[oss-fuzz 6378868877623296] Integer-overflow · h264_decode_sps
Ref:
xeon ~/work/git/vlc-security-tools $ UBSAN_OPTIONS=print_stacktrace=1:halt_on_error=1:exitcode=42 /home/tom/work/git/vlc-3.0/build-ubsan-sec-fixed/test/vlc-demux-dec-run /home/tom/Downloads/clusterfuz*
../../modules/packetizer/h264_nal.c:328:61: runtime error: signed integer overflow: 2147483618 + 256 cannot be represented in type 'int'
#0 0x7f753e23027b in h264_parse_sequence_parameter_set_rbsp ../../modules/packetizer/h264_nal.c:328
#1 0x7f753e23246c in h264_decode_sps ../../modules/packetizer/h264_nal.c:649
#2 0x7f753e23dac9 in PutSPS ../../modules/packetizer/h264.c:1105
#3 0x7f753e2464a9 in ParseNALBlock ../../modules/packetizer/h264.c:723
#4 0x7f753e246bd5 in PacketizeParse ../../modules/packetizer/h264.c:598
#5 0x7f753e23fbae in packetizer_PacketizeBlock ../../modules/packetizer/packetizer_helper.h:208
#6 0x7f753e2401ca in packetizer_Packetize ../../modules/packetizer/packetizer_helper.h:241
#7 0x7f753e24347e in packetizer_Header ../../modules/packetizer/packetizer_helper.h:269
#8 0x7f753e2447bc in Open ../../modules/packetizer/h264.c:462
#9 0x7f753f94c418 in generic_start ../../src/modules/modules.c:357
#10 0x7f753f94c537 in module_load ../../src/modules/modules.c:183
#11 0x7f753f94d06b in vlc_module_load ../../src/modules/modules.c:280
#12 0x7f753f94d482 in module_need ../../src/modules/modules.c:372
#13 0x5637e0be0005 in decoder_load ../../test/src/input/decoder.c:110
#14 0x5637e0be02dd in test_decoder_create ../../test/src/input/decoder.c:171
#15 0x5637e0bded8b in EsOutAdd ../../test/src/input/demux-run.c:80
#16 0x7f753e9c1803 in es_out_Add ../../include/vlc_es_out.h:125
#17 0x7f753e9d676b in Open ../../modules/demux/avi/avi.c:851
#18 0x7f753f996359 in demux_Probe ../../src/input/demux.c:191
#19 0x7f753f94c537 in module_load ../../src/modules/modules.c:183
#20 0x7f753f94d06b in vlc_module_load ../../src/modules/modules.c:280
#21 0x7f753f996b30 in demux_NewAdvanced ../../src/input/demux.c:264
#22 0x7f753f996ff5 in demux_New ../../src/input/demux.c:148
#23 0x5637e0bdf2e5 in demux_process_stream ../../test/src/input/demux-run.c:272
#24 0x5637e0bdf4bf in vlc_demux_process_url ../../test/src/input/demux-run.c:326
#25 0x5637e0bdf551 in vlc_demux_process_path ../../test/src/input/demux-run.c:340
#26 0x5637e0bde443 in main ../../test/vlc-demux-run.c:50
#27 0x7f753ee33ca7 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#28 0x7f753ee33d64 in __libc_start_main_impl ../csu/libc-start.c:360
#29 0x5637e0bde2d0 in _start (/home/tom/work/git/vlc-3.0/build-ubsan-sec-fixed/test/vlc-demux-dec-run+0x32d0) (BuildId: 25b4ee7be975cfeb80d40541113bd564507aee73)Samples: