Crashes with buffer overflow. It happens with any CUE file I give. Does not seem related to the MP3 itself. Reproducible: Always Steps to Reproduce: 1. mp3splt -c some.cue some.mp3 -D Actual Results: mp3splt 2.6.2 (09/11/14) - using libmp3splt 0.9.2 Matteo Trotta <mtrotta AT users.sourceforge.net> Alexandru Munteanu <m AT ioalex.net> THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK! Searching for plugins ... Scanning plugins in the directory _/usr/lib64/libmp3splt0_ Looking at the file _libsplt_mp3.so.0.0.0_ Looking at the file _libsplt_ogg.so_ Looking at the file _libsplt_flac.so_ Looking at the file _libsplt_ogg.so.0_ Looking at the file _libsplt_flac.so.0_ Looking at the file _libsplt_mp3.so_ Looking at the file _libsplt_ogg.so.0.0.0_ Looking at the file _libsplt_flac.so.0.0.0_ Looking at the file _libsplt_mp3.so.0_ Checking if _/usr/lib64/libmp3splt0/libsplt_mp3.so.0_ is like _/usr/lib64/libmp3splt0/libsplt_ogg.so.0_ Checking if _/usr/lib64/libmp3splt0/libsplt_flac.so.0_ is like _/usr/lib64/libmp3splt0/libsplt_ogg.so.0_ Checking if _/usr/lib64/libmp3splt0/libsplt_flac.so.0_ is like _/usr/lib64/libmp3splt0/libsplt_mp3.so.0_ Scanning plugins in the directory _/home/tatsh/.libmp3splt_ Scanning plugins in the directory _./_ Trying to open the plugin _/usr/lib64/libmp3splt0/libsplt_ogg.so.0_ ... - success ! Trying to open the plugin _/usr/lib64/libmp3splt0/libsplt_mp3.so.0_ ... - success ! Trying to open the plugin _/usr/lib64/libmp3splt0/libsplt_flac.so.0_ ... - success ! Number of plugins found: _3_ plugin filename = _/usr/lib64/libmp3splt0/libsplt_ogg.so.0_ plugin name = _ogg vorbis (libvorbis)_ plugin version = _1.000000_ extension = _.ogg_ plugin filename = _/usr/lib64/libmp3splt0/libsplt_mp3.so.0_ plugin name = _mp3 (libmad)_ plugin version = _1.000000_ extension = _.mp3_ plugin filename = _/usr/lib64/libmp3splt0/libsplt_flac.so.0_ plugin name = _flac (libflac)_ plugin version = _1.000000_ extension = _.flac_ Setting silence log fname to _mp3splt.log_ Processing file 'some.mp3' ... Setting filename to split to _some.mp3_ reading informations from CUE file some.cue ... Artist: VA Album: A Appending splitpoint _(null)_ with value _0_ Splitpoint at _0_ is 0_ Splitpoint name at _0_ is _(null)_ Appending splitpoint _(null)_ with value _5116_ Splitpoint at _1_ is 5116_ Splitpoint name at _1_ is _(null)_ The output format is _@A - @n - @t_ *** buffer overflow detected ***: terminated Aborted (core dumped) Expected Results: Should not crash. Relevant source: https://sourceforge.net/p/mp3splt/code/HEAD/tree/mp3splt-project/trunk/libmp3splt/src/oformat_parser.c It happens with almost any snprintf() call, but mostly on line 865 and 612. It seems the buffer is just not large enough. I've verified that the CUE file is UTF-8 to make sure it's not an encoding issue. Rebuilding does not fix this. #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0; (ins)(gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007f37d13afb2f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007f37d13628d2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007f37d134c4ad in __GI_abort () at abort.c:79 #4 0x00007f37d134d3ee in __libc_message (fmt=fmt@entry=0x7f37d14ba2f4 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150 #5 0x00007f37d143e0a5 in __GI___fortify_fail (msg=msg@entry=0x7f37d14ba29a "buffer overflow detected") at fortify_fail.c:24 #6 0x00007f37d143ca20 in __GI___chk_fail () at chk_fail.c:28 #7 0x00007f37d143c5e5 in ___snprintf_chk (s=<optimized out>, maxlen=<optimized out>, flag=<optimized out>, slen=<optimized out>, format=<optimized out>) at snprintf_chk.c:29 #8 0x00007f37d151df0f in snprintf (__fmt=<optimized out>, __n=<optimized out>, __s=<optimized out>, __s=<optimized out>, __n=<optimized out>, __fmt=<optimized out>) at /usr/include/bits/stdio2.h:54 #9 splt_of_put_output_format_filename (state=0x563f37521030, current_split=<optimized out>) at /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/src/oformat_parser.c:614 #10 0x00007f37d1514a98 in splt_cc_put_filenames_from_tags (state=state@entry=0x563f37521030, tracks=tracks@entry=2, error=error@entry=0x7ffd99bfc274, all_tags=<optimized out>, only_set_name_if_null=only_set_name_if_null@entry=1, force_splitnumber_as_filenumber=force_splitnumber_as_filenumber@entry=0) at /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/src/cddb_cue_common.c:73 #11 0x00007f37d15158e3 in splt_cue_put_splitpoints (file=file@entry=0x563f37522b00 "some.cue", state=state@entry=0x563f37521030, error=error@entry=0x7ffd99bfc274) at /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/src/cue.c:573 #12 0x00007f37d1515d90 in mp3splt_import (state=state@entry=0x563f37521030, type=type@entry=CUE_IMPORT, file=file@entry=0x563f37522b00 "some.cue") at /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/src/mp3splt.c:1383 #13 0x0000563f3704860d in main (argc=<optimized out>, orig_argv=<optimized out>) at /var/tmp/portage/media-sound/mp3splt-2.6.2/work/mp3splt-2.6.2/src/mp3splt.c:790
it may be related to fortify_source 3, can you add your emerge --info and the build log of mp3splt ?
Can you give me a path to some sample data?
(In reply to Sam James from comment #2) > Can you give me a path to some sample data? You can use any MP3 file. Just name it some.mp3. PERFORMER "VA" TITLE "A" FILE "some.mp3" MP3 TRACK 01 AUDIO TITLE "Quit storm" PERFORMER "Bass D & Kin" INDEX 01 00:00:00 TRACK 02 AUDIO TITLE "Dstr" PERFORMER "Day-Mar" INDEX 01 00:51:12
emerge --info mp3splt Portage 3.0.51 (python 3.11.4-final-0, default/linux/amd64/17.1/desktop/plasma/systemd/merged-usr, gcc-13, glibc-2.37-r4, 6.4.11-gentoo-limelight x86_64) ================================================================= System Settings ================================================================= System uname: Linux-6.4.11-gentoo-limelight-x86_64-11th_Gen_Intel-R-_Core-TM-_i9-11900K_@_3.50GHz-with-glibc2.37 KiB Mem: 65708260 total, 919980 free KiB Swap: 0 total, 0 free Timestamp of repository gentoo: Mon, 21 Aug 2023 03:01:42 +0000 Head commit of repository gentoo: 02bf7ce4ef52cc0a1a970facf67993b67ea9ce0d Timestamp of repository brave-overlay: Fri, 18 Aug 2023 01:47:59 +0000 Head commit of repository brave-overlay: 850542054d34040a5dab0bce04f993cb69608dc6 Head commit of repository guru: 61fa0e6d172f8855d5a757f82cd0cd8d37db7828 Timestamp of repository menelkir: Sat, 19 Aug 2023 18:32:20 +0000 Head commit of repository menelkir: 96d3cb342983b11901103c9af254c50a24402c8e Timestamp of repository pentoo: Mon, 21 Aug 2023 01:16:34 +0000 Head commit of repository pentoo: 382b2e3be21f8cbd961ac3c2975c7bea1971bec5 Timestamp of repository steam-overlay: Sat, 19 Aug 2023 18:32:11 +0000 Head commit of repository steam-overlay: 40e05f6af8a449f2661c36afb2c134075134d1b3 Head commit of repository tatsh-overlay: 42d9ab420b5a613b5bddb00594bbfcf366933489 sh bash 5.2_p15-r6 ld GNU ld (Gentoo 2.41 p2) 2.41.0 app-misc/pax-utils: 1.3.7::gentoo app-shells/bash: 5.2_p15-r6::gentoo dev-java/java-config: 2.3.1-r1::gentoo dev-lang/perl: 5.38.0-r1::gentoo dev-lang/python: 3.10.12::gentoo, 3.11.4::gentoo, 3.12.0_rc1_p3::gentoo dev-lang/rust: 1.71.1::gentoo dev-util/cmake: 3.27.3-r1::gentoo dev-util/meson: 1.2.1-r1::gentoo sys-apps/baselayout: 2.14::gentoo sys-apps/sandbox: 2.38::gentoo sys-apps/systemd: 254.1-r1::gentoo sys-devel/autoconf: 2.13-r8::gentoo, 2.71-r7::gentoo sys-devel/automake: 1.16.5-r1::gentoo sys-devel/binutils: 2.41-r1::gentoo sys-devel/binutils-config: 5.5::gentoo sys-devel/clang: 15.0.7-r3::gentoo, 16.0.6::gentoo sys-devel/gcc: 13.2.0::gentoo sys-devel/gcc-config: 2.11::gentoo sys-devel/libtool: 2.4.7-r1::gentoo sys-devel/lld: 16.0.6::gentoo sys-devel/llvm: 14.0.6-r4::gentoo, 15.0.7-r3::gentoo, 16.0.6::gentoo sys-devel/make: 4.4.1-r1::gentoo sys-kernel/linux-headers: 6.4::gentoo (virtual/os-headers) sys-libs/glibc: 2.37-r4::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: git sync-uri: https://anongit.gentoo.org/git/repo/sync/gentoo.git priority: -1000 volatile: False sync-git-verify-commit-signature: no brave-overlay location: /var/db/repos/brave-overlay sync-type: git sync-uri: https://github.com/gentoo-mirror/brave-overlay.git masters: gentoo volatile: False crossdev location: /var/db/repos/crossdev masters: gentoo volatile: False guru location: /var/db/repos/guru sync-type: git sync-uri: git+ssh://git@git.gentoo.org/repo/proj/guru.git masters: gentoo volatile: False sync-git-verify-commit-signature: no menelkir location: /var/db/repos/menelkir sync-type: git sync-uri: https://github.com/gentoo-mirror/menelkir.git masters: gentoo volatile: False pentoo location: /var/db/repos/pentoo sync-type: git sync-uri: https://github.com/gentoo-mirror/pentoo.git masters: gentoo volatile: False steam-overlay location: /var/db/repos/steam-overlay sync-type: git sync-uri: https://github.com/gentoo-mirror/steam-overlay.git masters: gentoo volatile: False tatsh-overlay location: /var/db/repos/tatsh sync-type: git sync-uri: https://github.com/Tatsh/tatsh-overlay.git masters: gentoo volatile: False sync-git-verify-commit-signature: no Installed sets: @admin, @android, @bashcomp, @cdr, @charles, @chrome, @cups, @dbeaver, @emulators, @exfat, @firefox, @fonts, @gimp, @git, @haskell, @i3, @ibus, @kde, @kernel, @kodi, @libimobiledevice, @libreoffice, @media, @misc, @mlocate, @mupen64plus, @nfs, @pass, @portage-utilities, @python, @qemu, @rar, @retroarch, @sm64, @steam, @stepmania, @thunderbird, @tmux, @vim, @virtualbox, @vscode, @wine, @x11, @xirvik-vpn, @yt-dlp ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -flto=auto -ggdb -march=native -mtune=native -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -flto=auto -ggdb -march=native -mtune=native -pipe" DISTDIR="/var/cache/distfiles" EMERGE_DEFAULT_OPTS="--jobs 17 --load-average 17 --quiet-build=y --usepkg --verbose-conflicts --buildpkg-exclude 'acct-*/* app-arch/rar app-emulation/virtualbox-extpack-oracle app-emulation/virtualbox-modules */*-bin dev-util/intel-ocl-sdk games-util/steam-launcher kde-plasma/kwin media-fonts/* media-video/magewell-pro-capture media-video/makemkv net-im/ripcord sys-kernel/linux-firmware sys-kernel/*-sources virtual/* media-video/cxadc *-drivers/*'" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME" FCFLAGS="-O2 -flto=auto -ggdb -march=native -mtune=native -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg buildpkg-live clean-logs compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms splitdebug strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync warn-on-large-env xattr" FFLAGS="-O2 -flto=auto -ggdb -march=native -mtune=native -pipe" GENTOO_MIRRORS="http://gentoo.osuosl.org/ http://www.gtlib.gatech.edu/pub/gentoo https://mirrors.rit.edu/gentoo/" INSTALL_MASK="/boot/amd-uc.img /etc/avahi/services/sftp-ssh.service /etc/conf.d /etc/cron.daily /etc/cron.monthly /etc/cron.weekly /etc/dracut.conf /etc/grub.d /etc/init.d /etc/modules-load.d/ddccontrol-i2c-dev.conf /etc/xdg/menus/applications-merged/lsp-plugins.menu /etc/xdg/autostart/org.kde.plasma-welcome.desktop /usr/lib/modules-load.d/fwupd-msr.conf /usr/lib/modules-load.d/joycond.conf /usr/lib/rc" LANG="en_GB.