ref: 60f36eb25a9b30499aedc33e63c82ae3c15e277a
parent: f47be08065944e50bd43fcc1a149ae6d6b6f74d0
parent: cc6b409f1268e82c9d0be946d444131d9422471d
author: HaiboZhu <haibozhu@cisco.com>
date: Wed Nov 25 07:30:51 EST 2015
Merge pull request #2275 from HaiboZhu/Fix_Emulation_Prevention_Bytes_Profiles_Bugs Add protection for emulation prevention bytes and profile_id
--- a/codec/decoder/core/src/au_parser.cpp
+++ b/codec/decoder/core/src/au_parser.cpp
@@ -920,6 +920,12 @@
WELS_READ_VERIFY (BsGetBits (pBs, 8, &uiCode)); //profile_idc
uiProfileIdc = uiCode;
+ if (uiProfileIdc != PRO_BASELINE && uiProfileIdc != PRO_MAIN && uiProfileIdc != PRO_SCALABLE_BASELINE
+ && uiProfileIdc != PRO_SCALABLE_HIGH
+ && uiProfileIdc != PRO_EXTENDED && uiProfileIdc != PRO_HIGH) {
+ WelsLog (& (pCtx->sLogCtx), WELS_LOG_WARNING, "SPS ID can not be supported!\n");
+ return false;
+ }
WELS_READ_VERIFY (BsGetOneBit (pBs, &uiCode)); //constraint_set0_flag
bConstraintSetFlags[0] = !!uiCode;
WELS_READ_VERIFY (BsGetOneBit (pBs, &uiCode)); //constraint_set1_flag
--- a/codec/decoder/core/src/decoder.cpp
+++ b/codec/decoder/core/src/decoder.cpp
@@ -662,11 +662,23 @@
//0x03 removal and extract all of NAL Unit from current raw data
pDstNal = pRawData->pCurPos;
+ bool bNalStartBytes = false;
+
while (iSrcConsumed < iSrcLength) {
- if ((2 + iSrcConsumed < iSrcLength) &&
- (0 == LD16 (pSrcNal + iSrcIdx)) &&
- ((pSrcNal[2 + iSrcIdx] == 0x03) || (pSrcNal[2 + iSrcIdx] == 0x01))) {
- if (pSrcNal[2 + iSrcIdx] == 0x03) {
+ if ((2 + iSrcConsumed < iSrcLength) && (0 == LD16 (pSrcNal + iSrcIdx)) && (pSrcNal[2 + iSrcIdx] <= 0x03)) {
+ if (bNalStartBytes && (pSrcNal[2 + iSrcIdx] != 0x00 && pSrcNal[2 + iSrcIdx] != 0x01)) {
+ pCtx->iErrorCode |= dsBitstreamError;
+ return pCtx->iErrorCode;
+ }
+
+ if (pSrcNal[2 + iSrcIdx] == 0x02) {
+ pCtx->iErrorCode |= dsBitstreamError;
+ return pCtx->iErrorCode;
+ } else if (pSrcNal[2 + iSrcIdx] == 0x00) {
+ pDstNal[iDstIdx++] = pSrcNal[iSrcIdx++];
+ iSrcConsumed++;
+ bNalStartBytes = true;
+ } else if (pSrcNal[2 + iSrcIdx] == 0x03) {
if ((3 + iSrcConsumed < iSrcLength) && pSrcNal[3 + iSrcIdx] > 0x03) {
pCtx->iErrorCode |= dsBitstreamError;
return pCtx->iErrorCode;
@@ -676,7 +688,8 @@
iSrcIdx += 3;
iSrcConsumed += 3;
}
- } else {
+ } else { // 0x01
+ bNalStartBytes = false;
iConsumedBytes = 0;
pDstNal[iDstIdx] = pDstNal[iDstIdx + 1] = pDstNal[iDstIdx + 2] = pDstNal[iDstIdx + 3] =