Expected behavior
compile with AddressSanitizer (-fsanitize=address), and disable assert (-DNDEBUG)
stbi_load should return with an error code, and the function should return directly.
But AddressSanitizer reports like this:
=================================================================
==1420547==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f1cf72fee16 at pc 0x56410d36086e bp 0x7ffee63fd100 sp 0x7ffee63fd0f8
READ of size 1 at 0x7f1cf72fee16 thread T0
#0 0x56410d36086d in stbi__convert_format(unsigned char*, int, int, unsigned int, unsigned int) stb/TDDSuite_build/../stb_image.h:1780:52
#1 0x56410d35aee4 in stbi__tga_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) stb/TDDSuite_build/../stb_image.h:6064:18
#2 0x56410d34f571 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) stb/TDDSuite_build/../stb_image.h:1182:14
#3 0x56410d3485c7 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) stb/TDDSuite_build/../stb_image.h:1261:19
#4 0x56410d3482e0 in stbi_load_from_file stb/TDDSuite_build/../stb_image.h:1379:13
#5 0x56410d348097 in stbi_load stb/TDDSuite_build/../stb_image.h:1369:13
#6 0x56410d34ee9a in main stb/TDDSuite_build/test.cc:6:5
#7 0x7f1cf79da082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#8 0x56410d28543d in _start (stb/TDDSuite_build/test.exe+0x2343d)
0x7f1cf72fee16 is located 0 bytes to the right of 255510-byte region [0x7f1cf72c0800,0x7f1cf72fee16)
allocated by thread T0 here:
#0 0x56410d30a10e in malloc /home/frokaikan/Desktop/workspace/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
#1 0x56410d34cb46 in stbi__malloc(unsigned long) stb/TDDSuite_build/../stb_image.h:985:12
#2 0x56410d36baf4 in stbi__malloc_mad3(int, int, int, int) stb/TDDSuite_build/../stb_image.h:1056:11
#3 0x56410d359f35 in stbi__tga_load(stbi__context*, int*, int*, int*, int, stbi__result_info*) stb/TDDSuite_build/../stb_image.h:5926:31
#4 0x56410d34f571 in stbi__load_main(stbi__context*, int*, int*, int*, int, stbi__result_info*, int) stb/TDDSuite_build/../stb_image.h:1182:14
#5 0x56410d3485c7 in stbi__load_and_postprocess_8bit(stbi__context*, int*, int*, int*, int) stb/TDDSuite_build/../stb_image.h:1261:19
#6 0x56410d3482e0 in stbi_load_from_file stb/TDDSuite_build/../stb_image.h:1379:13
#7 0x56410d348097 in stbi_load stb/TDDSuite_build/../stb_image.h:1369:13
#8 0x56410d34ee9a in main stb/TDDSuite_build/test.cc:6:5
#9 0x7f1cf79da082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
Describe the bug stbi_load (or clearly, stbi__tga_load) should return immidiately with bad req_comp, but it leads to heap-buffer-overflow
To Reproduce Here is the code:
and here is the input file: testData.txt
Expected behavior compile with AddressSanitizer (-fsanitize=address), and disable assert (-DNDEBUG) stbi_load should return with an error code, and the function should return directly. But AddressSanitizer reports like this:
Screenshots