Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid memory address dereference in sbrDecodeSingleFramePS(in libfaad/sbr_dec.c:601) #29

fantasy7082 opened this issue Dec 17, 2018 · 3 comments


Copy link

@fantasy7082 fantasy7082 commented Dec 17, 2018

Hi, i found a issue in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It crashed in function sbrDecodeSingleFramePS .the details are below(ASAN):

./faad faad_res/007-invalid-def-sbr_hfadj_601 -o out.wav
 *********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************

 Build: Dec 13 2018
 Copyright 2002-2004: Ahead Software AG
 bug tracking:
 Floating point version

 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License.


faad_res/007-invalid-def-sbr_hfadj_601 file info:
ADTS, 0.469 sec, 41 kbps, 48000 Hz

 | Config:  2 Ch       |
 | Ch |    Position    |
 | 00 | Left front     |
 | 01 | Right front    |

==7085==ERROR: AddressSanitizer: SEGV on unknown address 0x0000f64f3bb0 (pc 0x7fa4348f6f2d bp 0x7ffff64fd450 sp 0x7ffff64f3b80 T0)
    #0 0x7fa4348f6f2c in sbrDecodeSingleFramePS /root/faad2_asan/libfaad/sbr_dec.c:601
    #1 0x7fa43489eb54 in reconstruct_single_channel /root/faad2_asan/libfaad/specrec.c:1071
    #2 0x7fa4348a6e28 in single_lfe_channel_element /root/faad2_asan/libfaad/syntax.c:631
    #3 0x7fa4348a5354 in decode_sce_lfe /root/faad2_asan/libfaad/syntax.c:351
    #4 0x7fa4348a62da in raw_data_block /root/faad2_asan/libfaad/syntax.c:441
    #5 0x7fa4348609c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
    #6 0x7fa434860566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
    #7 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
    #8 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
    #9 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
    #10 0x7fa43449882f in __libc_start_main (/lib/x86_64-linux-gnu/
    #11 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faad2_asan/libfaad/sbr_dec.c:601 sbrDecodeSingleFramePS


Copy link

@nluedtke nluedtke commented Apr 26, 2019

This was assigned CVE-2018-20359.

Copy link

@hlef hlef commented Aug 20, 2019

This one is also fixed on the latest master. This is the same issue as #30 and #21, addressed in 6b4a7cd.

So this can be closed as well.

Copy link

@fabiangreffrath fabiangreffrath commented Aug 20, 2019

Let's close it then!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants