Closed Bug 1229208 Opened 9 years ago Closed 9 years ago

FFMPEG: signed integer overflow in [@estimate_timings_from_bit_rate]

Categories

(Core :: Audio/Video: Playback, defect)

Product:
Core
Component:
Audio/Video: Playback
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox45 --- affected

People

(Reporter: tsmith, Unassigned)

References

Details

(Keywords: csectype-intoverflow, sec-other, testcase)

Attachments

(2 files)

call_stack.txt
967 bytes, text/plain
Details
test_case.ivf
1.48 KB, application/octet-stream
Details
Attached file call_stack.txt 
Found fuzzing ffmpeg commit: 6b978dadc654906130de46a8b83b6f67f90d3e17

This is an Undefined behavior sanitizer (UBSan) run time error.

libavformat/utils.c:2892:36: runtime error: signed integer overflow: -9223372036854775808 + -1 cannot be represented in type 'long'

I am marking it as security as precaution. Feel free to open it if this is not necessary.
Attached file test_case.ivf 

    
  
Keywords: sec-other

    
    

    
  
should have been fixed in d872643cfe07e39fee42c846d5a3f57d5cad6ab6, i cannot reproduce this with master/HEAD, probably not security relevant

    
    

    
  
Verified fixed. Thanks Michael.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
Group: core-security-release

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: