[FFmpeg-trac] #8152(undetermined:new): signed integer overflow in libavformat/flvenc.c

FFmpeg trac at avcodec.org
Mon Sep 16 05:15:54 EEST 2019


#8152: signed integer overflow in libavformat/flvenc.c
-------------------------------------+-------------------------------------
             Reporter:  Suhwan       |                    Owner:
                 Type:  defect       |                   Status:  new
             Priority:  normal       |                Component:
                                     |  undetermined
              Version:  git-master   |               Resolution:
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------

Comment (by Suhwan):

 I tried git master branch and it is still triggered. I think it can be
 reproduced when the ffmpeg is compiled with "--toolchain=clang-usan"
 {{{
 ffmpeg version N-94931-g8e8fd25272 Copyright (c) 2000-2019 the FFmpeg
 developers
   built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
   configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
 --toolchain=clang-usan
   libavutil      56. 35.100 / 56. 35.100
   libavcodec     58. 56.102 / 58. 56.102
   libavformat    58. 32.104 / 58. 32.104
   libavdevice    58.  9.100 / 58.  9.100
   libavfilter     7. 58.102 /  7. 58.102
   libswscale      5.  6.100 /  5.  6.100
   libswresample   3.  6.100 /  3.  6.100
 Splitting the commandline.
 Reading option '-loglevel' ... matched as option 'loglevel' (set logging
 level) with argument '99'.
 Reading option '-y' ... matched as option 'y' (overwrite output files)
 with argument '1'.
 Reading option '-r' ... matched as option 'r' (set frame rate (Hz value,
 fraction or abbreviation)) with argument '11'.
 Reading option '-i' ... matched as input url with argument
 'samples/h264/CAFI1_SVA_C.264'.
 Reading option '-map' ... matched as option 'map' (set input stream
 mapping) with argument '0'.
 Reading option '-c' ... matched as option 'c' (codec name) with argument
 'copy'.
 Reading option '-r' ... matched as option 'r' (set frame rate (Hz value,
 fraction or abbreviation)) with argument '74'.
 Reading option '-ab' ... matched as option 'ab' (audio bitrate (please use
 -b:a)) with argument '123k'.
 Reading option '-ar' ... matched as option 'ar' (set audio sampling rate
 (in Hz)) with argument '48000'.
 Reading option '-ac' ... matched as option 'ac' (set number of audio
 channels) with argument '12'.
 Reading option '-b:v' ... matched as option 'b' (video bitrate (please use
 -b:v)) with argument '433k'.
 Reading option '-strict' ...Routing option strict to both codec and muxer
 layer
  matched as AVOption 'strict' with argument '1'.
 Reading option 'output/tmp.flv' ... matched as output url.
 Finished splitting the commandline.
 Parsing a group of options: global .
 Applying option loglevel (set logging level) with argument 99.
 Applying option y (overwrite output files) with argument 1.
 Successfully parsed a group of options.
 Parsing a group of options: input url samples/h264/CAFI1_SVA_C.264.
 Applying option r (set frame rate (Hz value, fraction or abbreviation))
 with argument 11.
 Successfully parsed a group of options.
 Opening an input file: samples/h264/CAFI1_SVA_C.264.
 [NULL @ 0x61b000000080] Opening 'samples/h264/CAFI1_SVA_C.264' for reading
 [file @ 0x610000000040] Setting default whitelist 'file,crypto'
 Probing h264 score:51 size:2048
 [h264 @ 0x61b000000080] Format h264 probed with size=2048 and score=51
 [h264 @ 0x61b000000080] Before avformat_find_stream_info() pos: 0 bytes
 read:32768 seeks:0 nb_streams:1
 libavcodec/startcode.c:41:17: runtime error: load of misaligned address
 0x619000000a85 for type 'const uint64_t' (aka 'const unsigned long'),
 which requires 8 byte alignment
 0x619000000a85: note: pointer points here
  00 00 01 67 4d 40 1e  8d 94 c0 5a 3c 90 00 00  00 01 68 fe 38 80 00 00
 00 01 65 88 80 00 50 00  67
              ^
 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
 libavcodec/startcode.c:41:17 in
 libavcodec/startcode.c:42:22: runtime error: load of misaligned address
 0x619000000a85 for type 'const uint64_t' (aka 'const unsigned long'),
 which requires 8 byte alignment
 0x619000000a85: note: pointer points here
  00 00 01 67 4d 40 1e  8d 94 c0 5a 3c 90 00 00  00 01 68 fe 38 80 00 00
 00 01 65 88 80 00 50 00  67
              ^
 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
 libavcodec/startcode.c:42:22 in
 [AVBSFContext @ 0x60a000000200] nal_unit_type: 7(SPS), nal_ref_idc: 3
