From fa94080e84a863236942237cfe73b4bfaa5b1bf3 Mon Sep 17 00:00:00 2001 From: Alessandro Ros Date: Sat, 22 Mar 2025 22:45:54 +0100 Subject: [PATCH] prevent decoders from returning empty NALUs (bluenviron/mediamtx#4346) (#726) --- pkg/format/rtpav1/decoder.go | 6 +++ pkg/format/rtpav1/decoder_test.go | 43 ++++++++++-------- .../{894f7b51b885dbb1 => 18413e36c51d1ebe} | 2 +- .../fuzz/FuzzDecoder/1ed61654a1dada4b | 5 +++ .../{1bcf1d62b055a123 => 1fd6e8e69fb31947} | 2 +- .../{bf1e5b208e57f701 => cc0fa679ceee585f} | 2 +- pkg/format/rtph264/decoder.go | 10 +++-- pkg/format/rtph264/decoder_test.go | 45 +++++++++++-------- .../fuzz/FuzzDecoder/15fcae9a402a0f11 | 5 +++ .../fuzz/FuzzDecoder/3707105d86e9ef3c | 5 +++ .../{11dca3ad0def7057 => 3a1859786e5a6231} | 2 + .../fuzz/FuzzDecoder/3b0600afabf53c93 | 3 -- .../fuzz/FuzzDecoder/5ad0b5168b26857a} | 4 +- .../fuzz/FuzzDecoder/5b424cab7437770c | 5 +++ .../fuzz/FuzzDecoder/60892a24d67609fc | 3 -- .../fuzz/FuzzDecoder/6a8b2220ade9c21d | 5 +++ .../fuzz/FuzzDecoder/84ed65595ad05a58 | 3 -- .../fuzz/FuzzDecoder/9b4d0ab6bd98d3a9 | 3 -- .../fuzz/FuzzDecoder/9de59c1cbda7c1b0 | 5 +++ .../fuzz/FuzzDecoder/a900b5d3c2c2772a | 5 +++ .../fuzz/FuzzDecoder/b8149c97ccea034d | 5 +++ .../fuzz/FuzzDecoder/ecf7d0b7f06fcc4a | 3 -- .../fuzz/FuzzDecoder/edbcdbb8d9f1bdac | 3 -- .../fuzz/FuzzDecoder/ef42b0cea98081da | 5 +++ .../fuzz/FuzzDecoder/ef62dc47a38f1a39 | 3 -- .../fuzz/FuzzDecoder/fc2b1d7ceef39c14 | 5 +++ pkg/format/rtph265/decoder.go | 6 +-- pkg/format/rtph265/decoder_test.go | 45 +++++++++++-------- .../{2d69a60004f3edfd => 14cfad5b98d00ac8} | 4 +- .../fuzz/FuzzDecoder/17e52f9247ad1b2a | 5 +++ .../fuzz/FuzzDecoder/18fae30536d2c3ba | 5 +++ .../fuzz/FuzzDecoder/25f2b139d5d03b01 | 3 -- .../fuzz/FuzzDecoder/5cedd25e23c9f9aa | 3 -- .../fuzz/FuzzDecoder/69e1cb9d2d26f61f | 5 +++ .../fuzz/FuzzDecoder/717a02ebf21c41db | 3 -- .../fuzz/FuzzDecoder/728cd1cec4fb0ff2 | 5 +++ .../fuzz/FuzzDecoder/84ed65595ad05a58 | 3 -- .../fuzz/FuzzDecoder/95e634df087d6476 | 3 -- .../fuzz/FuzzDecoder/9de59c1cbda7c1b0 | 5 +++ .../fuzz/FuzzDecoder/a7fab38f1f1629f8 | 3 -- .../fuzz/FuzzDecoder/ab70f5936ef75670 | 5 +++ .../fuzz/FuzzDecoder/af9c0e4e34bfcb3e | 5 +++ .../fuzz/FuzzDecoder/ba1f81d88619462f | 5 +++ .../fuzz/FuzzDecoder/e807a721f4e89fcb | 3 -- 44 files changed, 191 insertions(+), 112 deletions(-) rename pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/{894f7b51b885dbb1 => 18413e36c51d1ebe} (82%) create mode 100644 pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1ed61654a1dada4b rename pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/{1bcf1d62b055a123 => 1fd6e8e69fb31947} (77%) rename pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/{bf1e5b208e57f701 => cc0fa679ceee585f} (82%) create mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/15fcae9a402a0f11 create mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3707105d86e9ef3c rename pkg/format/rtph264/testdata/fuzz/FuzzDecoder/{11dca3ad0def7057 => 3a1859786e5a6231} (64%) delete mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3b0600afabf53c93 rename pkg/format/{rtpav1/testdata/fuzz/FuzzDecoder/079a435e5445c35b => rtph264/testdata/fuzz/FuzzDecoder/5ad0b5168b26857a} (62%) create mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/5b424cab7437770c delete mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/60892a24d67609fc create mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/6a8b2220ade9c21d delete mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/84ed65595ad05a58 delete mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/9b4d0ab6bd98d3a9 create mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/9de59c1cbda7c1b0 create mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/a900b5d3c2c2772a create mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/b8149c97ccea034d delete mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ecf7d0b7f06fcc4a delete mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/edbcdbb8d9f1bdac create mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ef42b0cea98081da delete mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ef62dc47a38f1a39 create mode 100644 pkg/format/rtph264/testdata/fuzz/FuzzDecoder/fc2b1d7ceef39c14 rename pkg/format/rtph265/testdata/fuzz/FuzzDecoder/{2d69a60004f3edfd => 14cfad5b98d00ac8} (63%) create mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/17e52f9247ad1b2a create mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/18fae30536d2c3ba