[FFmpeg-trac] #7996(undetermined:new): Division by zero at libavcodec/lpc.h:155
FFmpeg
trac at avcodec.org
Thu Jul 4 11:07:34 EEST 2019
#7996: Division by zero at libavcodec/lpc.h:155
-------------------------------------+-------------------------------------
Reporter: Suhwan | Type: defect
Status: new | Priority: normal
Component: | Version: git-
undetermined | master
Keywords: ubsan asan | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
There's division by zero at libavcodec/lpc.h:155 and heap buffer overflow
at libavcodec/zmbvenc.c:97:30.
How to reproduce:
{{{
% ffmpeg_g -y -r 48 -i tmp.wmv -map 0 -c:s:4 zmbv -c:v zmbv
-disposition:a:19 fits -disposition:v:29 xwd -vframes 34 -ab 922k -ar
48000 -ac 3 -b:v 501k tmp_.mov
ffmpeg version : N-94163-g664a27ea40
built with clang version 9.0.0
}}}
{{{
135 static inline void compute_ref_coefs(const LPC_TYPE *autoc, int
max_order,
136 LPC_TYPE *ref, LPC_TYPE *error)
137 {
138 int i, j;
139 LPC_TYPE err;
140 LPC_TYPE gen0[MAX_LPC_ORDER], gen1[MAX_LPC_ORDER];
141
142 for (i = 0; i < max_order; i++)
143 gen0[i] = gen1[i] = autoc[i + 1];
144
145 err = autoc[0];
146 ref[0] = -gen1[0] / err;
147 err += gen1[0] * ref[0];
148 if (error)
149 error[0] = err;
150 for (i = 1; i < max_order; i++) {
151 for (j = 0; j < max_order - i; j++) {
152 gen1[j] = gen1[j + 1] + ref[i - 1] * gen0[j];
153 gen0[j] = gen1[j + 1] * ref[i - 1] + gen0[j];
154 }
155 ref[i] = -gen1[0] / err;
156 err += gen1[0] * ref[i];
157 if (error)
158 error[i] = err;
159 }
160 }
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/7996>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list