Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integer based buffer overflow vulnerability #320

Closed
x00x00x00x00 opened this issue Jun 6, 2021 · 1 comment
Closed

Integer based buffer overflow vulnerability #320

x00x00x00x00 opened this issue Jun 6, 2021 · 1 comment
Labels

Comments

@x00x00x00x00
Copy link

Hi Team,

Integer based buffer overflow caused by out-of-bound left shift is observed in miniaudio.h while fuzzing MINIAUDIO (v0.10.35 and master branch) using UBSAN enabled in AFL FUZZER

Vulnerable code from miniaudio.h -

DRWAV_API drwav_uint32 drwav_bytes_to_u32(const drwav_uint8* data)
{
return (data[0] << 0) | (data[1] << 8) | (data[2] << 16) | (data[3] << 24);
}

Steps to Reproduce -

cd examples

afl-gcc -fsanitize=address -fsanitize=leak -fsanitize=undefined simple_looping.c -o simple_looping -ldl -lm -lpthread

./simple_looping POC2

Download link to POC2

OUTPUT -

../miniaudio.h:52991:73: runtime error: left shift of 128 by 24 places cannot be represented in type 'int'

Request team to implement proper patch and validate

mackron added a commit that referenced this issue Jun 11, 2021
Public issue #320
@mackron
Copy link
Owner

mackron commented Jun 11, 2021

Thank for the report. This is coming from the dr_wav project in dr_libs. I've gone ahead and pushed an update to the dev branch and it'll be released soon. Feel free to reopen this issue if the issue still hasn't been fixed.

@mackron mackron closed this as completed Jun 11, 2021
@mackron mackron added the bug label Jun 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants