Skip to content

Commit

Permalink
Fix oob fuzz test failure
Browse files Browse the repository at this point in the history
  • Loading branch information
@xnorpx
xnorpx committed Nov 26, 2024
1 parent 423361b commit 7f107d5
Showing 1 changed file with 25 additions and 14 deletions.
39 changes: 25 additions & 14 deletions src/packet/h264.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,22 +260,23 @@ impl Depacketizer for H264Depacketizer {
));
}

let b0 = packet[curr_offset];
let t = b0 & NALU_TYPE_BITMASK;
let is_keyframe = if let CodecExtra::H264(e) = extra {
(t == IDR_NALU_TYPE) | e.is_keyframe
} else {
t == IDR_NALU_TYPE
};
*extra = CodecExtra::H264(H264CodecExtra { is_keyframe });
if let Some(b0) = packet.get(curr_offset) {
let t = b0 & NALU_TYPE_BITMASK;
let is_keyframe = if let CodecExtra::H264(e) = extra {
(t == IDR_NALU_TYPE) | e.is_keyframe
} else {
t == IDR_NALU_TYPE
};
*extra = CodecExtra::H264(H264CodecExtra { is_keyframe });

if self.is_avc {
out.extend_from_slice(&(nalu_size as u32).to_be_bytes());
} else {
out.extend_from_slice(ANNEXB_NALUSTART_CODE);
if self.is_avc {
out.extend_from_slice(&(nalu_size as u32).to_be_bytes());
} else {
out.extend_from_slice(ANNEXB_NALUSTART_CODE);
}
out.extend_from_slice(&packet[curr_offset..curr_offset + nalu_size]);
curr_offset += nalu_size;
}
out.extend_from_slice(&packet[curr_offset..curr_offset + nalu_size]);
curr_offset += nalu_size;
}

Ok(())
Expand Down Expand Up @@ -755,4 +756,14 @@ mod test {
let mut out = vec![];
pck.depacketize(PACKET, &mut out, &mut extra).unwrap();
}

#[test]
fn test_out_of_bounds_access() {
const PACKET: &[u8] = &[STAPA_NALU_TYPE, 0x00, 0x00];

let mut pck = H264Depacketizer::default();
let mut extra = CodecExtra::None;
let mut out = vec![];
pck.depacketize(PACKET, &mut out, &mut extra).unwrap();
}
}

0 comments on commit 7f107d5

Please sign in to comment.