Opened 3 years ago

Closed 2 years ago

Last modified 2 years ago

#8217 closed defect (fixed)

left shift of negative value bug in libavcodec/ra144enc.c

Reported by: Suhwan Owned by:
Priority: minor Component: avcodec
Version: git-master Keywords: ra144 ubsan
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
There is a left shift of negative value bug in libavcodec/ra144enc.c

libavcodec/ra144enc.c:480:69: runtime error: left shift of negative value -2682
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavcodec/ra144enc.c:480:69 in 
libavcodec/lpc.h:189:15: runtime error: division by zero
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavcodec/lpc.h:189:15 in

How to reproduce:

% ffmpeg_g -y -r 70 -i $PoC -loglevel 0  -c:a:0 real_144 -c:a:48 alias_pix -disposition:v:122 flashsv2  tmp.aptx

ffmpeg version N-95199-g9847380f5f Copyright (c) 2000-2019 the FFmpeg developers
built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final), --enable-debug --toolchain=clang-asan

Attachments (2)

PoC_ra144.wav (125.0 KB ) - added by Suhwan 3 years ago.
poc
gdb-ra144 (9.8 KB ) - added by Suhwan 3 years ago.

Download all attachments as: .zip

Change History (4)

by Suhwan, 3 years ago

Attachment: PoC_ra144.wav added

poc

by Suhwan, 3 years ago

Attachment: gdb-ra144 added

comment:1 by mkver, 2 years ago

Component: undeterminedavcodec
Resolution: fixed
Status: newclosed

Fixed in e3fb9af6f1353f30855eaa1cbd5befaf06e303b8. Notice that I was unable to reproduce the division by zero in lpc.h that you mention in your ticket; it is also absent in your gdb log, so I guess that you simply made an error.

comment:2 by Carl Eugen Hoyos, 2 years ago

Keywords: ra144 added
Priority: normalminor

I still see the lpc error with clang 9.0.1, it seems covered by ticket #8213.

Note: See TracTickets for help on using tickets.