search

dhowden / tag

ID3, MP4 and OGG/FLAC metadata parsing in Go
BSD 2-Clause "Simplified" License
568 stars 77 forks source link

panic: runtime error: makeslice: len out of range in tag.readBytes #33

Closed gy741 closed 6 years ago

gy741 commented 6 years ago

Hello.

I found a makeslice: len out of range bug in tag.

Please confirm.

Thanks.

reproduce code:

package tag

import (
    "strings"
    "testing"
)

func TestFuzzCrashers(t *testing.T) {

    var crashers = []string{
         "fLaC\x84000000\x82",

    }

    for _, f := range crashers {
        ReadFLACTags(strings.NewReader(f))
    }
}

Crash Log

--- FAIL: TestFuzzCrashers (0.00s)
panic: runtime error: makeslice: len out of range [recovered]
    panic: runtime error: makeslice: len out of range

goroutine 5 [running]:
testing.tRunner.func1(0xc42004e9c0)
    /usr/lib/go-1.8/src/testing/testing.go:622 +0x29d
panic(0x536a20, 0xc42000ef80)
    /usr/lib/go-1.8/src/runtime/panic.go:489 +0x2cf
github.com/dhowden/tag.readBytes(0x7fea805b0000, 0xc42000ae00, 0xffffffff82303030, 0x521f00, 0xc42000ef5c, 0x0, 0x0, 0xc42000ef5c)
    /home/karas/go/src/github.com/dhowden/tag/util.go:36 +0x40
github.com/dhowden/tag.readString(0x7fea805b0000, 0xc42000ae00, 0xffffffff82303030, 0x0, 0x0, 0x3, 0x7fea805b0000)
    /home/karas/go/src/github.com/dhowden/tag/util.go:45 +0x43
github.com/dhowden/tag.(*metadataVorbis).readVorbisComment(0xc42000ef60, 0x7fea805b0000, 0xc42000ae00, 0x7fea805b0000, 0xc42000ae00)
    /home/karas/go/src/github.com/dhowden/tag/vorbis.go:32 +0x88
github.com/dhowden/tag.(*metadataFLAC).readFLACMetadataBlock(0xc42000c098, 0x5f5f00, 0xc42000ae00, 0x0, 0xc420014cf0, 0x0)
    /home/karas/go/src/github.com/dhowden/tag/flac.go:77 +0x22a
github.com/dhowden/tag.ReadFLACTags(0x5f5f00, 0xc42000ae00, 0xffffffee, 0x1000, 0xc420027f78, 0x4544c3)
    /home/karas/go/src/github.com/dhowden/tag/flac.go:43 +0x208
github.com/dhowden/tag.TestFuzzCrashers(0xc42004e9c0)
    /home/karas/go/src/github.com/dhowden/tag/fuzz_test.go:16 +0xbf
testing.tRunner(0xc42004e9c0, 0x567ed0)
    /usr/lib/go-1.8/src/testing/testing.go:657 +0x96
created by testing.(*T).Run
    /usr/lib/go-1.8/src/testing/testing.go:697 +0x2ca
exit status 2
FAIL    github.com/dhowden/tag  0.005s

================= [Acknowledgement] This work was supported by ICT R&D program of MSIP/IITP. [R7518-16-1001, Innovation hub for high Performance Computing]