search

ddiakopoulos / libnyquist

:microphone: Cross platform C++11 library for decoding audio (mp3, wav, ogg, opus, flac, etc)
BSD 2-Clause "Simplified" License
532 stars 64 forks source link

AddressSanitizer: heap-buffer-overflow #73

Open ArthurSonzogni opened 1 year ago

ArthurSonzogni commented 1 year ago

I updated libnyquist.

On 59e4be41dc733b000c62da2224c2fb7006bf1338, I got this error with ASAN:

==166518==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62c000007836 at pc 0x55dc58b8b808 bp 0x7fff7ece96c0 sp 0x7fff7ece96b0
READ of size 2 at 0x62c000007836 thread T0
    #0 0x55dc58b8b807 in nqr::ScanForChunk(std::vector<unsigned char, std::allocator<unsigned char> > const&, unsigned int) /home/arthursonzogni/programmation/real/termRider/build/_deps/libnyquist-src/include/libnyquist/Common.h:587
    #1 0x55dc58b8a652 in nqr::WavDecoder::LoadFromBuffer(nqr::AudioData*, std::vector<unsigned char, std::allocator<unsigned char> > const&) /home/arthursonzogni/programmation/real/termRider/build/_deps/libnyquist-src/src/WavDecoder.cpp:269
    #2 0x55dc58b896d5 in nqr::WavDecoder::LoadFromPath(nqr::AudioData*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/arthursonzogni/programmation/real/termRider/build/_deps/libnyquist-src/src/WavDecoder.cpp:143
    #3 0x55dc588c8ed0 in nqr::NyquistIO::Load(nqr::AudioData*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/arthursonzogni/programmation/real/termRider/build/_deps/libnyquist-src/src/Common.cpp:47
    #4 0x55dc58647fe4 in smk::SoundBuffer::SoundBuffer(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/arthursonzogni/programmation/real/termRider/build/_deps/smk-src/src/smk/SoundBuffer.cpp:35
    #5 0x55dc58439e5e in term_breaker::LoadResources() /home/arthursonzogni/programmation/real/termRider/src/resources.cpp:83
    #6 0x55dc583dd2da in term_breaker::StartGame() /home/arthursonzogni/programmation/real/termRider/src/game.cpp:142
    #7 0x55dc583d85d5 in main /home/arthursonzogni/programmation/real/termRider/src/main.cpp:5
    #8 0x7fe06482350f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #9 0x7fe0648235c8 in __libc_start_main_impl ../csu/libc-start.c:381
    #10 0x55dc583d8504 in _start (/home/arthursonzogni/programmation/real/termRider/build/termBreaker+0x276504)

0x62c000007836 is located 0 bytes to the right of 30262-byte region [0x62c000000200,0x62c000007836)
allocated by thread T0 here:
    #0 0x7fe065ac0488 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x55dc588ded09 in std::__new_allocator<unsigned char>::allocate(unsigned long, void const*) /usr/include/c++/12/bits/new_allocator.h:137
    #2 0x55dc588dd3ff in std::allocator_traits<std::allocator<unsigned char> >::allocate(std::allocator<unsigned char>&, unsigned long) /usr/include/c++/12/bits/alloc_traits.h:464
    #3 0x55dc588daf7b in std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_M_allocate(unsigned long) /usr/include/c++/12/bits/stl_vector.h:378
    #4 0x55dc588d7d2e in std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_M_create_storage(unsigned long) /usr/include/c++/12/bits/stl_vector.h:395
    #5 0x55dc588d431e in std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_Vector_base(unsigned long, std::allocator<unsigned char> const&) /usr/include/c++/12/bits/stl_vector.h:332
    #6 0x55dc588d13c0 in std::vector<unsigned char, std::allocator<unsigned char> >::vector(unsigned long, std::allocator<unsigned char> const&) (/home/arthursonzogni/programmation/real/termRider/build/termBreaker+0x76f3c0)
    #7 0x55dc588cb2aa in nqr::ReadFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/arthursonzogni/programmation/real/termRider/build/_deps/libnyquist-src/src/Common.cpp:210
    #8 0x55dc58b896b8 in nqr::WavDecoder::LoadFromPath(nqr::AudioData*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/arthursonzogni/programmation/real/termRider/build/_deps/libnyquist-src/src/WavDecoder.cpp:142
    #9 0x55dc588c8ed0 in nqr::NyquistIO::Load(nqr::AudioData*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/arthursonzogni/programmation/real/termRider/build/_deps/libnyquist-src/src/Common.cpp:47
    #10 0x55dc58647fe4 in smk::SoundBuffer::SoundBuffer(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/arthursonzogni/programmation/real/termRider/build/_deps/smk-src/src/smk/SoundBuffer.cpp:35
    #11 0x55dc58439e5e in term_breaker::LoadResources() /home/arthursonzogni/programmation/real/termRider/src/resources.cpp:83
    #12 0x55dc583dd2da in term_breaker::StartGame() /home/arthursonzogni/programmation/real/termRider/src/game.cpp:142
    #13 0x55dc583d85d5 in main /home/arthursonzogni/programmation/real/termRider/src/main.cpp:5
    #14 0x7fe06482350f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
ArthurSonzogni commented 1 year ago

Some undefined behavior:

/home/arthursonzogni/programmation/real/smk/build/_deps/libnyquist-src/third_party/libogg/src/framing.c:678:31: runtime error: applying zero offset to null pointer
/home/arthursonzogni/programmation/real/smk/build/_deps/libnyquist-src/third_party/libogg/src/bitwise.c:397:23: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
/home/arthursonzogni/programmation/real/smk/build/_deps/libnyquist-src/third_party/libogg/src/bitwise.c:399:25: runtime error: left shift of 14 by 28 places cannot be represented in type 'int'
/home/arthursonzogni/programmation/real/smk/build/_deps/libnyquist-src/third_party/libvorbis/src/sharedbook.c:410:30: runtime error: left shift of 16 by 27 places cannot be represented in type 'int'
ArthurSonzogni commented 1 year ago

I got more info. This happens when opening this file: bounce.zip