Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bugs found #54

Closed
Cvjark opened this issue Aug 4, 2022 · 1 comment
Closed

bugs found #54

Cvjark opened this issue Aug 4, 2022 · 1 comment

Comments

@Cvjark
Copy link

Cvjark commented Aug 4, 2022

Hi, in the lastest version of this repo [PS: commit ID -> 1a1ee29], I found something insterest.

POC

1id0-heap-buffer-overflow.zip

command to reproduce

./fdkaac -p5 -b64 POC -o /dev/null

output

==122363==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000018900 at pc 0x00000043b985 bp 0x7ffe69d827d0 sp 0x7ffe69d81f80
READ of size 4 at 0x625000018900 thread T0
    #0 0x43b984 in __interceptor_memcpy.part.46 /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:810
    #1 0x7fe7e606c24a in aacEncEncode (/usr/lib/x86_64-linux-gnu/libfdk-aac.so.1+0x2424a)
    #2 0x4f7154 in aac_encode_frame /home/bupt/Desktop/fdkaac/src/aacenc.c:291:11
    #3 0x51fd71 in encode /home/bupt/Desktop/fdkaac/src/main.c:554:24
    #4 0x51fd71 in main /home/bupt/Desktop/fdkaac/src/main.c:862:19
    #5 0x7fe7e5097c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
    #6 0x41c9d9 in _start (/home/bupt/Desktop/fdkaac/fdkaac+0x41c9d9)

0x625000018900 is located 0 bytes to the right of 8192-byte region [0x625000016900,0x625000018900)
allocated by thread T0 here:
    #0 0x4aefa0 in malloc /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x51fb60 in encode /home/bupt/Desktop/fdkaac/src/main.c:535:12
    #2 0x51fb60 in main /home/bupt/Desktop/fdkaac/src/main.c:862:19
    #3 0x7fe7e5097c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:810 in __interceptor_memcpy.part.46
Shadow bytes around the buggy address:
  0x0c4a7fffb0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c4a7fffb0e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c4a7fffb0f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c4a7fffb100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c4a7fffb110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c4a7fffb120:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a7fffb130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a7fffb140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a7fffb150: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a7fffb160: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a7fffb170: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==122363==ABORTING

POC

3id0-FPE.zip

command to reproduce

./fdkaac -p5 -b64 POC -o /dev/null

output

AddressSanitizer:DEADLYSIGNAL
=================================================================
==122379==ERROR: AddressSanitizer: FPE on unknown address 0x00000053ade9 (pc 0x00000053ade9 bp 0x7ffe2be4ff90 sp 0x7ffe2be4fc60 T0)
    #0 0x53ade9 in wav_open /home/bupt/Desktop/fdkaac/src/wav_reader.c:212:54
    #1 0x51e35b in open_input /home/bupt/Desktop/fdkaac/src/main.c:746:27
    #2 0x51e35b in main /home/bupt/Desktop/fdkaac/src/main.c:802:19
    #3 0x7f17fe499c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
    #4 0x41c9d9 in _start (/home/bupt/Desktop/fdkaac/fdkaac+0x41c9d9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /home/bupt/Desktop/fdkaac/src/wav_reader.c:212:54 in wav_open
==122379==ABORTING
@nu774 nu774 closed this as completed in ecddb7d Aug 4, 2022
nu774 added a commit that referenced this issue Aug 4, 2022
@nu774
Copy link
Owner

nu774 commented Aug 4, 2022

Thanks, fixed on v1.0.4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants