[FFmpeg-trac] #5136(avformat:new): signed integer overflow in update_initial_timestamps()

FFmpeg trac at avcodec.org
Thu Jan 7 03:34:44 CET 2016


#5136: signed integer overflow in update_initial_timestamps()
----------------------------------+--------------------------------------
             Reporter:  tsmith    |                     Type:  defect
               Status:  new       |                 Priority:  normal
            Component:  avformat  |                  Version:  git-master
             Keywords:            |               Blocked By:
             Blocking:            |  Reproduced by developer:  0
Analyzed by developer:  0         |
----------------------------------+--------------------------------------
 Summary of the bug:
 UBSan: libavformat/utils.c:925:40: runtime error: signed integer overflow:
 -9223372036854775806 - 9223090561878065151 cannot be represented in type
 'long long'

 How to reproduce:
 {{{
 % ffmpeg -f ivf -i <test_case> -f null -
 ffmpeg version N-77718-g72673ad Copyright (c) 2000-2016 the FFmpeg
 developers
   built with Ubuntu clang version 3.7.1-svn253742-1~exp1
 (branches/release_37) (based on LLVM 3.7.1)
   configuration: --cc=clang --cxx=clang++ --disable-libxcb --disable-xlib
 --disable-logging --disable-ffprobe --disable-ffplay --disable-sdl
 --disable-ffserver --disable-doc --disable-pthreads --disable-network
 --disable-d3d11va --disable-dxva2 --disable-vaapi --disable-vda --disable-
 vdpau --disable-stripping --disable-runtime-cpudetect --disable-
 securetransport --disable-iconv
   libavutil      55. 12.100 / 55. 12.100
   libavcodec     57. 22.100 / 57. 22.100
   libavformat    57. 21.101 / 57. 21.101
   libavdevice    57.  0.100 / 57.  0.100
   libavfilter     6. 23.100 /  6. 23.100
   libswscale      4.  0.100 /  4.  0.100
   libswresample   2.  0.101 /  2.  0.101
 [vp9 @ 0x619000005a80] Warning: not compiled with thread support, using
 thread emulation
 [vp9 @ 0x619000005a80] Invalid compressed header size
 Truncating packet of size 1347813408 to 4
 libavformat/utils.c:925:40: runtime error: signed integer overflow:
 -9223372036854775806 - 9223090561878065151 cannot be represented in type
 'long long'
     #0 0xc368ef in update_initial_timestamps
 /home/user/code/ffmpeg/libavformat/utils.c:925:40
     #1 0xc3440b in compute_pkt_fields
 /home/user/code/ffmpeg/libavformat/utils.c:1163:13
     #2 0xc31ef6 in parse_packet
 /home/user/code/ffmpeg/libavformat/utils.c:1291:9
     #3 0xc11bed in read_frame_internal
 /home/user/code/ffmpeg/libavformat/utils.c:1406:24
     #4 0xc1e563 in avformat_find_stream_info
 /home/user/code/ffmpeg/libavformat/utils.c:3293:15
     #5 0x53c6cb in open_input_file
 /home/user/code/ffmpeg/ffmpeg_opt.c:970:11
     #6 0x53a94f in open_files /home/user/code/ffmpeg/ffmpeg_opt.c:2999:15
     #7 0x53a11c in ffmpeg_parse_options
 /home/user/code/ffmpeg/ffmpeg_opt.c:3036:11
     #8 0x56f5ab in main /home/user/code/ffmpeg/ffmpeg.c:4292:11
     #9 0x7fac101c9ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu
 /libc-start.c:287
     #10 0x466445 in _start
 (/home/user/Desktop/ffmpeg/ffmpeg_full+0x466445)
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/5136>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list