[FFmpeg-devel] [PATCH] Fix signed integer overflows

Michael Niedermayer michael at niedermayer.cc
Sun Aug 20 02:50:22 EEST 2017 

On Thu, Aug 17, 2017 at 11:14:47PM -0700, Vitaly Buka wrote:
> Signed integer overflow is undefined behavior.
> Detected with clang and -fsanitize=signed-integer-overflow
> 
> Signed-off-by: Vitaly Buka <vitalybuka at google.com>
> ---
>  libavcodec/utils.c    | 2 +-
>  libavformat/aviobuf.c | 4 +++-
>  libavformat/mov.c     | 2 +-
>  3 files changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/libavcodec/utils.c b/libavcodec/utils.c
> index 1336e921c9..024dc1f3e2 100644
> --- a/libavcodec/utils.c
> +++ b/libavcodec/utils.c
> @@ -971,7 +971,7 @@ FF_ENABLE_DEPRECATION_WARNINGS
>          }
>  
>          if (!avctx->rc_initial_buffer_occupancy)
> -            avctx->rc_initial_buffer_occupancy = avctx->rc_buffer_size * 3 / 4;
> +            avctx->rc_initial_buffer_occupancy = avctx->rc_buffer_size * 3ll / 4;
>  
>          if (avctx->ticks_per_frame && avctx->time_base.num &&
>              avctx->ticks_per_frame > INT_MAX / avctx->time_base.num) {
> diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
> index 7f4e740a33..319a402faf 100644
> --- a/libavformat/aviobuf.c
> +++ b/libavformat/aviobuf.c
> @@ -259,7 +259,9 @@ int64_t avio_seek(AVIOContext *s, int64_t offset, int whence)
>          offset1 = pos + (s->buf_ptr - s->buffer);
>          if (offset == 0)
>              return offset1;
> -        offset += offset1;
> +        // Use unsigned type to avoid undefined behavior of singed overflow.
> +        // Code below will report error on overflow anyway.
> +        offset += (uint64_t)offset1;

instead of 2 lines of comments why not add a if() that checks for
the specififc case and error out instead of the cast?

The code from the patch depends on the input being limited range
and being followed by a check. If either changes then the cast to
uin64_t would silently give something wrong


[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Asymptotically faster algorithms should always be preferred if you have
asymptotical amounts of data
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170820/578ecdb4/attachment.sig>

More information about the ffmpeg-devel mailing list