Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A global buffer overflow problem has been detected. #189

Closed
fCorleone opened this Issue Jul 22, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@fCorleone
Copy link

fCorleone commented Jul 22, 2018

There is a global buffer overflow problem . Here are the details:

=================================================================
==22410==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f0d1bcfb8c8 at pc 0x7f0d1bca3ffd bp 0x7ffc52350260 sp 0x7ffc52350250
READ of size 4 at 0x7f0d1bcfb8c8 thread T0
    #0 0x7f0d1bca3ffc in new_aubio_pitchyinfft ../src/pitch/pitchyinfft.c:75
    #1 0x7f0d1bc8c95d in new_aubio_pitch ../src/pitch/pitch.c:194
    #2 0x7f0d1bc8301b in new_aubio_notes ../src/notes/notes.c:85
    #3 0x4051d4 in main ../examples/aubionotes.c:69
    #4 0x7f0d1b89682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #5 0x401508 in _start (/home/mfc_fuzz/aubio/build/dist/usr/local/bin/aubionotes+0x401508)

0x7f0d1bcfb8c8 is located 0 bytes to the right of global variable 'freqs' defined in '../src/pitch/pitchyinfft.c:43:21' (0x7f0d1bcfb840) of size 136
SUMMARY: AddressSanitizer: global-buffer-overflow ../src/pitch/pitchyinfft.c:75 new_aubio_pitchyinfft
Shadow bytes around the buggy address:
  0x0fe2237976c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe2237976d0: 00 00 00 00 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0fe2237976e0: 00 00 00 00 00 00 00 00 00 01 f9 f9 f9 f9 f9 f9
  0x0fe2237976f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe223797700: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
=>0x0fe223797710: 00 00 00 00 00 00 00 00 00[f9]f9 f9 f9 f9 f9 f9
  0x0fe223797720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe223797730: 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x0fe223797740: 06 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x0fe223797750: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x0fe223797760: 00 00 00 00 00 00 06 f9 f9 f9 f9 f9 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==22410==ABORTING

The input file has been displayed at :https://github.com/fCorleone/fuzz_programs/blob/master/aubio/testcase2
The command line is just ./aubionotes testcase2

@piem

This comment has been minimized.

Copy link
Member

piem commented Aug 6, 2018

hi @fCorleone

I couldn't reproduce this one, but there is clearly an out of bound read happening when the samplerate of the input file is larger than 50kHz.

I've just pushed a branch now, fix/yinfft_overflow, let us know if it fixes this issue for you.

thanks for reporting, piem

@piem piem added the security label Aug 6, 2018

@piem piem closed this in af4f9e6 Aug 6, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.