[FFmpeg-trac] #8152(undetermined:new): signed integer overflow in libavformat/flvenc.c
FFmpeg
trac at avcodec.org
Mon Sep 16 05:15:54 EEST 2019
#8152: signed integer overflow in libavformat/flvenc.c
-------------------------------------+-------------------------------------
Reporter: Suhwan | Owner:
Type: defect | Status: new
Priority: normal | Component:
| undetermined
Version: git-master | Resolution:
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Comment (by Suhwan):
I tried git master branch and it is still triggered. I think it can be
reproduced when the ffmpeg is compiled with "--toolchain=clang-usan"
{{{
ffmpeg version N-94931-g8e8fd25272 Copyright (c) 2000-2019 the FFmpeg
developers
built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
--toolchain=clang-usan
libavutil 56. 35.100 / 56. 35.100
libavcodec 58. 56.102 / 58. 56.102
libavformat 58. 32.104 / 58. 32.104
libavdevice 58. 9.100 / 58. 9.100
libavfilter 7. 58.102 / 7. 58.102
libswscale 5. 6.100 / 5. 6.100
libswresample 3. 6.100 / 3. 6.100
Splitting the commandline.
Reading option '-loglevel' ... matched as option 'loglevel' (set logging
level) with argument '99'.
Reading option '-y' ... matched as option 'y' (overwrite output files)
with argument '1'.
Reading option '-r' ... matched as option 'r' (set frame rate (Hz value,
fraction or abbreviation)) with argument '11'.
Reading option '-i' ... matched as input url with argument
'samples/h264/CAFI1_SVA_C.264'.
Reading option '-map' ... matched as option 'map' (set input stream
mapping) with argument '0'.
Reading option '-c' ... matched as option 'c' (codec name) with argument
'copy'.
Reading option '-r' ... matched as option 'r' (set frame rate (Hz value,
fraction or abbreviation)) with argument '74'.
Reading option '-ab' ... matched as option 'ab' (audio bitrate (please use
-b:a)) with argument '123k'.
Reading option '-ar' ... matched as option 'ar' (set audio sampling rate
(in Hz)) with argument '48000'.
Reading option '-ac' ... matched as option 'ac' (set number of audio
channels) with argument '12'.
Reading option '-b:v' ... matched as option 'b' (video bitrate (please use
-b:v)) with argument '433k'.
Reading option '-strict' ...Routing option strict to both codec and muxer
layer
matched as AVOption 'strict' with argument '1'.
Reading option 'output/tmp.flv' ... matched as output url.
Finished splitting the commandline.
Parsing a group of options: global .
Applying option loglevel (set logging level) with argument 99.
Applying option y (overwrite output files) with argument 1.
Successfully parsed a group of options.
Parsing a group of options: input url samples/h264/CAFI1_SVA_C.264.
Applying option r (set frame rate (Hz value, fraction or abbreviation))
with argument 11.
Successfully parsed a group of options.
Opening an input file: samples/h264/CAFI1_SVA_C.264.
[NULL @ 0x61b000000080] Opening 'samples/h264/CAFI1_SVA_C.264' for reading
[file @ 0x610000000040] Setting default whitelist 'file,crypto'
Probing h264 score:51 size:2048
[h264 @ 0x61b000000080] Format h264 probed with size=2048 and score=51
[h264 @ 0x61b000000080] Before avformat_find_stream_info() pos: 0 bytes
read:32768 seeks:0 nb_streams:1
libavcodec/startcode.c:41:17: runtime error: load of misaligned address
0x619000000a85 for type 'const uint64_t' (aka 'const unsigned long'),
which requires 8 byte alignment
0x619000000a85: note: pointer points here
00 00 01 67 4d 40 1e 8d 94 c0 5a 3c 90 00 00 00 01 68 fe 38 80 00 00
00 01 65 88 80 00 50 00 67
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/startcode.c:41:17 in
libavcodec/startcode.c:42:22: runtime error: load of misaligned address
0x619000000a85 for type 'const uint64_t' (aka 'const unsigned long'),
which requires 8 byte alignment
0x619000000a85: note: pointer points here
00 00 01 67 4d 40 1e 8d 94 c0 5a 3c 90 00 00 00 01 68 fe 38 80 00 00
00 01 65 88 80 00 50 00 67
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/startcode.c:42:22 in
[AVBSFContext @ 0x60a000000200] nal_unit_type: 7(SPS), nal_ref_idc: 3
[AVBSFContext @ 0x60a000000200] nal_unit_type: 8(PPS), nal_ref_idc: 3
[AVBSFContext @ 0x60a000000200] nal_unit_type: 5(IDR), nal_ref_idc: 3
[h264 @ 0x619000000580] nal_unit_type: 7(SPS), nal_ref_idc: 3
[h264 @ 0x619000000580] nal_unit_type: 8(PPS), nal_ref_idc: 3
[h264 @ 0x619000000580] nal_unit_type: 5(IDR), nal_ref_idc: 3
[h264 @ 0x619000000580] Format yuv420p chosen by get_format().
