After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 778365 - bytereader: offset accounted twice in _masked_scan_uint32_peek for H264 special case
bytereader: offset accounted twice in _masked_scan_uint32_peek for H264 speci...
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gstreamer (core)
git master
Other Linux
: Normal normal
: 1.10.4
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2017-02-08 21:32 UTC by miha
Modified: 2017-02-23 10:07 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
bytereader: fix scanning for 00 00 01 markers with non-0 offset (4.01 KB, patch)
2017-02-21 20:44 UTC, Tim-Philipp Müller
none Details | Review
bytereader: fix peek value when scanning for 00 00 01 with non-0 offset (3.96 KB, patch)
2017-02-21 20:53 UTC, Tim-Philipp Müller
committed Details | Review

Description miha 2017-02-08 21:32:05 UTC
In function gstreamer/libs/gst/base/gstbytereader.c:_masked_scan_uint32_peek "offset" value accounted twice. First time when we evaluate "data" variable. The second time when we pass "offset" value to _scan_for_start_code function. The case is applicable only when special condition are met: (pattern == 0x00000100) && (mask == 0xffffff00) - H264 nal unit border pattern.
Comment 1 Tim-Philipp Müller 2017-02-08 21:45:51 UTC
Could you make a small test case (piece of code) in C that shows the problem?

(Or add it to gstreamer/tests/check/libs/bytereader.c)
Comment 2 Tim-Philipp Müller 2017-02-21 19:56:57 UTC
Okay, I have a test case that demonstrates the issue now.
Comment 3 Tim-Philipp Müller 2017-02-21 20:44:38 UTC
Created attachment 346397 [details] [review]
bytereader: fix scanning for 00 00 01 markers with non-0 offset
Comment 4 Tim-Philipp Müller 2017-02-21 20:53:02 UTC
Created attachment 346399 [details] [review]
bytereader: fix peek value when scanning for 00 00 01 with non-0 offset

Updated commit message. The offset returned was correct before, just the peeked value was not.
Comment 5 Nicolas Dufresne (ndufresne) 2017-02-22 09:54:46 UTC
Review of attachment 346399 [details] [review]:

Looks good to me.
Comment 6 Tim-Philipp Müller 2017-02-22 11:08:28 UTC
commit 834fd18dfaa79c99cac460f9597b3bb5f7e240d9
Author: Tim-Philipp Müller <tim@centricular.com>
Date:   Tue Feb 21 20:23:51 2017 +0000

    bytereader: fix peek value when scanning for 00 00 01 with non-0 offset
    
    We would add the offset a second time in _scan_for_start_code()
    when we found a result, but it's already been added to the data
    pointer at the beginning of _masked_scan_uint32_peek(), so the
    peeked value would be wrong if the initial offset was >0, and
    we would potentially read memory out-of-bounds.
    
    Add unit test for all of this.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=778365