Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
security/sound/
security/sound/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

Allocate Failure in function openWavFile

I used gcc 5.4 and AddressSanitizer to build sound, this file can cause allocate failure when executing this command:

./parseSpeech -f allocate_failure_openWavFile

This is the ASAN information:

Input file : allocate_failure_openWavFileSize of chunk8
Size of chunk8
wBufferLength : 4293066752maxInSamples 4293066752
==29066==WARNING: AddressSanitizer failed to allocate 0xffffffffffe30000 bytes
==29066==AddressSanitizer's allocator is terminating the process instead of returning 0
==29066==If you don't like this behavior set allocator_may_return_null=1
==29066==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0)) != (0)" (0x0, 0x0)
    #0 0x7f5578ebd631  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
    #1 0x7f5578ec25e3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
    #2 0x7f5578e3a425  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x1d425)
    #3 0x7f5578ec0865  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa3865)
    #4 0x7f5578e3fb4d  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22b4d)
    #5 0x7f5578eb667e in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9967e)
    #6 0x4070d9 in WavFile::openWavFile(char*) /home/fouzhe/my_fuzz/sound/src/wav-file.cc:345
    #7 0x4025c2 in main /home/fouzhe/my_fuzz/sound/main.cc:148
    #8 0x7f55781d282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #9 0x402a38 in _start (/home/fouzhe/my_fuzz/sound/parseSpeech+0x402a38)

Alloc-dealloc-mismatch in function openWavFile(CVE-2018-14948)

I used gcc 5.4 and AddressSanitizer to build sound, this file can cause alloc-dealloc-mismatch when executing this command:

./parseSpeech -f alloc_dealloc_mismatch_openWavFile

This is the ASAN information:

Input file : alloc_dealloc_mismatch_openWavFileSize of chunk8
wBufferLength : 1080764maxInSamples 1080764
=================================================================
==8789==ERROR: AddressSanitizer: alloc-dealloc-mismatch (operator new [] vs operator delete) on 0x7fcd33711800
    #0 0x7fcd3277cb2a in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99b2a)
    #1 0x407655 in WavFile::openWavFile(char*) /home/fouzhe/my_fuzz/sound/src/wav-file.cc:402
    #2 0x4025c2 in main /home/fouzhe/my_fuzz/sound/main.cc:148
    #3 0x7fcd31a9882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #4 0x402a38 in _start (/home/fouzhe/my_fuzz/sound/parseSpeech+0x402a38)

0x7fcd33711800 is located 0 bytes inside of 1080764-byte region [0x7fcd33711800,0x7fcd338195bc)
allocated by thread T0 here:
    #0 0x7fcd3277c6b2 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x996b2)
    #1 0x4070d9 in WavFile::openWavFile(char*) /home/fouzhe/my_fuzz/sound/src/wav-file.cc:345

SUMMARY: AddressSanitizer: alloc-dealloc-mismatch ??:0 operator delete(void*)
==8789==HINT: if you don't care about these warnings you may set ASAN_OPTIONS=alloc_dealloc_mismatch=0
==8789==ABORTING