[FFmpeg-cvslog] avcodec/ac3_parser: improve false positive detection when parsing sync frames

James Almer git at videolan.org
Wed Oct 26 16:34:03 EEST 2022 

ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Sat Oct 22 16:41:41 2022 -0300| [4c35bb53f94e4de88a0919346f24d34f8387771c] | committer: James Almer

avcodec/ac3_parser: improve false positive detection when parsing sync frames

A two byte sync word is not enough to ensure we got a real syncframe, nor are
all the range checks we do in the first seven bytes. Do therefore an integrity
check for the sync frame in order to prevent the parser from filling avctx with
bogus information.

Signed-off-by: James Almer <jamrial at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4c35bb53f94e4de88a0919346f24d34f8387771c
---

 libavcodec/aac_ac3_parser.c | 4 ++++
 libavcodec/aac_ac3_parser.h | 2 ++
 libavcodec/ac3_parser.c     | 1 +
 3 files changed, 7 insertions(+)

diff --git a/libavcodec/aac_ac3_parser.c b/libavcodec/aac_ac3_parser.c
index 2974de1545..9ab979632d 100644
--- a/libavcodec/aac_ac3_parser.c
+++ b/libavcodec/aac_ac3_parser.c
@@ -114,6 +114,10 @@ get_next:
                     buf_size -= hdr.frame_size;
                     continue;
                 }
+                /* Check for false positives since the syncword is not enough.
+                   See section 6.1.2 of A/52. */
+                if (av_crc(s->crc_ctx, 0, buf + 2, hdr.frame_size - 2))
+                    return i;
                 break;
             }
 
diff --git a/libavcodec/aac_ac3_parser.h b/libavcodec/aac_ac3_parser.h
index 560bba54f5..bc16181a19 100644
--- a/libavcodec/aac_ac3_parser.h
+++ b/libavcodec/aac_ac3_parser.h
@@ -24,6 +24,7 @@
 #define AVCODEC_AAC_AC3_PARSER_H
 
 #include <stdint.h>
+#include "libavutil/crc.h"
 #include "avcodec.h"
 #include "parser.h"
 
@@ -42,6 +43,7 @@ typedef struct AACAC3ParseContext {
     int header_size;
     int (*sync)(uint64_t state, int *need_next_header, int *new_frame_start);
 
+    const AVCRC *crc_ctx;
     int remaining_size;
     uint64_t state;
 
diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c
index 8885e1c72e..13b8d3b7d8 100644
--- a/libavcodec/ac3_parser.c
+++ b/libavcodec/ac3_parser.c
@@ -246,6 +246,7 @@ static av_cold int ac3_parse_init(AVCodecParserContext *s1)
 {
     AACAC3ParseContext *s = s1->priv_data;
     s->header_size = AC3_HEADER_SIZE;
+    s->crc_ctx = av_crc_get_table(AV_CRC_16_ANSI);
     s->sync = ac3_sync;
     return 0;
 }

More information about the ffmpeg-cvslog mailing list