shithub: openh264

Download patch

ref: 60f36eb25a9b30499aedc33e63c82ae3c15e277a
parent: f47be08065944e50bd43fcc1a149ae6d6b6f74d0
parent: cc6b409f1268e82c9d0be946d444131d9422471d
author: HaiboZhu <haibozhu@cisco.com>
date: Wed Nov 25 07:30:51 EST 2015

Merge pull request #2275 from HaiboZhu/Fix_Emulation_Prevention_Bytes_Profiles_Bugs

Add protection for emulation prevention bytes and profile_id

--- a/codec/decoder/core/src/au_parser.cpp
+++ b/codec/decoder/core/src/au_parser.cpp
@@ -920,6 +920,12 @@
 
   WELS_READ_VERIFY (BsGetBits (pBs, 8, &uiCode)); //profile_idc
   uiProfileIdc = uiCode;
+  if (uiProfileIdc != PRO_BASELINE && uiProfileIdc != PRO_MAIN && uiProfileIdc != PRO_SCALABLE_BASELINE
+      && uiProfileIdc != PRO_SCALABLE_HIGH
+      && uiProfileIdc != PRO_EXTENDED && uiProfileIdc != PRO_HIGH) {
+    WelsLog (& (pCtx->sLogCtx), WELS_LOG_WARNING, "SPS ID can not be supported!\n");
+    return false;
+  }
   WELS_READ_VERIFY (BsGetOneBit (pBs, &uiCode)); //constraint_set0_flag
   bConstraintSetFlags[0] = !!uiCode;
   WELS_READ_VERIFY (BsGetOneBit (pBs, &uiCode)); //constraint_set1_flag
--- a/codec/decoder/core/src/decoder.cpp
+++ b/codec/decoder/core/src/decoder.cpp
@@ -662,11 +662,23 @@
     //0x03 removal and extract all of NAL Unit from current raw data
     pDstNal = pRawData->pCurPos;
 
+    bool bNalStartBytes = false;
+
     while (iSrcConsumed < iSrcLength) {
-      if ((2 + iSrcConsumed < iSrcLength) &&
-          (0 == LD16 (pSrcNal + iSrcIdx)) &&
-          ((pSrcNal[2 + iSrcIdx] == 0x03) || (pSrcNal[2 + iSrcIdx] == 0x01))) {
-        if (pSrcNal[2 + iSrcIdx] == 0x03) {
+      if ((2 + iSrcConsumed < iSrcLength) && (0 == LD16 (pSrcNal + iSrcIdx)) && (pSrcNal[2 + iSrcIdx] <= 0x03)) {
+        if (bNalStartBytes && (pSrcNal[2 + iSrcIdx] != 0x00 && pSrcNal[2 + iSrcIdx] != 0x01)) {
+          pCtx->iErrorCode |= dsBitstreamError;
+          return pCtx->iErrorCode;
+        }
+
+        if (pSrcNal[2 + iSrcIdx] == 0x02) {
+          pCtx->iErrorCode |= dsBitstreamError;
+          return pCtx->iErrorCode;
+        } else if (pSrcNal[2 + iSrcIdx] == 0x00) {
+          pDstNal[iDstIdx++] = pSrcNal[iSrcIdx++];
+          iSrcConsumed++;
+          bNalStartBytes = true;
+        } else if (pSrcNal[2 + iSrcIdx] == 0x03) {
           if ((3 + iSrcConsumed < iSrcLength) && pSrcNal[3 + iSrcIdx] > 0x03) {
             pCtx->iErrorCode |= dsBitstreamError;
             return pCtx->iErrorCode;
@@ -676,7 +688,8 @@
             iSrcIdx      += 3;
             iSrcConsumed += 3;
           }
-        } else {
+        } else { // 0x01
+          bNalStartBytes = false;
 
           iConsumedBytes = 0;
           pDstNal[iDstIdx] = pDstNal[iDstIdx + 1] = pDstNal[iDstIdx + 2] = pDstNal[iDstIdx + 3] =