[FFmpeg-trac] #7992(undetermined:new): undefined-behavior at libavcodec/zmbvenc.c:243, 244
FFmpeg
trac at avcodec.org
Thu Jul 4 09:00:10 EEST 2019
#7992: undefined-behavior at libavcodec/zmbvenc.c:243, 244
-------------------------------------+-------------------------------------
Reporter: Suhwan | Type: defect
Status: new | Priority: normal
Component: | Version: git-
undetermined | master
Keywords: ubsan | Blocked By:
avcodec |
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
There's an undefined-behavior at libavcodec/zmbvenc.c:243.
How to reproduce:
{{{
% ffmpeg_g -y -r 80 -i tmp.mp4 -map 0 -c:v zmbv -c:v:64 rawvideo
-disposition:v:66 mlp -disposition:v:126 nellymoser -vframes 7 -r 7 -ar
22050 -ac 3 -level 40 tmp_.afc
ffmpeg version : N-94163-g664a27ea40
built with clang version 9.0.0
}}}
Here' the code line.
left shift of negative value on 243, 244 line
{{{
233 /* for now just XOR'ing */
234 for(y = 0; y < avctx->height; y += ZMBV_BLOCK) {
235 bh2 = FFMIN(avctx->height - y, ZMBV_BLOCK);
236 for(x = 0; x < avctx->width; x += ZMBV_BLOCK, mv += 2) {
237 bw2 = FFMIN(avctx->width - x, ZMBV_BLOCK);
238
239 tsrc = src + x * c->bypp;
240 tprev = prev + x * c->bypp;
241
242 zmbv_me(c, tsrc, p->linesize[0], tprev, c->pstride, x,
y, &mx, &my, &xored);
243 mv[0] = (mx << 1) | !!xored;
244 mv[1] = my << 1;
245 tprev += mx * c->bypp + my * c->pstride;
246 if(xored){
247 for(j = 0; j < bh2; j++){
248 for(i = 0; i < bw2 * c->bypp; i++)
249 c->work_buf[work_size++] = tsrc[i] ^
tprev[i];
250 tsrc += p->linesize[0];
251 tprev += c->pstride;
252 }
253 }
254 }
255 src += p->linesize[0] * ZMBV_BLOCK;
256 prev += c->pstride * ZMBV_BLOCK;
257 }
}}}
Patches should be submitted to the ffmpeg-devel mailing list and not this
bug tracker.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/7992>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list