You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
=================================================================
==28346==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000001058 at pc 0x00000053ad8d bp 0x7f61d7aaf0b0 sp 0x7f61d7aaf0a8
READ of size 8 at 0x602000001058 thread T80
#0 0x53ad8c in std::_Bit_reference::operator bool() const /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/stl_bvector.h:83:17
#1 0x53ad8c in rice::RiceDecoder::generateDecodedUnsignedInts() /home/seviezhou/sela/src/rice/rice_decoder.cpp:39
#2 0x53a05b in rice::RiceDecoder::process() /home/seviezhou/sela/src/rice/rice_decoder.cpp:58:5
#3 0x541287 in frame::FrameDecoder::process() /home/seviezhou/sela/src/frame/frame_decoder.cpp:28:93
#4 0x56e3fe in sela::LoopThrough::process(std::vector<data::WavFrame, std::allocator<data::WavFrame> >&) /home/seviezhou/sela/src/sela/decoder.cpp:30:47
#5 0x7f6202d78b0f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd0b0f)
#6 0x7f62027896b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#7 0x7f6201e9b4dc in clone /build/glibc-e6zv40/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109
0x602000001058 is located 0 bytes to the right of 8-byte region [0x602000001050,0x602000001058)
allocated by thread T80 here:
#0 0x518278 in operator new(unsigned long) /home/seviezhou/llvm-6.0.0/projects/compiler-rt/lib/asan/asan_new_delete.cc:92
#1 0x534dcd in __gnu_cxx::new_allocator<unsigned long>::allocate(unsigned long, void const*) /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/ext/new_allocator.h:111:27
#2 0x534dcd in std::allocator_traits<std::allocator<unsigned long> >::allocate(std::allocator<unsigned long>&, unsigned long) /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/alloc_traits.h:436
#3 0x534dcd in std::_Bvector_base<std::allocator<bool> >::_M_allocate(unsigned long) /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/stl_bvector.h:530
#4 0x534dcd in std::vector<bool, std::allocator<bool> >::_M_reallocate(unsigned long) /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/vector.tcc:764
#5 0x534560 in std::vector<bool, std::allocator<bool> >::reserve(unsigned long) /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/stl_bvector.h:921:4
Thread T80 created by T0 here:
#0 0x434b8d in pthread_create /home/seviezhou/llvm-6.0.0/projects/compiler-rt/lib/asan/asan_interceptors.cc:204
#1 0x7f6202d78da4 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd0da4)
#2 0x56c1ea in sela::Decoder::processFrames(std::vector<data::WavFrame, std::allocator<data::WavFrame> >&) /home/seviezhou/sela/src/sela/decoder.cpp:68:34
#3 0x56d73b in sela::Decoder::process() /home/seviezhou/sela/src/sela/decoder.cpp:98:5
#4 0x51dbe8 in decodeFile(std::basic_ifstream<char, std::char_traits<char> >&, std::basic_ofstream<char, std::char_traits<char> >&) /home/seviezhou/sela/src/main.cpp:39:37
#5 0x51f553 in main /home/seviezhou/sela/src/main.cpp:85:17
#6 0x7f6201db483f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/../csu/libc-start.c:291
SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/stl_bvector.h:83:17 in std::_Bit_reference::operator bool() const
Shadow bytes around the buggy address:
0x0c047fff81b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff81c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff81d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff81e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff81f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fff8200: fa fa 04 fa fa fa 04 fa fa fa 00[fa]fa fa 00 fa
0x0c047fff8210: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8220: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==28346==ABORTING
System info
Ubuntu x86_64, clang 6.0, sela (latest master ca09cb)
Configure
cmake .. -DCMAKE_CXX_FLAGS="-fsanitize=address -g" -DCMAKE_C_FLAGS="-fsanitize=address -g" -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address" -DCMAKE_MODULE_LINKER_FLAGS="-fsanitize=address"
Command line
./build/sela -d @@ /dev/null
AddressSanitizer output
POC
heap-overflow-generateDecodedUnsignedInts-rice_decoder-39.zip
The text was updated successfully, but these errors were encountered: