You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
./sfconvert $FILE out.mp3 format aiff
=================================================================
==9146==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000ebf1 at pc 0x7f0d4c7d4e55 bp 0x7ffffdd041a0 sp 0x7ffffdd03948
WRITE of size 156 at 0x60200000ebf1 thread T0
#0 0x7f0d4c7d4e54 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x45e54)
#1 0x43d865 in read /usr/include/x86_64-linux-gnu/bits/unistd.h:44
#2 0x43d865 in FilePOSIX::read(void*, unsigned long) /home/insu/projects/qsym-eval/apps/audiofile/audiofile/libaudiofile/File.cpp:126
#3 0x40ef02 in FileModule::read(void*, unsigned long) /home/insu/projects/qsym-eval/apps/audiofile/audiofile/libaudiofile/modules/FileModule.cpp:42
#4 0x41e839 in PCM::runPull() /home/insu/projects/qsym-eval/apps/audiofile/audiofile/libaudiofile/modules/PCM.cpp:166
#5 0x41475e in Module::pull(unsigned long) /home/insu/projects/qsym-eval/apps/audiofile/audiofile/libaudiofile/modules/Module.cpp:71
#6 0x4209a4 in SimpleModule::runPull() /home/insu/projects/qsym-eval/apps/audiofile/audiofile/libaudiofile/modules/SimpleModule.cpp:28
#7 0x4074ef in afReadFrames /home/insu/projects/qsym-eval/apps/audiofile/audiofile/libaudiofile/data.cpp:222
#8 0x402287 in copyaudiodata /home/insu/projects/qsym-eval/apps/audiofile/audiofile/sfcommands/sfconvert.c:370
#9 0x402f4d in main /home/insu/projects/qsym-eval/apps/audiofile/audiofile/sfcommands/sfconvert.c:275
#10 0x7f0d4bd5a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#11 0x401f48 in _start (/home/insu/projects/qsym-eval/apps/audiofile/out/build-asan/sfconvert+0x401f48)
0x60200000ebf1 is located 0 bytes to the right of 1-byte region [0x60200000ebf0,0x60200000ebf1)
allocated by thread T0 here:
#0 0x7f0d4c828532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x419243 in Chunk::allocate(unsigned long) /home/insu/projects/qsym-eval/apps/audiofile/audiofile/libaudiofile/modules/Module.h:59
#2 0x419243 in ModuleState::setup(_AFfilehandle*, Track*) /home/insu/projects/qsym-eval/apps/audiofile/audiofile/libaudiofile/modules/ModuleState.cpp:174
#3 0x407f74 in afGetFrameCount /home/insu/projects/qsym-eval/apps/audiofile/audiofile/libaudiofile/format.cpp:205
#4 0x402252 in copyaudiodata /home/insu/projects/qsym-eval/apps/audiofile/audiofile/sfcommands/sfconvert.c:359
#5 0x402f4d in main /home/insu/projects/qsym-eval/apps/audiofile/audiofile/sfcommands/sfconvert.c:275
#6 0x7f0d4bd5a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
0x0c047fff9d20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9d30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9d40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff9d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa[01]fa
0x0c047fff9d80: fa fa 01 fa fa fa 00 00 fa fa fd fd fa fa fd fa
0x0c047fff9d90: fa fa fd fa fa fa 01 fa fa fa 01 fa fa fa 01 fa
0x0c047fff9da0: fa fa 01 fa fa fa 01 fa fa fa 01 fa fa fa 01 fa
0x0c047fff9db0: fa fa 01 fa fa fa 00 01 fa fa fd fa fa fa fd fa
0x0c047fff9dc0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==9146==ABORTING
The text was updated successfully, but these errors were encountered:
insuyun
changed the title
heap-based buffer overflow in
heap-based buffer overflow in FilePOSIX::read
Aug 20, 2017
https://github.com/jakkdu/poc/blob/master/000011-audiofile-heapovfl-FilePOSIX_read
The text was updated successfully, but these errors were encountered: