Opened 5 years ago

Closed 5 years ago

#5063 closed defect (invalid)

signed integer overflow in get_scale_factor

Reported by: tsmith Owned by:
Priority: normal Component: avcodec
Version: git-master Keywords: h264
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no


Summary of the bug:

This is an Undefined behavior sanitizer (UBSan) runtime error.

libavcodec/h264_direct.c:45:35: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'

#0 0x81043c in get_scale_factor /home/user/code/ffmpeg/libavcodec/h264_direct.c:41:32
#1 0x80f4c0 in ff_h264_direct_dist_scale_factor /home/user/code/ffmpeg/libavcodec/h264_direct.c:69:36
#2 0x951a0a in ff_h264_decode_slice_header /home/user/code/ffmpeg/libavcodec/h264_slice.c:1791:9
#3 0x7a2b82 in decode_nal_units /home/user/code/ffmpeg/libavcodec/h264.c:1532:28
#4 0x7b4469 in h264_decode_frame /home/user/code/ffmpeg/libavcodec/h264.c:1840:17
#5 0xe89945 in avcodec_decode_video2 /home/user/code/ffmpeg/libavcodec/utils.c:2105:19
#6 0x5b383a in decode_video /home/user/code/ffmpeg/ffmpeg.c:2090:11
#7 0x5b383a in process_input_packet /home/user/code/ffmpeg/ffmpeg.c:2339
#8 0x5d683d in process_input /home/user/code/ffmpeg/ffmpeg.c:3960:5
#9 0x5810a8 in transcode_step /home/user/code/ffmpeg/ffmpeg.c:4048:11
#10 0x5810a8 in transcode /home/user/code/ffmpeg/ffmpeg.c:4102
#11 0x57af12 in main /home/user/code/ffmpeg/ffmpeg.c:4295:9
#12 0x7f847ff83ec4 in libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
#13 0x41ad25 in _start (/home/user/Desktop/ffmpeg/ffmpeg_ub+0x41ad25)

How to reproduce:

% ./ffmpeg -v 0 -nostats -f h264 -i test_case.264 -f null -
ffmpeg version N-76984-g259c71c
built on Linux x86_64

Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.

Attachments (1)

test_case.264 (39.2 KB) - added by tsmith 5 years ago.

Download all attachments as: .zip

Change History (2)

Changed 5 years ago by tsmith

comment:1 Changed 5 years ago by jamrial

  • Keywords h264 added
  • Resolution set to invalid
  • Status changed from new to closed

Same as #5060, can't reproduce with git head.

Note: See TracTickets for help on using tickets.