Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEGV in function print_info in wav_info.c #22

Open
fouzhe opened this issue Jul 12, 2018 · 1 comment
Open

SEGV in function print_info in wav_info.c #22

fouzhe opened this issue Jul 12, 2018 · 1 comment

Comments

@fouzhe
Copy link

fouzhe commented Jul 12, 2018

I use Clang 6.0 and AddressSanitizer to build libwav, this file can cause SEGV signal in function print_info when running the wav_info in folder tools/wav_info with the following command:

./wav_info ./wav_info__crash__print_info

This is the ASAN information:

LibWAV v. 0.0.1 A (c) 2016 - 2017 Marc Volker Dickmann

Riff Type:	��
Format:		0
Channels:	0
Samplerate:	5344226
Bytespersec:	0
Blockalign:	640
Bitwidth:	47712
AddressSanitizer:DEADLYSIGNAL
=================================================================
==32370==ERROR: AddressSanitizer: SEGV on unknown address 0x000026007fef (pc 0x000000424c5f bp 0x7ffcba5ff820 sp 0x7ffcba5ff7c0 T0)
==32370==The signal is caused by a WRITE memory access.
    #0 0x424c5e in bool __sanitizer::atomic_compare_exchange_strong<__sanitizer::atomic_uint8_t>(__sanitizer::atomic_uint8_t volatile*, __sanitizer::atomic_uint8_t::Type*, __sanitizer::atomic_uint8_t::Type, __sanitizer::memory_order) /home/fouzhe/llvm/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_atomic_clang.h:81
    #1 0x424c5e in __asan::Allocator::AtomicallySetQuarantineFlagIfAllocated(__asan::AsanChunk*, void*, __sanitizer::BufferedStackTrace*) /home/fouzhe/llvm/llvm/projects/compiler-rt/lib/asan/asan_allocator.cc:540
    #2 0x424c5e in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) /home/fouzhe/llvm/llvm/projects/compiler-rt/lib/asan/asan_allocator.cc:617
    #3 0x424c5e in __asan::asan_free(void*, __sanitizer::BufferedStackTrace*, __asan::AllocType) /home/fouzhe/llvm/llvm/projects/compiler-rt/lib/asan/asan_allocator.cc:847
    #4 0x4ddf53 in __interceptor_cfree.localalias.0 /home/fouzhe/llvm/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:79
    #5 0x518a82 in print_info /home/fouzhe/my_fuzz/libwav/tools/wav_info/wav_info.c:18:2
    #6 0x518a82 in main /home/fouzhe/my_fuzz/libwav/tools/wav_info/wav_info.c:28
    #7 0x7fb30338e82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #8 0x419f08 in _start (/home/fouzhe/my_fuzz/libwav/tools/wav_info/wav_info+0x419f08)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/fouzhe/llvm/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_atomic_clang.h:81 in bool __sanitizer::atomic_compare_exchange_strong<__sanitizer::atomic_uint8_t>(__sanitizer::atomic_uint8_t volatile*, __sanitizer::atomic_uint8_t::Type*, __sanitizer::atomic_uint8_t::Type, __sanitizer::memory_order)
==32370==ABORTING
@fgeek
Copy link

fgeek commented Jul 14, 2018

CVE-2018-14049 has been assigned to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants