Skip to content

Commit

Permalink
fix panic when checking pts = dts on H265 (bluenviron/mediamtx#3754)
Browse files Browse the repository at this point in the history
  • Loading branch information
aler9 committed Sep 11, 2024
1 parent cb3c527 commit c1da7bd
Show file tree
Hide file tree
Showing 20 changed files with 54 additions and 4 deletions.
6 changes: 6 additions & 0 deletions pkg/format/h264_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,3 +87,9 @@ func FuzzUnmarshalH264(f *testing.F) {
}
})
}

func FuzzH264PTSEqualsDTS(f *testing.F) {
f.Fuzz(func(t *testing.T, b []byte) {
(&H264{}).PTSEqualsDTS(&rtp.Packet{Payload: b})
})
}
12 changes: 8 additions & 4 deletions pkg/format/h265.go
Original file line number Diff line number Diff line change
Expand Up @@ -140,13 +140,13 @@ func (f *H265) PTSEqualsDTS(pkt *rtp.Packet) bool {
return true

case h265.NALUType_AggregationUnit:
if len(pkt.Payload) < 4 {
return false
}

payload := pkt.Payload[2:]

for {
if len(payload) < 2 {
return false
}

size := uint16(payload[0])<<8 | uint16(payload[1])
payload = payload[2:]

Expand All @@ -167,6 +167,10 @@ func (f *H265) PTSEqualsDTS(pkt *rtp.Packet) bool {
if len(payload) == 0 {
break
}

if len(payload) < 2 {
return false
}

Check warning on line 173 in pkg/format/h265.go

View check run for this annotation

Codecov / codecov/patch

pkg/format/h265.go#L171-L173

Added lines #L171 - L173 were not covered by tests
}

case h265.NALUType_FragmentationUnit:
Expand Down
6 changes: 6 additions & 0 deletions pkg/format/h265_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,3 +104,9 @@ func FuzzUnmarshalH265(f *testing.F) {
}
})
}

func FuzzH265PTSEqualsDTS(f *testing.F) {
f.Fuzz(func(t *testing.T, b []byte) {
(&H265{}).PTSEqualsDTS(&rtp.Packet{Payload: b})
})
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("800")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("\xbc")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("8")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("\xbc\xa8")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("\xbc0")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("8\x00\x010")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("8\x00\x01%")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("A")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("b0\xd3")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("a0")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("a0\x00\x040000")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("a")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("b00")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("a0\x00\x04A000")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("a000")
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
go test fuzz v1
[]byte("b0")

0 comments on commit c1da7bd

Please sign in to comment.