[FFmpeg-trac] #4727(ffmpeg:new): Undefined behaviors in ffmpeg
FFmpeg
trac at avcodec.org
Mon Jul 20 01:34:05 CEST 2015
#4727: Undefined behaviors in ffmpeg
------------------------------------+--------------------------------------
Reporter: xiedingbao | Type: defect
Status: new | Priority: normal
Component: ffmpeg | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
------------------------------------+--------------------------------------
Summary of the bug:
found some undefined behaviors in ffmpeg
How to reproduce:
{{{
% ffmpeg -i input -y test.avi[]
ffmpeg version git master
built on clang-3.4 with flag -fsanitize=undefined
}}}
You can download the malformed inputs from
[https://www.dropbox.com/s/yfflpbb07jz3eh0/inputs.tar.gz?dl=0]
{{{
libavcodec/mpegvideo_enc.c:142:21: runtime error: left shift of negative
value -64
libavcodec/h264.c:259:17: runtime error: load of misaligned address
0x000008ec0929 for type 'const uint64_t' (aka 'const unsigned long'),
which requires 8 byte alignment
libavcodec/h264.c:258:17: runtime error: member access within misaligned
address 0x000008ec0929 for type 'const av_alias64', which requires 8 byte
alignment
libavcodec/h264_slice.c:533:54: runtime error: index -2011593 out of
bounds for type 'uint32_t [88][16]'
libavcodec/h264_slice.c:537:54: runtime error: index -503031 out of bounds
for type 'uint32_t [88][64]'
libavcodec/golomb.h:75:13: runtime error: shift exponent -1 is negative
libavcodec/h264_slice.c:2017:61: runtime error: index -1 out of bounds for
type 'int [64]'
libavcodec/h264_slice.c:2018:38: runtime error: index -1 out of bounds for
type 'int [64]'
libavcodec/h264_slice.c:1989:38: runtime error: index -1 out of bounds for
type 'int [64]'
libavcodec/cabac_functions.h:70:13: runtime error: left shift of negative
value -921043036
/slibavformat/dump.c:423:37: runtime error: signed integer overflow: 48 *
2139225729 cannot be represented in type 'int'
libavformat/dump.c:424:37: runtime error: signed integer overflow: 144 *
16712191 cannot be represented in type 'int'
^
libavcodec/h264_cavlc.c:586:54: runtime error: index -1 out of bounds for
type 'VLC [15]'
libavcodec/h264_cavlc.c:627:9: runtime error: index -1 out of bounds for
type 'VLC [6]'
libavcodec/h264_cavlc.c:580:69: runtime error: index -1 out of bounds for
type 'VLC [3]'
libavcodec/cabac_functions.h:70:13: runtime error: left shift of negative
value -1842012160
./libavutil/rational.h:81:18: runtime error: division by zero
./libavutil/rational.h:81:18: runtime error: division by zero
libavformat/mov.c:2442:25: runtime error: negation of -2147483648 cannot
be represented in type 'int'; cast to an unsigned type to negate this
value to itself
libavformat/mov.c:2482:13: runtime error: negation of -2147483648 cannot
be represented in type 'int'; cast to an unsigned type to negate this
value to itself
libavcodec/ac3enc.c:1186:14: runtime error: left shift of negative value
-9
libavcodec/h264_slice.c:537:54: runtime error: index -489998 out of bounds
for type 'uint32_t [88][64]'
libavcodec/h264_cavlc.c:627:9: runtime error: index -1 out of bounds for
type 'VLC [6]'
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/4727>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list