Context Navigation

#8184 closed defect (fixed)

signed integer overflow in libavformat/swfenc.c

Reported by:	Suhwan	Owned by:
Priority:	normal	Component:	avformat
Version:	git-master	Keywords:	ubsan
Cc:		Blocked By:
Blocking:		Reproduced by developer:	no
Analyzed by developer:	no

Description

Summary of the bug:
There's a signed integer overflow in libavformat/swfenc.c:259:25

libavformat/swfenc.c:259:25: runtime error: signed integer overflow: 30000299 * 256 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavformat/swfenc.c:259:25 in

How to reproduce:

% ./ffmpeg_g -stream_loop 1 -y -i 320x240.ogg -loglevel 99 -map 0 -c:v:99 g726le -c:v:18 adpcm_swf -disposition:s:19 roqvideo -disposition:s:21 v410 -vframes 105 -aframes 108 -ac 17 -b:v 62k tmp.swf

ffmpeg version N-94982-gea673a0edb Copyright (c) 2000-2019 the FFmpeg developers
  built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
  configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-usan

Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.

Attachments (2)

gdb-swfenc (30.0 KB ) - added by Suhwan 5 years ago.
320x240.ogg (278.6 KB ) - added by Suhwan 5 years ago.: poc

Download all attachments as: .zip

Change History (4)

by Suhwan, 5 years ago

Attachment:	gdb-swfenc added

by Suhwan, 5 years ago

Attachment:	320x240.ogg added

poc

comment:1 by Balling, 5 years ago

Status:	new → open

https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200216194303.819-1-michael@niedermayer.cc/

comment:2 by mkver, 4 years ago

Component:	undetermined → avformat
Resolution:	→ fixed
Status:	open → closed

Fixed in 31f956acadd994b8c4e22b714aaffee0f527c827.

Note: See TracTickets for help on using tickets.

Download in other formats: