Opened 2 years ago

Closed 12 months ago

#8184 closed defect (fixed)

signed integer overflow in libavformat/swfenc.c

Reported by: Suhwan Owned by:
Priority: normal Component: avformat
Version: git-master Keywords: ubsan
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
There's a signed integer overflow in libavformat/swfenc.c:259:25

libavformat/swfenc.c:259:25: runtime error: signed integer overflow: 30000299 * 256 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavformat/swfenc.c:259:25 in 

How to reproduce:

% ./ffmpeg_g -stream_loop 1 -y -i 320x240.ogg -loglevel 99 -map 0 -c:v:99 g726le -c:v:18 adpcm_swf -disposition:s:19 roqvideo -disposition:s:21 v410 -vframes 105 -aframes 108 -ac 17 -b:v 62k tmp.swf

ffmpeg version N-94982-gea673a0edb Copyright (c) 2000-2019 the FFmpeg developers
  built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
  configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-usan

Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.

Attachments (2)

gdb-swfenc (30.0 KB ) - added by Suhwan 2 years ago.
320x240.ogg (278.6 KB ) - added by Suhwan 2 years ago.
poc

Download all attachments as: .zip

Change History (4)

by Suhwan, 2 years ago

Attachment: gdb-swfenc added

by Suhwan, 2 years ago

Attachment: 320x240.ogg added

poc

comment:2 by mkver, 12 months ago

Component: undeterminedavformat
Resolution: fixed
Status: openclosed
Note: See TracTickets for help on using tickets.