[FFmpeg-trac] #8593(avformat:new): UBSan: signed integer overflow
FFmpeg
trac at avcodec.org
Tue Mar 31 19:12:37 EEST 2020
#8593: UBSan: signed integer overflow
-------------------------------------+-------------------------------------
Reporter: | Type: defect
andreafioraldi |
Status: new | Priority: normal
Component: avformat | Version: git-
| master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
This multiplication at line 593 of wavdec.c causes an overflow:
st->codecpar->block_align *= st->codecpar->channels;
How to reproduce:
{{{
% ffmpeg -i id:000157,sig:04,src:000055,time:3158020,op:MOpt_havoc,rep:128
out.mp3
ffmpeg version N-97118-gfa164bc50e Copyright (c) 2000-2020 the FFmpeg
developers
built with clang version 10.0.0
(git at github.com:andreafioraldi/ConstrainedMemorySanitizer.git
5b365c37a959d429121850f6d91ed160d4cdf76f)
configuration: --cc=clang-10 --cxx=clang++-10
libavutil 56. 42.102 / 56. 42.102
libavcodec 58. 77.101 / 58. 77.101
libavformat 58. 42.100 / 58. 42.100
libavdevice 58. 9.103 / 58. 9.103
libavfilter 7. 77.101 / 7. 77.101
libswscale 5. 6.101 / 5. 6.101
libswresample 3. 6.100 / 3. 6.100
libavformat/wavdec.c:593:35: runtime error: signed integer overflow: 65035
* 65281 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavformat/wavdec.c:593:35 in
[NULL @ 0x619000000580] Too many or invalid channels: 65281
[wav @ 0x61b000000080] Failed to open codec in avformat_find_stream_info
[NULL @ 0x619000000580] Too many or invalid channels: 65281
[wav @ 0x61b000000080] Packet corrupt (stream = 0, dts = NOPTS).
Input #0, wav, from
'output/a1/crashes/id:000157,sig:04,src:000055,time:3158020,op:MOpt_havoc,rep:128':
Duration: 00:00:00.98, bitrate: 48 kb/s
Stream #0:0: Audio: adpcm_ms ([2][0][0][0] / 0x0002), 11246 Hz, 65281
channels, 2936600 kb/s
Automatic encoder selection failed for output stream #0:0. Default encoder
for format mp3 (codec mp3) is probably disabled. Please choose an encoder
manually.
Error selecting an encoder for stream 0:0
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8593>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list