Opened 5 years ago
Closed 4 years ago
#8187 closed defect (fixed)
signed integer overflow in libavformat/mpegenc.c
| Reported by: | Suhwan | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avformat |
| Version: | git-master | Keywords: | ubsan |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Summary of the bug:
There is a signed integer overflow in libavformat/mpegenc.c
libavformat/mpegenc.c:1219:19: runtime error: signed integer overflow: -9223372036854775808 - 45000 cannot be represented in type 'long'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavformat/mpegenc.c:1219:19 in
1217 if (is_iframe &&
(gdb) bt
#0 mpeg_mux_write_packet (ctx=0x61b000000e80, pkt=0x3feeae6609317801)
at libavformat/mpegenc.c:1217
#1 0x00000000023195b4 in write_packet (s=0x61b000000e80, pkt=<optimized out>)
at libavformat/mux.c:747
#2 0x0000000002326f0c in av_interleaved_write_frame (s=<optimized out>,
pkt=0x7fffffffb040) at libavformat/mux.c:1238
#3 0x000000000063bfff in write_packet (of=0x61600000b601, pkt=0x7fffffffb040,
ost=0x61600000b480, unqueue=0) at fftools/ffmpeg.c:815
#4 0x0000000000614210 in do_streamcopy (ist=0x615000000040, ost=<optimized out>,
pkt=0x7fffffffb8e0) at fftools/ffmpeg.c:2076
#5 process_input_packet (ist=0x615000000040, pkt=0x7fffffffb8e0, no_eof=0)
at fftools/ffmpeg.c:2746
#6 0x000000000064abf8 in process_input (file_index=7120) at fftools/ffmpeg.c:4518
#7 0x00000000005e71e8 in transcode_step () at fftools/ffmpeg.c:4638
#8 transcode () at fftools/ffmpeg.c:4692
#9 0x00000000005db6ec in main (argc=<optimized out>, argv=<optimized out>)
at fftools/ffmpeg.c:4894
How to reproduce:
% ./ffmpeg_g -y -r 2 -i avi+mpeg4+++vdpart-bug.avi -target dvd -loglevel 99 -map 0 -c copy -c:a:39 xbm -disposition:s:13 g723_1 -disposition:a:151 ayuv -ac 16 -strict 1 tmp.rpl ffmpeg version N-94982-gea673a0edb Copyright (c) 2000-2019 the FFmpeg developers built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final) configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-usan
Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.
Attachments (2)
Change History (4)
by , 5 years ago
| Attachment: | gdb-mpegenc added |
|---|
by , 5 years ago
| Attachment: | avi+mpeg4+++vdpart-bug.avi added |
|---|
comment:1 by , 4 years ago
| Status: | new → open |
|---|
comment:2 by , 4 years ago
| Component: | undetermined → avformat |
|---|---|
| Resolution: | → fixed |
| Status: | open → closed |
Fixed in 9874815b1aadadd7fd19aa6aabb7d9193f2f43d5.
Note:
See TracTickets
for help on using tickets.
poc