[FFmpeg-devel] [PATCH] avcodec/golomb: Mask shift amount before use in get_ue_golomb()
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Fri Dec 4 22:28:35 CET 2015
On 03.12.2015 23:09, Michael Niedermayer wrote:
> From: Michael Niedermayer <michael at niedermayer.cc>
>
> Fixes undefined behavior
> Fixes: mozilla bug 1229208
> Fixes: fbeb8b2c7c996e9b91c6b1af319d7ebc/asan_heap-oob_195450f_2743_e8856ece4579ea486670be2b236099a0.bit
>
> Found-by: Tyson Smith
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/golomb.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h
> index d30bb6b..323665d 100644
> --- a/libavcodec/golomb.h
> +++ b/libavcodec/golomb.h
> @@ -72,7 +72,7 @@ static inline int get_ue_golomb(GetBitContext *gb)
> av_log(NULL, AV_LOG_ERROR, "Invalid UE golomb code\n");
> return AVERROR_INVALIDDATA;
> }
> - buf >>= log;
> + buf >>= log & 31;
> buf--;
>
> return buf;
>
While that certainly fixes the undefined behavior, I'm wondering what's the relation
to commit fd165ac. In other words, why not just remove the CONFIG_FTRAPV from
the error check above?
Also, if you are interested in fixing such undefined behavior, I have lots of
fuzzed samples triggering ubsan all over the place...
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list