Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stack-buffer-overflow in psf_memset in libsndfile-master/src/common.c:1229 #397

Closed
92wyunchao opened this issue Jul 3, 2018 · 2 comments
Closed

stack-buffer-overflow in psf_memset in libsndfile-master/src/common.c:1229 #397

92wyunchao opened this issue Jul 3, 2018 · 2 comments

Comments

@92wyunchao
Copy link

stack-buffer-overflow in psf_memset in libsndfile-master/src/common.c:1229
poc.zip
./sndfile-deinterleave $poc

==118463==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffea52964d0 at pc 0x7f48893a3bec bp 0x7ffea520e2f0 sp 0x7ffea520da98
WRITE of size 3826900 at 0x7ffea52964d0 thread T0
#0 0x7f48893a3beb in __asan_memset (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8cbeb)
#1 0x7f4888fc70bf in psf_memset /home/s2e/asan/libsndfile-master/src/common.c:1229
#2 0x7f488901ed71 in sf_readf_int /home/s2e/asan/libsndfile-master/src/sndfile.c:1837
#3 0x401e1c in deinterleave_int /home/s2e/asan/libsndfile-master/programs/sndfile-deinterleave.c:170
#4 0x401c96 in main /home/s2e/asan/libsndfile-master/programs/sndfile-deinterleave.c:138
#5 0x7f4888bed82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x4016c8 in _start (/home/s2e/asan/libsndfile-master/build/sndfile-deinterleave+0x4016c8)

Address 0x7ffea52964d0 is located in stack of thread T0 at offset 557296 in frame
#0 0x4017a5 in main /home/s2e/asan/libsndfile-master/programs/sndfile-deinterleave.c:68
@fCorleone
Copy link

What's the exactly input you use to find this problem.

@kirotawa
Copy link

This CVE was assigned to this issue: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13139

bwarden added a commit to bwarden/libsndfile that referenced this issue Aug 28, 2018
@bwarden
Check MAX_CHANNELS in sndfile-deinterleave
df18323 
Allocated buffer has space for only 16 channels. Verify that input file
meets this limit.

Fixes libsndfile#397
@bwarden bwarden mentioned this issue Aug 28, 2018
Merged
erikd pushed a commit that referenced this issue Aug 28, 2018
@bwarden @erikd
Check MAX_CHANNELS in sndfile-deinterleave
aaea680 
Allocated buffer has space for only 16 channels. Verify that input file
meets this limit.

Fixes #397
halstead pushed a commit to openembedded/openembedded-core that referenced this issue Oct 10, 2018
@sandy-lcq @rpurdie
libsndfile1: CVE-2018-13139
22ef4eb 
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28.

Fixed in libsndfile/libsndfile#397

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gbionescu pushed a commit to gbionescu/poky that referenced this issue Oct 10, 2018
@sandy-lcq @rpurdie
libsndfile1: CVE-2018-13139
0bbb569 
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28.

Fixed in libsndfile/libsndfile#397

(From OE-Core rev: 22ef4ebb1003d0fcb20fb687c519889ad9e34789)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead pushed a commit to openembedded/openembedded-core that referenced this issue Oct 10, 2018
@sandy-lcq @rpurdie
libsndfile1: CVE-2018-13139
6b5a907 
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28.

Fixed in libsndfile/libsndfile#397

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gbionescu pushed a commit to gbionescu/poky that referenced this issue Oct 10, 2018
@sandy-lcq @rpurdie
libsndfile1: CVE-2018-13139
f76e265 
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28.

Fixed in libsndfile/libsndfile#397

(From OE-Core rev: 6b5a9078a7c5035590ee4dc2e23582da94d4a104)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
jpuhlman pushed a commit to MontaVista-OpenSourceTechnology/poky that referenced this issue Oct 15, 2018
@sandy-lcq @jpuhlman
libsndfile1: CVE-2018-13139
494c48e 
Source: poky
MR: 00000
Type: Integration
Disposition: Merged from poky
ChangeID: f76e265
Description:

A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28.

Fixed in libsndfile/libsndfile#397

(From OE-Core rev: 6b5a9078a7c5035590ee4dc2e23582da94d4a104)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
halstead pushed a commit to openembedded/openembedded-core that referenced this issue Oct 18, 2018
@sandy-lcq @rpurdie
libsndfile1: CVE-2018-13139
da7342a 
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28.

Fixed in libsndfile/libsndfile#397

(From OE-Core rev: 6b5a907)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
gbionescu pushed a commit to gbionescu/poky that referenced this issue Oct 18, 2018
@sandy-lcq @rpurdie
libsndfile1: CVE-2018-13139
cbdc5ca 
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28.

Fixed in libsndfile/libsndfile#397

(From OE-Core rev: 6b5a9078a7c5035590ee4dc2e23582da94d4a104)

(From OE-Core rev: da7342a774ae9bcd876ceb7c260dfb49791949d5)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
@hlef hlef mentioned this issue Dec 7, 2018
Closed
jpuhlman pushed a commit to MontaVista-OpenSourceTechnology/poky that referenced this issue Feb 12, 2019
@sandy-lcq @jpuhlman
libsndfile1: CVE-2018-13139
872fef1 
Source: poky
MR: 00000
Type: Integration
Disposition: Merged from poky
ChangeID: cbdc5ca
Description:

A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28.

Fixed in libsndfile/libsndfile#397

(From OE-Core rev: 6b5a9078a7c5035590ee4dc2e23582da94d4a104)

(From OE-Core rev: da7342a774ae9bcd876ceb7c260dfb49791949d5)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
daregit pushed a commit to daregit/yocto-combined that referenced this issue May 22, 2024
@sandy-lcq @rpurdie
src/poky:libsndfile1: CVE-2018-13139
64e938d 
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28.

Fixed in libsndfile/libsndfile#397

(From OE-Core rev: 6b5a9078a7c5035590ee4dc2e23582da94d4a104)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
daregit pushed a commit to daregit/yocto-combined that referenced this issue May 22, 2024
@sandy-lcq @rpurdie
src/poky:libsndfile1: CVE-2018-13139
8b03500 
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28.

Fixed in libsndfile/libsndfile#397

(From OE-Core rev: 6b5a9078a7c5035590ee4dc2e23582da94d4a104)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kirotawa @fCorleone @92wyunchao