package/gortsplib
1
0
Fork 0
mirror of https://github.com/aler9/gortsplib synced 2025-10-06 15:46:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

prevent decoders from returning empty NALUs (bluenviron/mediamtx#4346) (#726)

Browse Source
This commit is contained in:
Alessandro Ros
2025-03-22 22:45:54 +01:00
committed by GitHub
parent b6d6f6bf37
commit fa94080e84
44 changed files with 191 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/format/rtpav1/decoder.go
View File

@@ -60,6 +60,12 @@ func (d *Decoder) decodeOBUs(pkt *rtp.Packet) ([][]byte, error) {
return nil, fmt.Errorf("invalid header: %w", err) return nil, fmt.Errorf("invalid header: %w", err)
} }
for _, obu := range av1header.OBUElements {
if len(obu) == 0 {
return nil, fmt.Errorf("invalid OBU size")
}
}
if av1header.Z { if av1header.Z {
if d.fragmentsSize == 0 { if d.fragmentsSize == 0 {
if !d.firstPacketReceived { if !d.firstPacketReceived {

31
pkg/format/rtpav1/decoder_test.go
View File

@@ -295,32 +295,39 @@ func TestDecodeErrorMissingPacket(t *testing.T) {
} }
func FuzzDecoder(f *testing.F) { func FuzzDecoder(f *testing.F) {
f.Fuzz(func(_ *testing.T, a []byte, am bool, b []byte, bm bool) { f.Fuzz(func(t *testing.T, a []byte, am bool, b []byte, bm bool) {
d := &Decoder{} d := &Decoder{}
d.Init() //nolint:errcheck err := d.Init()
require.NoError(t, err)
d.Decode(&rtp.Packet{ //nolint:errcheck tu, err := d.Decode(&rtp.Packet{
Header: rtp.Header{ Header: rtp.Header{
Version: 2,
Marker: am, Marker: am,
PayloadType: 96,
SequenceNumber: 17645, SequenceNumber: 17645,
Timestamp: 2289527317,
SSRC: 0x9dbb7812,
}, },
Payload: a, Payload: a,
}) })
d.Decode(&rtp.Packet{ //nolint:errcheck if errors.Is(err, ErrMorePacketsNeeded) {
tu, err = d.Decode(&rtp.Packet{
Header: rtp.Header{ Header: rtp.Header{
Version: 2,
Marker: bm, Marker: bm,
PayloadType: 96,
SequenceNumber: 17646, SequenceNumber: 17646,
Timestamp: 2289527317,
SSRC: 0x9dbb7812,
}, },
Payload: b, Payload: b,
}) })
}
if err == nil {
if len(tu) == 0 {
t.Errorf("should not happen")
}
for _, nalu := range tu {
if len(nalu) == 0 {
t.Errorf("should not happen")
}
}
}
}) })
} }

2
pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/894f7b51b885dbb1 → pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/18413e36c51d1ebe vendored
View File

@@ -2,4 +2,4 @@ go test fuzz v1
[]byte("0\x00") []byte("0\x00")
bool(true) bool(true)
[]byte("0") []byte("0")
bool(false) bool(true)

5
pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1ed61654a1dada4b vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("0")
bool(false)

2
pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1bcf1d62b055a123 → pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1fd6e8e69fb31947 vendored
View File

@@ -1,5 +1,5 @@
go test fuzz v1 go test fuzz v1
[]byte("\x190") []byte("\x180")
bool(false) bool(false)
[]byte("\xd00") []byte("\xd00")
bool(false) bool(false)

2
pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/bf1e5b208e57f701 → pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/cc0fa679ceee585f vendored
View File

@@ -1,5 +1,5 @@
go test fuzz v1 go test fuzz v1
[]byte("\xd00") []byte("\xd00")
bool(false) bool(false)
[]byte("") []byte("0")
bool(false) bool(false)