 [AVBSFContext @ 0x60a000000200] nal_unit_type: 8(PPS), nal_ref_idc: 3
 [AVBSFContext @ 0x60a000000200] nal_unit_type: 5(IDR), nal_ref_idc: 3
 [h264 @ 0x619000000580] nal_unit_type: 7(SPS), nal_ref_idc: 3
 [h264 @ 0x619000000580] nal_unit_type: 8(PPS), nal_ref_idc: 3
 [h264 @ 0x619000000580] nal_unit_type: 5(IDR), nal_ref_idc: 3
 [h264 @ 0x619000000580] Format yuv420p chosen by get_format().
 [h264 @ 0x619000000580] Reinit context to 720x480, pix_fmt: yuv420p
 [h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
 picture), nal_ref_idc: 2
     Last message repeated 2 times
 [h264 @ 0x619000000580] Increasing reorder buffer to 1
 [h264 @ 0x619000000580] no picture
 [h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
 picture), nal_ref_idc: 0
     Last message repeated 1 times
 [h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
 picture), nal_ref_idc: 2
     Last message repeated 1 times
 [h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
 picture), nal_ref_idc: 0
     Last message repeated 1 times
 [h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
 picture), nal_ref_idc: 2
     Last message repeated 1 times
 [h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
 picture), nal_ref_idc: 0
     Last message repeated 1 times
 [h264 @ 0x619000000580] nal_unit_type: 1(Coded slice of a non-IDR
 picture), nal_ref_idc: 2
     Last message repeated 1 times
 [h264 @ 0x61b000000080] stream 0: start_time: -7686143364045.646 duration:
 -7686143364045.646
 [h264 @ 0x61b000000080] format: start_time: -9223372036854.775 duration:
 -9223372036854.775 bitrate=0 kb/s
 [h264 @ 0x61b000000080] After avformat_find_stream_info() pos: 257764
 bytes read:257764 seeks:0 frames:66
 Input #0, h264, from 'samples/h264/CAFI1_SVA_C.264':
   Duration: N/A, bitrate: N/A
     Stream #0:0, 66, 1/1200000: Video: h264 (Main), 1 reference frame,
 yuv420p(top first, left), 720x480, 0/1, 25.42 fps, 25 tbr, 1200k tbn, 50
 tbc
 Successfully opened the file.
 Parsing a group of options: output url output/tmp.flv.
 Applying option map (set input stream mapping) with argument 0.
 Applying option c (codec name) with argument copy.
 Applying option r (set frame rate (Hz value, fraction or abbreviation))
 with argument 74.
 Applying option ab (audio bitrate (please use -b:a)) with argument 123k.
 Applying option ar (set audio sampling rate (in Hz)) with argument 48000.
 Applying option ac (set number of audio channels) with argument 12.
 Applying option b:v (video bitrate (please use -b:v)) with argument 433k.
 Successfully parsed a group of options.
 Opening an output file: output/tmp.flv.
 [file @ 0x610000000440] Setting default whitelist 'file,crypto'
 Successfully opened the file.
 Output #0, flv, to 'output/tmp.flv':
   Metadata:
     encoder         : Lavf58.32.104
     Stream #0:0, 0, 1/1000: Video: h264 (Main), 1 reference frame
 ([7][0][0][0] / 0x0007), yuv420p(top first, left), 720x480 (0x0), 0/1,
 q=2-31, 433 kb/s, 25.42 fps, 25 tbr, 1k tbn, 74 tbc
 Stream mapping:
   Stream #0:0 -> #0:0 (copy)
 Press [q] to stop, [?] for help
 cur_dts is invalid st:0 (0) [init:1 i_done:0 finish:0] (this is harmless
 if it occurs once at the start per stream)
 [flv @ 0x61b000005480] Timestamps are unset in a packet for stream 0. This
 is deprecated and will stop working in the future. Fix your code to set
 the timestamps properly
 libavformat/flvenc.c:1043:36: runtime error: signed integer overflow:
 -9223372036854775808 - 130 cannot be represented in type 'long'
 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
 libavformat/flvenc.c:1043:36 in
 No more output streams to write to, finishing.
 frame=   66 fps=0.0 q=-1.0 Lsize=     253kB time=00:00:05.91 bitrate=
 351.1kbits/s speed= 521x
 video:252kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB
 muxing overhead: 0.619947%
 Input file #0 (samples/h264/CAFI1_SVA_C.264):
   Input stream #0:0 (video): 66 packets read (257764 bytes);
   Total: 66 packets (257764 bytes) demuxed
 Output file #0 (output/tmp.flv):
   Output stream #0:0 (video): 66 packets muxed (257764 bytes);
   Total: 66 packets (257764 bytes) muxed
 0 frames successfully decoded, 0 decoding errors
 [AVIOContext @ 0x6130000003c0] Statistics: 1 seeks, 1 writeouts
 [AVIOContext @ 0x613000000040] Statistics: 257764 bytes read, 0 seeks
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/8152#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list