FFMPEG: signed integer overflow in [@estimate_timings_from_bit_rate]

RESOLVED FIXED

Status

()

Core
Audio/Video: Playback
--
critical
RESOLVED FIXED
3 years ago
2 years ago

People

(Reporter: tsmith, Unassigned)

Tracking

(Blocks: 1 bug, {csectype-intoverflow, sec-other, testcase})

Trunk
csectype-intoverflow, sec-other, testcase
Points:
---

Firefox Tracking Flags

(firefox45 affected)

Details

Attachments

(2 attachments)

(Reporter)

Description

3 years ago
Created attachment 8693839 [details]
call_stack.txt

Found fuzzing ffmpeg commit: 6b978dadc654906130de46a8b83b6f67f90d3e17

This is an Undefined behavior sanitizer (UBSan) run time error.

libavformat/utils.c:2892:36: runtime error: signed integer overflow: -9223372036854775808 + -1 cannot be represented in type 'long'

I am marking it as security as precaution. Feel free to open it if this is not necessary.
(Reporter)

Comment 1

3 years ago
Created attachment 8693840 [details]
test_case.ivf
(Reporter)

Updated

3 years ago
Keywords: sec-other
should have been fixed in d872643cfe07e39fee42c846d5a3f57d5cad6ab6, i cannot reproduce this with master/HEAD, probably not security relevant
(Reporter)

Comment 3

3 years ago
Verified fixed. Thanks Michael.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.