[FFmpeg-trac] #7980(avcodec:new): heap-buffer-overflow at ffmpeg/libavcodec/zmbvenc.c:97:30 in block_cmp by null pointer or undefined-behavior libavformat/nutenc.c:794:27

FFmpeg trac at avcodec.org
Mon Jul 1 02:48:59 EEST 2019 

#7980: heap-buffer-overflow at ffmpeg/libavcodec/zmbvenc.c:97:30 in block_cmp by
null pointer or undefined-behavior libavformat/nutenc.c:794:27
------------------------------------+-----------------------------------
             Reporter:  Suhwan      |                    Owner:
                 Type:  defect      |                   Status:  new
             Priority:  important   |                Component:  avcodec
              Version:  git-master  |               Resolution:
             Keywords:  zmbv ubsan  |               Blocked By:
             Blocking:              |  Reproduced by developer:  0
Analyzed by developer:  0           |
------------------------------------+-----------------------------------
Changes (by cehoyos):

 * keywords:  Heap buffer overflow, ASAN, Null pointer, avformat, avcodec =>
     zmbv ubsan
 * priority:  critical => important
 * component:  ffmpeg => avcodec


Comment:

 I only see the following error, patch sent:
 {{{
 $ ffmpeg_g -i tmp.webm -c:v zmbv -f null -
 ffmpeg version N-94142-g3b2082c663 Copyright (c) 2000-2019 the FFmpeg
 developers
   built with clang version 8.0.0 (tags/RELEASE_800/final 356365)
   configuration: --enable-gpl --toolchain=clang-usan
   libavutil      56. 30.100 / 56. 30.100
   libavcodec     58. 53.100 / 58. 53.100
   libavformat    58. 28.101 / 58. 28.101
   libavdevice    58.  7.100 / 58.  7.100
   libavfilter     7. 55.100 /  7. 55.100
   libswscale      5.  4.101 /  5.  4.101
   libswresample   3.  4.100 /  3.  4.100
   libpostproc    55.  4.100 / 55.  4.100
 Input #0, matroska,webm, from 'tmp.webm':
   Metadata:
     encoder         : Lavf53.17.0
   Duration: 00:00:05.57, start: 0.000000, bitrate: 329 kb/s
     Stream #0:0: Video: vp8, yuv420p(progressive), 560x320, SAR 1:1 DAR
 7:4, 30 fps, 30 tbr, 1k tbn, 1k tbc (default)
     Stream #0:1(eng): Audio: vorbis, 48000 Hz, mono, fltp (default)
 Stream mapping:
   Stream #0:0 -> #0:0 (vp8 (native) -> zmbv (native))
   Stream #0:1 -> #0:1 (vorbis (native) -> pcm_s16le (native))
 Press [q] to stop, [?] for help
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf58.28.101
     Stream #0:0: Video: zmbv, bgr0, 560x320 [SAR 1:1 DAR 7:4], q=2-31, 200
 kb/s, 30 fps, 30 tbn, 30 tbc (default)
     Metadata:
       encoder         : Lavc58.53.100 zmbv
     Stream #0:1(eng): Audio: pcm_s16le, 48000 Hz, mono, s16, 768 kb/s
 (default)
     Metadata:
       encoder         : Lavc58.53.100 pcm_s16le
 src/libavcodec/zmbvenc.c:243:29: runtime error: left shift of negative
 value -4
 src/libavcodec/zmbvenc.c:244:28: runtime error: left shift of negative
 value -2
 [matroska,webm @ 0x9884740] Element at 0x38041 ending at 0x3804f exceeds
 containing master element ending at 0x38035
 frame=  166 fps=3.4 q=-0.0 Lsize=N/A time=00:00:05.58 bitrate=N/A
 speed=0.113x
 video:12130kB audio:522kB subtitle:0kB other streams:0kB global
 headers:0kB muxing overhead: unknown
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/7980#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list