From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 5E8F4465F8 for ; Wed, 20 Sep 2023 22:50:55 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 72B1168C907; Thu, 21 Sep 2023 01:50:53 +0300 (EEST) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04olkn2021.outbound.protection.outlook.com [40.92.73.21]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 93CA568C8C7 for ; Thu, 21 Sep 2023 01:50:47 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UVjxbIApfCi2u+sQGIaazN1gp07KcZmfBDSpQB+q6Dz+78RmrvxKY6y7xD0hyPLm9cUA8MRFFzASH0iyYw8d8k9LJbNX9osAbNi3/p8W5+JctqhrTq0gDCMpCMNOWd2ItH/yr9BwV0bP7ARisPh0x2K7q/rwGKGQEDibS8VFCK+wCP18n70Bdjoj59UmiAvhGPZ2QVVJyhqlb+ScOZxEODSAjsXVzWkyOPC3CEZ0q5BTaizhotnAj3jW/k/ZcKkVKEhA5lfRZiGCZZdcq62TzdcUkdrpq4dt443/GHCacICdGn0hoSJJa6Xro1QOKKzFYfh9b3X1J/EuK8+YUhET6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=273Kxg1ohaPjTMTpgTI9pEK+9DVYGefxFw/+gBu2uF0=; b=NOXIYaTwSrzbz0HJTzB/Qtgn/TuwUVIGzeS9/9N8e+2ypvFwpI8sly63BkuaIUoPHTcEPi36PTVVsXZhTW3oyZI+ossUluAURA3xOwLXHb/UwiD2hzV22mrZweFcLq8x/xCUphGSNx2kpVHAav6rFmEnkicE0qYjUxI8z0NFoZ/l5w0bcXlq0DCfrejYrthU8c4+tXkCATHwIGY8rT2yHg+ZzzJKpRqyUZmoacskC7PMcXeFWRAM5qPmOr9GMW/+vFURz1J18+QmD1MeMRBrCg/k4VZyiXdGpSegRkeaKTFYevPLcBIJyvwqQ8mcbto41njhQeZB1zoIl/6L+vGOqA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=273Kxg1ohaPjTMTpgTI9pEK+9DVYGefxFw/+gBu2uF0=; b=JOnafk7gSQ+D9YfnstSTeVCwuKQ8no1Z+wv/J6BesY5pjISEBa9Q1RA8Fip7d6iQVVM03yM87wdyOL0xwNLFHSXnF6KN5iJU3aPpYZcjfLurARE7hA+Zp8YwFp0d0UN1VGDSTlcDdcfcNtspgob27RcP38dZcV7y43ipaeL0kmV3Pgw/56BDXSZFYaCfaNaI/YkEmDTXc+Q3E+lnV7Fx2vpblmd+lfjxxIi0kCad6G4YfEOLLmR8OeRyry25Nf+mce5/ktSiwrXaNzFlC4t/OoYVCTUz2ijgt691m5zzYMxpXQmlOfL9A6+noYzIe+fzoaE2e8dyCdIwr33TMxuqLA== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by PR3P250MB0149.EURP250.PROD.OUTLOOK.COM (2603:10a6:102:174::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.28; Wed, 20 Sep 2023 22:50:45 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::5e01:aea5:d3a8:cafa]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::5e01:aea5:d3a8:cafa%3]) with mapi id 15.20.6792.026; Wed, 20 Sep 2023 22:50:45 +0000 Message-ID: Date: Thu, 21 Sep 2023 00:51:58 +0200 To: ffmpeg-devel@ffmpeg.org References: <20230920121803.3456113-1-mezhuevtp@ispras.ru> Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: <20230920121803.3456113-1-mezhuevtp@ispras.ru> X-TMN: [fFNaoKXOFg2Viq7+fVZH3/jVguzQUCZ0] X-ClientProxiedBy: ZR0P278CA0218.