6
pkg/format/rtph264/decoder.go
View File

@@ -157,11 +157,15 @@ func (d *Decoder) decodeNALUs(pkt *rtp.Packet) ([][]byte, error) {
size := uint16(payload[0])<<8 | uint16(payload[1]) size := uint16(payload[0])<<8 | uint16(payload[1])
payload = payload[2:] payload = payload[2:]
if size == 0 {
// discard padding // discard padding
if size == 0 && isAllZero(payload) { if isAllZero(payload) {
break break
} }
return nil, fmt.Errorf("invalid STAP-A packet (invalid size)")
}
if int(size) > len(payload) { if int(size) > len(payload) {
return nil, fmt.Errorf("invalid STAP-A packet (invalid size)") return nil, fmt.Errorf("invalid STAP-A packet (invalid size)")
} }

37
pkg/format/rtph264/decoder_test.go
View File

@@ -275,32 +275,39 @@ func TestDecodeErrorMissingPacket(t *testing.T) {
} }
func FuzzDecoder(f *testing.F) { func FuzzDecoder(f *testing.F) {
f.Fuzz(func(_ *testing.T, a []byte, b []byte) { f.Fuzz(func(t *testing.T, a []byte, am bool, b []byte, bm bool) {
d := &Decoder{} d := &Decoder{}
d.Init() //nolint:errcheck err := d.Init()
require.NoError(t, err)
d.Decode(&rtp.Packet{ //nolint:errcheck au, err := d.Decode(&rtp.Packet{
Header: rtp.Header{ Header: rtp.Header{
Version: 2, Marker: am,
Marker: false,
PayloadType: 96,
SequenceNumber: 17645, SequenceNumber: 17645,
Timestamp: 2289527317,
SSRC: 0x9dbb7812,
}, },
Payload: a, Payload: a,
}) })
d.Decode(&rtp.Packet{ //nolint:errcheck if errors.Is(err, ErrMorePacketsNeeded) {
au, err = d.Decode(&rtp.Packet{
Header: rtp.Header{ Header: rtp.Header{
Version: 2, Marker: bm,
Marker: false, SequenceNumber: 17646,
PayloadType: 96,
SequenceNumber: 17645,
Timestamp: 2289527317,
SSRC: 0x9dbb7812,
}, },
Payload: b, Payload: b,
}) })
}
if err == nil {
if len(au) == 0 {
t.Errorf("should not happen")
}
for _, nalu := range au {
if len(nalu) == 0 {
t.Errorf("should not happen")
}
}
}
}) })
} }

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/15fcae9a402a0f11 vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("8")
bool(false)
[]byte("0")
bool(true)

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3707105d86e9ef3c vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("\x00\x00\x00\x01")
bool(false)

2
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/11dca3ad0def7057 → pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3a1859786e5a6231 vendored
View File

@@ -1,3 +1,5 @@
go test fuzz v1 go test fuzz v1
[]byte("800") []byte("800")
bool(false)
[]byte("0") []byte("0")
bool(true)

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3b0600afabf53c93 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("8\x00\x000")

4
pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/079a435e5445c35b → pkg/format/rtph264/testdata/fuzz/FuzzDecoder/5ad0b5168b26857a vendored
View File

@@ -1,5 +1,5 @@
go test fuzz v1 go test fuzz v1
[]byte("") []byte("")
bool(false) bool(false)
[]byte("") []byte("0")
bool(false) bool(true)

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/5b424cab7437770c vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("8\x00\x00\x00\x010")
bool(true)

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/60892a24d67609fc vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("8")
[]byte("")

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/6a8b2220ade9c21d vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("\xdc")
bool(false)
[]byte("0")
bool(false)

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/84ed65595ad05a58 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("")

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/9b4d0ab6bd98d3a9 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("80")

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/9de59c1cbda7c1b0 vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("0")
bool(true)

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/a900b5d3c2c2772a vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("\xdc0")
bool(false)
[]byte("0")
bool(false)

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/b8149c97ccea034d vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("8\x00\x00")
bool(false)
[]byte("0")
bool(true)

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ecf7d0b7f06fcc4a vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("<")

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/edbcdbb8d9f1bdac vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("\\0")

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ef42b0cea98081da vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("9000")
bool(false)

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ef62dc47a38f1a39 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("9")

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/fc2b1d7ceef39c14 vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("|0")
bool(true)

6
pkg/format/rtph265/decoder.go
View File

@@ -81,7 +81,7 @@ func (d *Decoder) decodeNALUs(pkt *rtp.Packet) ([][]byte, error) {
size := uint16(payload[0])<<8 | uint16(payload[1]) size := uint16(payload[0])<<8 | uint16(payload[1])
payload = payload[2:] payload = payload[2:]
if int(size) > len(payload) { if size == 0 || int(size) > len(payload) {
return nil, fmt.Errorf("invalid aggregation unit (invalid size)") return nil, fmt.Errorf("invalid aggregation unit (invalid size)")
} }
@@ -93,10 +93,6 @@ func (d *Decoder) decodeNALUs(pkt *rtp.Packet) ([][]byte, error) {
} }
} }
if nalus == nil {
return nil, fmt.Errorf("aggregation unit doesn't contain any NALU")
}
d.firstPacketReceived = true d.firstPacketReceived = true
case h265.NALUType_FragmentationUnit: case h265.NALUType_FragmentationUnit:

37
pkg/format/rtph265/decoder_test.go
View File

@@ -92,32 +92,39 @@ func TestDecodeErrorMissingPacket(t *testing.T) {
} }
func FuzzDecoder(f *testing.F) { func FuzzDecoder(f *testing.F) {
f.Fuzz(func(_ *testing.T, a []byte, b []byte) { f.Fuzz(func(t *testing.T, a []byte, am bool, b []byte, bm bool) {
d := &Decoder{} d := &Decoder{}
d.Init() //nolint:errcheck err := d.Init()
require.NoError(t, err)
d.Decode(&rtp.Packet{ //nolint:errcheck au, err := d.Decode(&rtp.Packet{
Header: rtp.Header{ Header: rtp.Header{
Version: 2, Marker: am,
Marker: false,
PayloadType: 96,
SequenceNumber: 17645, SequenceNumber: 17645,
Timestamp: 2289527317,
SSRC: 0x9dbb7812,
}, },
Payload: a, Payload: a,
}) })
d.Decode(&rtp.Packet{ //nolint:errcheck if errors.Is(err, ErrMorePacketsNeeded) {
au, err = d.Decode(&rtp.Packet{
Header: rtp.Header{ Header: rtp.Header{
Version: 2, Marker: bm,
Marker: false, SequenceNumber: 17646,
PayloadType: 96,
SequenceNumber: 17645,
Timestamp: 2289527317,
SSRC: 0x9dbb7812,
}, },
Payload: b, Payload: b,
}) })
}
if err == nil {
if len(au) == 0 {
t.Errorf("should not happen")
}
for _, nalu := range au {
if len(nalu) == 0 {
t.Errorf("should not happen")
}
}
}
}) })
} }

4
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/2d69a60004f3edfd → pkg/format/rtph265/testdata/fuzz/FuzzDecoder/14cfad5b98d00ac8 vendored
View File

@@ -1,3 +1,5 @@
go test fuzz v1 go test fuzz v1
[]byte("0")
[]byte("b0") []byte("b0")
bool(false)
[]byte("0")
bool(false)

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/17e52f9247ad1b2a vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("a0")
bool(false)
[]byte("0")
bool(true)

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/18fae30536d2c3ba vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("d0")
bool(false)
[]byte("0")
bool(true)

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/25f2b139d5d03b01 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("00")
[]byte("b00")

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/5cedd25e23c9f9aa vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("a00")

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/69e1cb9d2d26f61f vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("00")
bool(false)
[]byte("b0\xc1")
bool(true)

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/717a02ebf21c41db vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("\xe50")

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/728cd1cec4fb0ff2 vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("b00")
bool(false)
[]byte("0")
bool(false)

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/84ed65595ad05a58 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("")

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/95e634df087d6476 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("a0")
[]byte("")

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/9de59c1cbda7c1b0 vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("0")
bool(true)

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/a7fab38f1f1629f8 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("b0\xd2")
[]byte("0")

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/ab70f5936ef75670 vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("00")
bool(false)
[]byte("00")
bool(true)

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/af9c0e4e34bfcb3e vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("a0\x00\t000000000")
bool(false)
[]byte("b00")
bool(true)

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/ba1f81d88619462f vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("00")
bool(false)
[]byte("a0\x00\x00")
bool(true)

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/e807a721f4e89fcb vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("a000")
[]byte("0")