it seems to be the rbsp_stop_one_bit and the
start code prefix) is then parsed as length and will exceed the
remaining length of the buffer.

Patch based on the code in h264's decode_nal_units() and a similar
patch by Hendrik Leppkes in FFmpeg (a9bb4cf87d).

Bug-Id: ffmpeg/trac5529
Reported-By: Vittorio Giovara
2016-07-13 22:18:52 +02:00
Hendrik Leppkes
83a940e7fb h2645_parse: don't overread AnnexB NALs within an avc stream
We know the maximum size of an AnnexB NAL, signaling it as the maximum
NAL size allows ff_h2645_extract_rbsp to determine the correct size.
2016-07-08 15:20:20 +02:00
Hendrik Leppkes
c3e9b098e1 h2645_parse: only read avc length code at the correct position
Reading it from any other position would result in a wrong size being
read, instead fallback to the re-sync mechanic in the else clause.
2016-07-08 15:20:16 +02:00
Hendrik Leppkes
a9bb4cf87d h2645_parse: support badly muxed mp4 streams
Some streams contain an additional AnnexB NAL inside the mp4/nalff NALU.
This commonly occurs in interlaced streams where both fields are packed
into the same MP4 NAL with an AnnexB startcode in between.

Port handling of this format from the previous h264 nal handling.

Fixes trac #5529
2016-05-17 14:03:21 +02:00
Hendrik Leppkes
d46e856350 h265_parse: skip zero sized NAL units
Avoids extra error checks later on and/or invalid reads.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-05-07 21:14:23 +01:00
Hendrik Leppkes
9cc1ab63ac h2645_parse: allow partial escaping
This ports the fix from 033a533 to the new parser module in prepartion
of using it for the h264 decoder.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-05-07 21:11:21 +01:00
Hendrik Leppkes
c802389393 h2645_parse: initialize the GetBitContext to the proper size
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-05-07 21:11:10 +01:00
Derek Buitenhuis
79aafd43fd Merge commit '90ed6c5cf7f236bc9efb47c97b40358c666d1386'
* commit '90ed6c5cf7f236bc9efb47c97b40358c666d1386':
  h2645_parse: compute the actual data length, without trailing paddding

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-26 14:27:35 +01:00
Derek Buitenhuis
438ed974b8 Merge commit 'b667252a41fbf5a3f6ea8c67fdbc03db3d748977'
* commit 'b667252a41fbf5a3f6ea8c67fdbc03db3d748977':
  h2645_parse: add support for parsing h264

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-26 14:07:03 +01:00
Derek Buitenhuis
b5c10c4c92 Merge commit '52ec149fbee57b6ca817049c9706212a0774a32c'
* commit '52ec149fbee57b6ca817049c9706212a0774a32c':
  h2645_parse: change the AVCodecContext* parameter to void*

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-26 14:04:48 +01:00
Derek Buitenhuis
8e73574d4f Merge commit '8229eff4b7a98ae5d85bb75f3bb072781b4a8ebe'
* commit '8229eff4b7a98ae5d85bb75f3bb072781b4a8ebe':
  h2645_parse: add a function for uninitializing the packet

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-26 14:01:45 +01:00
Derek Buitenhuis
3c4ca4c5d7 Merge commit 'fa936a307f5cddfc2664600157a8207ca8080af6'
* commit 'fa936a307f5cddfc2664600157a8207ca8080af6':
  hevc_parse: rename into h2645_parse

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-26 13:56:47 +01:00
Anton Khirnov
90ed6c5cf7 h2645_parse: compute the actual data length, without trailing paddding
This is required by h264.
2016-03-28 09:47:25 +02:00
Anton Khirnov
b667252a41 h2645_parse: add support for parsing h264 2016-03-28 09:45:04 +02:00
Anton Khirnov
52ec149fbe h2645_parse: change the AVCodecContext* parameter to void*
This should make it more clear that it is not supposed to be used for
anything except logging.
2016-03-28 09:43:31 +02:00
Anton Khirnov
8229eff4b7 h2645_parse: add a function for uninitializing the packet 2016-03-28 09:43:18 +02:00
Anton Khirnov
fa936a307f hevc_parse: rename into h2645_parse
This code will be shared with h264.
2016-03-28 09:42:44 +02:00