Opened 3 years ago

Closed 2 years ago

Last modified 2 years ago

#8290 closed defect (fixed)

left shift of 9053289 by 8 places cannot be represented in type 'int32_t' at libavcodec/h264_mp4toannexb_bsf.c:205

Reported by: Suhwan Owned by:
Priority: normal Component: avcodec
Version: git-master Keywords: h264 ubsan
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
There is a left shift of 9053289 by 8 places cannot be represented in type 'int32_t' at libavcodec/h264_mp4toannexb_bsf.c:205

I compiled ffmpeg with "--toolchain=clang-usan" to check the undefined-behaviours and attached log file.
How to reproduce:

% ffmpeg_g -y -i $PoC1 -i $PoC2 -target dvd -loglevel 0 -map 0 -vbsf h264_mp4toannexb -c copy tmp.adf

ffmpeg version N-95399-g1a0c584abc Copyright (c) 2000-2019 the FFmpeg developers
built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-usan

Here's UBSAN log

libavcodec/h264_mp4toannexb_bsf.c:205:34: runtime error: left shift of 9053289 by 8 places cannot be represented in type 'int32_t' (aka 'int')

Thread 1 "ffmpeg_g" hit Breakpoint 1, 0x00000000004288b0 in __ubsan::ScopedReport::~ScopedReport() ()
(gdb) bt
#0  0x00000000004288b0 in __ubsan::ScopedReport::~ScopedReport() ()
#1  0x000000000042a9a0 in handleShiftOutOfBoundsImpl(__ubsan::ShiftOutOfBoundsData*, unsigned long, unsigned long, __ubsan::ReportOptions) ()
#2  0x000000000042cb41 in __ubsan_handle_shift_out_of_bounds ()
#3  0x0000000002232d2e in h264_mp4toannexb_filter (ctx=0x93d7c00, out=0x7fffffffc700) at libavcodec/h264_mp4toannexb_bsf.c:205
#4  0x00000000004c7fb8 in output_packet (of=0x93d7480, pkt=0x7fffffffc700, ost=0x93d78c0, eof=<optimized out>) at fftools/ffmpeg.c:863
#5  0x00000000004a3f71 in do_streamcopy (ist=<optimized out>, ost=<optimized out>, pkt=<optimized out>) at fftools/ffmpeg.c:2066
#6  process_input_packet (ist=<optimized out>, pkt=<optimized out>, no_eof=<optimized out>) at fftools/ffmpeg.c:2736
#7  0x00000000004bf0f0 in process_input (file_index=<optimized out>) at fftools/ffmpeg.c:4508
#8  0x000000000048d5eb in transcode_step () at fftools/ffmpeg.c:4628
#9  transcode () at fftools/ffmpeg.c:4682
#10 0x0000000000487da4 in main (argc=17, argv=<optimized out>) at fftools/ffmpeg.c:4884

Please confirm.
Thanks

Attachments (2)

PoC_1 (14.4 KB ) - added by Suhwan 3 years ago.
poc1
PoC_2.bmp (14.2 KB ) - added by Suhwan 3 years ago.
poc2

Download all attachments as: .zip

Change History (4)

by Suhwan, 3 years ago

Attachment: PoC_1 added

poc1

by Suhwan, 3 years ago

Attachment: PoC_2.bmp added

poc2

comment:1 by mkver, 2 years ago

Resolution: fixed
Status: newclosed

comment:2 by Carl Eugen Hoyos, 2 years ago

Component: undeterminedavcodec
Keywords: h264 added
Note: See TracTickets for help on using tickets.