From 2023bf1b0028d6d74504f83a63be13e546117d96 Mon Sep 17 00:00:00 2001 From: Alessandro Ros Date: Wed, 11 Sep 2024 11:43:15 +0200 Subject: [PATCH] fix panic when checking pts = dts on H265 (bluenviron/mediamtx#3754) (#617) --- pkg/format/h264_test.go | 6 ++++++ pkg/format/h265.go | 12 ++++++++---- pkg/format/h265_test.go | 6 ++++++ .../fuzz/FuzzH264PTSEqualsDTS/048b606517c23baf | 2 ++ .../fuzz/FuzzH264PTSEqualsDTS/0d7efebfbe993205 | 2 ++ .../fuzz/FuzzH264PTSEqualsDTS/55cc57e8de6f7821 | 2 ++ .../fuzz/FuzzH264PTSEqualsDTS/6347df174e34a4bd | 2 ++ .../fuzz/FuzzH264PTSEqualsDTS/83e07aca85794b54 | 2 ++ .../fuzz/FuzzH264PTSEqualsDTS/a831486d4a428ccd | 2 ++ .../fuzz/FuzzH264PTSEqualsDTS/ba42460e5506f2bc | 2 ++ .../fuzz/FuzzH264PTSEqualsDTS/caf81e9797b19c76 | 2 ++ .../fuzz/FuzzH265PTSEqualsDTS/19981bffc2abbaf1 | 2 ++ .../fuzz/FuzzH265PTSEqualsDTS/463b273d21ba371a | 2 ++ .../fuzz/FuzzH265PTSEqualsDTS/6e0463cbdc2d559f | 2 ++ .../fuzz/FuzzH265PTSEqualsDTS/7c106d2d11e725ec | 2 ++ .../fuzz/FuzzH265PTSEqualsDTS/a564d03307332bc8 | 2 ++ .../fuzz/FuzzH265PTSEqualsDTS/b2089cb22b868c96 | 2 ++ .../fuzz/FuzzH265PTSEqualsDTS/b88d0a1c039b8eca | 2 ++ .../fuzz/FuzzH265PTSEqualsDTS/c4389a565e828050 | 2 ++ .../fuzz/FuzzH265PTSEqualsDTS/e8bff8fcc87530c8 | 2 ++ .../fuzz/FuzzH265PTSEqualsDTS/eb4593a9592045ab | 2 ++ 21 files changed, 56 insertions(+), 4 deletions(-) create mode 100644 pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/048b606517c23baf create mode 100644 pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/0d7efebfbe993205 create mode 100644 pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/55cc57e8de6f7821 create mode 100644 pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/6347df174e34a4bd create mode 100644 pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/83e07aca85794b54 create mode 100644 pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/a831486d4a428ccd create mode 100644 pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/ba42460e5506f2bc create mode 100644 pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/caf81e9797b19c76 create mode 100644 pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/19981bffc2abbaf1 create mode 100644 pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/463b273d21ba371a create mode 100644 pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/6e0463cbdc2d559f create mode 100644 pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/7c106d2d11e725ec create mode 100644 pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/a564d03307332bc8 create mode 100644 pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/b2089cb22b868c96 create mode 100644 pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/b88d0a1c039b8eca create mode 100644 pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/c4389a565e828050 create mode 100644 pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/e8bff8fcc87530c8 create mode 100644 pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/eb4593a9592045ab diff --git a/pkg/format/h264_test.go b/pkg/format/h264_test.go index f49f8e67..3b5a0034 100644 --- a/pkg/format/h264_test.go +++ b/pkg/format/h264_test.go @@ -87,3 +87,9 @@ func FuzzUnmarshalH264(f *testing.F) { } }) } + +func FuzzH264PTSEqualsDTS(f *testing.F) { + f.Fuzz(func(t *testing.T, b []byte) { + (&H264{}).PTSEqualsDTS(&rtp.Packet{Payload: b}) + }) +} diff --git a/pkg/format/h265.go b/pkg/format/h265.go index ff11cbe6..2ad9cb78 100644 --- a/pkg/format/h265.go +++ b/pkg/format/h265.go @@ -140,13 +140,13 @@ func (f *H265) PTSEqualsDTS(pkt *rtp.Packet) bool { return true case h265.NALUType_AggregationUnit: + if len(pkt.Payload) < 4 { + return false + } + payload := pkt.Payload[2:] for { - if len(payload) < 2 { - return false - } - size := uint16(payload[0])<<8 | uint16(payload[1]) payload = payload[2:] @@ -167,6 +167,10 @@ func (f *H265) PTSEqualsDTS(pkt *rtp.Packet) bool { if len(payload) == 0 { break } + + if len(payload) < 2 { + return false + } } case h265.NALUType_FragmentationUnit: diff --git a/pkg/format/h265_test.go b/pkg/format/h265_test.go index a4051f0b..af29904d 100644 --- a/pkg/format/h265_test.go +++ b/pkg/format/h265_test.go @@ -104,3 +104,9 @@ func FuzzUnmarshalH265(f *testing.F) { } }) } + +func FuzzH265PTSEqualsDTS(f *testing.F) { + f.Fuzz(func(t *testing.T, b []byte) { + (&H265{}).PTSEqualsDTS(&rtp.Packet{Payload: b}) + }) +} diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/048b606517c23baf b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/048b606517c23baf new file mode 100644 index 00000000..d4bdeb53 --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/048b606517c23baf @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("800") diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/0d7efebfbe993205 b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/0d7efebfbe993205 new file mode 100644 index 00000000..5e9d63e5 --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/0d7efebfbe993205 @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("\xbc") diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/55cc57e8de6f7821 b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/55cc57e8de6f7821 new file mode 100644 index 00000000..45be281e --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/55cc57e8de6f7821 @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("8") diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/6347df174e34a4bd b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/6347df174e34a4bd new file mode 100644 index 00000000..d890fb8d --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/6347df174e34a4bd @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("\xbc\xa8") diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/83e07aca85794b54 b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/83e07aca85794b54 new file mode 100644 index 00000000..41a0ff7f --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/83e07aca85794b54 @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("\xbc0") diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/a831486d4a428ccd b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/a831486d4a428ccd new file mode 100644 index 00000000..d13af47e --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/a831486d4a428ccd @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("8\x00\x010") diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/ba42460e5506f2bc b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/ba42460e5506f2bc new file mode 100644 index 00000000..778f3cf3 --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/ba42460e5506f2bc @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("8\x00\x01%") diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/caf81e9797b19c76 b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/caf81e9797b19c76 new file mode 100644 index 00000000..67322c70 --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/caf81e9797b19c76 @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("") diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/19981bffc2abbaf1 b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/19981bffc2abbaf1 new file mode 100644 index 00000000..ecbe8afb --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/19981bffc2abbaf1 @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("A") diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/463b273d21ba371a b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/463b273d21ba371a new file mode 100644 index 00000000..58298c7a --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/463b273d21ba371a @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("b0\xd3") diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/6e0463cbdc2d559f b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/6e0463cbdc2d559f new file mode 100644 index 00000000..640bbd63 --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/6e0463cbdc2d559f @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("a0") diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/7c106d2d11e725ec b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/7c106d2d11e725ec new file mode 100644 index 00000000..4c1731d4 --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/7c106d2d11e725ec @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("a0\x00\x040000") diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/a564d03307332bc8 b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/a564d03307332bc8 new file mode 100644 index 00000000..3fa9e2bf --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/a564d03307332bc8 @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("a") diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/b2089cb22b868c96 b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/b2089cb22b868c96 new file mode 100644 index 00000000..cbc1fee6 --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/b2089cb22b868c96 @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("b00") diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/b88d0a1c039b8eca b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/b88d0a1c039b8eca new file mode 100644 index 00000000..6a316437 --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/b88d0a1c039b8eca @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("a0\x00\x04A000") diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/c4389a565e828050 b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/c4389a565e828050 new file mode 100644 index 00000000..81d331a2 --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/c4389a565e828050 @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("a000") diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/e8bff8fcc87530c8 b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/e8bff8fcc87530c8 new file mode 100644 index 00000000..3a6bdd12 --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/e8bff8fcc87530c8 @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("a0\x00\x0100") diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/eb4593a9592045ab b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/eb4593a9592045ab new file mode 100644 index 00000000..75378806 --- /dev/null +++ b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/eb4593a9592045ab @@ -0,0 +1,2 @@ +go test fuzz v1 +[]byte("b0")