[FFmpeg-trac] #5150(avcodec:new): signed integer overflow in ff_h264_decode_mb_cabac()

FFmpeg trac at avcodec.org
Sat Jan 16 01:49:45 CET 2016 

#5150: signed integer overflow in ff_h264_decode_mb_cabac()
------------------------------------+-----------------------------------
             Reporter:  tsmith      |                    Owner:
                 Type:  defect      |                   Status:  new
             Priority:  normal      |                Component:  avcodec
              Version:  git-master  |               Resolution:
             Keywords:              |               Blocked By:
             Blocking:              |  Reproduced by developer:  0
Analyzed by developer:  0           |
------------------------------------+-----------------------------------

Comment (by tsmith):

 It seems this issue is triggered when calculating a value for 'const int
 index'.
 {{{const int index= 4*i + block_width*j;}}}

 Worst case this could lead to reading or writing from somewhere that was
 unintended. And in that case corrupted input or not it needs to be
 prevented to avoid potential attacks (assuming that it can access
 interesting data). On the other hand it may just turn out to be a blip in
 the output (which really doesn't matter if the input is corrupted to begin
 with). Also I'm not sure if this can be triggered by a valid file I just
 assume it can.

 The real issue here is that signed integer overflows are undefined in C
 (and C++). Since it is undefined this allows the compiler to make certain
 assumptions and optimization that can result in strange behavior. With
 signed integers it is not guaranteed that INT_MAX + 1 will result in
 INT_MIN.

 It is nice to have issues like this fixed from a bug hunting perspective
 but I understand there is more to it than that. If this truly is benign
 and not worth fixing (this also goes for similar overflows I have logged)
 then I will let you guys make the call here.

 Perhaps using '-fwrapv'[1] to make signed int overflows defined is an
 option?  This also makes them operate in the manner that most people
 assume. This may also prevent the use of some optimizations, decreasing
 performance and this is also bad, likely worse.

 [1]https://gcc.gnu.org/onlinedocs/gcc-4.0.2/gcc/Code-Gen-Options.html

--
Ticket URL: <https://trac.ffmpeg.org/ticket/5150#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list