Opened 5 years ago

Closed 4 years ago

#8214 closed defect (needs_more_info)

signed integer overflow in libswscale/output.c

Reported by: Suhwan Owned by:
Priority: normal Component: swscale
Version: unspecified Keywords: ubsan
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
There're 2 signed integer overflow in libswscale/output.c

libswscale/output.c:2202:15: runtime error: signed integer overflow: 1169365504 + 989071450 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libswscale/output.c:2202:15 in 
libswscale/output.c:2204:15: runtime error: signed integer overflow: 1169365504 + 1056691125 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libswscale/output.c:2204:15 in

How to reproduce:

% ./ffmpeg_g -t 1 -y -i base5_dancer.cmp -loglevel 0 -map 0 -vframes 38 -ab 840k -b:v 479k -strict 2 tmp.fits

ffmpeg version N-95160-g9fdc2c7bc4 Copyright (c) 2000-2019 the FFmpeg developers
  built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
  configuration: --cc=afl-clang --cxx=afl-clang++ --ld=afl-clang --enable-debug --toolchain=clang-usan

Attachments (2)

log-output (7.3 KB ) - added by Suhwan 5 years ago.
base5_dancer.cmp (67.1 KB ) - added by Suhwan 5 years ago.
poc

Download all attachments as: .zip

Change History (5)

by Suhwan, 5 years ago

Attachment: log-output added

by Suhwan, 5 years ago

Attachment: base5_dancer.cmp added

poc

comment:1 by Carl Eugen Hoyos, 5 years ago

Component: undeterminedswscale

comment:2 by Michael Niedermayer, 4 years ago

cannot reproduce it, not even with the version refereneced

comment:3 by Michael Niedermayer, 4 years ago

Resolution: needs_more_info
Status: newclosed
Note: See TracTickets for help on using tickets.