[FFmpeg-trac] #11350(avcodec:new): signed integer overflow in libavcodec/h264_parser.c
FFmpeg
trac at avcodec.org
Fri Dec 13 13:00:37 EET 2024
#11350: signed integer overflow in libavcodec/h264_parser.c
-------------------------------------+-------------------------------------
Reporter: skorpion98 | Type: defect
Status: new | Priority: normal
Component: avcodec | Version: git-
Keywords: ubsan, | master
overflow | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
**Summary of the bug**: Signed integer overflow in
libavcodec/h264_parser.c:651:33
**How to reproduce**:
In the archive uploaded to the "VideoLAN File Uploader" you will find:
* the executable on which we performed our tests, a compiled version of
the `ffmpeg_DEMUXER_fuzzer` fuzzing harness you made
* a directory `bug` containing the input that caused the aforementioned
bug and its UBSan log
To reproduce the errors, simply run the given binary with the testcase
files with a command like: `./ffmpeg_DEMUXER_fuzzer
/path_to_testcases/input`.
The program has been tested on the standard Docker image provided on OSS-
Fuzz using Ubuntu 20.04, using AFL++ as fuzzing engine and the standard
sanitizers flags used by OSS-Fuzz for ASan and UBSan.
The hash commit used to perform the tests is `eb79c31`.
**UBSan output**:
{{{
Reading 18374 bytes from /bugs/ffmpeg/signed_integer_overflow_avcodec_02
libavcodec/h264_parser.c:651:33: runtime error: signed integer overflow:
-9223372036854775808 + -9223372036854775808 cannot be represented in type
'int64_t' (aka 'long')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
libavcodec/h264_parser.c:651:33
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/11350>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list