[FFmpeg-trac] #3152(avcodec:new): Pointer overflow in libavcodec/mpegvideo.c

FFmpeg trac at avcodec.org
Wed Nov 20 00:21:23 CET 2013

#3152: Pointer overflow in libavcodec/mpegvideo.c
             Reporter:  dtzWill     |                    Owner:
                 Type:  defect      |                   Status:  new
             Priority:  normal      |                Component:  avcodec
              Version:  git-master  |               Resolution:
             Keywords:              |               Blocked By:
             Blocking:              |  Reproduced by developer:  0
Analyzed by developer:  0           |

Comment (by dtzWill):

 No guarantee the operation won't eat your cat, unfortunately (undefined,
 not implementation-defined).  Note that indexing from NULL even in the
 positive direction is also undefined despite not overflowing.

 Unfortunately this is not purely an academic concern, compilers have been
 known to take advantage of the assumption that pointer overflow cannot
 occur (although I'm unsure of what optimization might be made here).

 As an aside it looks like ff_update_block_index wraps s->dest[0] around
 again, in case that's useful for devising a solution.

 Hopefully these checks make it into -fsanitize=undefined soon to
 facilitate finding and correcting these issues!

Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/3152#comment:4>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list