Opened 5 years ago
Closed 5 years ago
#8237 closed defect (invalid)
Division by zero at libavfilter/af_adeclick.c
Reported by: | Suhwan | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | undetermined |
Version: | git-master | Keywords: | ubsan |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the bug:
There are 2 Division by zero at libavfilter/af_adeclick.c:684,228
Breakpoint 1, uninit (ctx=0x611000000900) at libavfilter/af_adeclick.c:684 684 s->nb_samples, 100. * s->detected_errors / s->nb_samples); (gdb) print s->nb_samples $1 = 0 (gdb) bt #0 uninit (ctx=0x611000000900) at libavfilter/af_adeclick.c:684 #1 0x000000000110cde1 in avfilter_free (filter=0x611000000900) at libavfilter/avfilter.c:771 #2 0x0000000001174600 in avfilter_graph_free (graph=0x7fffffffdb20) at libavfilter/avfiltergraph.c:126 #3 0x00000000006e02d0 in init_complex_filtergraph (fg=0x60a000000040) at fftools/ffmpeg_filter.c:377 #4 0x00000000005173c9 in init_complex_filters () at fftools/ffmpeg_opt.c:2102 #5 ffmpeg_parse_options (argc=<optimized out>, argv=<optimized out>) at fftools/ffmpeg_opt.c:3324 #6 0x000000000081bc75 in main (argc=23, argv=0x7fffffffe138) at fftools/ffmpeg.c:4872 (gdb) c Continuing. libavfilter/af_adeclick.c:684:53: runtime error: division by zero SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavfilter/af_adeclick.c:684:53 in libavfilter/af_adeclick.c:228:25: runtime error: division by zero SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavfilter/af_adeclick.c:228:25 in
How to reproduce:
% ffmpeg_g -y -r 49 -i $PoC -filter_complex adeclick -loglevel 0 -c:s:7 h264_v4l2m2m -disposition:s:3 apng -vframes 35 -ab 267k -ac 0 -strict 1 tmp.ast ffmpeg version N-95291-g5345965b3f Copyright (c) 2000-2019 the FFmpeg developers built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final) configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-usan
Attachments (2)
Change History (6)
by , 5 years ago
Attachment: | PoC_af_adeclick684.wav added |
---|
follow-up: 2 comment:1 by , 5 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
comment:2 by , 5 years ago
Resolution: | invalid |
---|---|
Status: | closed → reopened |
Replying to richardpl:
I checked this again and re-uploaded the full gdb-log.
I compiled ffmpeg with "--toolchain=clang-usan" option to check division by zero.
please confirm.
Thanks
How to reproduce:
$ ffmpeg_g -y -r 49 -i $PoC -filter_complex adeclick -loglevel 99 -c:s:7 h264_v4l2m2m -disposition:s:3 apng -vframes 35 -ab 267k -ac 0 -strict 1 tmp.ast ffmpeg version N-95314-g1331e00179 Copyright (c) 2000-2019 the FFmpeg developers built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final) configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-usan
Breakpoint 1, uninit (ctx=0x90e0140) at libavfilter/af_adeclick.c:684 684 s->nb_samples, 100. * s->detected_errors / s->nb_samples); (gdb) n 683 s->is_declip ? "clips" : "clicks", s->detected_errors, (gdb) n 684 s->nb_samples, 100. * s->detected_errors / s->nb_samples); (gdb) n libavfilter/af_adeclick.c:684:53: runtime error: division by zero 682 av_log(ctx, AV_LOG_INFO, "Detected %s in %"PRId64" of %"PRId64" samples (%g%%).\n", (gdb) bt #0 uninit (ctx=0x90e0140) at libavfilter/af_adeclick.c:682 #1 0x00000000005ca3f3 in avfilter_free (filter=0x90e0140) at libavfilter/avfilter.c:771 #2 0x00000000005d6218 in avfilter_graph_free (graph=0x7fffffffde50) at libavfilter/avfiltergraph.c:126 #3 0x00000000004646ca in init_complex_filtergraph (fg=<optimized out>) at fftools/ffmpeg_filter.c:377 #4 0x000000000042db4c in init_complex_filters () at fftools/ffmpeg_opt.c:2102 #5 ffmpeg_parse_options (argc=<optimized out>, argv=<optimized out>) at fftools/ffmpeg_opt.c:3324 #6 0x0000000000487b44 in main (argc=23, argv=0x7fffffffe118) at fftools/ffmpeg.c:4872 (gdb) disass $pc-32,$pc+32 Dump of assembler code from 0xfeb693 to 0xfeb6d3: 0x0000000000feb693 <uninit+265>: pushfq 0x0000000000feb694 <uninit+266>: add $0x66,%al 0x0000000000feb696 <uninit+268>: subps 0x49c8d83(%rip),%xmm1 # 0x59b4420 0x0000000000feb69d <uninit+275>: pshufd $0x4e,%xmm1,%xmm2 0x0000000000feb6a2 <uninit+280>: addpd %xmm1,%xmm2 0x0000000000feb6a6 <uninit+284>: test %rax,%rax 0x0000000000feb6a9 <uninit+287>: je 0xfebc7b <uninit+1777> 0x0000000000feb6af <uninit+293>: divsd %xmm2,%xmm0 => 0x0000000000feb6b3 <uninit+297>: mov $0x20,%esi 0x0000000000feb6b8 <uninit+302>: mov $0x5a698dc,%edx 0x0000000000feb6bd <uninit+307>: mov $0x1,%al 0x0000000000feb6bf <uninit+309>: mov %r15,%rdi 0x0000000000feb6c2 <uninit+312>: mov %rbx,%rcx 0x0000000000feb6c5 <uninit+315>: mov %r13,%r9 0x0000000000feb6c8 <uninit+318>: callq 0x58e7540 <av_log> 0x0000000000feb6cd <uninit+323>: mov 0xf(%rsp),%r12b 0x0000000000feb6d2 <uninit+328>: test %r12b,%r12b End of assembler dump.
by , 5 years ago
Attachment: | gdb-af_adeclick684 added |
---|
comment:3 by , 5 years ago
I guess the reason for the closure was that you use $PoC in the command line. Strictly speaking, this makes the ticket invalid.
comment:4 by , 5 years ago
Resolution: | → invalid |
---|---|
Status: | reopened → closed |
Division by zero is with floats, and that is valid.
Note:
See TracTickets
for help on using tickets.
poc