Closed Bug 1229205 Opened 9 years ago Closed 8 years ago

FFMPEG: signed integer overflow in [@update_initial_timestamps]

Categories

(Core :: Audio/Video: Playback, defect)

Product:
Core
Component:
Audio/Video: Playback
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox45 --- affected

People

(Reporter: tsmith, Unassigned)

References

Details

(Keywords: csectype-intoverflow, sec-other, testcase)

Attachments

(2 files)

call_stack.txt
1.14 KB, text/plain
Details
test_case.ivf
4.84 KB, application/octet-stream
Details
Attached file call_stack.txt 
Found fuzzing ffmpeg commit: 6b978dadc654906130de46a8b83b6f67f90d3e17

This is an Undefined behavior sanitizer (UBSan) run time error.

libavformat/utils.c:922:35: runtime error: signed integer overflow: -2450238577049583619 - 9223090561878065151 cannot be represented in type 'long long'

I am marking it as security as precaution. Feel free to open it if this is not necessary.
Attached file test_case.ivf 

    
  
Keywords: sec-other

    
    

    
  
not security relevant, and very likely no bug at the binary level just undefined in the C source. Will push a fix to ffmpeg

    
  
Group: media-core-security

    
    

    
  
Should be fixed in upstream commit cafb19560401612a07760d230a50d9c1d0564daf. Can you verify please, Tyson?
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(twsmith)
Resolution: --- → FIXED

    
    

    
  
Verified.
Flags: needinfo?(twsmith)

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: