search

clangen / musikcube

a cross-platform, terminal-based music player, audio engine, metadata indexer, and server in c++
https://musikcube.com
BSD 3-Clause "New" or "Revised" License
4.11k stars 296 forks source link

UB index out of bounds #150

Closed matthiaskrgr closed 4 years ago

matthiaskrgr commented 6 years ago

compile with -fsanitize=address,undefined -g3 -fno-omit-frame-pointer run via UBSAN_OPTIONS=print_stacktrace=1 ./bin/musikcube at the same time, in some other terminal: tail -f /tmp/musikcube.log this happened while playing some mp3 chiptune music

 Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1,  96 kbps, 44.1 kHz, Monaural
/home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/mad/synth.c:654:14: runtime error: index 18446744073709551601 out of bounds for type 'const mad_fixed_t [32]'
    #0 0x7fd6f74f112a in synth_full /home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/mad/synth.c:654:14
    #1 0x7fd6f74e97cd in mad_synth_frame /home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/mad/synth.c:854:3
    #2 0x7fd6f7524cc3 in decode /home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/nomad/nomad.c:533:2
    #3 0x7fd6f751f35d in nomad_read /home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/nomad/nomad.c:654:8
    #4 0x7fd6f74922cf in NomadDecoder::GetBuffer(musik::core::sdk::IBuffer*) /home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/NomadDecoder.cpp:111:16
    #5 0x18a14a4 in musik::core::audio::Stream::GetNextBufferFromDecoder() /home/matthias/vcs/github/musikcube/src/core/audio/Stream.cpp:155:25
    #6 0x189e0cf in musik::core::audio::Stream::RefillInternalBuffers() /home/matthias/vcs/github/musikcube/src/core/audio/Stream.cpp:230:18
    #7 0x189d0a2 in musik::core::audio::Stream::OpenStream(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /home/matthias/vcs/github/musikcube/src/core/audio/Stream.cpp:135:19
    #8 0x18fb9d6 in musik::core::audio::playerThreadLoop(musik::core::audio::Player*) /home/matthias/vcs/github/musikcube/src/core/audio/Player.cpp:288:25
    #9 0x191edcc in void std::_Bind<void (*(musik::core::audio::Player*))(musik::core::audio::Player*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/lib/gcc/x86_64-redhat-linux/6.4.1/../../../../include/c++/6.4.1/functional:933:11
    #10 0x191e884 in void std::_Bind<void (*(musik::core::audio::Player*))(musik::core::audio::Player*)>::operator()<, void>() /usr/lib/gcc/x86_64-redhat-linux/6.4.1/../../../../include/c++/6.4.1/functional:991:17
    #11 0x191e5e5 in void std::_Bind_simple<std::_Bind<void (*(musik::core::audio::Player*))(musik::core::audio::Player*)> ()>::_M_invoke<>(std::_Index_tuple<>) /usr/lib/gcc/x86_64-redhat-linux/6.4.1/../../../../include/c++/6.4.1/functional:1390:18
    #12 0x191e470 in std::_Bind_simple<std::_Bind<void (*(musik::core::audio::Player*))(musik::core::audio::Player*)> ()>::operator()() /usr/lib/gcc/x86_64-redhat-linux/6.4.1/../../../../include/c++/6.4.1/functional:1380:16
    #13 0x191d78d in std::thread::_State_impl<std::_Bind_simple<std::_Bind<void (*(musik::core::audio::Player*))(musik::core::audio::Player*)> ()> >::_M_run() /usr/lib/gcc/x86_64-redhat-linux/6.4.1/../../../../include/c++/6.4.1/thread:197:13
    #14 0x7fd706df976e  (/lib64/libstdc++.so.6+0xbb76e)
    #15 0x7fd707736739 in start_thread (/lib64/libpthread.so.0+0x7739)
    #16 0x7fd706357e0e in __GI___clone (/lib64/libc.so.6+0x107e0e)

SUMMARY: AddressSanitizer: undefined-behavior /home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/mad/synth.c:654:14 in 
/home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/mad/synth.c:644:14: runtime error: index 18446744073709551614 out of bounds for type 'const mad_fixed_t [32]'
    #0 0x7fd6f74ef9d5 in synth_full /home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/mad/synth.c:644:14
    #1 0x7fd6f74e97cd in mad_synth_frame /home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/mad/synth.c:854:3
    #2 0x7fd6f7524cc3 in decode /home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/nomad/nomad.c:533:2
    #3 0x7fd6f751f35d in nomad_read /home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/nomad/nomad.c:654:8
    #4 0x7fd6f74922cf in NomadDecoder::GetBuffer(musik::core::sdk::IBuffer*) /home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/NomadDecoder.cpp:111:16
    #5 0x18a14a4 in musik::core::audio::Stream::GetNextBufferFromDecoder() /home/matthias/vcs/github/musikcube/src/core/audio/Stream.cpp:155:25
    #6 0x189e0cf in musik::core::audio::Stream::RefillInternalBuffers() /home/matthias/vcs/github/musikcube/src/core/audio/Stream.cpp:230:18
    #7 0x189d0a2 in musik::core::audio::Stream::OpenStream(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /home/matthias/vcs/github/musikcube/src/core/audio/Stream.cpp:135:19
    #8 0x18fb9d6 in musik::core::audio::playerThreadLoop(musik::core::audio::Player*) /home/matthias/vcs/github/musikcube/src/core/audio/Player.cpp:288:25
    #9 0x191edcc in void std::_Bind<void (*(musik::core::audio::Player*))(musik::core::audio::Player*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/lib/gcc/x86_64-redhat-linux/6.4.1/../../../../include/c++/6.4.1/functional:933:11
    #10 0x191e884 in void std::_Bind<void (*(musik::core::audio::Player*))(musik::core::audio::Player*)>::operator()<, void>() /usr/lib/gcc/x86_64-redhat-linux/6.4.1/../../../../include/c++/6.4.1/functional:991:17
    #11 0x191e5e5 in void std::_Bind_simple<std::_Bind<void (*(musik::core::audio::Player*))(musik::core::audio::Player*)> ()>::_M_invoke<>(std::_Index_tuple<>) /usr/lib/gcc/x86_64-redhat-linux/6.4.1/../../../../include/c++/6.4.1/functional:1390:18
    #12 0x191e470 in std::_Bind_simple<std::_Bind<void (*(musik::core::audio::Player*))(musik::core::audio::Player*)> ()>::operator()() /usr/lib/gcc/x86_64-redhat-linux/6.4.1/../../../../include/c++/6.4.1/functional:1380:16
    #13 0x191d78d in std::thread::_State_impl<std::_Bind_simple<std::_Bind<void (*(musik::core::audio::Player*))(musik::core::audio::Player*)> ()> >::_M_run() /usr/lib/gcc/x86_64-redhat-linux/6.4.1/../../../../include/c++/6.4.1/thread:197:13
    #14 0x7fd706df976e  (/lib64/libstdc++.so.6+0xbb76e)
    #15 0x7fd707736739 in start_thread (/lib64/libpthread.so.0+0x7739)
    #16 0x7fd706357e0e in __GI___clone (/lib64/libc.so.6+0x107e0e)

SUMMARY: AddressSanitizer: undefined-behavior /home/matthias/vcs/github/musikcube/src/plugins/nomaddecoder/mad/synth.c:644:14 in
clangen commented 4 years ago

We're not using mad / nomad anymore -- ffmpeg has superseded it. Closing...