[rub.de/17] Assertion failure in `date_Increment` (multiple code paths)

Ref:

Issue from rub.de: bug may be publicly disclosed on Tuesday, April 29, 2025.

Invalid WAV and VOC inputs can trigger the p_date->i_remainder < 2*p_date->i_divider_num assertion in date_Increment in src/misc/mtime.c.

xeon ~/work/git/vlc/build-asan $ gdb --args ./test/vlc-demux-dec-run /home/tom/Downloads/reproducer-wav.wav 
GNU gdb (Debian 15.2-1) 15.2
Copyright (C) 2024 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./test/vlc-demux-dec-run...
(gdb) r
Starting program: /home/tom/work/git/vlc/build-asan/test/vlc-demux-dec-run /home/tom/Downloads/reproducer-wav.wav
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[adpcm_ms @ 0x51900003bb80] Invalid sample rate: -16777147
vlc-demux-dec-run: ../../src/misc/mtime.c:102: date_Increment: Assertion `p_date->i_remainder < 2*p_date->i_divider_num' failed.

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, 
    no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
warning: 44	./nptl/pthread_kill.c: No such file or directory
(gdb) bt
#0  __pthread_kill_implementation
    (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0)
    at ./nptl/pthread_kill.c:44
#1  0x00007ffff709dcef in __pthread_kill_internal (threadid=<optimized out>, signo=6)
    at ./nptl/pthread_kill.c:78
#2  0x00007ffff7049c42 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff70324f0 in __GI_abort () at ./stdlib/abort.c:79
#4  0x00007ffff7032418 in __assert_fail_base
    (fmt=0x7ffff71b6ca0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7ffff74b07c0 "p_date->i_remainder < 2*p_date->i_divider_num", file=file@entry=0x7ffff74b0740 "../../src/misc/mtime.c", line=line@entry=102, function=function@entry=0x7ffff74b08c0 <__PRETTY_FUNCTION__.1> "date_Increment") at ./assert/assert.c:94
#5  0x00007ffff7042552 in __assert_fail
    (assertion=assertion@entry=0x7ffff74b07c0 "p_date->i_remainder < 2*p_date->i_divider_num", file=file@entry=0x7ffff74b0740 "../../src/misc/mtime.c", line=line@entry=102, function=function@entry=0x7ffff74b08c0 <__PRETTY_FUNCTION__.1> "date_Increment")
    at ./assert/assert.c:103
#6  0x00007ffff73f5572 in date_Increment
    (p_date=p_date@entry=0x5120000029c8, i_nb_samples=i_nb_samples@entry=21157462)
    at ../../src/misc/mtime.c:102
#7  0x00007ffff4b18a49 in Demux (p_demux=0x511000007480) at ../../modules/demux/wav.c:132
#8  0x00007ffff7319c46 in demux_Demux (demux=demux@entry=0x511000007480)
    at ../../src/input/demux.c:223
#9  0x00005555555583aa in demux_process_stream
    (args=args@entry=0x7ffff4d00020, s=s@entry=0x511000006bc0)
    at ../../test/src/input/demux-run.c:306
#10 0x0000555555558669 in vlc_demux_process_url
    (args=args@entry=0x7ffff4d00020, url=url@entry=0x504000000010 "file:///home/tom/Downloads/reproducer-wav.wav") at ../../test/src/input/demux-run.c:348
#11 0x0000555555558708 in vlc_demux_process_path
    (args=args@entry=0x7ffff4d00020, path=0x7fffffffde6f "/home/tom/Downloads/reproducer-wav.wav") at ../../test/src/input/demux-run.c:362
#12 0x000055555555755a in main (argc=2, argv=0x7fffffffda08)
    at ../../test/vlc-demux-run.c:50

xeon ~/work/git/vlc/build-asan $ gdb --args ./test/vlc-demux-dec-run /home/tom/Downloads/reproducer-voc.voc 
GNU gdb (Debian 15.2-1) 15.2
Copyright (C) 2024 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./test/vlc-demux-dec-run...
(gdb) r
Starting program: /home/tom/work/git/vlc/build-asan/test/vlc-demux-dec-run /home/tom/Downloads/reproducer-voc.voc
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[pcm_u8 @ 0x51900003cf80] Invalid sample rate: -16771630
vlc-demux-dec-run: ../../src/misc/mtime.c:102: date_Increment: Assertion `p_date->i_remainder < 2*p_date->i_divider_num' failed.

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, 
    no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
warning: 44	./nptl/pthread_kill.c: No such file or directory
(gdb) bt
#0  __pthread_kill_implementation
    (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0)
    at ./nptl/pthread_kill.c:44
#1  0x00007ffff709dcef in __pthread_kill_internal (threadid=<optimized out>, signo=6)
    at ./nptl/pthread_kill.c:78
#2  0x00007ffff7049c42 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff70324f0 in __GI_abort () at ./stdlib/abort.c:79
#4  0x00007ffff7032418 in __assert_fail_base
    (fmt=0x7ffff71b6ca0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7ffff74b07c0 "p_date->i_remainder < 2*p_date->i_divider_num", file=file@entry=0x7ffff74b0740 "../../src/misc/mtime.c", line=line@entry=102, function=function@entry=0x7ffff74b08c0 <__PRETTY_FUNCTION__.1> "date_Increment") at ./assert/assert.c:94
#5  0x00007ffff7042552 in __assert_fail
    (assertion=assertion@entry=0x7ffff74b07c0 "p_date->i_remainder < 2*p_date->i_divider_num", file=file@entry=0x7ffff74b0740 "../../src/misc/mtime.c", line=line@entry=102, function=function@entry=0x7ffff74b08c0 <__PRETTY_FUNCTION__.1> "date_Increment")
    at ./assert/assert.c:103
#6  0x00007ffff73f5572 in date_Increment
    (p_date=p_date@entry=0x512000003460, i_nb_samples=<optimized out>)
    at ../../src/misc/mtime.c:102
#7  0x00007ffff4706b85 in Demux (p_demux=0x511000007480) at ../../modules/demux/voc.c:518
#8  0x00007ffff7319c46 in demux_Demux (demux=demux@entry=0x511000007480)
    at ../../src/input/demux.c:223
#9  0x00005555555583aa in demux_process_stream
    (args=args@entry=0x7ffff4d00020, s=s@entry=0x511000006bc0)
    at ../../test/src/input/demux-run.c:306
#10 0x0000555555558669 in vlc_demux_process_url
    (args=args@entry=0x7ffff4d00020, url=url@entry=0x504000000010 "file:///home/tom/Downloads/reproducer-voc.voc") at ../../test/src/input/demux-run.c:348
#11 0x0000555555558708 in vlc_demux_process_path
    (args=args@entry=0x7ffff4d00020, path=0x7fffffffde6f "/home/tom/Downloads/reproducer-voc.voc") at ../../test/src/input/demux-run.c:362
#12 0x000055555555755a in main (argc=2, argv=0x7fffffffda08)
    at ../../test/vlc-demux-run.c:50

Sample:

Edited Jul 24, 2025 by Thomas Guillem

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information