Opened 5 years ago

Closed 3 years ago

#8307 closed defect (fixed)

outside the range of representable values of type 'int' at libavfilter/af_drmeter.c

Reported by: Suhwan Owned by:
Priority: normal Component: undetermined
Version: git-master Keywords: ubsan
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
There is an outside the range of representable values of type 'int' at libavfilter/af_drmeter.c and 2 integer division by zero.

I compiled ffmpeg with "--toolchain=clang-usan" to check the undefined-behaviours and attached log file.
How to reproduce:

% ffmpeg_g -y -i $PoC1 -i $PoC2 -filter_complex drmeter -target dv50 -loglevel 0 tmp.rtp

ffmpeg version N-95446-gfddef964e8 Copyright (c) 2000-2019 the FFmpeg developers
built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-usan

Here's UBSAN log

libavfilter/af_drmeter.c:104:27: runtime error: division by zero

Thread 1 "ffmpeg_g" hit Breakpoint 1, 0x00000000004288b0 in __ubsan::ScopedReport::~ScopedReport() ()
(gdb) bt
#0  0x00000000004288b0 in __ubsan::ScopedReport::~ScopedReport() ()
#1  0x0000000000429b4e in handleDivremOverflowImpl(__ubsan::OverflowData*, unsigned long, unsigned long, __ubsan::ReportOptions) ()
#2  0x000000000042cad1 in __ubsan_handle_divrem_overflow ()
#3  0x00000000011b6dcf in finish_block (p=0x7ffff7fc4040)
    at libavfilter/af_drmeter.c:104
#4  0x00000000011b4f03 in print_stats (ctx=<optimized out>)
    at libavfilter/af_drmeter.c:170
#5  uninit (ctx=0x93b4200) at libavfilter/af_drmeter.c:202
#6  0x00000000005ca203 in avfilter_free (filter=0x93b4200)
    at libavfilter/avfilter.c:771
#7  0x00000000005d61b8 in avfilter_graph_free (graph=0x93b1890)
    at libavfilter/avfiltergraph.c:126
#8  0x00000000004881bb in ffmpeg_cleanup (ret=0) at fftools/ffmpeg.c:494
#9  0x00000000004744d3 in exit_program (ret=0) at fftools/cmdutils.c:139
#10 0x0000000000487f5f in main (argc=<optimized out>, argv=<optimized out>)
    at fftools/ffmpeg.c:4901
(gdb) c
Continuing.
libavfilter/af_drmeter.c:106:23: runtime error: -nan is outside the range of representable values of type 'int'

Thread 1 "ffmpeg_g" hit Breakpoint 1, 0x00000000004288b0 in __ubsan::ScopedReport::~ScopedReport() ()
(gdb) bt
#0  0x00000000004288b0 in __ubsan::ScopedReport::~ScopedReport() ()
#1  0x000000000042a4e6 in handleFloatCastOverflow(void*, unsigned long, __ubsan::ReportOptions) ()
#2  0x000000000042cd11 in __ubsan_handle_float_cast_overflow ()
#3  0x00000000011b6eaa in finish_block (p=0x7ffff7fc4040)
    at libavfilter/af_drmeter.c:106
#4  0x00000000011b4f03 in print_stats (ctx=<optimized out>)
    at libavfilter/af_drmeter.c:170
#5  uninit (ctx=0x93b4200) at libavfilter/af_drmeter.c:202
#6  0x00000000005ca203 in avfilter_free (filter=0x93b4200)
    at libavfilter/avfilter.c:771
#7  0x00000000005d61b8 in avfilter_graph_free (graph=0x93b1890)
    at libavfilter/avfiltergraph.c:126
#8  0x00000000004881bb in ffmpeg_cleanup (ret=0) at fftools/ffmpeg.c:494
#9  0x00000000004744d3 in exit_program (ret=0) at fftools/cmdutils.c:139
#10 0x0000000000487f5f in main (argc=<optimized out>, argv=<optimized out>)
    at fftools/ffmpeg.c:4901
(gdb) c
Continuing.
libavfilter/af_drmeter.c:189:38: runtime error: division by zero

Thread 1 "ffmpeg_g" hit Breakpoint 1, 0x00000000004288b0 in __ubsan::ScopedReport::~ScopedReport() ()
(gdb) q

Please confirm.
Thanks

Attachments (2)

PoC_1.rle (254 bytes ) - added by Suhwan 5 years ago.
poc1
PoC_2.mov (8.8 KB ) - added by Suhwan 5 years ago.
poc2

Download all attachments as: .zip

Change History (3)

by Suhwan, 5 years ago

Attachment: PoC_1.rle added

poc1

by Suhwan, 5 years ago

Attachment: PoC_2.mov added

poc2

comment:1 by Elon Musk, 3 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.