-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue 66056: openh264:decoder_fuzzer: Integer-overflow in WelsDec::ParseSliceHeaderSyntaxs #3745
Comments
Could you please let me know how to reproduce the issues? |
@tyan0 you can refer to https://google.github.io/oss-fuzz/advanced-topics/reproducing/ |
Reproducer Testcase: |
As for #3745, the code in decoder_core.cpp expects that the arithmetic overflow in int32_t results into wrapped-around result. Oss-fuzz complains about that. C/C++ standard states the overflowed result is undefined for signed integer. The following patch fixes the issue. However, it does not seem smart enough and is difficult to read the intent.
|
So this is a false positive, right? @tyan0 |
No, it is not. Current code works as expected on the most systems (where two's complement is used for negative value) with gcc. However, C++ standard inhibit expecting the certain result on overflow on signed integer (the result is UNDEFINED). Therefore, in some systems (https://stackoverflow.com/questions/12276957/are-there-any-non-twos-complement-implementations-of-c), the code does not work as expected. So, the current code is not portable. It depends on system. I am not sure if openh264 should be portable even for such systems. |
i also think not need to modify this code, 2 reasons: 1. if modify it, it will cause the code more hard understand. 2. msb and lsb are hard to exceed int32_t in actually. |
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66056&q=label%3AProj-openh264&can=2
The text was updated successfully, but these errors were encountered: