[FFmpeg-trac] #8485(avcodec:new): UBSan: misaligned loads

FFmpeg trac at avcodec.org
Sun Jan 19 12:24:02 EET 2020


#8485: UBSan: misaligned loads
-------------------------------------+-------------------------------------
             Reporter:               |                     Type:
  andreafioraldi                     |  enhancement
               Status:  new          |                 Priority:  normal
            Component:  avcodec      |                  Version:  4.2
             Keywords:  ubsan        |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Build ffmpeg 4.2.2 using clang and ubsan (-fsanitize=undefined).
 Command line: ./ffmpeg.ubsan -y -i ./input -c:v mpeg4 -c:a out.mp4

 In this report there are 2 UBSan violations.

 These are not real bugs but rather a suggestion. The C standard says:
 A pointer to an object type may be converted to a pointer to a different
 object type. If the resulting pointer is not correctly aligned 68) for the
 referenced type, the behavior is undefined.

 As the involved routines, bswap16_buf and ff_startcode_find_candidate_c,
 uses undefined behavior for performance reasons (I hope you disable them
 when compiling to architectures that does not support misaligned loads
 from memory, otherwise yes these are bugs) you should exclude them from
 UBSan using:

 __attribute__((no_sanitize("align")))

 #1
 Output:
 ffmpeg version 4.2.2 Copyright (c) 2000-2019 the FFmpeg developers
   built with clang version 8.0.0-3~ubuntu18.04.2 (tags/RELEASE_800/final)
   configuration: --cc=clang-8 --cxx=clang++-8 --ld=clang-8
   libavutil      56. 31.100 / 56. 31.100
   libavcodec     58. 54.100 / 58. 54.100
   libavformat    58. 29.100 / 58. 29.100
   libavdevice    58.  8.100 / 58.  8.100
   libavfilter     7. 57.100 /  7. 57.100
   libswscale      5.  5.100 /  5.  5.100
   libswresample   3.  5.100 /  3.  5.100
 Trailing options were found on the commandline.
 [ac3 @ 0x902f600] Format ac3 detected only with low score of 1,
 misdetection possible!
 [ac3 @ 0x9031080] Multiple frames in a packet.
 libavcodec/bswapdsp.c:46:29: runtime error: load of misaligned address
 0x000009035931 for type 'const uint16_t' (aka 'const unsigned short'),
 which requires 2 byte alignment
 0x000009035931: note: pointer points here
  00 80 00  00 77 0b 00 ff 0f 00 7f  f2 ff e1 00 00 00 00 00  ff 00 00 00
 00 e6 00 00  00 ff ff 80 00
               ^
 [ac3 @ 0x9031080] new coupling strategy must be present in block 0
 [ac3 @ 0x9031080] error decoding the audio block
 [ac3 @ 0x902f600] decoding for stream 0 failed
 [ac3 @ 0x902f600] Could not find codec parameters for stream 0 (Audio:
 ac3, 5.0(side), fltp): unspecified sample rate
 Consider increasing the value for the 'analyzeduration' and 'probesize'
 options
 Input #0, ac3, from
 './ffmpeg_ubsan_out/f1/crashes/id:000163,sig:04,src:007190+005110,time:44337520,op:splice,rep:128':
   Duration: N/A, start: 0.000000, bitrate: N/A
     Stream #0:0: Audio: ac3, 5.0(side), fltp (karaoke)
 At least one output file must be specified

 Minimal input to reproduce in base64:

 #2
 Output:
 ffmpeg version 4.2.2 Copyright (c) 2000-2019 the FFmpeg developers
   built with clang version 8.0.0-3~ubuntu18.04.2 (tags/RELEASE_800/final)
   configuration: --cc=clang-8 --cxx=clang++-8 --ld=clang-8
   libavutil      56. 31.100 / 56. 31.100
   libavcodec     58. 54.100 / 58. 54.100
   libavformat    58. 29.100 / 58. 29.100
   libavdevice    58.  8.100 / 58.  8.100
   libavfilter     7. 57.100 /  7. 57.100
   libswscale      5.  5.100 /  5.  5.100
   libswresample   3.  5.100 /  3.  5.100
 Trailing options were found on the commandline.
 [mpeg @ 0x902f600] Format mpeg detected only with low score of 25,
 misdetection possible!
 libavcodec/startcode.c:41:17: runtime error: load of misaligned address
 0x000009031aa5 for type 'const uint64_t' (aka 'const unsigned long'),
 which requires 8 byte alignment
 0x000009031aa5: note: pointer points here
  00 00 11 c9 f1 f1 fe  68 38 f1 00 0c 0c 18 00  00 f0 f0 25 25 25 25 25
 25 25 25 25 25 25 25 25  25
              ^
 libavcodec/startcode.c:42:22: runtime error: load of misaligned address
 0x000009031aa5 for type 'const uint64_t' (aka 'const unsigned long'),
 which requires 8 byte alignment
 0x000009031aa5: note: pointer points here
  00 00 11 c9 f1 f1 fe  68 38 f1 00 0c 0c 18 00  00 f0 f0 25 25 25 25 25
 25 25 25 25 25 25 25 25  25
              ^
 [mpeg @ 0x902f600] Failed to open codec in avformat_find_stream_info
 [mpeg @ 0x902f600] start time for stream 0 is not set in
 estimate_timings_from_pts
 [mpeg @ 0x902f600] Could not find codec parameters for stream 0 (Video:
 vc1, none): unspecified size
 Consider increasing the value for the 'analyzeduration' and 'probesize'
 options
 Input #0, mpeg, from
 './ffmpeg_ubsan_out/f1/crashes/id:000081,sig:04,src:003148+004002,time:7853043,op:splice,rep:64':
   Duration: N/A, bitrate: N/A
     Stream #0:0[0xfd5d]: Video: vc1, none, 90k tbr, 90k tbn
 At least one output file must be specified

--
Ticket URL: <https://trac.ffmpeg.org/ticket/8485>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list