Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#5131 closed defect (fixed)

left shift of negative in mc_chroma_scaled()

Reported by: tsmith Owned by:
Priority: normal Component: avcodec
Version: git-master Keywords: vp9
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
UBSan libavcodec/vp9.c:2838:49: runtime error: left shift of negative value -36

How to reproduce:

% ffmpeg -f ivf -i <test_case> -f null -
ffmpeg version N-77718-g72673ad Copyright (c) 2000-2016 the FFmpeg developers
  built with Ubuntu clang version 3.7.1-svn253742-1~exp1 (branches/release_37) (based on LLVM 3.7.1)
  configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-securetransport --disable-iconv
  libavutil      55. 12.100 / 55. 12.100
  libavcodec     57. 22.100 / 57. 22.100
  libavformat    57. 21.101 / 57. 21.101
  libavdevice    57.  0.100 / 57.  0.100
  libavfilter     6. 23.100 /  6. 23.100
  libswscale      4.  0.100 /  4.  0.100
  libswresample   2.  0.101 /  2.  0.101
[vp9 @ 0x619000005a80] Warning: not compiled with thread support, using thread emulation
Truncating packet of size 438632514 to 144
Input #0, ivf, from '/home/user/Desktop/ffmpeg/ivf_corpus/015e6d4befec735fa3aa136ea3e5e1036810ba13':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: vp9 (Profile 2) (VP90 / 0x30395056), yuv420p10le(tv), 5x479, 0.0000 tbr, 0.0000 tbn, 0.0000 tbc
[wrapped_avframe @ 0x619000001e80] Warning: not compiled with thread support, using thread emulation
[vp9 @ 0x619000002880] Warning: not compiled with thread support, using thread emulation
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf57.21.101
    Stream #0:0: Video: wrapped_avframe, yuv420p10le, 5x479, q=2-31, 200 kb/s, 0.0000 fps, 0.0000 tbn, 0.0000 tbc
    Metadata:
      encoder         : Lavc57.22.100 wrapped_avframe
Stream mapping:
  Stream #0:0 -> #0:0 (vp9 (native) -> wrapped_avframe (native))
Press [q] to stop, [?] for help
DTS 15269759, next:-1997853472 st:0 invalid dropping
PTS 15269759, next:-1997853472 invalid dropping st:0
libavcodec/vp9.c:2838:49: runtime error: left shift of negative value -36
    #0 0x1def7d7 in mc_chroma_scaled /home/user/code/ffmpeg/libavcodec/vp9.c:2899:53
    #1 0x1def7d7 in inter_pred_scaled_16bpp /home/user/code/ffmpeg/libavcodec/vp9_mc_template.c:393
    #2 0x1ca179f in inter_recon /home/user/code/ffmpeg/libavcodec/vp9.c:2982:13
    #3 0x1ca179f in inter_recon_16bpp /home/user/code/ffmpeg/libavcodec/vp9.c:3045
    #4 0x1ca179f in decode_b /home/user/code/ffmpeg/libavcodec/vp9.c:3292
    #5 0x1c901e5 in decode_sb /home/user/code/ffmpeg/libavcodec/vp9.c:3392:17
    #6 0x1c906d3 in decode_sb /home/user/code/ffmpeg/libavcodec/vp9.c:3407:17
    #7 0x1c75f55 in vp9_decode_frame /home/user/code/ffmpeg/libavcodec/vp9.c:4164:29
    #8 0x1a3fc96 in avcodec_decode_video2 /home/user/code/ffmpeg/libavcodec/utils.c:2107:19
    #9 0x589546 in decode_video /home/user/code/ffmpeg/ffmpeg.c:2069:11
    #10 0x589546 in process_input_packet /home/user/code/ffmpeg/ffmpeg.c:2318
    #11 0x5990bc in process_input /home/user/code/ffmpeg/ffmpeg.c:3980:5
    #12 0x5726c6 in transcode_step /home/user/code/ffmpeg/ffmpeg.c:4068:11
    #13 0x5726c6 in transcode /home/user/code/ffmpeg/ffmpeg.c:4122
    #14 0x56f73c in main /home/user/code/ffmpeg/ffmpeg.c:4314:9
    #15 0x7f6ba7e30ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #16 0x466445 in _start (/home/user/Desktop/ffmpeg/ffmpeg_full+0x466445)

Attachments (1)

test_case.vp9.ivf (227 bytes ) - added by tsmith 8 years ago.

Download all attachments as: .zip

Change History (3)

by tsmith, 8 years ago

Attachment: test_case.vp9.ivf added

comment:1 by Ronald S. Bultje, 8 years ago

Resolution: fixed
Status: newclosed

comment:2 by Carl Eugen Hoyos, 8 years ago

Keywords: vp9 added
Note: See TracTickets for help on using tickets.