#11686 closed defect (worksforme)
[Security] signed integer overflow on libswscale/output.c
| Reported by: | flyfish101 | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | swscale |
| Version: | git-master | Keywords: | swscale, overflow |
| Cc: | flyfish101, Michael Niedermayer, Niklas Haas | Blocked By: | |
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description (last modified by )
Summary of the bug:
signed integer overflow
version: 722a2170e83231283fc74bede495b3b4ee9591ac
OS: Ubuntu 20.04LTS
Compiler: clang-14
poc: https://drive.google.com/file/d/1afws3WCzvRBc213jnIMfz_96MFNglGzd/view?usp=sharing
fuzz@Fuzz2:~/Desktop/projects_oss/FFmpeg/tools/fuzzout$ ./target_sws_fuzzer /home/fuzz/Desktop/langgraph/testpro/AFL-Agent/utils_c_389
Reading 339 bytes from /home/fuzz/Desktop/langgraph/testpro/AFL-Agent/utils_c_389
2 x 3 yuva420p10le -> 26 x 3 bgra64le
libswscale/output.c:1325:33: runtime error: signed integer overflow: -3421696 * 2048 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libswscale/output.c:1325:33 in
libswscale/output.c:1325:55: runtime error: signed integer overflow: -3421696 * 2048 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libswscale/output.c:1325:55 in
libswscale/output.c:1325:44: runtime error: signed integer overflow: 1582301184 + 1582301184 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libswscale/output.c:1325:44 in
libswscale/output.c:1325:65: runtime error: signed integer overflow: -1130364928 - 1073741824 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libswscale/output.c:1325:65 in
libswscale/output.c:1326:55: runtime error: signed integer overflow: -3487744 * 2048 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libswscale/output.c:1326:55 in
libswscale/output.c:1326:44: runtime error: signed integer overflow: 1073739776 + 1447034880 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libswscale/output.c:1326:44 in
libswscale/output.c:1326:65: runtime error: signed integer overflow: -1774192640 - 1073741824 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libswscale/output.c:1326:65 in
Execution successful.
Attachments (1)
Change History (5)
by , 10 months ago
| Attachment: | sws_int_overflow added |
|---|
comment:1 by , 10 months ago
| Description: | modified (diff) |
|---|---|
| Priority: | critical → important |
comment:2 by , 10 months ago
| Cc: | added |
|---|---|
| Resolution: | → worksforme |
| Status: | new → closed |
Not replicatable with the file provided, neither on x86-64 nor 32
also the case you show does not use a testcase, but runs multiple iterations. That does not match a single testcase you provide. PLease reopen this when you verified that the testcase you provide actually replicates an issue
tools/target_sws_fuzzer /home/michael/tickets/11686/sws_int_overflow INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 4187154971 INFO: Loaded 1 modules (324580 inline 8-bit counters): 324580 [0x3e38a43, 0x3e87e27), INFO: Loaded 1 PC tables (324580 PCs): 324580 [0x350adf8,0x39fec38), tools/target_sws_fuzzer: Running 1 inputs 1 time(s) each. Running: /home/michael/tickets/11686/sws_int_overflow 2 x 3 yuva420p10le -> 26 x 3 bgra64le Executed /home/michael/tickets/11686/sws_int_overflow in 3 ms *** *** NOTE: fuzzing was not performed, you have only *** executed the target code on a fixed set of inputs. ***
poc file