[h264 @ 0x619000000580] Reinit context to 720x480, pix_fmt: yuv420p
[h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 2
Last message repeated 2 times
[h264 @ 0x619000000580] Increasing reorder buffer to 1
[h264 @ 0x619000000580] no picture
[h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 0
Last message repeated 1 times
[h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 2
Last message repeated 1 times
[h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 0
Last message repeated 1 times
[h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 2
Last message repeated 1 times
[h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 0
Last message repeated 1 times
[h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
picture), nal_ref_idc: 2
Last message repeated 1 times
[h264 @ 0x61b000000080] stream 0: start_time: -7686143364045.646 duration:
-7686143364045.646
[h264 @ 0x61b000000080] format: start_time: -9223372036854.775 duration:
-9223372036854.775 bitrate=0 kb/s
[h264 @ 0x61b000000080] After avformat_find_stream_info() pos: 257764
bytes read:257764 seeks:0 frames:66
Input #0, h264, from 'samples/h264/CAFI1_SVA_C.264':
Duration: N/A, bitrate: N/A
Stream #0:0, 66, 1/1200000: Video: h264 (Main), 1 reference frame,
yuv420p(top first, left), 720x480, 0/1, 25.42 fps, 25 tbr, 1200k tbn, 50
tbc
Successfully opened the file.
Parsing a group of options: output url output/tmp.flv.
Applying option map (set input stream mapping) with argument 0.
Applying option c (codec name) with argument copy.
Applying option r (set frame rate (Hz value, fraction or abbreviation))
with argument 74.
Applying option ab (audio bitrate (please use -b:a)) with argument 123k.
Applying option ar (set audio sampling rate (in Hz)) with argument 48000.
Applying option ac (set number of audio channels) with argument 12.
Applying option b:v (video bitrate (please use -b:v)) with argument 433k.
Successfully parsed a group of options.
Opening an output file: output/tmp.flv.
[file @ 0x610000000440] Setting default whitelist 'file,crypto'
Successfully opened the file.
Output #0, flv, to 'output/tmp.flv':
Metadata:
encoder : Lavf58.32.104
Stream #0:0, 0, 1/1000: Video: h264 (Main), 1 reference frame
([7][0][0][0] / 0x0007), yuv420p(top first, left), 720x480 (0x0), 0/1,
q=2-31, 433 kb/s, 25.42 fps, 25 tbr, 1k tbn, 74 tbc
Stream mapping:
Stream #0:0 -> #0:0 (copy)
Press [q] to stop, [?] for help
cur_dts is invalid st:0 (0) [init:1 i_done:0 finish:0] (this is harmless
if it occurs once at the start per stream)
[flv @ 0x61b000005480] Timestamps are unset in a packet for stream 0. This
is deprecated and will stop working in the future. Fix your code to set
the timestamps properly
libavformat/flvenc.c:1043:36: runtime error: signed integer overflow:
-9223372036854775808 - 130 cannot be represented in type 'long'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavformat/flvenc.c:1043:36 in
No more output streams to write to, finishing.
frame= 66 fps=0.0 q=-1.0 Lsize= 253kB time=00:00:05.91 bitrate=
351.1kbits/s speed= 521x
video:252kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB
muxing overhead: 0.619947%
Input file #0 (samples/h264/CAFI1_SVA_C.264):
Input stream #0:0 (video): 66 packets read (257764 bytes);
Total: 66 packets (257764 bytes) demuxed
Output file #0 (output/tmp.flv):
Output stream #0:0 (video): 66 packets muxed (257764 bytes);
Total: 66 packets (257764 bytes) muxed
0 frames successfully decoded, 0 decoding errors
[AVIOContext @ 0x6130000003c0] Statistics: 1 seeks, 1 writeouts
[AVIOContext @ 0x613000000040] Statistics: 257764 bytes read, 0 seeks
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8152#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list