[FFmpeg-trac] #3152(avcodec:new): Pointer overflow in libavcodec/mpegvideo.c
FFmpeg
trac at avcodec.org
Wed Nov 20 00:21:23 CET 2013
#3152: Pointer overflow in libavcodec/mpegvideo.c
------------------------------------+-----------------------------------
Reporter: dtzWill | Owner:
Type: defect | Status: new
Priority: normal | Component: avcodec
Version: git-master | Resolution:
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
------------------------------------+-----------------------------------
Comment (by dtzWill):
No guarantee the operation won't eat your cat, unfortunately (undefined,
not implementation-defined). Note that indexing from NULL even in the
positive direction is also undefined despite not overflowing.
Unfortunately this is not purely an academic concern, compilers have been
known to take advantage of the assumption that pointer overflow cannot
occur (although I'm unsure of what optimization might be made here).
As an aside it looks like ff_update_block_index wraps s->dest[0] around
again, in case that's useful for devising a solution.
Hopefully these checks make it into -fsanitize=undefined soon to
facilitate finding and correcting these issues!
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/3152#comment:4>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list