[FFmpeg-trac] #8176(undetermined:new): four out-of-bound bugs in g729dec.c and g729postfilter.c
FFmpeg
trac at avcodec.org
Wed Sep 18 22:15:31 EEST 2019
#8176: four out-of-bound bugs in g729dec.c and g729postfilter.c
-------------------------------------+-------------------------------------
Reporter: Suhwan | Type: defect
Status: new | Priority: normal
Component: | Version: git-
undetermined | master
Keywords: ubsan | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
There're 4 out of bounds bugs in g729dec.c and g729postfilter.c and 10
left shift of negative value bugs in libavcodec/lsp.c and
libavcodec/g729postfilter.c
{{{
libavcodec/lsp.c:111:20: runtime error: left shift of negative value
-31132
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/lsp.c:111:20 in
libavcodec/lsp.c:119:28: runtime error: left shift of negative value -9097
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/lsp.c:119:28 in
libavcodec/g729postfilter.c:503:58: runtime error: left shift of negative
value -1743
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/g729postfilter.c:503:58 in
libavcodec/g729postfilter.c:159:41: runtime error: left shift of negative
value -1
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/g729postfilter.c:159:41 in
libavcodec/g729postfilter.c:503:28: runtime error: left shift of negative
value -11
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/g729postfilter.c:503:28 in
libavcodec/g729dec.c:555:45: runtime error: index 62 out of bounds for
type 'int16_t [40]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/g729dec.c:555:45 in
libavcodec/g729dec.c:556:45: runtime error: index 62 out of bounds for
type 'int16_t [40]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/g729dec.c:556:45 in
libavcodec/g729postfilter.c:204:65: runtime error: index -61 out of bounds
for type 'int16_t [192]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/g729postfilter.c:204:65 in
libavcodec/g729postfilter.c:205:64: runtime error: index -61 out of bounds
for type 'int16_t [192]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/g729postfilter.c:205:64 in
libavcodec/g729postfilter.c:509:24: runtime error: left shift of negative
value -14
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/g729postfilter.c:509:24 in
libavcodec/g729postfilter.c:509:54: runtime error: left shift of negative
value -23520
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/g729postfilter.c:509:54 in
libavcodec/g729postfilter.c:349:49: runtime error: left shift of negative
value -1
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/g729postfilter.c:349:49 in
libavcodec/g729postfilter.c:370:36: runtime error: left shift of negative
value -55
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/g729postfilter.c:370:36 in
libavcodec/g729postfilter.c:467:18: runtime error: left shift of negative
value -338
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/g729postfilter.c:467:18 in
}}}
How to reproduce:
{{{
% ffmpeg_g -stream_loop 25 -y -r 110 -i rec09.act -loglevel 0 -map 0
-aframes 52 -ar 22050 -ac 14 -b:v 786k -strict 3 tmp.ogg
ffmpeg version N-94961-g1d86e4b3eb Copyright (c) 2000-2019 the FFmpeg
developers
built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
--toolchain=clang-usan
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8176>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list