You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There exists one NULL pointer dereference bug in ModuleState::setup, in ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file. poc.zip
To reproduce with the attached poc file:
./sfconvert $poc output format aiff
ASan:
==98672==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ff14364b98f bp 0x7ffd2fd4dd80 sp 0x7ffd2fd4d9c0 T0)
#0 0x7ff14364b98e in ModuleState::setup(_AFfilehandle*, Track*) /home/s2e/asan/audiofile-0.3.6/libaudiofile/modules/ModuleState.cpp:143 #1 0x7ff143634abd in afGetFrameCount /home/s2e/asan/audiofile-0.3.6/libaudiofile/format.cpp:205 #2 0x4ec033 in copyaudiodata /home/s2e/asan/audiofile-0.3.6/sfcommands/sfconvert.c:329 #3 0x4ebbe4 in main /home/s2e/asan/audiofile-0.3.6/sfcommands/sfconvert.c:248 #4 0x7ff1426c382f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #5 0x419068 in _start (/home/s2e/asan/audiofile-0.3.6/sfcommands/.libs/lt-sfconvert+0x419068)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/s2e/asan/audiofile-0.3.6/libaudiofile/modules/ModuleState.cpp:143 in ModuleState::setup(_AFfilehandle*, Track*)
==98672==ABORTING
The text was updated successfully, but these errors were encountered:
When the unit initcompress or initdecompress function fails,
m_fileModule is NULL. Return AF_FAIL in that case instead of
causing NULL pointer dereferences later.
Fixesmpruett#49
When the unit initcompress or initdecompress function fails,
m_fileModule is NULL. Return AF_FAIL in that case instead of
causing NULL pointer dereferences later.
Fixesmpruett#49
There exists one NULL pointer dereference bug in ModuleState::setup, in ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file.
poc.zip
To reproduce with the attached poc file:
./sfconvert $poc output format aiff
ASan:
==98672==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ff14364b98f bp 0x7ffd2fd4dd80 sp 0x7ffd2fd4d9c0 T0)
#0 0x7ff14364b98e in ModuleState::setup(_AFfilehandle*, Track*) /home/s2e/asan/audiofile-0.3.6/libaudiofile/modules/ModuleState.cpp:143
#1 0x7ff143634abd in afGetFrameCount /home/s2e/asan/audiofile-0.3.6/libaudiofile/format.cpp:205
#2 0x4ec033 in copyaudiodata /home/s2e/asan/audiofile-0.3.6/sfcommands/sfconvert.c:329
#3 0x4ebbe4 in main /home/s2e/asan/audiofile-0.3.6/sfcommands/sfconvert.c:248
#4 0x7ff1426c382f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#5 0x419068 in _start (/home/s2e/asan/audiofile-0.3.6/sfcommands/.libs/lt-sfconvert+0x419068)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/s2e/asan/audiofile-0.3.6/libaudiofile/modules/ModuleState.cpp:143 in ModuleState::setup(_AFfilehandle*, Track*)
==98672==ABORTING
The text was updated successfully, but these errors were encountered: