1294527 - nestegg: value is outside the range of representable values of type 'unsigned long' in [@nestegg_duration] nestegg.c:2080

Status: RESOLVED FIXED

(Core :: Audio/Video: Playback, defect, P1)

Description

[Tyson Smith [:tsmith]]

I found this while fuzzing nestegg commit 4d261a4df28fc193ffa9360bffdb3dbe9947a44c

Run the attached test case in a Undefined Behavior Sanitizer (UBSan) build to trigger the following error:

src/nestegg.c:2080:32: runtime error: value 1.01615e+59 is outside the range of representable values of type 'unsigned long'
    #0 0x4f28fd in nestegg_duration /home/user/code/nestegg/src/nestegg.c:2080:32
    #1 0x4ea248 in main /home/user/code/nestegg/test/test.c:112:7
    #2 0x7f798552982f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
    #3 0x4188e8 in _start (/home/user/workspace/nestegg/test+0x4188e8)

Comment 1

[Tyson Smith [:tsmith]]

Attachment: test_case.webm

Comment 2

[Matthew Gregan [:kinetik]]

Attachment: fix for this and bug 1294549

Fixes for this bug and bug 1294549.

For this bug: check that it's safe to convert unscaled_duration to a uint64_t before casting it.

For bug 1294549: treat a tc_scale of 0 as a hard error.

r? gerald since :rillian is away until Monday, but I can wait if you don't feel comfortable reviewing this code.

Comment 3

[Matthew Gregan [:kinetik]]

Comment on attachment 8780355 [details] [review]
fix for this and bug 1294549

Ralph is back.

Comment 4

[Tyson Smith [:tsmith]]

Verified fixed with nestegg revision 9b7b79412432df3c3f996b42eac19ce60d56ee48. Thanks!

Comment 5

[Chris Pearce [:cpearce (Not reading bugmail)]]

Matthew: is this fixed, or can the patch can be landed?

Comment 6

[Matthew Gregan [:kinetik]]

Fixed by bug 1296988.