search

ittiam-systems / libmpegh

MPEG-H 3D Audio Low Complexity Profile Decoder. Encoder: https://github.com/ittiam-systems/libmpeghe
http://www.ittiam.com/
BSD 3-Clause Clear License
87 stars 20 forks source link

Decoder crash due to invalid array indice read found during fuzzing tests #36

Closed amiartus closed 1 year ago

amiartus commented 1 year ago

Hello,

I was running fuzzing tests on the decoder and found following issue:

  1. amend CMakeLists.txt 
    
diff --git a/CMakeLists.txt b/CMakeLists.txt
index a0226d5..7fe656c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -7,6 +7,9 @@ set(CMAKE_CXX_STANDARD_REQUIRED ON)
set(CMAKE_CXX_EXTENSIONS OFF)
set(CMAKE_SUPPRESS_REGENERATION true)

+add_compile_options(-fsanitize=address) +add_link_options(-fsanitize=address) +

Add Library Target

add_library ( ia_mpeghd_lib


2. and run following tests after build ([1.txt](https://github.com/ittiam-systems/libmpegh/files/10278546/1.txt) is a mhas file)

./ia_mpeghd_testbench -ifile:./1.txt -ofile:./1.wav

crashes because c = -1 in /impeghd_hoa_render_mtrx.c:191
beta = ia_hoa_beta_value_table[c];
SakethSathuvalli commented 1 year ago

Hi @miartad,

Thanks for bringing this up!

We too have come across this issue during our fuzzer testing. We will be uploading fix for this issue along with other issues seen at our end soon. We will keep this thread open till then.

Appreciate your efforts for carrying out fuzzer runs on our workspace!

SakethSathuvalli commented 1 year ago

Addressed in #41.

Thanks!

SakethSathuvalli commented 1 year ago

Hello @miartad,

I was wondering if you got a chance to validate the fix pushed for this issue.

Thanks!

amiartus commented 1 year ago

Hi @SakethSathuvalli

I plan to do that this week, thank you for fixing the reported issues!

amiartus commented 1 year ago

hi @SakethSathuvalli

I checked against our crash logs, 6/8 fuzzer crash logs were fixed, but 2 still remain crashing, I can provide the example files that cause crashes later

SakethSathuvalli commented 1 year ago

Hi @miartad,

Are the 2 crashes happening with the same array and in the same location or a different one ?

If different I suggest We close this issue and report the two crashes in a different thread/issue.

Thanks again for bringing up fuzzer issues !

amiartus commented 1 year ago

Hi @SakethSathuvalli

here are some more sample files that will produce crashes in unique places in code: crash-2.txt crash-1.txt

I could create a separate issue, as Im not sure whether these crashes are related...

SakethSathuvalli commented 1 year ago

Hi @SakethSathuvalli

here are some more sample files that will produce crashes in unique places in code: crash-2.txt crash-1.txt

I could create a separate issue, as Im not sure whether these crashes are related...

If the crash locations are different than the ones mentioned in this issue, I recommend You to create a new issue. Meanwhile we will check the new crashes and let us know our feedback.

Thanks!

amiartus commented 1 year ago

thanks, I will create separate issue and we can close this one I believe.