[FFmpeg-trac] #7997(undetermined:new): undefined-behavior at libavcodec/proresenc_anatoliy.c
FFmpeg
trac at avcodec.org
Thu Jul 4 11:31:09 EEST 2019
#7997: undefined-behavior at libavcodec/proresenc_anatoliy.c
-------------------------------------+-------------------------------------
Reporter: Suhwan | Type: defect
Status: new | Priority: normal
Component: | Version: git-
undetermined | master
Keywords: ubsan | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
There's am undefined-behavior at libavcodec/proresenc_anatoliy.c:250:12
How to reproduce:
{{{
% ffmpeg_g -y -r 8 -i tmp.avi -map 0 -c:v snow -c:v prores_aw
-disposition:a:79 prores_aw -disposition:a ffv1 -vframes 42 -aframes 83 -r
9 -level 3 -b:v 507k tmp_.adx
ffmpeg version : N-94163-g664a27ea40
built with clang version 9.0.0
}}}
negative value "prev_dc" is left shifted
{{{
#define TO_GOLOMB(val) (((val) << 1) ^ ((val) >> 31))
242 static void encode_dc_coeffs(PutBitContext *pb, int16_t *in,
243 int blocks_per_slice, int *qmat)
244 {
245 int prev_dc, code;
246 int i, sign, idx;
247 int new_dc, delta, diff_sign, new_code;
248
249 prev_dc = QSCALE(qmat, 0, in[0] - 16384);
250 code = TO_GOLOMB(prev_dc);
251 encode_codeword(pb, code, FIRST_DC_CB);
252
253 code = 5; sign = 0; idx = 64;
254 for (i = 1; i < blocks_per_slice; i++, idx += 64) {
255 new_dc = QSCALE(qmat, 0, in[idx] - 16384);
256 delta = new_dc - prev_dc;
257 diff_sign = DIFF_SIGN(delta, sign);
258 new_code = TO_GOLOMB2(get_level(delta), diff_sign);
259
260 encode_codeword(pb, new_code, dc_codebook[FFMIN(code, 6)]);
261
262 code = new_code;
263 sign = delta >> 31;
264 prev_dc = new_dc;
265 }
266 }
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/7997>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list