Opened 5 years ago
Closed 5 years ago
#8143 closed defect (fixed)
left shift of negative value in libavformat/rmdec.c
| Reported by: | Suhwan | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avformat |
| Version: | git-master | Keywords: | ubsan |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | yes |
Description
Summary of the bug:
There's a left shift of negative value bug in libavformat/rmdec.c:727:41
libavformat/rmdec.c:727:41: runtime error: left shift of negative value -1 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavformat/rmdec.c:727:41 in
How to reproduce:
% ./ffmpeg_g -y -i thankyou.rm -map 0 -c copy -c: v:79 targa -disposition: a:122 dpx -disposition: v:100 pcm_vidc -vframes 73 -aframes 50 -r 17 -ab 724k -ar 22050 -ac 10 -strict 0 output/tmp.ffmetadata ffmpeg version N-94887-ge55018ee11 (git master) built on ... ubuntu 18.04 with clang-6 and UBSAN option.
Attachments (2)
Change History (5)
by , 5 years ago
| Attachment: | thankyou.rm added |
|---|
by , 5 years ago
| Attachment: | gdb-left-rmdec added |
|---|
comment:1 by , 5 years ago
| Analyzed by developer: | set |
|---|---|
| Component: | undetermined → avformat |
| Priority: | important → normal |
| Reproduced by developer: | set |
| Resolution: | → fixed |
| Status: | new → closed |
comment:2 by , 5 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
This patch does not compile:
src/libavformat/rmdec.c: In function ‘rm_sync’:
src/libavformat/rmdec.c:727:36: error: invalid operands to binary >> (have ‘AVIOContext *’ {aka ‘struct AVIOContext *’} and ‘int’)
727 | mlti_id = avio_r8((pb) >> 1) - 1;
| ^~
comment:3 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Yes, my mistake. Fixed in 4c34ed65f68542ab5d1b0be0e26716ae74df0d23.
Note:
See TracTickets
for help on using tickets.
Fixed in 78f52b4fe388bb63ed2ca674f7486edc11053f70