New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow in ok-file-formats/ok_wav.c:742 ok_wav_decode_ms_adpcm_data() #4
Comments
|
Hi, thanks for submitting the issue. Was this found using the same input sources as the test code? Or do you have a different set of input sources? |
|
i use #include <stdio.h>
#include "ok_wav.h"
int main(int _argc, char **_argv) {
FILE *file = fopen(_argv[1], "rb");
ok_wav *image = ok_wav_read(file,0);
fclose(file);
ok_wav_free(image);
return 0;
}same as test code |
|
Sorry, I wasn't clear in my question. It looks like you're using AFL. By "input sources" I meant to say "input test cases" - the input WAV files that AFL uses to generate its own test cases. Since the ok-file-formats test code has its own WAV file input test cases (generated from CMakeLists.txt), if you've found another crash, either 1) the existing input test cases are incomplete or 2) I never ran AFL long enough to find a crash like this. I'm wondering if you have input test cases that are better or more complete than the existing ones, and if so, if I could take a look at them. @moonAgirl |
|
The files I use are here https://github.com/MozillaSecurity/fuzzdata |
|
.fnts and .mos -> https://github.com/moonAgirl/Bugs/tree/master/ok-file-formats |
|
Ah, thank you, it is appreciated |
Test Version
dev version, git clone https://github.com/brackeen/ok-file-formats.git
Test Program
Asan Debug Information
POC file
https://github.com/moonAgirl/Bugs/blob/master/ok-file-formats/2018-12-31-01-heap-buffer-overflow.wav
The text was updated successfully, but these errors were encountered: