Opened 5 years ago

Closed 5 years ago

#8180 closed defect (needs_more_info)

signed integer overflow in libavutil/mathematics.c

Reported by: Suhwan Owned by:
Priority: normal Component: undetermined
Version: git-master Keywords: ubsan
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
There is signed integer overflow bug in libavutil/mathematics.c

libavutil/mathematics.c:201:39: runtime error: signed integer overflow: 9223372036854775807 - -83712 cannot be represented in type 'long'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavutil/mathematics.c:201:39 in

How to reproduce:

% ./ffmpeg_g -stream_loop 0 -y -r 37 -i bug533822.ogg -loglevel 99 -map 0 -ar 22050 tmp.wav

ffmpeg version N-94969-gc2ab998ff3 Copyright (c) 2000-2019 the FFmpeg developers
  built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
  configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-usan

Attachments (2)

gdb-mathematics (22.6 KB ) - added by Suhwan 5 years ago.
bug533822.ogg (34.2 KB ) - added by Suhwan 5 years ago.
poc

Download all attachments as: .zip

Change History (4)

by Suhwan, 5 years ago

Attachment: gdb-mathematics added

by Suhwan, 5 years ago

Attachment: bug533822.ogg added

poc

comment:1 by mkver, 5 years ago

The same error is also triggered in the lavf-fate-vp8.ogg FATE test.

comment:2 by Michael Niedermayer, 5 years ago

Resolution: needs_more_info
Status: newclosed

Not reproducible since 72db18e929cf3310cfc2a6eb4170a0d390e5a105 so this lacks a testcase

Note: See TracTickets for help on using tickets.