Opened 5 years ago
Closed 5 years ago
#7994 closed defect (fixed)
undefined-behavior at libavcodec/ac3enc.c and heap buffer overflow at zmbvenc.c:97
Reported by: | Suhwan | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | avcodec |
Version: | git-master | Keywords: | ubsan |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the bug:
There're an undefined-behavior at libavcodec/ac3enc.c:1068:37 and a heap buffer overflow at zmbvenc.c:97.
How to reproduce:
% ffmpeg_g -y -r 79 -i tmp.webm -map 0 -c:v zmbv -c:v:80 asv1 -disposition:v:60 zmbv -disposition:s pcm_s8 -ab 962 -ar 48000 -ac 10 -b:v 399k tmp_.avi ffmpeg version : N-94163-g664a27ea40 built with clang version 9.0.0
1064 static int bit_alloc(AC3EncodeContext *s, int snr_offset) 1065 { 1066 int blk, ch; 1067 1068 snr_offset = (snr_offset - 240) << 2; 1069 1070 reset_block_bap(s); 1071 for (blk = 0; blk < s->num_blocks; blk++) { 1072 AC3Block *block = &s->blocks[blk]; 1073 1074 for (ch = !block->cpl_in_use; ch <= s->channels; ch++) { 1075 /* Currently the only bit allocation parameters which vary across 1076 blocks within a frame are the exponent values. We can take 1077 advantage of that by reusing the bit allocation pointers 1078 whenever we reuse exponents. */ 1079 if (s->exp_strategy[ch][blk] != EXP_REUSE) { 1080 s->ac3dsp.bit_alloc_calc_bap(block->mask[ch], block->psd[ch], 1081 s->start_freq[ch], block->end_freq[ch], 1082 snr_offset, s->bit_alloc.floor, 1083 ff_ac3_bap_tab, s->ref_bap[ch][blk]); 1084 } 1085 } 1086 } 1087 return count_mantissa_bits(s); 1088 }
Attachments (2)
Change History (4)
by , 5 years ago
by , 5 years ago
Attachment: | gdb_log_7994 added |
---|
comment:1 by , 5 years ago
Component: | undetermined → avcodec |
---|
comment:2 by , 5 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
The zmbvenc bug has been fixed in def04022f4a7058f99e669bfd978d431d79aec18.
Note:
See TracTickets
for help on using tickets.
The ac3-bug has been fixed in 2f289ec914cc7e8133858d4f9e8d91dab685ae44.