We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Version 0cf4a55 In function calculate_beam() in draw.c . There is out of bounds read in array min_tb at line 357 and 359, the flaw will cause crash.
if (s->nhd == 0) stem_err = min_tb[0][(unsigned) s->nflags]; else stem_err = min_tb[1][(unsigned) s->nflags];
The (unsigned) s->nflags can be checked whether between 0 and 5. I am not sure what the stem_err means so i didn't try to fix it.
stem_err
gdb info:
──── source:draw.c+357 ──── 352 } 353 x = s->voice == voice ? s->xs : s->x; 354 ys = a * x + b - staff_tb[s->staff].y; 355 if (s->voice == voice) { 356 if (s->nhd == 0) // s=0x00007fffffffdff8 → [...] → 0x0000555555625d28, nflags=0x1, min_tb=0x00005555555ce640 → 0x4180000041800000 → 357 stem_err = min_tb[0][(unsigned) s->nflags]; 358 else 359 stem_err = min_tb[1][(unsigned) s->nflags]; 360 if (s->stem > 0) { 361 if (s->pits[s->nhd] > 26) { 362 stem_err -= 2; ── trace ──── [#0] 0x555555570417 → calculate_beam(bm=0x7fffffffe050, s1=0x555555622618) [#1] 0x55555557c659 → draw_sym_near() [#2] 0x55555559542a → delayed_output(indent=0) [#3] 0x55555559562d → output_music() [#4] 0x555555597aeb → generate() [#5] 0x555555597c2e → gen_ly(eob=0x0) [#6] 0x55555559eca1 → do_tune() [#7] 0x55555555e300 → abc_parse(p=0x55555561e0e0 "", fname=0x5555555fab00 ".poc", ln=0x1b) [#8] 0x555555584b9e → txt_add_eos(fname=0x5555555fab00 ".poc", linenum=0x1b) [#9] 0x555555585d81 → frontend(s=0x55555561d1a5 "X:X:\027\nC", '.' <repeats 14 times>, "mid\n\\:`\n\177\377\062~c .", ftype=0x0, f ──── gef➤ p (unsigned) s->nflags $1 = 0xfffffffe gef➤ p min_tb[0][(unsigned) s->nflags] Cannot access memory at address 0x5559555ce638
reproduce:
abcm2ps -E [poc]
out-of-bounds-read_calculate_beam_357.zip out-of-bounds-read_calculate_beam_359.zip
reporter: chiba of topsec alphalab
The text was updated successfully, but these errors were encountered:
fix: array overflow when wrong duration in voice overlay
2f56e11
Issue #83,
No branches or pull requests
Version 0cf4a55
In function calculate_beam() in draw.c .
There is out of bounds read in array min_tb at line 357 and 359, the flaw will cause crash.
The (unsigned) s->nflags can be checked whether between 0 and 5.
I am not sure what the
stem_err
means so i didn't try to fix it.gdb info:
reproduce:
out-of-bounds-read_calculate_beam_357.zip
out-of-bounds-read_calculate_beam_359.zip
reporter: chiba of topsec alphalab
The text was updated successfully, but these errors were encountered: