fix panic when checking pts = dts on H265 (bluenviron/mediamtx#3754) (#617)

aler9 · web-flow · commit 2023bf1b0028 · 2024-09-11T11:43:15.000+02:00
diff --git a/pkg/format/h264_test.go b/pkg/format/h264_test.go
@@ -87,3 +87,9 @@ func FuzzUnmarshalH264(f *testing.F) {
 		}
 	})
 }
+
+func FuzzH264PTSEqualsDTS(f *testing.F) {
+	f.Fuzz(func(t *testing.T, b []byte) {
+		(&H264{}).PTSEqualsDTS(&rtp.Packet{Payload: b})
+	})
+}
diff --git a/pkg/format/h265.go b/pkg/format/h265.go
@@ -140,13 +140,13 @@ func (f *H265) PTSEqualsDTS(pkt *rtp.Packet) bool {
 		return true
 
 	case h265.NALUType_AggregationUnit:
+		if len(pkt.Payload) < 4 {
+			return false
+		}
+
 		payload := pkt.Payload[2:]
 
 		for {
-			if len(payload) < 2 {
-				return false
-			}
-
 			size := uint16(payload[0])<<8 | uint16(payload[1])
 			payload = payload[2:]
 
@@ -167,6 +167,10 @@ func (f *H265) PTSEqualsDTS(pkt *rtp.Packet) bool {
 			if len(payload) == 0 {
 				break
 			}
+
+			if len(payload) < 2 {
+				return false
+			}
 		}
 
 	case h265.NALUType_FragmentationUnit:
diff --git a/pkg/format/h265_test.go b/pkg/format/h265_test.go
@@ -104,3 +104,9 @@ func FuzzUnmarshalH265(f *testing.F) {
 		}
 	})
 }
+
+func FuzzH265PTSEqualsDTS(f *testing.F) {
+	f.Fuzz(func(t *testing.T, b []byte) {
+		(&H265{}).PTSEqualsDTS(&rtp.Packet{Payload: b})
+	})
+}
diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/048b606517c23baf b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/048b606517c23baf
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("800")
diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/0d7efebfbe993205 b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/0d7efebfbe993205
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("\xbc")
diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/55cc57e8de6f7821 b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/55cc57e8de6f7821
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("8")
diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/6347df174e34a4bd b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/6347df174e34a4bd
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("\xbc\xa8")
diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/83e07aca85794b54 b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/83e07aca85794b54
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("\xbc0")
diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/a831486d4a428ccd b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/a831486d4a428ccd
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("8\x00\x010")
diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/ba42460e5506f2bc b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/ba42460e5506f2bc
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("8\x00\x01%")
diff --git a/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/caf81e9797b19c76 b/pkg/format/testdata/fuzz/FuzzH264PTSEqualsDTS/caf81e9797b19c76
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("")
diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/19981bffc2abbaf1 b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/19981bffc2abbaf1
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("A")
diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/463b273d21ba371a b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/463b273d21ba371a
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("b0\xd3")
diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/6e0463cbdc2d559f b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/6e0463cbdc2d559f
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("a0")
diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/7c106d2d11e725ec b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/7c106d2d11e725ec
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("a0\x00\x040000")
diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/a564d03307332bc8 b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/a564d03307332bc8
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("a")
diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/b2089cb22b868c96 b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/b2089cb22b868c96
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("b00")
diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/b88d0a1c039b8eca b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/b88d0a1c039b8eca
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("a0\x00\x04A000")
diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/c4389a565e828050 b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/c4389a565e828050
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("a000")
diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/e8bff8fcc87530c8 b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/e8bff8fcc87530c8
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("a0\x00\x0100")
diff --git a/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/eb4593a9592045ab b/pkg/format/testdata/fuzz/FuzzH265PTSEqualsDTS/eb4593a9592045ab
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("b0")

Original file line number	Diff line number	Diff line change
`@@ -87,3 +87,9 @@ func FuzzUnmarshalH264(f *testing.F) {`
`87`	`87`	`}`
`88`	`88`	`})`
`89`	`89`	`}`
	`90`	`+`
	`91`	`+func FuzzH264PTSEqualsDTS(f *testing.F) {`
	`92`	`+ f.Fuzz(func(t *testing.T, b []byte) {`
	`93`	`+ (&H264{}).PTSEqualsDTS(&rtp.Packet{Payload: b})`
	`94`	`+ })`
	`95`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -104,3 +104,9 @@ func FuzzUnmarshalH265(f *testing.F) {`
`104`	`104`	`}`
`105`	`105`	`})`
`106`	`106`	`}`
	`107`	`+`
	`108`	`+func FuzzH265PTSEqualsDTS(f *testing.F) {`
	`109`	`+ f.Fuzz(func(t *testing.T, b []byte) {`
	`110`	`+ (&H265{}).PTSEqualsDTS(&rtp.Packet{Payload: b})`
	`111`	`+ })`
	`112`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+go test fuzz v1`
	`2`	`+[]byte("\xbc\xa8")`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+go test fuzz v1`
	`2`	`+[]byte("8\x00\x010")`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+go test fuzz v1`
	`2`	`+[]byte("8\x00\x01%")`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+go test fuzz v1`
	`2`	`+[]byte("b0\xd3")`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+go test fuzz v1`
	`2`	`+[]byte("a0\x00\x040000")`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+go test fuzz v1`
	`2`	`+[]byte("a0\x00\x04A000")`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+go test fuzz v1`
	`2`	`+[]byte("a0\x00\x0100")`