[libav-bugs] [Bug 982] New: index -1 out of bounds for type 'uint8_t [64]'

bugzilla at libav.org bugzilla at libav.org
Tue Nov 8 17:39:13 CET 2016


https://bugzilla.libav.org/show_bug.cgi?id=982

            Bug ID: 982
           Summary: index -1 out of bounds for type 'uint8_t [64]'
           Product: Libav
           Version: 11
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: ---
         Component: general
          Assignee: bugzilla at libav.org
          Reporter: ago at gentoo.org

Found with the undefined behavior sanitizer.
Compiler: clang-3.8.1
Tested on: 11.8
Command to reproduce: avconv -i $FILE -f null -
Testcase:
https://github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo
Output:
avconv version 11.8, Copyright (c) 2000-2016 the Libav developers
  built on Oct 28 2016 13:04:18 with clang version 3.8.1
(tags/RELEASE_381/final)
[h263 @ 0x20b44e0] Format detected only with low score of 25, misdetection
possible!
[h263 @ 0x20c5640] Syntax-based Arithmetic Coding (SAC) not supported
[h263 @ 0x20c5640] Independent Segment Decoding not supported
[h263 @ 0x20c5640] warning: first frame is no keyframe
/tmp/portage/media-video/libav-11.8/work/libav-11.8/libavcodec/mpegvideo.c:2381:65:
runtime error: left shift of negative value -1
/tmp/portage/media-video/libav-11.8/work/libav-11.8/libavcodec/mpegvideo.c:2382:65:
runtime error: left shift of negative value -1
/tmp/portage/media-video/libav-11.8/work/libav-11.8/libavcodec/mpegvideo.c:2383:65:
runtime error: left shift of negative value -1
/tmp/portage/media-video/libav-11.8/work/libav-11.8/libavcodec/x86/mpegvideo.c:53:18:
runtime error: index -1 out of bounds for type 'uint8_t [64]'
/tmp/portage/media-video/libav-11.8/work/libav-11.8/libavcodec/mpegvideo_motion.c:323:47:
runtime error: left shift of negative value -1
/tmp/portage/media-video/libav-11.8/work/libav-11.8/libavcodec/mpegvideo_motion.c:331:55:
runtime error: left shift of negative value -1
/tmp/portage/media-video/libav-11.8/work/libav-11.8/libavcodec/mpegvideo_motion.c:336:55:
runtime error: left shift of negative value -1
/tmp/portage/media-video/libav-11.8/work/libav-11.8/libavcodec/ituh263dec.c:645:34:
runtime error: left shift of negative value -16

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libav.org/pipermail/libav-bugs/attachments/20161108/b0c9e8c2/attachment.html>


More information about the libav-bugs mailing list