Opened 8 years ago
Closed 8 years ago
#5135 closed defect (fixed)
signed integer overflow in update_stream_timings
| Reported by: | tsmith | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avformat |
| Version: | git-master | Keywords: | ubsan |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Summary of the bug:
UBSan: libavformat/utils.c:2357:27: runtime error: signed integer overflow: -615294856720577842 + -9223372036854775808 cannot be represented in type 'long'
How to reproduce:
% ffmpeg -f ivf -i <test_case> -f null -
ffmpeg version N-77718-g72673ad Copyright (c) 2000-2016 the FFmpeg developers
built with Ubuntu clang version 3.7.1-svn253742-1~exp1 (branches/release_37) (based on LLVM 3.7.1)
configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-securetransport --disable-iconv
libavutil 55. 12.100 / 55. 12.100
libavcodec 57. 22.100 / 57. 22.100
libavformat 57. 21.101 / 57. 21.101
libavdevice 57. 0.100 / 57. 0.100
libavfilter 6. 23.100 / 6. 23.100
libswscale 4. 0.100 / 4. 0.100
libswresample 2. 0.101 / 2. 0.101
[vp9 @ 0x619000005a80] Warning: not compiled with thread support, using thread emulation
Truncating packet of size 438632507 to 1549
libavformat/utils.c:2357:27: runtime error: signed integer overflow: -615294856720577842 + -9223372036854775808 cannot be represented in type 'long'
#0 0xc385c3 in update_stream_timings /home/user/code/ffmpeg/libavformat/utils.c:2357:27
#1 0xc37755 in fill_all_stream_timings /home/user/code/ffmpeg/libavformat/utils.c:2408:5
#2 0xc2189a in estimate_timings /home/user/code/ffmpeg/libavformat/utils.c:2624:9
#3 0xc2189a in avformat_find_stream_info /home/user/code/ffmpeg/libavformat/utils.c:3537
#4 0x53c6cb in open_input_file /home/user/code/ffmpeg/ffmpeg_opt.c:970:11
#5 0x53a94f in open_files /home/user/code/ffmpeg/ffmpeg_opt.c:2999:15
#6 0x53a11c in ffmpeg_parse_options /home/user/code/ffmpeg/ffmpeg_opt.c:3036:11
#7 0x56f5ab in main /home/user/code/ffmpeg/ffmpeg.c:4292:11
#8 0x7efe2f3f1ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
#9 0x466445 in _start (/home/user/Desktop/ffmpeg/ffmpeg_full+0x466445)
Attachments (1)
Change History (4)
by , 8 years ago
| Attachment: | test_case.ivf added |
|---|
comment:1 by , 8 years ago
| Keywords: | ubsan added |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
comment:2 by , 8 years ago
| Reproduced by developer: | set |
|---|---|
| Resolution: | fixed |
| Status: | closed → reopened |
Still reproducible with 3e886e7, another similar issue seems to have been fixed.
comment:3 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Should be fixed in 267da70ea8c36caaa645a3c4f1c5f0ca8bae156a
Note:
See TracTickets
for help on using tickets.
I believe this was fixed by Michael in 2be3007ed55f1513bcae3d2a076e71878f48eb03