Opened 5 years ago
Closed 5 years ago
#8193 closed defect (fixed)
signed integer overflow in libavformat/yuv4mpegdec.c:329
Reported by: | Suhwan | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | avformat |
Version: | git-master | Keywords: | yuv4mpeg ubsan |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the bug:
There is a signed integer overflow in libavformat/yuv4mpegdec.c:329
libavformat/yuv4mpegdec.c:329:15: runtime error: signed integer overflow: -230584300921369 * 152070 cannot be represented in type 'long' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavformat/yuv4mpegdec.c:329:15 in 331 if (avio_seek(s->pb, pos + s->internal->data_offset, SEEK_SET) < 0) (gdb) bt #0 yuv4_read_seek (s=0x61b000000080, stream_index=<optimized out>, pts=-230584300921369, flags=<optimized out>) at libavformat/yuv4mpegdec.c:331 #1 0x00000000027b113f in seek_frame_internal (s=0x61b000000080, stream_index=0, timestamp=-230584300921369, flags=<optimized out>) at libavformat/utils.c:2499 #2 av_seek_frame (s=0x61b000000080, stream_index=0, timestamp=-230584300921369, flags=<optimized out>) at libavformat/utils.c:2531 #3 0x00000000027b4ec9 in avformat_seek_file (s=0x61b000000080, stream_index=-1, min_ts=-9223372036854775808, ts=-9223372036854775808, max_ts=-9223372036854775808, flags=<optimized out>) at libavformat/utils.c:2583 #4 0x0000000000642dc6 in seek_to_start (ifile=0x611000000400, is=0x61b000000080) at fftools/ffmpeg.c:4198 #5 process_input (file_index=0) at fftools/ffmpeg.c:4288 #6 0x00000000005e71e8 in transcode_step () at fftools/ffmpeg.c:4638 #7 transcode () at fftools/ffmpeg.c:4692 #8 0x00000000005db6ec in main (argc=<optimized out>, argv=<optimized out>) at fftools/ffmpeg.c:4894
How to reproduce:
% ./ffmpeg_g -t 1 -stream_loop 11 -y -i y4m_invalid_header_crash_small.y4m -target svcd -loglevel 0 -map 0 -c copy -aframes 58 -ar 22050 -b:v 310k tmp.wsaud ffmpeg version N-94982-gea673a0edb Copyright (c) 2000-2019 the FFmpeg developers built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final) configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain=clang-usan
Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.
Attachments (2)
Change History (3)
by , 5 years ago
by , 5 years ago
Attachment: | y4m_invalid_header_crash_small.y4m added |
---|
comment:1 by , 5 years ago
Component: | undetermined → avformat |
---|---|
Keywords: | yuv4mpeg added |
Resolution: | → fixed |
Status: | new → closed |
Should be fixed by Paul in 05a2ce93265442285b2838530ba5bb5702cd18b1
Note:
See TracTickets
for help on using tickets.
poc