Opened 5 years ago
Closed 5 years ago
#7992 closed defect (fixed)
undefined-behavior at libavcodec/zmbvenc.c:243, 244
| Reported by: | Suhwan | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avcodec |
| Version: | git-master | Keywords: | ubsan avcodec |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Summary of the bug:
There's an undefined-behavior at libavcodec/zmbvenc.c:243.
How to reproduce:
% ffmpeg_g -y -r 80 -i tmp.mp4 -map 0 -c:v zmbv -c:v:64 rawvideo -disposition:v:66 mlp -disposition:v:126 nellymoser -vframes 7 -r 7 -ar 22050 -ac 3 -level 40 tmp_.afc ffmpeg version : N-94163-g664a27ea40 built with clang version 9.0.0
Here' the code line.
left shift of negative value on 243, 244 line
233 /* for now just XOR'ing */
234 for(y = 0; y < avctx->height; y += ZMBV_BLOCK) {
235 bh2 = FFMIN(avctx->height - y, ZMBV_BLOCK);
236 for(x = 0; x < avctx->width; x += ZMBV_BLOCK, mv += 2) {
237 bw2 = FFMIN(avctx->width - x, ZMBV_BLOCK);
238
239 tsrc = src + x * c->bypp;
240 tprev = prev + x * c->bypp;
241
242 zmbv_me(c, tsrc, p->linesize[0], tprev, c->pstride, x, y, &mx, &my, &xored);
243 mv[0] = (mx << 1) | !!xored;
244 mv[1] = my << 1;
245 tprev += mx * c->bypp + my * c->pstride;
246 if(xored){
247 for(j = 0; j < bh2; j++){
248 for(i = 0; i < bw2 * c->bypp; i++)
249 c->work_buf[work_size++] = tsrc[i] ^ tprev[i];
250 tsrc += p->linesize[0];
251 tprev += c->pstride;
252 }
253 }
254 }
255 src += p->linesize[0] * ZMBV_BLOCK;
256 prev += c->pstride * ZMBV_BLOCK;
257 }
Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.
Attachments (2)
Change History (3)
by , 5 years ago
| Attachment: | gdb_log_7992 added |
|---|
by , 5 years ago
comment:1 by , 5 years ago
| Component: | undetermined → avcodec |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Fixed in ea56af88956061d700043c5c4b026ac57834b0c8.