Closed Google-Autofuzz closed 4 years ago
Hello,
please find attached a reproducer to reproduce the following stacktrace:
goroutine 17 [running, locked to thread]: -- | tag.readBytes(0x7f345b63c158, 0x10c000012c00, 0xffffffffffffffff, 0x5599508329b0, 0x55994f5c4840, 0x10c00001a5e4, 0x0, 0x0) | third_party/golang/mediatag/util.go:36 +0x42 | tag.readString(...) | third_party/golang/mediatag/util.go:45 | tag.(*metadataVorbis).readVorbisComment(0x10c000056790, 0x7f345b63c158, 0x10c000012c00, 0x7f345b63c158, 0x10c000012c00) | third_party/golang/mediatag/vorbis.go:48 +0x2a9 | tag.(*metadataFLAC).readFLACMetadataBlock(0x10c000010060, 0x55994f6137c0, 0x10c000012c00, 0x0, 0x0, 0x0) | third_party/golang/mediatag/flac.go:77 +0x22a | ag.ReadFLACTags(0x55994f6137c0, 0x10c000012c00, 0x1, 0x0, 0x0, 0x0) | third_party/golang/mediatag/flac.go:43 +0x194 | tag.ReadFrom(0x55994f6137c0, 0x10c000012c00, 0x55994d26e896, 0x6, 0x55994d26de4b, 0x4) | third_party/golang/mediatag/tag.go:44 +0x442 | google3/getmeta_fuzz_go_fuzz.FuzzGetMeta(0x62f00000e400, 0xc6d8, 0xc6d8) | google3/getmeta_fuzz.go:16 +0xa3 | google3/getmeta_fuzz_go_fuzz.LLVMFuzzerTestOneInput(0x62f00000e400, 0xc6d8, 0x8) | getmeta_fuzz_gen.go:33 +0x66 | google3/objs/getmeta_fuzz_go_fuzz/_cgo_gotypes.go:56 +0x37 | | panic: runtime error: makeslice: len out of range
reproducer:
func Fuzz(in []byte) { r := bytes.NewReader(in) tag.Identify(r) m, err := tag.ReadFrom(r) if err != nil { return } m.Format() m.FileType() m.Title() m.Album() m.Artist() m.AlbumArtist() m.Composer() m.Year() m.Genre() m.Track() m.Disc() m.Picture() m.Lyrics() tag.Sum(r) }
clusterfuzz-testcase-minimized-getmeta_fuzz-5120942988066816.zip
Can't reproduce.
dhowden
commented
4 years ago dhowden
commented
4 years ago
Hello,
please find attached a reproducer to reproduce the following stacktrace:
reproducer:
clusterfuzz-testcase-minimized-getmeta_fuzz-5120942988066816.zip