Opened 6 years ago

Closed 5 years ago

#7979 closed defect (fixed)

Division by zero bug from libavformat/rawenc.c:70:50

Reported by: Suhwan Owned by:
Priority: important Component: undetermined
Version: git-master Keywords: crash fpe
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:
There's a division by zero bug in libavformat/rawenc.c:70.

How to reproduce:

run following cmd with tmp.avi file:
% ffmpeg_g  -y -i tmp.avi -map 0 -c:a:104 utvideo -c:v magicyuv -disposition:a g722 -disposition:s:8 pam -vframes 0 -aframes 25 -ar 22050 -ac 5 tmp_.adx

ffmpeg version : N-94137-g89b96900fa Copyright (c) 2000-2019 the FFmpeg developers

built with clang-9, clang-asan option.

Attachments (2)

gdb_log (6.4 KB ) - added by Suhwan 6 years ago.
tmp.avi (282.5 KB ) - added by Suhwan 6 years ago.

Download all attachments as: .zip

Change History (6)

by Suhwan, 6 years ago

Attachment: gdb_log added

by Suhwan, 6 years ago

Attachment: tmp.avi added

comment:1 by Carl Eugen Hoyos, 6 years ago

Component: ffmpegundetermined
Keywords: crash fpe added; Division by Zero ASAN FFMpeg avformat removed
Reproduced by developer: set

Possible patch sent.

comment:2 by Carl Eugen Hoyos, 6 years ago

$ ffmpeg -f lavfi -i testsrc=d=1 -c:v mpeg4 -map 0 -f adx -y /dev/null 
ffmpeg version N-94142-g3b2082c663 Copyright (c) 2000-2019 the FFmpeg developers
  built with gcc 9 (SUSE Linux)
  configuration: --enable-gpl
  libavutil      56. 30.100 / 56. 30.100
  libavcodec     58. 53.100 / 58. 53.100
  libavformat    58. 28.101 / 58. 28.101
  libavdevice    58.  7.100 / 58.  7.100
  libavfilter     7. 55.100 /  7. 55.100
  libswscale      5.  4.101 /  5.  4.101
  libswresample   3.  4.100 /  3.  4.100
  libpostproc    55.  4.100 / 55.  4.100
Input #0, lavfi, from 'testsrc=d=1':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: rawvideo (RGB[24] / 0x18424752), rgb24, 320x240 [SAR 1:1 DAR 4:3], 25 tbr, 25 tbn, 25 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (rawvideo (native) -> mpeg4 (native))
Press [q] to stop, [?] for help
Output #0, adx, to '/dev/null':
  Metadata:
    encoder         : Lavf58.28.101
    Stream #0:0: Video: mpeg4, yuv420p, 320x240 [SAR 1:1 DAR 4:3], q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
    Metadata:
      encoder         : Lavc58.53.100 mpeg4
    Side data:
      cpb: bitrate max/min/avg: 0/0/200000 buffer size: 0 vbv_delay: -1
[Parsed_testsrc_0 @ 0x24a9780] EOF timestamp not reliable
Floating point exception (core dumped)

comment:3 by Kamalalochana Subbaiah, 5 years ago

Please confirm if version 4.0.0 of ffmpeg is affected by the above described vulnerability?

comment:4 by James, 5 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.