Opened 3 years ago

Closed 3 years ago

Last modified 2 years ago

#5061 closed defect (invalid)

signed integer overflow in ff_init_poc

Reported by: tsmith Owned by:
Priority: normal Component: avcodec
Version: git-master Keywords: h264
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:

This is an Undefined behavior sanitizer (UBSan) runtime error.

libavcodec/h264.c:1198:36: runtime error: signed integer overflow: -2928 + -2147483647 cannot be represented in type 'int'

#0 0x7b1dd8 in ff_init_poc /home/user/code/ffmpeg/libavcodec/h264.c:1167:26
#1 0x950abd in ff_h264_decode_slice_header /home/user/code/ffmpeg/libavcodec/h264_slice.c:1728:9
#2 0x7a2b82 in decode_nal_units /home/user/code/ffmpeg/libavcodec/h264.c:1532:28
#3 0x7b4469 in h264_decode_frame /home/user/code/ffmpeg/libavcodec/h264.c:1840:17
#4 0xe89945 in avcodec_decode_video2 /home/user/code/ffmpeg/libavcodec/utils.c:2105:19
#5 0x5b383a in decode_video /home/user/code/ffmpeg/ffmpeg.c:2090:11
#6 0x5b383a in process_input_packet /home/user/code/ffmpeg/ffmpeg.c:2339
#7 0x5d683d in process_input /home/user/code/ffmpeg/ffmpeg.c:3960:5
#8 0x5810a8 in transcode_step /home/user/code/ffmpeg/ffmpeg.c:4048:11
#9 0x5810a8 in transcode /home/user/code/ffmpeg/ffmpeg.c:4102
#10 0x57af12 in main /home/user/code/ffmpeg/ffmpeg.c:4295:9
#11 0x7f01b2790ec4 in libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
#12 0x41ad25 in _start (/home/user/Desktop/ffmpeg/ffmpeg_ub+0x41ad25)

How to reproduce:

% ./ffmpeg -v 0 -nostats -f h264 -i test_case.264 -f null -
ffmpeg version N-76984-g259c71c
built on Linux x86_64

Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.

Attachments (1)

test_case.264 (39.3 KB) - added by tsmith 3 years ago.

Download all attachments as: .zip

Change History (4)

Changed 3 years ago by tsmith

comment:1 Changed 3 years ago by jamrial

  • Keywords h264 added
  • Resolution set to invalid
  • Status changed from new to closed

Same as #5060, can't reproduce with git head.

comment:2 follow-up: Changed 2 years ago by jyavenard

Did you actually run the command using UBSan, or just ran the ffmpeg command as is? If the later, of course you won't be able to reproduce the assertions.

comment:3 in reply to: ↑ 2 Changed 2 years ago by tsmith

Replying to jyavenard:

Did you actually run the command using UBSan, or just ran the ffmpeg command as is? If the later, of course you won't be able to reproduce the assertions.

I verified this is fixed. Thanks for keeping an eye on it.

Note: See TracTickets for help on using tickets.