Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 872145 Details for
Bug 915196
media-libs/audiofile: heap-buffer-overflow in FLAC.cpp:133:11
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
stacktrace
file_915196.txt (text/plain), 6.44 KB, created by
Agostino Sarubbo
on 2023-10-05 07:17:09 UTC
(
hide
)
Description:
stacktrace
Filename:
MIME Type:
Creator:
Agostino Sarubbo
Created:
2023-10-05 07:17:09 UTC
Size:
6.44 KB
patch
obsolete
>File Name 11.crashes.wav >File Format Free Lossless Audio Codec (flac) >Data Format FLAC compression >Audio Data 31954 bytes begins at offset 46 (2e hex) >================================================================= >==31957==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000078 at pc 0x7f989d1d6ce3 bp 0x7ffc97cbe4c0 sp 0x7ffc97cbe4b8 >READ of size 8 at 0x602000000078 thread T0 > #0 0x7f989d1d6ce2 in FLACDecoder::didDecodeFrame(FLAC__Frame const*, int const* const*) /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/modules/FLAC.cpp:133:11 > #1 0x7f989d1d6ce2 in FLACDecoder::writeCallback(FLAC__StreamDecoder const*, FLAC__Frame const*, int const* const*, void*) /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/modules/FLAC.cpp:115:9 > #2 0x7f989ce69979 in read_frame_ /var/tmp/portage/media-libs/flac-1.4.3/work/flac-1.4.3/src/libFLAC/stream_decoder.c:2266:7 > #3 0x7f989ce6d1d9 in FLAC__stream_decoder_process_single /var/tmp/portage/media-libs/flac-1.4.3/work/flac-1.4.3/src/libFLAC/stream_decoder.c:1014:9 > #4 0x7f989ce6dcc4 in seek_to_absolute_sample_ /var/tmp/portage/media-libs/flac-1.4.3/work/flac-1.4.3/src/libFLAC/stream_decoder.c:3455:7 > #5 0x7f989ce6dcc4 in FLAC__stream_decoder_seek_absolute /var/tmp/portage/media-libs/flac-1.4.3/work/flac-1.4.3/src/libFLAC/stream_decoder.c:1177:4 > #6 0x7f989d1d80d0 in FLACDecoder::reset2() /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/modules/FLAC.cpp:267:7 > #7 0x7f989d1e3e02 in ModuleState::reset(_AFfilehandle*, Track*) /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/modules/ModuleState.cpp:227:9 > #8 0x7f989d1e3e02 in ModuleState::setup(_AFfilehandle*, Track*) /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/modules/ModuleState.cpp:193:7 > #9 0x7f989d1c729f in afGetFrameCount /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/format.cpp:205:41 > #10 0x4f2a45 in printfileinfo /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/sfcommands/printinfo.c:123:14 > #11 0x4f222b in main /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/sfcommands/sfinfo.c:113:4 > #12 0x7f989cead676 in __libc_start_call_main /var/tmp/portage/sys-libs/glibc-2.37-r3/work/glibc-2.37/csu/../sysdeps/nptl/libc_start_call_main.h:58:16 > #13 0x7f989cead734 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.37-r3/work/glibc-2.37/csu/../csu/libc-start.c:360:3 > #14 0x41d6d0 (/usr/bin/sfinfo+0x41d6d0) > >0x602000000078 is located 0 bytes after 8-byte region [0x602000000070,0x602000000078) >allocated by thread T0 here: > #0 0x4b74fe in __interceptor_malloc /var/tmp/portage/sys-libs/compiler-rt-sanitizers-16.0.6/work/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 > #1 0x7f989caafe77 in operator new(unsigned long) /var/tmp/portage/sys-devel/gcc-13.2.1_p20230826/work/gcc-13-20230826/libstdc++-v3/libsupc++/new_op.cc:50:22 > #2 0x7f989d1d65c2 in std::vector<int*, std::allocator<int*>>::resize(unsigned long) /usr/lib/gcc/x86_64-pc-linux-gnu/13/include/g++-v13/bits/stl_vector.h:1013:4 > #3 0x7f989d1d65c2 in FLACDecoder::FLACDecoder(Track*, File*, bool) /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/modules/FLAC.cpp:168:11 > #4 0x7f989d1da65d in FLACDecoder::create(Track*, File*, bool, bool, long*) /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/modules/FLAC.cpp:142:13 > #5 0x7f989d1da65d in _af_flac_init_decompress(Track*, File*, bool, bool, long*) /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/modules/FLAC.cpp:506:9 > #6 0x7f989d1e1fb6 in ModuleState::initFileModule(_AFfilehandle*, Track*) /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/modules/ModuleState.cpp:72:18 > #7 0x7f989d1e274a in ModuleState::init(_AFfilehandle*, Track*) /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/modules/ModuleState.cpp:101:6 > #8 0x7f989d1ca2ef in _afOpenFile(int, File*, char const*, _AFfilehandle**, _AFfilesetup*) /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/openclose.cpp:396:18 > #9 0x7f989d1caaf8 in afOpenFile /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/openclose.cpp:217:6 > #10 0x4f256a in printfileinfo /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/sfcommands/printinfo.c:45:22 > #11 0x4f222b in main /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/sfcommands/sfinfo.c:113:4 > #12 0x7f989cead676 in __libc_start_call_main /var/tmp/portage/sys-libs/glibc-2.37-r3/work/glibc-2.37/csu/../sysdeps/nptl/libc_start_call_main.h:58:16 > >SUMMARY: AddressSanitizer: heap-buffer-overflow /var/tmp/portage/media-libs/audiofile-0.3.6-r5/work/audiofile-0.3.6/libaudiofile/modules/FLAC.cpp:133:11 in FLACDecoder::didDecodeFrame(FLAC__Frame const*, int const* const*) >Shadow bytes around the buggy address: > 0x601ffffffd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x601ffffffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x601ffffffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x601fffffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x601fffffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >=>0x602000000000: fa fa 00 07 fa fa fd fd fa fa 00 00 fa fa 00[fa] > 0x602000000080: fa fa fd fa fa fa 00 fa fa fa 00 00 fa fa fa fa > 0x602000000100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x602000000180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x602000000200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x602000000280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa >Shadow byte legend (one shadow byte represents 8 application bytes): > Addressable: 00 > Partially addressable: 01 02 03 04 05 06 07 > Heap left redzone: fa > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > ASan internal: fe > Left alloca redzone: ca > Right alloca redzone: cb >==31957==ABORTING >Aborted
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=872145">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 915196
: 872145 |
872146
