Opened 3 years ago

Closed 23 months ago

#8187 closed defect (fixed)

signed integer overflow in libavformat/mpegenc.c

Reported by: Suhwan Owned by:
Priority: normal Component: avformat
Version: git-master Keywords: ubsan
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
There is a signed integer overflow in libavformat/mpegenc.c

libavformat/mpegenc.c:1219:19: runtime error: signed integer overflow: -9223372036854775808 - 45000 cannot be represented in type 'long'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavformat/mpegenc.c:1219:19 in 
1217	        if (is_iframe &&
(gdb) bt
#0  mpeg_mux_write_packet (ctx=0x61b000000e80, pkt=0x3feeae6609317801)
    at libavformat/mpegenc.c:1217
#1  0x00000000023195b4 in write_packet (s=0x61b000000e80, pkt=<optimized out>)
    at libavformat/mux.c:747
#2  0x0000000002326f0c in av_interleaved_write_frame (s=<optimized out>, 
    pkt=0x7fffffffb040) at libavformat/mux.c:1238
#3  0x000000000063bfff in write_packet (of=0x61600000b601, pkt=0x7fffffffb040, 
    ost=0x61600000b480, unqueue=0) at fftools/ffmpeg.c:815
#4  0x0000000000614210 in do_streamcopy (ist=0x615000000040, ost=<optimized out>, 
    pkt=0x7fffffffb8e0) at fftools/ffmpeg.c:2076
#5  process_input_packet (ist=0x615000000040, pkt=0x7fffffffb8e0, no_eof=0)
    at fftools/ffmpeg.c:2746
#6  0x000000000064abf8 in process_input (file_index=7120) at fftools/ffmpeg.c:4518
#7  0x00000000005e71e8 in transcode_step () at fftools/ffmpeg.c:4638
#8  transcode () at fftools/ffmpeg.c:4692
#9  0x00000000005db6ec in main (argc=<optimized out>, argv=<optimized out>)
    at fftools/ffmpeg.c:4894

How to reproduce:

% ./ffmpeg_g -y -r 2 -i avi+mpeg4+++vdpart-bug.avi -target dvd -loglevel 99 -map 0 -c copy -c:a:39 xbm -disposition:s:13 g723_1 -disposition:a:151 ayuv -ac 16 -strict 1 tmp.rpl

ffmpeg version N-94982-gea673a0edb Copyright (c) 2000-2019 the FFmpeg developers
  built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
  configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-usan

Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.

Attachments (2)

gdb-mpegenc (31.7 KB ) - added by Suhwan 3 years ago.
avi+mpeg4+++vdpart-bug.avi (179.6 KB ) - added by Suhwan 3 years ago.
poc

Download all attachments as: .zip

Change History (4)

by Suhwan, 3 years ago

Attachment: gdb-mpegenc added

by Suhwan, 3 years ago

Attachment: avi+mpeg4+++vdpart-bug.avi added

poc

comment:2 by mkver, 23 months ago

Component: undeterminedavformat
Resolution: fixed
Status: openclosed
Note: See TracTickets for help on using tickets.