Opened 9 years ago
Closed 5 years ago
#5134 closed defect (needs_more_info)
signed integer overflow in weight_h264_pixels4_9_c()
Reported by: | tsmith | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | avcodec |
Version: | git-master | Keywords: | h264 ubsan |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the bug:
UBSan: libavcodec/h264dsp_template.c:97:1: runtime error: signed integer overflow: 256 * 2028513204 cannot be represented in type 'int'
How to reproduce:
% ffmpeg -f ivf -i <test_case> -f null - ffmpeg version N-77718-g72673ad Copyright (c) 2000-2016 the FFmpeg developers built with Ubuntu clang version 3.7.1-svn253742-1~exp1 (branches/release_37) (based on LLVM 3.7.1) configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl --disable-ffserver --disable-doc --disable-pthreads --disable-network --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-vdpau --disable-stripping --disable-runtime-cpudetect --disable-securetransport --disable-iconv libavutil 55. 12.100 / 55. 12.100 libavcodec 57. 22.100 / 57. 22.100 libavformat 57. 21.101 / 57. 21.101 libavdevice 57. 0.100 / 57. 0.100 libavfilter 6. 23.100 / 6. 23.100 libswscale 4. 0.100 / 4. 0.100 libswresample 2. 0.101 / 2. 0.101 [NULL @ 0x619000005a80] [IMGUTILS @ 0x7fad85d45420] Picture size 44701x43729 is invalid [ivf @ 0x61b00001f180] Failed to open codec in av_find_stream_info [NULL @ 0x619000005a80] non-existing PPS 6 referenced [h264 @ 0x619000005a80] Warning: not compiled with thread support, using thread emulation [h264 @ 0x619000005a80] Ignoring NAL 5 in global header/extradata [h264 @ 0x619000005a80] sps_id 2 out of range [h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata [h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata [h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata [h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata [h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata [h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata [h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata [h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata [h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata Last message repeated 1 times [h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata [h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata [h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata [h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata [h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata [h264 @ 0x619000005a80] A non-intra slice in an IDR NAL unit. [h264 @ 0x619000005a80] decode_slice_header error [h264 @ 0x619000005a80] FMO not supported [h264 @ 0x619000005a80] reference picture missing during reorder [h264 @ 0x619000005a80] Missing reference picture, default is 0 Last message repeated 13 times [h264 @ 0x619000005a80] chroma_log2_weight_denom 10 is out of range [h264 @ 0x619000005a80] co located POCs unavailable [h264 @ 0x619000005a80] data partitioning is not implemented. Update your FFmpeg version to the newest one from Git. If the problem still occurs, it means that your file has a feature which has not been implemented. [h264 @ 0x619000005a80] If you want to help, upload a sample of this file to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing list. (ffmpeg-devel@ffmpeg.org) [h264 @ 0x619000005a80] Missing reference picture, default is 0 Last message repeated 12 times [h264 @ 0x619000005a80] co located POCs unavailable libavcodec/h264dsp_template.c:97:1: runtime error: signed integer overflow: 256 * 2028513204 cannot be represented in type 'int' #0 0x1084e6f in weight_h264_pixels4_9_c /home/user/code/ffmpeg/libavcodec/h264dsp_template.c:97:1 #1 0xfdd79b in hl_motion_422_complex /home/user/code/ffmpeg/libavcodec/h264_mc_template.c:93:9 #2 0xfdd79b in hl_decode_mb_complex /home/user/code/ffmpeg/libavcodec/h264_mb_template.c:176 #3 0x105c5b0 in decode_slice /home/user/code/ffmpeg/libavcodec/h264_slice.c:2381:17 #4 0x105ae54 in ff_h264_execute_decode_slices /home/user/code/ffmpeg/libavcodec/h264_slice.c:2550:15 #5 0xf8ddc1 in decode_nal_units /home/user/code/ffmpeg/libavcodec/h264.c:1647:23 #6 0xf95900 in h264_decode_frame /home/user/code/ffmpeg/libavcodec/h264.c:1832:17 #7 0x1a3fc96 in avcodec_decode_video2 /home/user/code/ffmpeg/libavcodec/utils.c:2107:19 #8 0xc27c95 in try_decode_frame /home/user/code/ffmpeg/libavformat/utils.c:2760:19 #9 0xc1f630 in avformat_find_stream_info /home/user/code/ffmpeg/libavformat/utils.c:3412:9 #10 0x53c6cb in open_input_file /home/user/code/ffmpeg/ffmpeg_opt.c:970:11 #11 0x53a94f in open_files /home/user/code/ffmpeg/ffmpeg_opt.c:2999:15 #12 0x53a11c in ffmpeg_parse_options /home/user/code/ffmpeg/ffmpeg_opt.c:3036:11 #13 0x56f5ab in main /home/user/code/ffmpeg/ffmpeg.c:4292:11 #14 0x7fad88ab5ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #15 0x466445 in _start (/home/user/Desktop/ffmpeg/ffmpeg_full+0x466445)
Attachments (1)
Change History (4)
by , 9 years ago
Attachment: | test_case.ivf added |
---|
comment:1 by , 8 years ago
Keywords: | h264 ubsan added |
---|
comment:2 by , 5 years ago
I suggest to close this and other non reproducible integer anomalies. Many issues have and are being fixed from various fuzzers like oss-fuzz so theres no gurantee an issue is still there. Also oss-fuzz similarly automatically closes issues which do not reproduce.
If the issue is still there someone or some fuzzer will find a testcase again.
comment:3 by , 5 years ago
Resolution: | → needs_more_info |
---|---|
Status: | new → closed |
Needs a reproducible testcase
Note:
See TracTickets
for help on using tickets.
Not reproducible since 772ad714, I guess the underlying issue still exists.