[FFmpeg-trac] #8306(undetermined:new): left shift of negative value at libavcodec/adpcm.c

FFmpeg trac at avcodec.org
Fri Oct 18 16:27:02 EEST 2019 

#8306: left shift of negative value at libavcodec/adpcm.c
-------------------------------------+-------------------------------------
             Reporter:  Suhwan       |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:  git-
  undetermined                       |  master
             Keywords:  ubsan        |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the bug:
 There are two left shift of negative value at libavcodec/adpcm.c
 I compiled ffmpeg with "--toolchain=clang-usan" to check the undefined-
 behaviours and attached log file.
 How to reproduce:
 {{{
 % ffmpeg_g -t 3 -y -i $PoC tmp.mxf

 ffmpeg version N-95446-gfddef964e8 Copyright (c) 2000-2019 the FFmpeg
 developers
 built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
 configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
 --toolchain=clang-usan
 }}}

 Here's UBSAN log

 {{{
 libavcodec/adpcm.c:1726:46: runtime error: left shift of negative value -1

 Breakpoint 1, 0x00000000004288b0 in __ubsan::ScopedReport::~ScopedReport()
 ()
 (gdb) bt
 #0  0x00000000004288b0 in __ubsan::ScopedReport::~ScopedReport() ()
 #1  0x000000000042a9a0 in
 handleShiftOutOfBoundsImpl(__ubsan::ShiftOutOfBoundsData*, unsigned long,
 unsigned long, __ubsan::ReportOptions) ()
 #2  0x000000000042cb41 in __ubsan_handle_shift_out_of_bounds ()
 #3  0x00000000044fce13 in adpcm_decode_frame (avctx=0x93b6840, data=0x0,
     got_frame_ptr=0x7fffffffc568, avpkt=0x93b9b00) at
 libavcodec/adpcm.c:1726
 #4  0x0000000001e104c6 in decode_simple_internal (avctx=0x93b6840,
     frame=<optimized out>) at libavcodec/decode.c:432
 #5  0x0000000001dfccc5 in decode_simple_receive_frame (avctx=<optimized
 out>,
     frame=<optimized out>) at libavcodec/decode.c:628
 #6  decode_receive_frame_internal (avctx=0x93b6840, frame=0x93c2b40)
     at libavcodec/decode.c:646
 #7  0x0000000001dfc783 in avcodec_send_packet (avctx=0x93b6840,
     avpkt=<optimized out>) at libavcodec/decode.c:704
 #8  0x000000000049a167 in decode (avctx=<optimized out>, frame=0x93c30c0,
     pkt=<optimized out>, got_frame=<optimized out>) at
 fftools/ffmpeg.c:2230
 #9  decode_audio (ist=<optimized out>, pkt=0x7fffffffc8e0,
     got_output=<optimized out>, decode_failed=<optimized out>)
     at fftools/ffmpeg.c:2287
 #10 process_input_packet (ist=<optimized out>, pkt=0x7fffffffca30,
 no_eof=0)
     at fftools/ffmpeg.c:2609
 #11 0x00000000004bf110 in process_input (file_index=<optimized out>)
     at fftools/ffmpeg.c:4508
 #12 0x000000000048d60b in transcode_step () at fftools/ffmpeg.c:4628
 #13 transcode () at fftools/ffmpeg.c:4682
 #14 0x0000000000487dc4 in main (argc=7, argv=<optimized out>)
     at fftools/ffmpeg.c:4884
 (gdb) c
 Continuing.
 libavcodec/adpcm.c:1726:72: runtime error: left shift of negative value -1

 Breakpoint 1, 0x00000000004288b0 in __ubsan::ScopedReport::~ScopedReport()
 ()
 (gdb) bt
 #0  0x00000000004288b0 in __ubsan::ScopedReport::~ScopedReport() ()
 #1  0x000000000042a9a0 in
 handleShiftOutOfBoundsImpl(__ubsan::ShiftOutOfBoundsData*, unsigned long,
 unsigned long, __ubsan::ReportOptions) ()
 #2  0x000000000042cb41 in __ubsan_handle_shift_out_of_bounds ()
 #3  0x00000000044fce6d in adpcm_decode_frame (avctx=0x93b6840, data=0x0,
     got_frame_ptr=0x7fffffffc568, avpkt=0x93b9b00) at
 libavcodec/adpcm.c:1726
 #4  0x0000000001e104c6 in decode_simple_internal (avctx=0x93b6840,
     frame=<optimized out>) at libavcodec/decode.c:432
 #5  0x0000000001dfccc5 in decode_simple_receive_frame (avctx=<optimized
 out>,
     frame=<optimized out>) at libavcodec/decode.c:628
 #6  decode_receive_frame_internal (avctx=0x93b6840, frame=0x93c2b40)
     at libavcodec/decode.c:646
 #7  0x0000000001dfc783 in avcodec_send_packet (avctx=0x93b6840,
     avpkt=<optimized out>) at libavcodec/decode.c:704
 #8  0x000000000049a167 in decode (avctx=<optimized out>, frame=0x93c30c0,
     pkt=<optimized out>, got_frame=<optimized out>) at
 fftools/ffmpeg.c:2230
 #9  decode_audio (ist=<optimized out>, pkt=0x7fffffffc8e0,
     got_output=<optimized out>, decode_failed=<optimized out>)
     at fftools/ffmpeg.c:2287
 #10 process_input_packet (ist=<optimized out>, pkt=0x7fffffffca30,
 no_eof=0)
     at fftools/ffmpeg.c:2609
 #11 0x00000000004bf110 in process_input (file_index=<optimized out>)
     at fftools/ffmpeg.c:4508
 #12 0x000000000048d60b in transcode_step () at fftools/ffmpeg.c:4628
 #13 transcode () at fftools/ffmpeg.c:4682
 #14 0x0000000000487dc4 in main (argc=7, argv=<optimized out>)
     at fftools/ffmpeg.c:4884

 }}}
 Please confirm.
 Thanks

--
Ticket URL: <https://trac.ffmpeg.org/ticket/8306>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list