Reproduction:
export CFLAGS="-g -O0 -fsanitize=address,undefined" CXXFLAGS="-g -O0 -fsanitize=address,undefined"
export CC=afl-gcc CXX=afl-g++
./configure --disable-docs
make
make install
/usr/local/bin/sfconvert poc_file output format voc
poc_file:
poc_file.zip
Address Sanitizer result:
ModuleState.cpp:143:41: runtime error: member access within null pointer of type 'struct FileModule'
AddressSanitizer:DEADLYSIGNAL
==2515818==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fd233bbde74 bp 0x7ffcd86b23f0 sp 0x7ffcd86b2290 T0)
==2515818==The signal is caused by a READ memory access.
==2515818==Hint: address points to the zero page.
0 0x7fd233bbde74 in ModuleState::setup(_AFfilehandle, Track) /root/fuzz/fuzz_audiofile/audiofile/libaudiofile/modules/ModuleState.cpp:143
#1 0x7fd233b02e7a in afGetFrameCount /root/fuzz/fuzz_audiofile/audiofile/libaudiofile/format.cpp:205
#2 0x5609d6b51f70 in copyaudiodata /root/fuzz/fuzz_audiofile/audiofile/sfcommands/sfconvert.c:329
#3 0x5609d6b5182e in main /root/fuzz/fuzz_audiofile/audiofile/sfcommands/sfconvert.c:248
#4 0x7fd232a29d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
#5 0x7fd232a29e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
#6 0x5609d6b46844 in _start (/usr/local/bin/sfconvert+0x8844)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/fuzz/fuzz_audiofile/audiofile/libaudiofile/modules/ModuleState.cpp:143 in ModuleState::setup(_AFfilehandle, Track)
Reproduction: export CFLAGS="-g -O0 -fsanitize=address,undefined" CXXFLAGS="-g -O0 -fsanitize=address,undefined" export CC=afl-gcc CXX=afl-g++ ./configure --disable-docs make make install /usr/local/bin/sfconvert poc_file output format voc poc_file: poc_file.zip
Address Sanitizer result: ModuleState.cpp:143:41: runtime error: member access within null pointer of type 'struct FileModule' AddressSanitizer:DEADLYSIGNAL
==2515818==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fd233bbde74 bp 0x7ffcd86b23f0 sp 0x7ffcd86b2290 T0) ==2515818==The signal is caused by a READ memory access. ==2515818==Hint: address points to the zero page.
0 0x7fd233bbde74 in ModuleState::setup(_AFfilehandle, Track) /root/fuzz/fuzz_audiofile/audiofile/libaudiofile/modules/ModuleState.cpp:143
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /root/fuzz/fuzz_audiofile/audiofile/libaudiofile/modules/ModuleState.cpp:143 in ModuleState::setup(_AFfilehandle, Track)