Integer based buffer overflow caused by out-of-bound left shift is observed in miniaudio.h while fuzzing MINIAUDIO (v0.10.35 and master branch) using UBSAN enabled in AFL FUZZER
Thank for the report. This is coming from the dr_wav project in dr_libs. I've gone ahead and pushed an update to the dev branch and it'll be released soon. Feel free to reopen this issue if the issue still hasn't been fixed.
Hi Team,
Integer based buffer overflow caused by out-of-bound left shift is observed in miniaudio.h while fuzzing MINIAUDIO (v0.10.35 and master branch) using UBSAN enabled in AFL FUZZER
Vulnerable code from miniaudio.h -
DRWAV_API drwav_uint32 drwav_bytes_to_u32(const drwav_uint8* data)
{
return (data[0] << 0) | (data[1] << 8) | (data[2] << 16) | (data[3] << 24);
}
Steps to Reproduce -
cd examples
afl-gcc -fsanitize=address -fsanitize=leak -fsanitize=undefined simple_looping.c -o simple_looping -ldl -lm -lpthread
./simple_looping POC2
Download link to POC2
OUTPUT -
../miniaudio.h:52991:73: runtime error: left shift of 128 by 24 places cannot be represented in type 'int'
Request team to implement proper patch and validate
The text was updated successfully, but these errors were encountered: