Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 912698 - media-sound/mp3splt: buffer overflow
Summary: media-sound/mp3splt: buffer overflow
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Sound Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-08-21 05:14 UTC by Andrew Udvare
Modified: 2023-08-29 05:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
build log (build.log,17.78 KB, text/x-log)
2023-08-21 19:15 UTC, Andrew Udvare
Details
libmp3splt build log (build.log,75.69 KB, text/x-log)
2023-08-21 19:18 UTC, Andrew Udvare
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Udvare 2023-08-21 05:14:23 UTC
Crashes with buffer overflow. It happens with any CUE file I give. Does not seem related to the MP3 itself.

Reproducible: Always

Steps to Reproduce:
1. mp3splt -c some.cue some.mp3 -D
Actual Results:  
mp3splt 2.6.2 (09/11/14) - using libmp3splt 0.9.2
        Matteo Trotta <mtrotta AT users.sourceforge.net>
        Alexandru Munteanu <m AT ioalex.net>
THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK!

Searching for plugins ...
Scanning plugins in the directory _/usr/lib64/libmp3splt0_
Looking at the file _libsplt_mp3.so.0.0.0_

Looking at the file _libsplt_ogg.so_

Looking at the file _libsplt_flac.so_

Looking at the file _libsplt_ogg.so.0_

Looking at the file _libsplt_flac.so.0_

Looking at the file _libsplt_mp3.so_

Looking at the file _libsplt_ogg.so.0.0.0_

Looking at the file _libsplt_flac.so.0.0.0_

Looking at the file _libsplt_mp3.so.0_

Checking if _/usr/lib64/libmp3splt0/libsplt_mp3.so.0_ is like _/usr/lib64/libmp3splt0/libsplt_ogg.so.0_
Checking if _/usr/lib64/libmp3splt0/libsplt_flac.so.0_ is like _/usr/lib64/libmp3splt0/libsplt_ogg.so.0_
Checking if _/usr/lib64/libmp3splt0/libsplt_flac.so.0_ is like _/usr/lib64/libmp3splt0/libsplt_mp3.so.0_
Scanning plugins in the directory _/home/tatsh/.libmp3splt_
Scanning plugins in the directory _./_

Trying to open the plugin _/usr/lib64/libmp3splt0/libsplt_ogg.so.0_ ...
 - success !

Trying to open the plugin _/usr/lib64/libmp3splt0/libsplt_mp3.so.0_ ...
 - success !

Trying to open the plugin _/usr/lib64/libmp3splt0/libsplt_flac.so.0_ ...
 - success !

Number of plugins found: _3_
plugin filename = _/usr/lib64/libmp3splt0/libsplt_ogg.so.0_
plugin name = _ogg vorbis (libvorbis)_
plugin version = _1.000000_
extension = _.ogg_

plugin filename = _/usr/lib64/libmp3splt0/libsplt_mp3.so.0_
plugin name = _mp3 (libmad)_
plugin version = _1.000000_
extension = _.mp3_

plugin filename = _/usr/lib64/libmp3splt0/libsplt_flac.so.0_
plugin name = _flac (libflac)_
plugin version = _1.000000_
extension = _.flac_

Setting silence log fname to _mp3splt.log_
 Processing file 'some.mp3' ...
Setting filename to split to _some.mp3_
 reading informations from CUE file some.cue ...

  Artist: VA
  Album: A
Appending splitpoint _(null)_ with value _0_
Splitpoint at _0_ is 0_
Splitpoint name at _0_ is _(null)_
Appending splitpoint _(null)_ with value _5116_
Splitpoint at _1_ is 5116_
Splitpoint name at _1_ is _(null)_
The output format is _@A - @n - @t_
*** buffer overflow detected ***: terminated
Aborted (core dumped)

Expected Results:  
Should not crash.

Relevant source: https://sourceforge.net/p/mp3splt/code/HEAD/tree/mp3splt-project/trunk/libmp3splt/src/oformat_parser.c

It happens with almost any snprintf() call, but mostly on line 865 and 612. It seems the buffer is just not large enough.

I've verified that the CUE file is UTF-8 to make sure it's not an encoding issue.

Rebuilding does not fix this.


#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44            return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
(ins)(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007f37d13afb2f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f37d13628d2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007f37d134c4ad in __GI_abort () at abort.c:79
#4  0x00007f37d134d3ee in __libc_message (fmt=fmt@entry=0x7f37d14ba2f4 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:150
#5  0x00007f37d143e0a5 in __GI___fortify_fail (msg=msg@entry=0x7f37d14ba29a "buffer overflow detected") at fortify_fail.c:24
#6  0x00007f37d143ca20 in __GI___chk_fail () at chk_fail.c:28
#7  0x00007f37d143c5e5 in ___snprintf_chk (s=<optimized out>, maxlen=<optimized out>, flag=<optimized out>, slen=<optimized out>, format=<optimized out>) at snprintf_chk.c:29
#8  0x00007f37d151df0f in snprintf (__fmt=<optimized out>, __n=<optimized out>, __s=<optimized out>, __s=<optimized out>, __n=<optimized out>, __fmt=<optimized out>) at /usr/include/bits/stdio2.h:54
#9  splt_of_put_output_format_filename (state=0x563f37521030, current_split=<optimized out>) at /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/src/oformat_parser.c:614
#10 0x00007f37d1514a98 in splt_cc_put_filenames_from_tags (state=state@entry=0x563f37521030, tracks=tracks@entry=2, error=error@entry=0x7ffd99bfc274, all_tags=<optimized out>,
    only_set_name_if_null=only_set_name_if_null@entry=1, force_splitnumber_as_filenumber=force_splitnumber_as_filenumber@entry=0)
    at /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/src/cddb_cue_common.c:73
#11 0x00007f37d15158e3 in splt_cue_put_splitpoints (file=file@entry=0x563f37522b00 "some.cue", state=state@entry=0x563f37521030, error=error@entry=0x7ffd99bfc274)
    at /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/src/cue.c:573
#12 0x00007f37d1515d90 in mp3splt_import (state=state@entry=0x563f37521030, type=type@entry=CUE_IMPORT, file=file@entry=0x563f37522b00 "some.cue")
    at /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/src/mp3splt.c:1383
#13 0x0000563f3704860d in main (argc=<optimized out>, orig_argv=<optimized out>) at /var/tmp/portage/media-sound/mp3splt-2.6.2/work/mp3splt-2.6.2/src/mp3splt.c:790
Comment 1 Agostino Sarubbo gentoo-dev 2023-08-21 08:40:09 UTC
it may be related to fortify_source 3, can you add your emerge --info and the build log of mp3splt ?
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-08-21 08:42:25 UTC
Can you give me a path to some sample data?
Comment 3 Andrew Udvare 2023-08-21 19:10:04 UTC
(In reply to Sam James from comment #2)
> Can you give me a path to some sample data?

You can use any MP3 file. Just name it some.mp3.

PERFORMER "VA"
TITLE "A"
FILE "some.mp3" MP3
  TRACK 01 AUDIO
    TITLE "Quit storm"
    PERFORMER "Bass D & Kin"
    INDEX 01 00:00:00
  TRACK 02 AUDIO
    TITLE "Dstr"
    PERFORMER "Day-Mar"
    INDEX 01 00:51:12
Comment 4 Andrew Udvare 2023-08-21 19:11:00 UTC
emerge --info mp3splt

Portage 3.0.51 (python 3.11.4-final-0, default/linux/amd64/17.1/desktop/plasma/systemd/merged-usr, gcc-13, glibc-2.37-r4, 6.4.11-gentoo-limelight x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-6.4.11-gentoo-limelight-x86_64-11th_Gen_Intel-R-_Core-TM-_i9-11900K_@_3.50GHz-with-glibc2.37
KiB Mem:    65708260 total,    919980 free
KiB Swap:          0 total,         0 free
Timestamp of repository gentoo: Mon, 21 Aug 2023 03:01:42 +0000
Head commit of repository gentoo: 02bf7ce4ef52cc0a1a970facf67993b67ea9ce0d

Timestamp of repository brave-overlay: Fri, 18 Aug 2023 01:47:59 +0000
Head commit of repository brave-overlay: 850542054d34040a5dab0bce04f993cb69608dc6

Head commit of repository guru: 61fa0e6d172f8855d5a757f82cd0cd8d37db7828

Timestamp of repository menelkir: Sat, 19 Aug 2023 18:32:20 +0000
Head commit of repository menelkir: 96d3cb342983b11901103c9af254c50a24402c8e

Timestamp of repository pentoo: Mon, 21 Aug 2023 01:16:34 +0000
Head commit of repository pentoo: 382b2e3be21f8cbd961ac3c2975c7bea1971bec5

Timestamp of repository steam-overlay: Sat, 19 Aug 2023 18:32:11 +0000
Head commit of repository steam-overlay: 40e05f6af8a449f2661c36afb2c134075134d1b3

Head commit of repository tatsh-overlay: 42d9ab420b5a613b5bddb00594bbfcf366933489

sh bash 5.2_p15-r6
ld GNU ld (Gentoo 2.41 p2) 2.41.0
app-misc/pax-utils:        1.3.7::gentoo
app-shells/bash:           5.2_p15-r6::gentoo
dev-java/java-config:      2.3.1-r1::gentoo
dev-lang/perl:             5.38.0-r1::gentoo
dev-lang/python:           3.10.12::gentoo, 3.11.4::gentoo, 3.12.0_rc1_p3::gentoo
dev-lang/rust:             1.71.1::gentoo
dev-util/cmake:            3.27.3-r1::gentoo
dev-util/meson:            1.2.1-r1::gentoo
sys-apps/baselayout:       2.14::gentoo
sys-apps/sandbox:          2.38::gentoo
sys-apps/systemd:          254.1-r1::gentoo
sys-devel/autoconf:        2.13-r8::gentoo, 2.71-r7::gentoo
sys-devel/automake:        1.16.5-r1::gentoo
sys-devel/binutils:        2.41-r1::gentoo
sys-devel/binutils-config: 5.5::gentoo
sys-devel/clang:           15.0.7-r3::gentoo, 16.0.6::gentoo
sys-devel/gcc:             13.2.0::gentoo
sys-devel/gcc-config:      2.11::gentoo
sys-devel/libtool:         2.4.7-r1::gentoo
sys-devel/lld:             16.0.6::gentoo
sys-devel/llvm:            14.0.6-r4::gentoo, 15.0.7-r3::gentoo, 16.0.6::gentoo
sys-devel/make:            4.4.1-r1::gentoo
sys-kernel/linux-headers:  6.4::gentoo (virtual/os-headers)
sys-libs/glibc:            2.37-r4::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: git
    sync-uri: https://anongit.gentoo.org/git/repo/sync/gentoo.git
    priority: -1000
    volatile: False
    sync-git-verify-commit-signature: no

brave-overlay
    location: /var/db/repos/brave-overlay
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/brave-overlay.git
    masters: gentoo
    volatile: False

crossdev
    location: /var/db/repos/crossdev
    masters: gentoo
    volatile: False

guru
    location: /var/db/repos/guru
    sync-type: git
    sync-uri: git+ssh://git@git.gentoo.org/repo/proj/guru.git
    masters: gentoo
    volatile: False
    sync-git-verify-commit-signature: no

menelkir
    location: /var/db/repos/menelkir
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/menelkir.git
    masters: gentoo
    volatile: False

pentoo
    location: /var/db/repos/pentoo
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/pentoo.git
    masters: gentoo
    volatile: False

steam-overlay
    location: /var/db/repos/steam-overlay
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/steam-overlay.git
    masters: gentoo
    volatile: False

tatsh-overlay
    location: /var/db/repos/tatsh
    sync-type: git
    sync-uri: https://github.com/Tatsh/tatsh-overlay.git
    masters: gentoo
    volatile: False
    sync-git-verify-commit-signature: no

Installed sets: @admin, @android, @bashcomp, @cdr, @charles, @chrome, @cups, @dbeaver, @emulators, @exfat, @firefox, @fonts, @gimp, @git, @haskell, @i3, @ibus, @kde, @kernel, @kodi, @libimobiledevice, @libreoffice, @media, @misc, @mlocate, @mupen64plus, @nfs, @pass, @portage-utilities, @python, @qemu, @rar, @retroarch, @sm64, @steam, @stepmania, @thunderbird, @tmux, @vim, @virtualbox, @vscode, @wine, @x11, @xirvik-vpn, @yt-dlp
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -flto=auto -ggdb -march=native -mtune=native -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -flto=auto -ggdb -march=native -mtune=native -pipe"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--jobs 17 --load-average 17 --quiet-build=y --usepkg --verbose-conflicts --buildpkg-exclude 'acct-*/* app-arch/rar app-emulation/virtualbox-extpack-oracle app-emulation/virtualbox-modules */*-bin dev-util/intel-ocl-sdk games-util/steam-launcher kde-plasma/kwin media-fonts/* media-video/magewell-pro-capture media-video/makemkv net-im/ripcord sys-kernel/linux-firmware sys-kernel/*-sources virtual/* media-video/cxadc *-drivers/*'"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-O2 -flto=auto -ggdb -march=native -mtune=native -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg buildpkg-live clean-logs compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms splitdebug strict strict-keepdir unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync warn-on-large-env xattr"
FFLAGS="-O2 -flto=auto -ggdb -march=native -mtune=native -pipe"
GENTOO_MIRRORS="http://gentoo.osuosl.org/  http://www.gtlib.gatech.edu/pub/gentoo https://mirrors.rit.edu/gentoo/"
INSTALL_MASK="/boot/amd-uc.img /etc/avahi/services/sftp-ssh.service /etc/conf.d /etc/cron.daily /etc/cron.monthly /etc/cron.weekly /etc/dracut.conf /etc/grub.d /etc/init.d /etc/modules-load.d/ddccontrol-i2c-dev.conf /etc/xdg/menus/applications-merged/lsp-plugins.menu /etc/xdg/autostart/org.kde.plasma-welcome.desktop /usr/lib/modules-load.d/fwupd-msr.conf /usr/lib/modules-load.d/joycond.conf /usr/lib/rc"
LANG="en_GB.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LEX="flex"
LINGUAS="en en_GB en_US"
MAKEOPTS="--jobs=17 --load-average=17"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/bash"
USE="X a52 aac aacs acl acpi activities aio alsa amd64 aptx avahi bash-completion bluetooth bluray branding bzip2 cairo cdda cddb cdio cdr cjk clang cli colord crypt cups curl dav1d dbus declarative dri dts dvb dvd dvdr egl encode exif faudio ffmpeg flac fluidsynth fortran gamepad gdbm gif gles2 gpm gsm gstreamer gui hardened heif hwaccel ibus iconv icu idn ipv6 jack jemalloc joystick jpeg jpeg2k kde kwallet lame lcms ldac libass libcaca libnotify libretro libtirpc lm-sensors lto lv2 lvm lz4 lzma mad man matroska mng mod modplug mp3 mp4 mpeg multilib ncurses nls nptl nvenc offensive ogg opencl opengl openmp opus pam pango pcre pdf pgo pipewire plasma png policykit ppds pulseaudio qml qt5 qt6 rar readline samba screencast sdl seccomp semantic-desktop snappy sound speex spell ssl startup-notification svg syslog system-av1 system-binutils system-boost system-bootloader system-cmark system-crontab system-ffmpeg system-harfbuzz system-heimdal system-info system-ipxe system-jpeg system-jsoncpp system-lcms system-leveldb system-libcxx system-libevent system-libs system-libvpx system-libyaml system-llvm system-lua system-lz4 system-mathjax system-mesa system-mitkrb5 system-numpy system-png system-python system-qemu system-seabios system-sqlite system-ssl system-tbb system-webp system-wfconfig system-wide system-wlroots system-zlib systemd taglib test-rust theora threads tiff tpm truetype twolame udev udisks unicode upower usb v4l vaapi vcd vdpau vim-syntax vlc vorbis vpx vulkan wavpack wayland webengine webp widgets wmf wxwidgets x264 x265 xattr xcb xft xinerama xml xpm xv xvid xxhash zeroconf zlib zstd" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 avx512f avx512dq avx512cd avx512bw avx512vl avx512vbmi f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev libinput joystick wacom" KERNEL="linux" L10N="en en-GB en-US" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" QEMU_SOFTMMU_TARGETS="ppc x86_64" RUBY_TARGETS="ruby31" VIDEO_CARDS="nvidia v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS

=================================================================
                        Package Settings
=================================================================

media-sound/mp3splt-2.6.2::gentoo was built with the following:
USE="flac" ABI_X86="(64)"
Comment 5 Andrew Udvare 2023-08-21 19:15:56 UTC
Created attachment 868383 [details]
build log
Comment 6 Andrew Udvare 2023-08-21 19:18:05 UTC
Created attachment 868384 [details]
libmp3splt build log
Comment 7 Andrew Udvare 2023-08-21 19:37:27 UTC
When I build with -fsanitize=address -fsanitize=undefined (ASAN and UBSAN), it works where it would fail before. The output works fine too.

This comes up every time, not affecting output:

mp3.c:1393:45: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'

There are memory leaks if the CUE file cannot be processed:

mp3.c:1393:45: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
 error: the splitpoints are not in order (69m33s75h, 0m0s0h)

=================================================================
==14613==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 28904 byte(s) in 1 object(s) allocated from:
    #0 0x7f9ccd4db907 in __interceptor_calloc /usr/src/debug/sys-devel/gcc-13.2.0/gcc-13.2.0/libsanitizer/asan/asan_malloc_linux.cpp:77
    #1 0x7f9ccbea9ec8 in splt_mp3_info /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/plugins/mp3.c:1197
    #2 0x7f9ccbea9ec8 in splt_mp3_get_info /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/plugins/mp3.c:1481
    #3 0x7f9ccbead730 in splt_mp3_init /var/tmp/portage/media-libs/libmp3splt-0.9.2-r6/work/libmp3splt-0.9.2/plugins/mp3.c:3379

Indirect leak of 2567 byte(s) in 1 object(s) allocated from:
    #0 0x7f9ccd4dbf3f in __interceptor_malloc /usr/src/debug/sys-devel/gcc-13.2.0/gcc-13.2.0/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7f9ccd2213b9 in mad_layer_III /var/tmp/portage/media-libs/libmad-0.15.1b-r10/work/libmad-0.15.1b/layer3.c:2530