1269779 - nestegg: value is outside the range of representable values of type 'unsigned long' in [@nestegg_duration]

Status: RESOLVED FIXED

(Core :: Audio/Video: Playback, defect, P2)

Description

[Tyson Smith [:tsmith]]

Attachment: test_case.webm

I found this while fuzzing nestegg commit 046e10f7607f943e5889c05fd6c7ab8bc2c614a3

Run the attached test case in a Undefined Behavior Sanitizer (UBSan) build to trigger the following error:

/home/user/code/nestegg/src/nestegg.c:1965:15: runtime error: value 1.01615e+65 is outside the range of representable values of type 'unsigned long'
    #0 0x7f221a953e29 in nestegg_duration /home/user/code/nestegg/src/nestegg.c:1965:15
    #1 0x7f221a94444c in fuzz /home/user/code/nestegg/test/test.c:113:3
    #2 0x7f221a945f07 in main /home/user/code/nestegg/test/test.c:261:5
    #3 0x7f22197b6ec4 in __libc_start_main /build/eglibc-3GlaMS/eglibc-2.19/csu/libc-start.c:287
    #4 0x7f221a8e551e in _start (/home/user/Desktop/nestegg/test_ubsan+0x2051e)

Comment 1

[Matthew Gregan [:kinetik]]

Attachment: fix

Note that the fuzzer will hit bug 1269776 with (only) this bug fixed.

Comment 2

[Matthew Gregan [:kinetik]]

Ralph, sorry about the cruddy review integration with GitHub.  If you'd prefer I attach a patch to the bug for each of these bugs, let me know.

Comment 3

[Ralph Giles (:rillian)]

Comment on attachment 8748422 [details]
fix

No, the links are fine. Can you tell me how you generate them though? I'd like to be able to use this method too.

Comment 4

[Matthew Gregan [:kinetik]]

(In reply to Ralph Giles (:rillian) needinfo me from comment #3)
> Comment on attachment 8748422 [details]
> fix
> 
> No, the links are fine. Can you tell me how you generate them though? I'd
> like to be able to use this method too.

On the "add attachment" page, click "paste text as attachment" on the file line.  You can also make the link return raw diff by appending ".patch" to the URL.

Comment 5

[Matthew Gregan [:kinetik]]

This landed with the libnestegg update in bug 1261900.