package/gortsplib
1
0
Fork 0
mirror of https://github.com/aler9/gortsplib synced 2025-10-05 23:26:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

prevent decoders from returning empty NALUs (bluenviron/mediamtx#4346) (#726)

Browse Source
This commit is contained in:
Alessandro Ros
2025-03-22 22:45:54 +01:00
committed by GitHub
parent b6d6f6bf37
commit fa94080e84
44 changed files with 191 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/format/rtpav1/decoder.go
View File

@@ -60,6 +60,12 @@ func (d *Decoder) decodeOBUs(pkt *rtp.Packet) ([][]byte, error) {
return nil, fmt.Errorf("invalid header: %w", err)
}
for _, obu := range av1header.OBUElements {
if len(obu) == 0 {
return nil, fmt.Errorf("invalid OBU size")
}
}
if av1header.Z {
if d.fragmentsSize == 0 {
if !d.firstPacketReceived {

31
pkg/format/rtpav1/decoder_test.go
View File

@@ -295,32 +295,39 @@ func TestDecodeErrorMissingPacket(t *testing.T) {
}
func FuzzDecoder(f *testing.F) {
f.Fuzz(func(_ *testing.T, a []byte, am bool, b []byte, bm bool) {
f.Fuzz(func(t *testing.T, a []byte, am bool, b []byte, bm bool) {
d := &Decoder{}
d.Init() //nolint:errcheck
err := d.Init()
require.NoError(t, err)
d.Decode(&rtp.Packet{ //nolint:errcheck
tu, err := d.Decode(&rtp.Packet{
Header: rtp.Header{
Version: 2,
Marker: am,
PayloadType: 96,
SequenceNumber: 17645,
Timestamp: 2289527317,
SSRC: 0x9dbb7812,
},
Payload: a,
})
d.Decode(&rtp.Packet{ //nolint:errcheck
if errors.Is(err, ErrMorePacketsNeeded) {
tu, err = d.Decode(&rtp.Packet{
Header: rtp.Header{
Version: 2,
Marker: bm,
PayloadType: 96,
SequenceNumber: 17646,
Timestamp: 2289527317,
SSRC: 0x9dbb7812,
},
Payload: b,
})
}
if err == nil {
if len(tu) == 0 {
t.Errorf("should not happen")
}
for _, nalu := range tu {
if len(nalu) == 0 {
t.Errorf("should not happen")
}
}
}
})
}

2
pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/894f7b51b885dbb1 → pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/18413e36c51d1ebe vendored
View File

@@ -2,4 +2,4 @@ go test fuzz v1
[]byte("0\x00")
bool(true)
[]byte("0")
bool(false)
bool(true)

5
pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1ed61654a1dada4b vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("0")
bool(false)

2
pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1bcf1d62b055a123 → pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/1fd6e8e69fb31947 vendored
View File

@@ -1,5 +1,5 @@
go test fuzz v1
[]byte("\x190")
[]byte("\x180")
bool(false)
[]byte("\xd00")
bool(false)

2
pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/bf1e5b208e57f701 → pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/cc0fa679ceee585f vendored
View File

@@ -1,5 +1,5 @@
go test fuzz v1
[]byte("\xd00")
bool(false)
[]byte("")
[]byte("0")
bool(false)

6
pkg/format/rtph264/decoder.go
View File

@@ -157,11 +157,15 @@ func (d *Decoder) decodeNALUs(pkt *rtp.Packet) ([][]byte, error) {
size := uint16(payload[0])<<8 | uint16(payload[1])
payload = payload[2:]
if size == 0 {
// discard padding
if size == 0 && isAllZero(payload) {
if isAllZero(payload) {
break
}
return nil, fmt.Errorf("invalid STAP-A packet (invalid size)")
}
if int(size) > len(payload) {
return nil, fmt.Errorf("invalid STAP-A packet (invalid size)")
}

37
pkg/format/rtph264/decoder_test.go
View File

@@ -275,32 +275,39 @@ func TestDecodeErrorMissingPacket(t *testing.T) {
}
func FuzzDecoder(f *testing.F) {
f.Fuzz(func(_ *testing.T, a []byte, b []byte) {
f.Fuzz(func(t *testing.T, a []byte, am bool, b []byte, bm bool) {
d := &Decoder{}
d.Init() //nolint:errcheck
err := d.Init()
require.NoError(t, err)
d.Decode(&rtp.Packet{ //nolint:errcheck
au, err := d.Decode(&rtp.Packet{
Header: rtp.Header{
Version: 2,
Marker: false,
PayloadType: 96,
Marker: am,
SequenceNumber: 17645,
Timestamp: 2289527317,
SSRC: 0x9dbb7812,
},
Payload: a,
})
d.Decode(&rtp.Packet{ //nolint:errcheck
if errors.Is(err, ErrMorePacketsNeeded) {
au, err = d.Decode(&rtp.Packet{
Header: rtp.Header{
Version: 2,
Marker: false,
PayloadType: 96,
SequenceNumber: 17645,
Timestamp: 2289527317,
SSRC: 0x9dbb7812,
Marker: bm,
SequenceNumber: 17646,
},
Payload: b,
})
}
if err == nil {
if len(au) == 0 {
t.Errorf("should not happen")
}
for _, nalu := range au {
if len(nalu) == 0 {
t.Errorf("should not happen")
}
}
}
})
}

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/15fcae9a402a0f11 vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("8")
bool(false)
[]byte("0")
bool(true)

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3707105d86e9ef3c vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("\x00\x00\x00\x01")
bool(false)

2
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/11dca3ad0def7057 → pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3a1859786e5a6231 vendored
View File

@@ -1,3 +1,5 @@
go test fuzz v1
[]byte("800")
bool(false)
[]byte("0")
bool(true)

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/3b0600afabf53c93 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("8\x00\x000")

4
pkg/format/rtpav1/testdata/fuzz/FuzzDecoder/079a435e5445c35b → pkg/format/rtph264/testdata/fuzz/FuzzDecoder/5ad0b5168b26857a vendored
View File

@@ -1,5 +1,5 @@
go test fuzz v1
[]byte("")
bool(false)
[]byte("")
bool(false)
[]byte("0")
bool(true)

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/5b424cab7437770c vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("8\x00\x00\x00\x010")
bool(true)

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/60892a24d67609fc vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("8")
[]byte("")

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/6a8b2220ade9c21d vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("\xdc")
bool(false)
[]byte("0")
bool(false)

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/84ed65595ad05a58 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("")

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/9b4d0ab6bd98d3a9 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("80")

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/9de59c1cbda7c1b0 vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("0")
bool(true)

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/a900b5d3c2c2772a vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("\xdc0")
bool(false)
[]byte("0")
bool(false)

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/b8149c97ccea034d vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("8\x00\x00")
bool(false)
[]byte("0")
bool(true)

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ecf7d0b7f06fcc4a vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("<")

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/edbcdbb8d9f1bdac vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("\\0")

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ef42b0cea98081da vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("9000")
bool(false)

3
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/ef62dc47a38f1a39 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("9")

5
pkg/format/rtph264/testdata/fuzz/FuzzDecoder/fc2b1d7ceef39c14 vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("|0")
bool(true)

6
pkg/format/rtph265/decoder.go
View File

@@ -81,7 +81,7 @@ func (d *Decoder) decodeNALUs(pkt *rtp.Packet) ([][]byte, error) {
size := uint16(payload[0])<<8 | uint16(payload[1])
payload = payload[2:]
if int(size) > len(payload) {
if size == 0 || int(size) > len(payload) {
return nil, fmt.Errorf("invalid aggregation unit (invalid size)")
}
@@ -93,10 +93,6 @@ func (d *Decoder) decodeNALUs(pkt *rtp.Packet) ([][]byte, error) {
}
}
if nalus == nil {
return nil, fmt.Errorf("aggregation unit doesn't contain any NALU")
}
d.firstPacketReceived = true
case h265.NALUType_FragmentationUnit:

37
pkg/format/rtph265/decoder_test.go
View File

@@ -92,32 +92,39 @@ func TestDecodeErrorMissingPacket(t *testing.T) {
}
func FuzzDecoder(f *testing.F) {
f.Fuzz(func(_ *testing.T, a []byte, b []byte) {
f.Fuzz(func(t *testing.T, a []byte, am bool, b []byte, bm bool) {
d := &Decoder{}
d.Init() //nolint:errcheck
err := d.Init()
require.NoError(t, err)
d.Decode(&rtp.Packet{ //nolint:errcheck
au, err := d.Decode(&rtp.Packet{
Header: rtp.Header{
Version: 2,
Marker: false,
PayloadType: 96,
Marker: am,
SequenceNumber: 17645,
Timestamp: 2289527317,
SSRC: 0x9dbb7812,
},
Payload: a,
})
d.Decode(&rtp.Packet{ //nolint:errcheck
if errors.Is(err, ErrMorePacketsNeeded) {
au, err = d.Decode(&rtp.Packet{
Header: rtp.Header{
Version: 2,
Marker: false,
PayloadType: 96,
SequenceNumber: 17645,
Timestamp: 2289527317,
SSRC: 0x9dbb7812,
Marker: bm,
SequenceNumber: 17646,
},
Payload: b,
})
}
if err == nil {
if len(au) == 0 {
t.Errorf("should not happen")
}
for _, nalu := range au {
if len(nalu) == 0 {
t.Errorf("should not happen")
}
}
}
})
}

4
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/2d69a60004f3edfd → pkg/format/rtph265/testdata/fuzz/FuzzDecoder/14cfad5b98d00ac8 vendored
View File

@@ -1,3 +1,5 @@
go test fuzz v1
[]byte("0")
[]byte("b0")
bool(false)
[]byte("0")
bool(false)

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/17e52f9247ad1b2a vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("a0")
bool(false)
[]byte("0")
bool(true)

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/18fae30536d2c3ba vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("d0")
bool(false)
[]byte("0")
bool(true)

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/25f2b139d5d03b01 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("00")
[]byte("b00")

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/5cedd25e23c9f9aa vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("a00")

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/69e1cb9d2d26f61f vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("00")
bool(false)
[]byte("b0\xc1")
bool(true)

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/717a02ebf21c41db vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("\xe50")

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/728cd1cec4fb0ff2 vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("b00")
bool(false)
[]byte("0")
bool(false)

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/84ed65595ad05a58 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("0")
[]byte("")

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/95e634df087d6476 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("a0")
[]byte("")

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/9de59c1cbda7c1b0 vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("0")
bool(false)
[]byte("0")
bool(true)

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/a7fab38f1f1629f8 vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("b0\xd2")
[]byte("0")

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/ab70f5936ef75670 vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("00")
bool(false)
[]byte("00")
bool(true)

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/af9c0e4e34bfcb3e vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("a0\x00\t000000000")
bool(false)
[]byte("b00")
bool(true)

5
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/ba1f81d88619462f vendored Normal file
View File

@@ -0,0 +1,5 @@
go test fuzz v1
[]byte("00")
bool(false)
[]byte("a0\x00\x00")
bool(true)

3
pkg/format/rtph265/testdata/fuzz/FuzzDecoder/e807a721f4e89fcb vendored
View File

@@ -1,3 +0,0 @@
go test fuzz v1
[]byte("a000")
[]byte("0")