Opened 5 years ago
Closed 5 years ago
#8151 closed defect (fixed)
signed integer overflow in libavformat/aiffdec.c
| Reported by: | Suhwan | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | undetermined |
| Version: | git-master | Keywords: | ubsan |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Summary of the bug:
There're two signed integer overflow in libavformat/aiffdec.c
libavformat/aiffdec.c:245:26: runtime error: signed integer overflow: 2147483647 + 8 cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavformat/aiffdec.c:245:26 in libavformat/aiffdec.c:245:18: runtime error: signed integer overflow: 8 - -2147483641 cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavformat/aiffdec.c:245:18 in
How to reproduce:
% ./ffmpeg_g -t 2 -y -r 99 -i sample.PCM.8bit.8000Hz.Stereo.aif -loglevel 99 -map 0 -c copy -c: s:9 pcm_vidc -disposition: v:106 aptx_hd -r 36 -ar 48000 -ac 12 -strict 2 output/tmp.nsp ffmpeg version N-94887-ge55018ee11 (git master) built on ubuntu 18.04 with clang-6 and ASAN and UBSAN option.
Attachments (2)
Change History (3)
by , 5 years ago
| Attachment: | sample.PCM.8bit.8000Hz.Stereo.aif added |
|---|
by , 5 years ago
| Attachment: | gdb-aiffdec added |
|---|
comment:1 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed in d58752bcb923f48d372c0377c07990dd6379a1a9.
Note:
See TracTickets
for help on using tickets.
poc