[FFmpeg-trac] #5134(avcodec:new): signed integer overflow in weight_h264_pixels4_9_c()
FFmpeg
trac at avcodec.org
Thu Jan 7 03:25:47 CET 2016
#5134: signed integer overflow in weight_h264_pixels4_9_c()
---------------------------------+--------------------------------------
Reporter: tsmith | Type: defect
Status: new | Priority: normal
Component: avcodec | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
---------------------------------+--------------------------------------
Summary of the bug:
UBSan: libavcodec/h264dsp_template.c:97:1: runtime error: signed integer
overflow: 256 * 2028513204 cannot be represented in type 'int'
How to reproduce:
{{{
% ffmpeg -f ivf -i <test_case> -f null -
ffmpeg version N-77718-g72673ad Copyright (c) 2000-2016 the FFmpeg
developers
built with Ubuntu clang version 3.7.1-svn253742-1~exp1
(branches/release_37) (based on LLVM 3.7.1)
configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib
--disable-logging --disable-ffprobe --disable-ffplay --disable-sdl
--disable-ffserver --disable-doc --disable-pthreads --disable-network
--disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-
vdpau --disable-stripping --disable-runtime-cpudetect --disable-
securetransport --disable-iconv
libavutil 55. 12.100 / 55. 12.100
libavcodec 57. 22.100 / 57. 22.100
libavformat 57. 21.101 / 57. 21.101
libavdevice 57. 0.100 / 57. 0.100
libavfilter 6. 23.100 / 6. 23.100
libswscale 4. 0.100 / 4. 0.100
libswresample 2. 0.101 / 2. 0.101
[NULL @ 0x619000005a80] [IMGUTILS @ 0x7fad85d45420] Picture size
44701x43729 is invalid
[ivf @ 0x61b00001f180] Failed to open codec in av_find_stream_info
[NULL @ 0x619000005a80] non-existing PPS 6 referenced
[h264 @ 0x619000005a80] Warning: not compiled with thread support, using
thread emulation
[h264 @ 0x619000005a80] Ignoring NAL 5 in global header/extradata
[h264 @ 0x619000005a80] sps_id 2 out of range
[h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata
[h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata
[h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata
[h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata
[h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata
[h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata
[h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata
[h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata
[h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata
Last message repeated 1 times
[h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata
[h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata
[h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata
[h264 @ 0x619000005a80] Ignoring NAL 1 in global header/extradata
[h264 @ 0x619000005a80] Ignoring NAL 3 in global header/extradata
[h264 @ 0x619000005a80] A non-intra slice in an IDR NAL unit.
[h264 @ 0x619000005a80] decode_slice_header error
[h264 @ 0x619000005a80] FMO not supported
[h264 @ 0x619000005a80] reference picture missing during reorder
[h264 @ 0x619000005a80] Missing reference picture, default is 0
Last message repeated 13 times
[h264 @ 0x619000005a80] chroma_log2_weight_denom 10 is out of range
[h264 @ 0x619000005a80] co located POCs unavailable
[h264 @ 0x619000005a80] data partitioning is not implemented. Update your
FFmpeg version to the newest one from Git. If the problem still occurs, it
means that your file has a feature which has not been implemented.
[h264 @ 0x619000005a80] If you want to help, upload a sample of this file
to ftp://upload.ffmpeg.org/incoming/ and contact the ffmpeg-devel mailing
list. (ffmpeg-devel at ffmpeg.org)
[h264 @ 0x619000005a80] Missing reference picture, default is 0
Last message repeated 12 times
[h264 @ 0x619000005a80] co located POCs unavailable
libavcodec/h264dsp_template.c:97:1: runtime error: signed integer
overflow: 256 * 2028513204 cannot be represented in type 'int'
#0 0x1084e6f in weight_h264_pixels4_9_c
/home/user/code/ffmpeg/libavcodec/h264dsp_template.c:97:1
#1 0xfdd79b in hl_motion_422_complex
/home/user/code/ffmpeg/libavcodec/h264_mc_template.c:93:9
#2 0xfdd79b in hl_decode_mb_complex
/home/user/code/ffmpeg/libavcodec/h264_mb_template.c:176
#3 0x105c5b0 in decode_slice
/home/user/code/ffmpeg/libavcodec/h264_slice.c:2381:17
#4 0x105ae54 in ff_h264_execute_decode_slices
/home/user/code/ffmpeg/libavcodec/h264_slice.c:2550:15
#5 0xf8ddc1 in decode_nal_units
/home/user/code/ffmpeg/libavcodec/h264.c:1647:23
#6 0xf95900 in h264_decode_frame
/home/user/code/ffmpeg/libavcodec/h264.c:1832:17
#7 0x1a3fc96 in avcodec_decode_video2
/home/user/code/ffmpeg/libavcodec/utils.c:2107:19
#8 0xc27c95 in try_decode_frame
/home/user/code/ffmpeg/libavformat/utils.c:2760:19
#9 0xc1f630 in avformat_find_stream_info
/home/user/code/ffmpeg/libavformat/utils.c:3412:9
#10 0x53c6cb in open_input_file
/home/user/code/ffmpeg/ffmpeg_opt.c:970:11
#11 0x53a94f in open_files /home/user/code/ffmpeg/ffmpeg_opt.c:2999:15
#12 0x53a11c in ffmpeg_parse_options
/home/user/code/ffmpeg/ffmpeg_opt.c:3036:11
#13 0x56f5ab in main /home/user/code/ffmpeg/ffmpeg.c:4292:11
#14 0x7fad88ab5ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu
/libc-start.c:287
#15 0x466445 in _start
(/home/user/Desktop/ffmpeg/ffmpeg_full+0x466445)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/5134>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list