[FFmpeg-trac] #8193(undetermined:new): signed integer overflow in libavformat/yuv4mpegdec.c:329
FFmpeg
trac at avcodec.org
Sun Sep 22 19:27:17 EEST 2019
#8193: signed integer overflow in libavformat/yuv4mpegdec.c:329
-------------------------------------+-------------------------------------
Reporter: Suhwan | Type: defect
Status: new | Priority: normal
Component: | Version: git-
undetermined | master
Keywords: ubsan | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
There is a signed integer overflow in libavformat/yuv4mpegdec.c:329
{{{
libavformat/yuv4mpegdec.c:329:15: runtime error: signed integer overflow:
-230584300921369 * 152070 cannot be represented in type 'long'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavformat/yuv4mpegdec.c:329:15 in
331 if (avio_seek(s->pb, pos + s->internal->data_offset, SEEK_SET)
< 0)
(gdb) bt
#0 yuv4_read_seek (s=0x61b000000080, stream_index=<optimized out>,
pts=-230584300921369,
flags=<optimized out>) at libavformat/yuv4mpegdec.c:331
#1 0x00000000027b113f in seek_frame_internal (s=0x61b000000080,
stream_index=0,
timestamp=-230584300921369, flags=<optimized out>) at
libavformat/utils.c:2499
#2 av_seek_frame (s=0x61b000000080, stream_index=0,
timestamp=-230584300921369, flags=<optimized out>)
at libavformat/utils.c:2531
#3 0x00000000027b4ec9 in avformat_seek_file (s=0x61b000000080,
stream_index=-1,
min_ts=-9223372036854775808, ts=-9223372036854775808,
max_ts=-9223372036854775808,
flags=<optimized out>) at libavformat/utils.c:2583
#4 0x0000000000642dc6 in seek_to_start (ifile=0x611000000400,
is=0x61b000000080)
at fftools/ffmpeg.c:4198
#5 process_input (file_index=0) at fftools/ffmpeg.c:4288
#6 0x00000000005e71e8 in transcode_step () at fftools/ffmpeg.c:4638
#7 transcode () at fftools/ffmpeg.c:4692
#8 0x00000000005db6ec in main (argc=<optimized out>, argv=<optimized
out>) at fftools/ffmpeg.c:4894
}}}
How to reproduce:
{{{
% ./ffmpeg_g -t 1 -stream_loop 11 -y -i y4m_invalid_header_crash_small.y4m
-target svcd -loglevel 0 -map 0 -c copy -aframes 58 -ar 22050 -b:v 310k
tmp.wsaud
ffmpeg version N-94982-gea673a0edb Copyright (c) 2000-2019 the FFmpeg
developers
built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
--toolchain=clang-usan
}}}
Patches should be submitted to the ffmpeg-devel mailing list and not this
bug tracker.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8193>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list