Skip to content

Commit fdb3116

Browse files
AlexxITAlexxIT
committed
Added checks for corrupted data to the H265 handler
1 parent c87885b commit fdb3116

File tree

1 file changed

+33
-7
lines changed

1 file changed

+33
-7
lines changed

pkg/h265/rtp.go

Lines changed: 33 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ func RTPDepay(codec *core.Codec, handler core.HandlerFunc) core.HandlerFunc {
1414

1515
buf := make([]byte, 0, 512*1024) // 512K
1616
var nuStart int
17+
var seqNum uint16
1718

1819
return func(packet *rtp.Packet) {
1920
data := packet.Payload
@@ -34,9 +35,19 @@ func RTPDepay(codec *core.Codec, handler core.HandlerFunc) core.HandlerFunc {
3435
}
3536
}
3637

38+
// when we collect data into one buffer, we need to make sure
39+
// that all of it falls into the same sequence
40+
if len(buf) > 0 && packet.SequenceNumber-seqNum != 1 {
41+
//log.Printf("broken H265 sequence")
42+
buf = buf[:0] // drop data
43+
return
44+
}
45+
46+
seqNum = packet.SequenceNumber
47+
3748
if nuType == NALUTypeFU {
3849
switch data[2] >> 6 {
39-
case 2: // begin
50+
case 0b10: // begin
4051
nuType = data[2] & 0x3F
4152

4253
// push PS data before keyframe
@@ -49,13 +60,30 @@ func RTPDepay(codec *core.Codec, handler core.HandlerFunc) core.HandlerFunc {
4960
buf = append(buf, (data[0]&0x81)|(nuType<<1), data[1])
5061
buf = append(buf, data[3:]...)
5162
return
52-
case 0: // continue
63+
case 0b00: // continue
64+
if len(buf) == 0 {
65+
//log.Printf("broken H265 fragment")
66+
return
67+
}
68+
5369
buf = append(buf, data[3:]...)
5470
return
55-
case 1: // end
71+
case 0b01: // end
72+
if len(buf) == 0 {
73+
//log.Printf("broken H265 fragment")
74+
return
75+
}
76+
5677
buf = append(buf, data[3:]...)
78+
79+
if nuStart > len(buf)+4 {
80+
//log.Printf("broken H265 fragment")
81+
buf = buf[:0] // drop data
82+
return
83+
}
84+
5785
binary.BigEndian.PutUint32(buf[nuStart:], uint32(len(buf)-nuStart-4))
58-
case 3: // wrong RFC 7798 realisation from OpenIPC project
86+
case 0b11: // wrong RFC 7798 realisation from OpenIPC project
5987
// A non-fragmented NAL unit MUST NOT be transmitted in one FU; i.e.,
6088
// the Start bit and End bit must not both be set to 1 in the same FU
6189
// header.
@@ -65,10 +93,8 @@ func RTPDepay(codec *core.Codec, handler core.HandlerFunc) core.HandlerFunc {
6593
buf = append(buf, data[3:]...)
6694
}
6795
} else {
68-
nuStart = len(buf)
69-
buf = append(buf, 0, 0, 0, 0) // NAL unit size
96+
buf = binary.BigEndian.AppendUint32(buf, uint32(len(data))) // NAL unit size
7097
buf = append(buf, data...)
71-
binary.BigEndian.PutUint32(buf[nuStart:], uint32(len(data)))
7298
}
7399

74100
// collect all NAL Units for Access Unit

0 commit comments

Comments
 (0)