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LEX="flex" LINGUAS="en en_GB en_US" MAKEOPTS="--jobs=17 --load-average=17" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" SHELL="/bin/bash" USE="X a52 aac aacs acl acpi activities aio alsa amd64 aptx avahi bash-completion bluetooth bluray branding bzip2 cairo cdda cddb cdio cdr cjk clang cli colord crypt cups curl dav1d dbus declarative dri dts dvb dvd dvdr egl encode exif faudio ffmpeg flac fluidsynth fortran gamepad gdbm gif gles2 gpm gsm gstreamer gui hardened heif hwaccel ibus iconv icu idn ipv6 jack jemalloc joystick jpeg jpeg2k kde kwallet lame lcms ldac libass libcaca libnotify libretro libtirpc lm-sensors lto lv2 lvm lz4 lzma mad man matroska mng mod modplug mp3 mp4 mpeg multilib ncurses nls nptl nvenc offensive ogg opencl opengl openmp opus pam pango pcre pdf pgo pipewire plasma png policykit ppds pulseaudio qml qt5 qt6 rar readline samba screencast sdl seccomp semantic-desktop snappy sound speex spell ssl startup-notification svg syslog system-av1 system-binutils system-boost system-bootloader system-cmark system-crontab system-ffmpeg system-harfbuzz system-heimdal system-info system-ipxe system-jpeg system-jsoncpp system-lcms system-leveldb system-libcxx system-libevent system-libs system-libvpx system-libyaml system-llvm system-lua system-lz4 system-mathjax system-mesa system-mitkrb5 system-numpy system-png system-python system-qemu system-seabios system-sqlite system-ssl system-tbb system-webp system-wfconfig system-wide system-wlroots system-zlib systemd taglib test-rust theora threads tiff tpm truetype twolame udev udisks unicode upower usb v4l vaapi vcd vdpau vim-syntax vlc vorbis vpx vulkan wavpack wayland webengine webp widgets wmf wxwidgets x264 x265 xattr xcb xft xinerama xml xpm xv xvid xxhash zeroconf zlib zstd" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 avx512f avx512dq avx512cd avx512bw avx512vl avx512vbmi f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev libinput joystick wacom" KERNEL="linux" L10N="en en-GB en-US" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" QEMU_SOFTMMU_TARGETS="ppc x86_64" RUBY_TARGETS="ruby31" VIDEO_CARDS="nvidia v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS ================================================================= Package Settings ================================================================= media-sound/mp3splt-2.6.2::gentoo was built with the following: USE="flac" ABI_X86="(64)"
Created attachment 868383 [details] build log
Created attachment 868384 [details] libmp3splt build log
When I build with -fsanitize=address -fsanitize=undefined (ASAN and UBSAN), it works where it would fail before. The output works fine too. This comes up every time, not affecting output: mp3.c:1393:45: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' There are memory leaks if the CUE file cannot be processed: mp3.c:1393:45: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' error: the splitpoints are not in order (69m33s75h, 0m0s0h) ================================================================= ==14613==ERROR: LeakSanitizer: detected memory leaks Direct leak of 28904 byte(s) in 1 object(s) allocated from: #0 0x7f9ccd4db907 in __interceptor_calloc /usr/src/debug/sys-devel/gcc-13.2.0/gcc-13.2.0/libsanitizer/asan/asan_malloc_linux.cpp:77 #1 0x7f9ccbea9ec8 in splt_mp3_info /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/plugins/mp3.c:1197 #2 0x7f9ccbea9ec8 in splt_mp3_get_info /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/plugins/mp3.c:1481 #3 0x7f9ccbead730 in splt_mp3_init /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/plugins/mp3.c:3379 Indirect leak of 2567 byte(s) in 1 object(s) allocated from: #0 0x7f9ccd4dbf3f in __interceptor_malloc /usr/src/debug/sys-devel/gcc-13.2.0/gcc-13.2.0/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f9ccd2213b9 in mad_layer_III /var/tmp/portage/media-libs/libmad-0.15.1b-r10/work/libmad-0.15.1b/layer3.c:2530