delete mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/25f2b139d5d03b01 delete mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/5cedd25e23c9f9aa create mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/69e1cb9d2d26f61f delete mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/717a02ebf21c41db create mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/728cd1cec4fb0ff2 delete mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/84ed65595ad05a58 delete mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/95e634df087d6476 create mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/9de59c1cbda7c1b0 delete mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/a7fab38f1f1629f8 create mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/ab70f5936ef75670 create mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/af9c0e4e34bfcb3e create mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/ba1f81d88619462f delete mode 100644 pkg/format/rtph265/testdata/fuzz/FuzzDecoder/e807a721f4e89fcb diff --git a/pkg/format/rtpav1/decoder.go b/pkg/format/rtpav1/decoder.go index 020db078..5a38e2e1 100644 --- a/pkg/format/rtpav1/decoder.go +++ b/pkg/format/rtpav1/decoder.go @@ -60,6 +60,12 @@ func (d *Decoder) decodeOBUs(pkt *rtp.Packet) ([][]byte, error) { return nil, fmt.Errorf("invalid header: %w", err) } + for _, obu := range av1header.OBUElements { + if len(obu) == 0 { + return nil, fmt.Errorf("invalid OBU size") + } + } + if av1header.Z { if d.fragmentsSize == 0 { if !d.firstPacketReceived { diff --git a/pkg/format/rtpav1/decoder_test.go b/pkg/format/rtpav1/decoder_test.go index 24b61238..5e1b722d 100644 --- a/pkg/format/rtpav1/decoder_test.go +++ b/pkg/format/rtpav1/decoder_test.go @@ -295,32 +295,39 @@ func TestDecodeErrorMissingPacket(t *testing.T) { } func FuzzDecoder(f *testing.F) { - f.Fuzz(func(_ *testing.T, a []byte, am bool, b []byte, bm bool) { + f.Fuzz(func(t *testing.T, a []byte, am bool, b []byte, bm bool) { d := &Decoder{} - d.Init() //nolint:errcheck + err := d.Init() + require.NoError(t, err) - d.Decode(&rtp.Packet{ //nolint:errcheck + tu, err := d.Decode(&rtp.Packet{ Header: rtp.Header{ - Version: 2, Marker: am, - PayloadType: 96, SequenceNumber: 17645, - Timestamp: 2289527317, - SSRC: 0x9dbb7812, }, Payload: a, }) - d.Decode(&rtp.Packet{ //nolint:errcheck - Header: rtp.Header{ - Version: 2, - Marker: bm, - PayloadType: 96, - SequenceNumber: 17646, - Timestamp: 2289527317, - SSRC: 0x9dbb7812, - }, - Payload: b, - }) + if errors.Is(err, ErrMorePacketsNeeded) { + tu, err = d.Decode(&rtp.Packet{ + Header: rtp.Header{ + Marker: bm, + SequenceNumber: 17646, + }, + Payload: b, + }) + } + + if err == nil { + if len(tu) == 0 { + t.Errorf("should not happen") + } + + for _, nalu := range tu { + if len(nalu) == 0 { + t.Errorf("should not happen") + } + } + } }) } diff --git a/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/894f7b51b885dbb1 b/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/18413e36c51d1ebe similarity index 82% rename from pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/894f7b51b885dbb1 rename to pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/18413e36c51d1ebe index fb553a64..1e54d057 100644 --- a/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/894f7b51b885dbb1 +++ b/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/18413e36c51d1ebe @@ -2,4 +2,4 @@ go test fuzz v1 []byte("0\x00") bool(true) []byte("0") -bool(false) +bool(true) diff --git a/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1ed61654a1dada4b b/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1ed61654a1dada4b new file mode 100644 index 00000000..ccdf89a0 --- /dev/null +++ b/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1ed61654a1dada4b @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("0") +bool(false) +[]byte("0") +bool(false) diff --git a/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1bcf1d62b055a123 b/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1fd6e8e69fb31947 similarity index 77% rename from pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1bcf1d62b055a123 rename to pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1fd6e8e69fb31947 index 2f9ecb9a..77f00362 100644 --- a/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1bcf1d62b055a123 +++ b/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1fd6e8e69fb31947 @@ -1,5 +1,5 @@ go test fuzz v1 -[]byte("\x190") +[]byte("\x180") bool(false) []byte("\xd00") bool(false) diff --git a/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/bf1e5b208e57f701 b/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/cc0fa679ceee585f similarity index 82% rename from pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/bf1e5b208e57f701 rename to pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/cc0fa679ceee585f index e175acef..4aaad70b 100644 --- a/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/bf1e5b208e57f701 +++ b/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/cc0fa679ceee585f @@ -1,5 +1,5 @@ go test fuzz v1 []byte("\xd00") bool(false) -[]byte("") +[]byte("0") bool(false) diff --git a/pkg/format/rtph264/decoder.go b/pkg/format/rtph264/decoder.go index 19567f34..bc5cc3e3 100644 --- a/pkg/format/rtph264/decoder.go +++ b/pkg/format/rtph264/decoder.go @@ -157,9 +157,13 @@ func (d *Decoder) decodeNALUs(pkt *rtp.Packet) ([][]byte, error) { size := uint16(payload[0])<<8 | uint16(payload[1]) payload = payload[2:] - // discard padding - if size == 0 && isAllZero(payload) { - break + if size == 0 { + // discard padding + if isAllZero(payload) { + break + } + + return nil, fmt.Errorf("invalid STAP-A packet (invalid size)") } if int(size) > len(payload) { diff --git a/pkg/format/rtph264/decoder_test.go b/pkg/format/rtph264/decoder_test.go index 3593db8e..b092d205 100644 --- a/pkg/format/rtph264/decoder_test.go +++ b/pkg/format/rtph264/decoder_test.go @@ -275,32 +275,39 @@ func TestDecodeErrorMissingPacket(t *testing.T) { } func FuzzDecoder(f *testing.F) { - f.Fuzz(func(_ *testing.T, a []byte, b []byte) { + f.Fuzz(func(t *testing.T, a []byte, am bool, b []byte, bm bool) { d := &Decoder{} - d.Init() //nolint:errcheck + err := d.Init() + require.NoError(t, err) - d.Decode(&rtp.Packet{ //nolint:errcheck + au, err := d.Decode(&rtp.Packet{ Header: rtp.Header{ - Version: 2, - Marker: false, - PayloadType: 96, + Marker: am, SequenceNumber: 17645, - Timestamp: 2289527317, - SSRC: 0x9dbb7812, }, Payload: a, }) - d.Decode(&rtp.Packet{ //nolint:errcheck - Header: rtp.Header{ - Version: 2, - Marker: false, - PayloadType: 96, - SequenceNumber: 17645, - Timestamp: 2289527317, - SSRC: 0x9dbb7812, - }, - Payload: b, - }) + if errors.Is(err, ErrMorePacketsNeeded) { + au, err = d.Decode(&rtp.Packet{ + Header: rtp.Header{ + Marker: bm, + SequenceNumber: 17646, + }, + Payload: b, + }) + } + + if err == nil { + if len(au) == 0 { + t.Errorf("should not happen") + } + + for _, nalu := range au { + if len(nalu) == 0 { + t.Errorf("should not happen") + } + } + } }) } diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/15fcae9a402a0f11 b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/15fcae9a402a0f11 new file mode 100644 index 00000000..d318ad45 --- /dev/null +++ b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/15fcae9a402a0f11 @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("8") +bool(false) +[]byte("0") +bool(true) diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3707105d86e9ef3c b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3707105d86e9ef3c new file mode 100644 index 00000000..a313d79a --- /dev/null +++ b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3707105d86e9ef3c @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("0") +bool(false) +[]byte("\x00\x00\x00\x01") +bool(false) diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/11dca3ad0def7057 b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3a1859786e5a6231 similarity index 64% rename from pkg/format/rtph264/testdata/fuzz/FuzzDecoder/11dca3ad0def7057 rename to pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3a1859786e5a6231 index 425777d6..fc53f2fd 100644 --- a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/11dca3ad0def7057 +++ b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3a1859786e5a6231 @@ -1,3 +1,5 @@ go test fuzz v1 []byte("800") +bool(false) []byte("0") +bool(true) diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3b0600afabf53c93 b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3b0600afabf53c93 deleted file mode 100644 index 89145c16..00000000 --- a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3b0600afabf53c93 +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("0") -[]byte("8\x00\x000") diff --git a/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/079a435e5445c35b b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/5ad0b5168b26857a