#3152: Pointer overflow in libavcodec/mpegvideo.c
------------------------------------+-----------------------------------
Reporter: dtzWill | Owner:
Type: defect | Status: new
Priority: normal | Component: avcodec
Version: git-master | Resolution:
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
------------------------------------+-----------------------------------
Comment (by dtzWill):
No guarantee the operation won't eat your cat, unfortunately (undefined,
not implementation-defined). Note that indexing from NULL even in the
positive direction is also undefined despite not overflowing.
Unfortunately this is not purely an academic concern, compilers have been
known to take advantage of the assumption that pointer overflow cannot
occur (although I'm unsure of what optimization might be made here).
As an aside it looks like ff_update_block_index wraps s->dest[0] around
again, in case that's useful for devising a solution.
Hopefully these checks make it into -fsanitize=undefined soon to
facilitate finding and correcting these issues!
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/3152#comment:4>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
_______________________________________________
FFmpeg-trac mailing list
[email protected]
http://avcodec.org/mailman/listinfo/ffmpeg-trac
