[FFmpeg-trac] #8187(undetermined:new): signed integer overflow in libavformat/mpegenc.c

FFmpeg trac at avcodec.org
Fri Sep 20 18:47:11 EEST 2019 

#8187: signed integer overflow in libavformat/mpegenc.c
-------------------------------------+-------------------------------------
             Reporter:  Suhwan       |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:  git-
  undetermined                       |  master
             Keywords:  ubsan        |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the bug:
 There is a signed integer overflow in libavformat/mpegenc.c
 {{{
 libavformat/mpegenc.c:1219:19: runtime error: signed integer overflow:
 -9223372036854775808 - 45000 cannot be represented in type 'long'
 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
 libavformat/mpegenc.c:1219:19 in
 1217            if (is_iframe &&
 (gdb) bt
 #0  mpeg_mux_write_packet (ctx=0x61b000000e80, pkt=0x3feeae6609317801)
     at libavformat/mpegenc.c:1217
 #1  0x00000000023195b4 in write_packet (s=0x61b000000e80, pkt=<optimized
 out>)
     at libavformat/mux.c:747
 #2  0x0000000002326f0c in av_interleaved_write_frame (s=<optimized out>,
     pkt=0x7fffffffb040) at libavformat/mux.c:1238
 #3  0x000000000063bfff in write_packet (of=0x61600000b601,
 pkt=0x7fffffffb040,
     ost=0x61600000b480, unqueue=0) at fftools/ffmpeg.c:815
 #4  0x0000000000614210 in do_streamcopy (ist=0x615000000040,
 ost=<optimized out>,
     pkt=0x7fffffffb8e0) at fftools/ffmpeg.c:2076
 #5  process_input_packet (ist=0x615000000040, pkt=0x7fffffffb8e0,
 no_eof=0)
     at fftools/ffmpeg.c:2746
 #6  0x000000000064abf8 in process_input (file_index=7120) at
 fftools/ffmpeg.c:4518
 #7  0x00000000005e71e8 in transcode_step () at fftools/ffmpeg.c:4638
 #8  transcode () at fftools/ffmpeg.c:4692
 #9  0x00000000005db6ec in main (argc=<optimized out>, argv=<optimized
 out>)
     at fftools/ffmpeg.c:4894
 }}}
 How to reproduce:
 {{{
 % ./ffmpeg_g -y -r 2 -i avi+mpeg4+++vdpart-bug.avi -target dvd -loglevel
 99 -map 0 -c copy -c:a:39 xbm -disposition:s:13 g723_1 -disposition:a:151
 ayuv -ac 16 -strict 1 tmp.rpl

 ffmpeg version N-94982-gea673a0edb Copyright (c) 2000-2019 the FFmpeg
 developers
   built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
   configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
 --toolchain=clang-usan
 }}}
 Patches should be submitted to the ffmpeg-devel mailing list and not this
 bug tracker.

--
Ticket URL: <https://trac.ffmpeg.org/ticket/8187>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list