similarity index 62% rename from pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/079a435e5445c35b rename to pkg/format/rtph264/testdata/fuzz/FuzzDecoder/5ad0b5168b26857a index bd06f9a9..df63c2e9 100644 --- a/pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/079a435e5445c35b +++ b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/5ad0b5168b26857a @@ -1,5 +1,5 @@ go test fuzz v1 []byte("") bool(false) -[]byte("") -bool(false) +[]byte("0") +bool(true) diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/5b424cab7437770c b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/5b424cab7437770c new file mode 100644 index 00000000..6b38a75c --- /dev/null +++ b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/5b424cab7437770c @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("0") +bool(false) +[]byte("8\x00\x00\x00\x010") +bool(true) diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/60892a24d67609fc b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/60892a24d67609fc deleted file mode 100644 index f6645a7c..00000000 --- a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/60892a24d67609fc +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("8") -[]byte("") diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/6a8b2220ade9c21d b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/6a8b2220ade9c21d new file mode 100644 index 00000000..24e55c99 --- /dev/null +++ b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/6a8b2220ade9c21d @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("\xdc") +bool(false) +[]byte("0") +bool(false) diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/84ed65595ad05a58 b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/84ed65595ad05a58 deleted file mode 100644 index b8f15622..00000000 --- a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/84ed65595ad05a58 +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("0") -[]byte("") diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/9b4d0ab6bd98d3a9 b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/9b4d0ab6bd98d3a9 deleted file mode 100644 index 281e5902..00000000 --- a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/9b4d0ab6bd98d3a9 +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("0") -[]byte("80") diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/9de59c1cbda7c1b0 b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/9de59c1cbda7c1b0 new file mode 100644 index 00000000..04fdd58b --- /dev/null +++ b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/9de59c1cbda7c1b0 @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("0") +bool(false) +[]byte("0") +bool(true) diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/a900b5d3c2c2772a b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/a900b5d3c2c2772a new file mode 100644 index 00000000..39531f1c --- /dev/null +++ b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/a900b5d3c2c2772a @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("\xdc0") +bool(false) +[]byte("0") +bool(false) diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/b8149c97ccea034d b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/b8149c97ccea034d new file mode 100644 index 00000000..eeaf2586 --- /dev/null +++ b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/b8149c97ccea034d @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("8\x00\x00") +bool(false) +[]byte("0") +bool(true) diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ecf7d0b7f06fcc4a b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ecf7d0b7f06fcc4a deleted file mode 100644 index f8ac0aa8..00000000 --- a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ecf7d0b7f06fcc4a +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("0") -[]byte("<") diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/edbcdbb8d9f1bdac b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/edbcdbb8d9f1bdac deleted file mode 100644 index f003f163..00000000 --- a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/edbcdbb8d9f1bdac +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("0") -[]byte("\\0") diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ef42b0cea98081da b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ef42b0cea98081da new file mode 100644 index 00000000..26b859e2 --- /dev/null +++ b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ef42b0cea98081da @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("0") +bool(false) +[]byte("9000") +bool(false) diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ef62dc47a38f1a39 b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ef62dc47a38f1a39 deleted file mode 100644 index c5ee21e7..00000000 --- a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ef62dc47a38f1a39 +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("0") -[]byte("9") diff --git a/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/fc2b1d7ceef39c14 b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/fc2b1d7ceef39c14 new file mode 100644 index 00000000..528cd959 --- /dev/null +++ b/pkg/format/rtph264/testdata/fuzz/FuzzDecoder/fc2b1d7ceef39c14 @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("0") +bool(false) +[]byte("|0") +bool(true) diff --git a/pkg/format/rtph265/decoder.go b/pkg/format/rtph265/decoder.go index 7159eb28..d6937ccf 100644 --- a/pkg/format/rtph265/decoder.go +++ b/pkg/format/rtph265/decoder.go @@ -81,7 +81,7 @@ func (d *Decoder) decodeNALUs(pkt *rtp.Packet) ([][]byte, error) { size := uint16(payload[0])<<8 | uint16(payload[1]) payload = payload[2:] - if int(size) > len(payload) { + if size == 0 || int(size) > len(payload) { return nil, fmt.Errorf("invalid aggregation unit (invalid size)") } @@ -93,10 +93,6 @@ func (d *Decoder) decodeNALUs(pkt *rtp.Packet) ([][]byte, error) { } } - if nalus == nil { - return nil, fmt.Errorf("aggregation unit doesn't contain any NALU") - } - d.firstPacketReceived = true case h265.NALUType_FragmentationUnit: diff --git a/pkg/format/rtph265/decoder_test.go b/pkg/format/rtph265/decoder_test.go index 1a634d1e..dcb50f55 100644 --- a/pkg/format/rtph265/decoder_test.go +++ b/pkg/format/rtph265/decoder_test.go @@ -92,32 +92,39 @@ func TestDecodeErrorMissingPacket(t *testing.T) { } func FuzzDecoder(f *testing.F) { - f.Fuzz(func(_ *testing.T, a []byte, b []byte) { + f.Fuzz(func(t *testing.T, a []byte, am bool, b []byte, bm bool) { d := &Decoder{} - d.Init() //nolint:errcheck + err := d.Init() + require.NoError(t, err) - d.Decode(&rtp.Packet{ //nolint:errcheck + au, err := d.Decode(&rtp.Packet{ Header: rtp.Header{ - Version: 2, - Marker: false, - PayloadType: 96, + Marker: am, SequenceNumber: 17645, - Timestamp: 2289527317, - SSRC: 0x9dbb7812, }, Payload: a, }) - d.Decode(&rtp.Packet{ //nolint:errcheck - Header: rtp.Header{ - Version: 2, - Marker: false, - PayloadType: 96, - SequenceNumber: 17645, - Timestamp: 2289527317, - SSRC: 0x9dbb7812, - }, - Payload: b, - }) + if errors.Is(err, ErrMorePacketsNeeded) { + au, err = d.Decode(&rtp.Packet{ + Header: rtp.Header{ + Marker: bm, + SequenceNumber: 17646, + }, + Payload: b, + }) + } + + if err == nil { + if len(au) == 0 { + t.Errorf("should not happen") + } + + for _, nalu := range au { + if len(nalu) == 0 { + t.Errorf("should not happen") + } + } + } }) } diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/2d69a60004f3edfd b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/14cfad5b98d00ac8 similarity index 63% rename from pkg/format/rtph265/testdata/fuzz/FuzzDecoder/2d69a60004f3edfd rename to pkg/format/rtph265/testdata/fuzz/FuzzDecoder/14cfad5b98d00ac8 index e368496b..a9c4b531 100644 --- a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/2d69a60004f3edfd +++ b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/14cfad5b98d00ac8 @@ -1,3 +1,5 @@ go test fuzz v1 -[]byte("0") []byte("b0") +bool(false) +[]byte("0") +bool(false) diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/17e52f9247ad1b2a b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/17e52f9247ad1b2a new file mode 100644 index 00000000..42180ef5 --- /dev/null +++ b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/17e52f9247ad1b2a @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("a0") +bool(false) +[]byte("0") +bool(true) diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/18fae30536d2c3ba b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/18fae30536d2c3ba new file mode 100644 index 00000000..fb053d89 --- /dev/null +++ b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/18fae30536d2c3ba @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("d0") +bool(false) +[]byte("0") +bool(true) diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/25f2b139d5d03b01 b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/25f2b139d5d03b01 deleted file mode 100644 index c8452b1a..00000000 --- a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/25f2b139d5d03b01 +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("00") -[]byte("b00") diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/5cedd25e23c9f9aa b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/5cedd25e23c9f9aa deleted file mode 100644 index 77d9c0b5..00000000 --- a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/5cedd25e23c9f9aa +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("0") -[]byte("a00") diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/69e1cb9d2d26f61f b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/69e1cb9d2d26f61f new file mode 100644 index 00000000..31c93f30 --- /dev/null +++ b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/69e1cb9d2d26f61f @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("00") +bool(false) +[]byte("b0\xc1") +bool(true) diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/717a02ebf21c41db b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/717a02ebf21c41db deleted file mode 100644 index e812d194..00000000 --- a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/717a02ebf21c41db +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("0") -[]byte("\xe50") diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/728cd1cec4fb0ff2 b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/728cd1cec4fb0ff2 new file mode 100644 index 00000000..d823375a --- /dev/null +++ b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/728cd1cec4fb0ff2 @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("b00") +bool(false) +[]byte("0") +bool(false) diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/84ed65595ad05a58 b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/84ed65595ad05a58 deleted file mode 100644 index b8f15622..00000000 --- a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/84ed65595ad05a58 +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("0") -[]byte("") diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/95e634df087d6476 b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/95e634df087d6476 deleted file mode 100644 index c1f15694..00000000 --- a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/95e634df087d6476 +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("a0") -[]byte("") diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/9de59c1cbda7c1b0 b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/9de59c1cbda7c1b0 new file mode 100644 index 00000000..04fdd58b --- /dev/null +++ b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/9de59c1cbda7c1b0 @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("0") +bool(false) +[]byte("0") +bool(true) diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/a7fab38f1f1629f8 b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/a7fab38f1f1629f8 deleted file mode 100644 index 6d2ad8dc..00000000 --- a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/a7fab38f1f1629f8 +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("b0\xd2") -[]byte("0") diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/ab70f5936ef75670 b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/ab70f5936ef75670 new file mode 100644 index 00000000..20a5ea81 --- /dev/null +++ b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/ab70f5936ef75670 @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("00") +bool(false) +[]byte("00") +bool(true) diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/af9c0e4e34bfcb3e b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/af9c0e4e34bfcb3e new file mode 100644 index 00000000..37b6f0b1 --- /dev/null +++ b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/af9c0e4e34bfcb3e @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("a0\x00\t000000000") +bool(false) +[]byte("b00") +bool(true) diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/ba1f81d88619462f b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/ba1f81d88619462f new file mode 100644 index 00000000..3548a65a --- /dev/null +++ b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/ba1f81d88619462f @@ -0,0 +1,5 @@ +go test fuzz v1 +[]byte("00") +bool(false) +[]byte("a0\x00\x00") +bool(true) diff --git a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/e807a721f4e89fcb b/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/e807a721f4e89fcb deleted file mode 100644 index f3f4fc22..00000000 --- a/pkg/format/rtph265/testdata/fuzz/FuzzDecoder/e807a721f4e89fcb +++ /dev/null @@ -1,3 +0,0 @@ -go test fuzz v1 -[]byte("a000") -[]byte("0")