Context Navigation

#8149 closed defect (fixed)

singed integer overflow in libavformat/avidec.c

Reported by:	Suhwan	Owned by:
Priority:	important	Component:	undetermined
Version:	git-master	Keywords:	ubsan
Cc:		Blocked By:
Blocking:		Reproduced by developer:	yes
Analyzed by developer:	no

Description

Summary of the bug:
There's a singed integer overflow in libavformat/avidec.c:1536:30

libavformat/avidec.c:1536:30: runtime error: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavformat/avidec.c:1536:30 in

How to reproduce:

% ./ffmpeg_g -t 2 -stream_loop 14 -y -r 58 -i camcorder.avi -target dv -map 0 -vframes 91 -aframes 106 -r 16 -b:v 38k output/tmp.stl

ffmpeg version N-94887-ge55018ee11 (git master)
built on ... ubuntu 18.04 with clang-6 and UBSAN option.

Attachments (2)

camcorder.avi (1.0 MB ) - added by Suhwan 5 years ago.: poc
gdb-integer-overflow (12.9 KB ) - added by Suhwan 5 years ago.

Download all attachments as: .zip

Change History (4)

by Suhwan, 5 years ago

Attachment:	camcorder.avi added

poc

by Suhwan, 5 years ago

Attachment:	gdb-integer-overflow added

comment:1 by Balling, 4 years ago

Status:	new → open

https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200215225105.12141-3-michael@niedermayer.cc/

comment:2 by Michael Niedermayer, 4 years ago

Reproduced by developer:	set
Resolution:	→ fixed
Status:	open → closed

Fixed in 347920ca2102d762e4713f101a2e75811791e2b3

Note: See TracTickets for help on using tickets.

Download in other formats: