Skip to content

a div zero vul in function double64_init() in libsndfile-1.0.28 #318

Closed
@Xin-Jiang

Description

@Xin-Jiang
╭─root@linux-jiangxin in /home/jiangxin/experiment/fuzz/AFL/target/libsndfile-1.0.28/fuzz 
╰$gdb ../programs/sndfile-play
GNU gdb (GDB) 7.9
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources o
[crash-div0.zip](https://github.com/erikd/libsndfile/files/1302481/crash-div0.zip)

nline at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ../programs/sndfile-play...done.
(gdb) run out-all/Master/crashes/id:000000,sig:08,src:001431,op:int32,pos:232,val:be:+32
Starting program: /home/jiangxin/experiment/fuzz/AFL/target/libsndfile-1.0.28/programs/sndfile-play out-all/Master/crashes/id:000000,sig:08,src:001431,op:int32,pos:232,val:be:+32
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Playing out-all/Master/crashes/id:000000,sig:08,src:001431,op:int32,pos:232,val:be:+32

Program received signal SIGFPE, Arithmetic exception.
0x00000000004f6e6d in double64_init (psf=psf@entry=0x801010) at double64.c:252
252		psf->sf.frames = psf->datalength / psf->blockwidth ;
(gdb) bt
#0  0x00000000004f6e6d in double64_init (psf=psf@entry=0x801010) at double64.c:252
#1  0x000000000044e9ce in mat5_open (psf=psf@entry=0x801010) at mat5.c:131
#2  0x0000000000424c58 in psf_open_file (psf=0x801010, sfinfo=0x7fffffffdf90) at sndfile.c:3137
#3  0x0000000000403495 in alsa_play (argv=<optimized out>, argc=<optimized out>) at sndfile-play.c:104
#4  main (argc=<optimized out>, argv=<optimized out>) at sndfile-play.c:841
(gdb) p psf->blockwidth
$1 = 0
(gdb) 

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions