[FFmpeg-trac] #10700(avutil:new): negative-size-param bug at libavutil/samplefmt.c:260:9 in av_samples_set_silence in FFmpeg

FFmpeg Sun, 26 Nov 2023 16:54:02 -0800

#10700: negative-size-param bug at libavutil/samplefmt.c:260:9 in
av_samples_set_silence in FFmpeg
-------------------------------------+-------------------------------------
             Reporter:               |                     Type:  defect
  ZengYunxiang                       |
               Status:  new          |                 Priority:  important
            Component:  avutil       |                  Version:  git-
                                     |  master
             Keywords:  bugs         |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 Summary of the bug:


 Dear developers,

 I found the following negative-size-param bug on FFmpeg6.1 when using
 afwtdn filter, please confirm.

 The poc file(poc7ffmpeg) will be attached to this ticket.

 How to reproduce:
 {{{
 git clone https://github.com/FFmpeg/FFmpeg.git ffmpeg6-1
 cd ffmpeg6-1
 git checkout 466799d
 ./configure --cc=clang --cxx=clang++ --ld=clang --enable-debug --toolchain
 =clang-asan
 make -j30

 ./ffmpeg_g -y -i poc7ffmpeg -filter_complex afwtdn tmp.mp4
 }}}
 ASAN Log:
 {{{
 ==2197091==ERROR: AddressSanitizer: negative-size-param: (size=-26572)
     #0 0x49813c in __asan_memset /local/mnt/workspace/bcain_clang_bcain-
 ubuntu_23113/llvm/utils/release/final/llvm.src/projects/compiler-
 rt/lib/asan/asan_interceptors_memintrinsics.cc:26:3
     #1 0x3ca380f in av_samples_set_silence
 /ffmpeg6-1/libavutil/samplefmt.c:260:9
     #2 0x557dc9 in ff_default_get_audio_buffer
 /ffmpeg6-1/libavfilter/audio.c:102:5
     #3 0xc80c77 in filter_frame
 /ffmpeg6-1/libavfilter/af_aresample.c:188:21
     #4 0xc80c77 in activate /ffmpeg6-1/libavfilter/af_aresample.c:325:20
     #5 0x5d9e8a in ff_filter_activate
 /ffmpeg6-1/libavfilter/avfilter.c:1330:38
     #6 0x5e9a66 in get_frame_internal
 /ffmpeg6-1/libavfilter/buffersink.c:139:19
     #7 0x5e71f0 in avfilter_graph_request_oldest
 /ffmpeg6-1/libavfilter/avfiltergraph.c:1306:17
     #8 0x4f3801 in fg_transcode_step
 /ffmpeg6-1/fftools/ffmpeg_filter.c:2477:11
     #9 0x535127 in transcode_step /ffmpeg6-1/fftools/ffmpeg.c:1133:20
     #10 0x535127 in transcode /ffmpeg6-1/fftools/ffmpeg.c:1204:15
     #11 0x535127 in main /ffmpeg6-1/fftools/ffmpeg.c:1330:11
     #12 0x7ffff7c0d082 in __libc_start_main (/lib/x86_64-linux-
 gnu/libc.so.6+0x24082)
     #13 0x420b4d in _start (/ffmpeg6-1/ffmpeg_g+0x420b4d)

 0x62b00001c200 is located 0 bytes inside of 26880-byte region
 [0x62b00001c200,0x62b000022b00)
 allocated by thread T0 here:
     #0 0x4994e7 in posix_memalign /local/mnt/workspace/bcain_clang_bcain-
 ubuntu_23113/llvm/utils/release/final/llvm.src/projects/compiler-
 rt/lib/asan/asan_malloc_linux.cc:226:3
     #1 0x3c7b0cd in av_malloc /ffmpeg6-1/libavutil/mem.c:105:9
     #2 0x3c30b71 in av_buffer_alloc /ffmpeg6-1/libavutil/buffer.c:82:12
     #3 0x3c32f81 in pool_alloc_buffer /ffmpeg6-1/libavutil/buffer.c:363:26
     #4 0x3c32f81 in av_buffer_pool_get
 /ffmpeg6-1/libavutil/buffer.c:401:15
     #5 0x628496 in ff_frame_pool_get
 /ffmpeg6-1/libavfilter/framepool.c:260:29
     #6 0x557c75 in ff_default_get_audio_buffer
 /ffmpeg6-1/libavfilter/audio.c:85:13
     #7 0xc80c77 in filter_frame
 /ffmpeg6-1/libavfilter/af_aresample.c:188:21
     #8 0xc80c77 in activate /ffmpeg6-1/libavfilter/af_aresample.c:325:20
     #9 0x5d9e8a in ff_filter_activate
 /ffmpeg6-1/libavfilter/avfilter.c:1330:38
     #10 0x5e9a66 in get_frame_internal
 /ffmpeg6-1/libavfilter/buffersink.c:139:19
     #11 0x5e71f0 in avfilter_graph_request_oldest
 /ffmpeg6-1/libavfilter/avfiltergraph.c:1306:17

 SUMMARY: AddressSanitizer: negative-size-param /local/mnt/workspace
 /bcain_clang_bcain-ubuntu_23113/llvm/utils/release/final/llvm.src/projects
 /compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:26:3 in
 __asan_memset
 ==2197091==ABORTING
 }}}

 ffmpeg version:
 {{{
 # ./ffmpeg -version
 ffmpeg version n6.1-3-g466799d4f5 Copyright (c) 2000-2023 the FFmpeg
 developers
 built with clang version 9.0.0 (https://github.com/llvm-mirror/llvm
 c62b24f070c9a4bb1a76409e623042a740cac4cd)
 configuration: --cc=clang --cxx=clang++ --ld=clang --enable-debug
 --toolchain=clang-asan
 libavutil      58. 29.100 / 58. 29.100
 libavcodec     60. 31.102 / 60. 31.102
 libavformat    60. 16.100 / 60. 16.100
 libavdevice    60.  3.100 / 60.  3.100
 libavfilter     9. 12.100 /  9. 12.100
 libswscale      7.  5.100 /  7.  5.100
 libswresample   4. 12.100 /  4. 12.100
 }}}
 Credit:
 {{{
 Zeng Yunxiang
 }}}
 Thanks for your time!
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/10700>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

_______________________________________________
FFmpeg-trac mailing list
FFmpeg-trac@avcodec.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac

To unsubscribe, visit link above, or email
ffmpeg-trac-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-trac] #10700(avutil:new): negative-size-param bug at libavutil/samplefmt.c:260:9 in av_samples_set_silence in FFmpeg

Reply via email to