Context Navigation

#8153 closed defect (fixed)

signed integer overflow and invalid left shift in libavcodec/ttaenc.c

Reported by:	Suhwan	Owned by:
Priority:	normal	Component:	avcodec
Version:	git-master	Keywords:	ubsan
Cc:		Blocked By:
Blocking:		Reproduced by developer:	no
Analyzed by developer:	no

Description

Summary of the bug:
There're signed integer overflow bug and invalid left shift in libavcodec/ttaenc.c

libavcodec/ttaenc.c:167:45: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavcodec/ttaenc.c:167:45 in 
libavcodec/ttaenc.c:167:55: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavcodec/ttaenc.c:167:55 in

How to reproduce:

% ./ffmpeg_g -t 0 -stream_loop 17 -y -r 55 -i ting-dualchannel44.1.wav -map 0 -ab 687k -ac 22 -b:v 854k output/tmp.tta

ffmpeg version N-94887-ge55018ee11 (git master)
built on ubuntu 18.04 with clang-6 and UBSAN option.

Attachments (2)

ting-dualchannel44.1.wav (119.5 KB ) - added by Suhwan 5 years ago.: poc
gdb-ttaenc (9.2 KB ) - added by Suhwan 5 years ago.

Download all attachments as: .zip

Change History (3)

by Suhwan, 5 years ago

Attachment:	ting-dualchannel44.1.wav added

poc

by Suhwan, 5 years ago

Attachment:	gdb-ttaenc added

comment:1 by mkver, 5 years ago

Component:	undetermined → avcodec
Resolution:	→ fixed
Status:	new → closed

Fixed in 3ab488a5407f833ecc66e8fa4c537dc4852db720.

Note: See TracTickets for help on using tickets.

Download in other formats: