A crafted file may trigger signed integer overflow in int v = FAST_SCALED_FLOAT_TO_INT(temp, f,15);. The macro is defined as #define FAST_SCALED_FLOAT_TO_INT(temp,x,s) (temp.f = (x) + MAGIC(s), temp.i - ADDEND(s)) and the overflow happens in the temp.i - ADDEND(s) part of it.
Impact
It doesn't look like a security issue, however signed integer overflow is undefined according to C/C++.
Run the program with the following options: UBSAN_OPTIONS=silence_unsigned_overflow=1 <program name> to hit the error.
/src/stb/tests/../stb_vorbis.c:5285:21: runtime error: signed integer overflow: -1025582044 - 1136656384 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /src/stb/tests/../stb_vorbis.c:5285:21 in
A crafted file may trigger signed integer overflow in
int v = FAST_SCALED_FLOAT_TO_INT(temp, f,15);
. The macro is defined as#define FAST_SCALED_FLOAT_TO_INT(temp,x,s) (temp.f = (x) + MAGIC(s), temp.i - ADDEND(s))
and the overflow happens in thetemp.i - ADDEND(s)
part of it.Impact
It doesn't look like a security issue, however signed integer overflow is undefined according to C/C++.
Resources
To reproduce the issue:
UBSAN_OPTIONS=silence_unsigned_overflow=1 <program name>
to hit the error.