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:6a::8) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <8105924c-142f-18e3-c489-4ad5e25f7699@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|PR3P250MB0149:EE_ X-MS-Office365-Filtering-Correlation-Id: 40946a70-faca-437b-19ca-08dbba2c0680 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: A6+p+tnfCfDCcWOsQA61KgKUiY1xezNc5DoRqfZLILfC/BbzTWxcSafc2YUDgHZfnDI7gNvTgiNawpy2OV2Lm2YanowcYO4jpKqdW6hFjNKp8h0Q/ihaXgCmYx85YFk9qdWOubNJTAXs9JrUNwclcgbsUtYLpTPVjPWfY856lsHngcMcjest5UwqYRlKqKM+x0aHMAN0xSK6GD0+dkclsSmGMJW2mK7iCLMg0ZmPtY9bxV+2220eOawzjJz54/68INrxIrzJB82eoy7QZJOKQM00NfkHgFxRx5A5O53WheLWuwrHTx66B35t4vMkg4ADzM5Td1AoQaynmsasAut2of2kStZw+FNZlMSTH0i657916TMXVWss8jv2zet6kBGYsk5Q5z1+/c8XRjTgA9U1Vj/HpA3wOi71wkfXBLyXSY+2/E8NUoAlGCxUPduuVptcP32wRuckB5sO7f3Wd5ozSepIP9voR5fA18ByEUGb8p2mmaycwXxECpmoOO9JnBLgZR/USxvL9rwf0lGcM8UJ6sjcpbF759wL+c/ywTPEUABSJaZX3MGZzplj8IG9nYXgMKOvyw7T9OaytrAqvsDAEO2oyCP/P7bmi2Ph7x9qTeM= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?c25CVVpBdnVBN3VadVJORDlVUDlROEdnTWxuc2tKdVZhSnlndTh0bXVuL1hO?= =?utf-8?B?aTgyc3NWUkNzRGFBbHc3WHcvMko5cWg4UmtHVWpxUjBvMzZMSTNXVXpnSWF6?= =?utf-8?B?dUUrNjNwUE9Pd2M2T09CK3BjZHRSVkhHZFAyMUtzeFk2UjhXT2N5ZHRFTWZB?= =?utf-8?B?ZitrL21neVRaaGo0RlZtaHdEVWk5aklRY2t5eDNrTUU2MkVmRWk0MmhNN083?= =?utf-8?B?Z3p2VUcvQXNyczRhWEpvM0N2LzNvUUpNSVpCaGtaSE5IRXhuU1VLeS91b2p5?= =?utf-8?B?aGphN2xKMHZTWm1rdzJXNzVwQmt0Sk9OY2JkamdGc1dYUk82VS9Id2EzRHhC?= =?utf-8?B?K0tLREloMDA5ZXZaWUszZ0ZTdHAzUXZHdVhYS3hiTjRJYTUzbzdRVDJXZFQ3?= =?utf-8?B?SitmRVdzOTZHZEVBUlllMFdlVG1lbXFXZWx5RkRkRXhhY3d5bXdlL0pjKzk4?= =?utf-8?B?L1U3WmRnaXV6T1lxQXRKMm1QYUtiYUVoanRVU2doSEp3SGlkTGp3UENSdEdJ?= =?utf-8?B?bU5Mb2pUd3ZxRkZYZVgrc1h1SlhIeHIxZm9ZN0dVMjZZWFcyekRVZGl0Zk5m?= =?utf-8?B?b0lwRW1qaUV6cW8xbUV6M3htTDN4cjBzcTdDcVlSSysrbi9aUzdHM1oxeEgz?= =?utf-8?B?N1kxTVZ2bG5McEpDSWdhV3BoTlI5ZlN1Y2ZVUkpTZittUXppQWtkL0M1S0ZD?= =?utf-8?B?SmhNeUlCQlY2YnN5WHNPODBGK1hvLzVGb01hL3h6R1A2MWFnTHN6WFF2TDJ0?= =?utf-8?B?WTB1RkVOektNb1NYOEFxUUpYRHZqeVlEakwvV3VJRUZMU09paHdBRDBGRzA3?= =?utf-8?B?UjF3bkRvckVJSTMyQnNRL2hyY21TajB0V1FUY1lvVkQ4Yit0dzhUZlJGbnZF?= =?utf-8?B?VjEvWE5qWHBKcUZUMHpyM3pMd3JPSWc5ZW0wYzQvbTFoOHpIdlVNS05uVHhL?= =?utf-8?B?Z05jSkFsRDNpczVIcWc3TVFoM0QrMXJ4WDBmTnRjdDBqek1DL2FsY2lEb3Rx?= =?utf-8?B?eEZlaGxHVUM5N21wS1RHNC9IazRmSG5IR2lqSkRBL1dDV0tBZlplOW1MY2Nk?= =?utf-8?B?WGo1aHVoeXcwK2syK0ZjTkxQRkxXMnI5ZndlL2taYVgxT3hydEtwbzFuNlJG?= =?utf-8?B?c21ycS9WeFluZzByNU84YVhtdGJPZzNoWXVlbnNobEh6b1lOeVZaMytJTDZu?= =?utf-8?B?Y3FLZzVOc2VoNlcyUmNBYWhkSzRkSmN3RS93UzBRMlhPb0RJdWFJczJpVzNQ?= =?utf-8?B?NlkwRjI0K1ZoZWxtRDBZL1lYMDVKeUsxd3VCalVvSzVwTFdCMk1hV1JYL1Fq?= =?utf-8?B?dnUrWUpYazZ2YUZkSE1BUHA2TTFmSXNDTFhrNytjN0FpeW9wYjBDNFlQYkdt?= =?utf-8?B?TU42ODBvT2puenRYZEY5bkxtbFlRTWowQUtieGpKalFmcHd6RGY0SjZHYjVJ?= =?utf-8?B?V1ZFTkY3OU5KajlERlFNdnVwK21nNDN1L2NseGR0L1ZiQkkrSHViT29GMW40?= =?utf-8?B?RS9oSUhZWk5uUXBuS01hL0VUdnoxcmtJcHd6SnoyNytIZ25PU1BqOE9ENE5K?= =?utf-8?B?WXJrQmQ5aWdmQ1k1OEhQbEh6QWp6KzJKYkIyNWFYRWhlQlZNc0E3WTZRQnZQ?= =?utf-8?B?Q1dIWEFwOGNNc2g0SUFsQzdJR2RrL3lLNTlZOFYrb0JmdTBoYlRYdmoxZmZZ?= =?utf-8?Q?Ykgrki32IE8BO8AVoYQW?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 40946a70-faca-437b-19ca-08dbba2c0680 X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Sep 2023 22:50:45.5918 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P250MB0149 Subject: Re: [FFmpeg-devel] [PATCH] Hi! We've been fuzzing `ffmpeg` with [sydr-fuzz](https://github.com/ispras/oss-sydr-fuzz) security predicates and we found numeric truncation error in `svs.c:57`. X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: mezhuevtp@ispras.ru: > From: headshog > > In function `svs_read_header` on line 57 field `st->codecpar->sample_rate` has type `int`, the type of return value in `av_rescale_rnd` function is `uint64_t`, so the numeric truncation may occur here. Then value of `st->codecpar->sample_rate` is passed to `avpriv_set_pts_info` function parameter `unsgined int pts_den`. In this function `pts_den` is used only in passing its value to parameter `int64_t den` in function `av_reduce`. So we suggest to change the type of field `sample_rate` to `int64_t` and to change the type of `pts_den` to `uint64_t` in `avpriv_set_pts_info` function. The other way to solve this is to add a checker for `sample_rate` valid value. > > - OS: ubuntu 20.04 > - commit: f225f8d7464569c7b917015c26ad30a37a5fbbe2 > > ``` > libavformat/svs.c:57:36: runtime error: implicit conversion from type 'int64_t' (aka 'long') of value 6321554672 (64-bit, signed) to type 'int' changed the value to 2026587376 (32-bit, signed) > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavformat/svs.c:57:36 Truncation via implicit conversions is not undefined behavior (but it may be a bug). - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".