Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A stack-buffer-overflow occurs while parsing a file #30

Closed
tank0123 opened this issue Jul 9, 2021 · 3 comments
Closed

A stack-buffer-overflow occurs while parsing a file #30

tank0123 opened this issue Jul 9, 2021 · 3 comments

Comments

@tank0123
Copy link

tank0123 commented Jul 9, 2021

System Configuration

  • AtomicParsley version: atomicparsley-20210124.204813.840499f
  • Used arguments: -T 1 -t +
  • Environment (Operating system, version and so on): Ubuntu 20.04.2 64bit
  • Additional information: compilation with asan

==34075==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffd800 at pc 0x7ffff75e858d bp 0x7fffffffd540 sp 0x7fffffffcce8
WRITE of size 3936 at 0x7fffffffd800 thread T0

Program received signal SIGSEGV, Segmentation fault.

#0 0x00007ffff6ffcc50 in ?? () from /lib/x86_64-linux-gnu/libgcc_s.so.1
#1 0x00007ffff6ffe77b in _Unwind_Backtrace () from /lib/x86_64-linux-gnu/libgcc_s.so.1
#2 0x00007ffff76b4a28 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#3 0x00007ffff75af7f7 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#4 0x00007ffff76949ed in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#5 0x00007ffff7694363 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#6 0x00007ffff75e85af in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
#7 0x00005555555fd597 in fread (__stream=0x615000000580, __n=0x203c, __size=0x1, __ptr=0x7fffffffd6cd)
at /usr/include/x86_64-linux-gnu/bits/stdio2.h:297
#8 APar_readX (buffer=0x7fffffffd6cd "", ISObasemediafile=ISObasemediafile@entry=0x615000000580,
pos=, length=0x203c) at /home/ubuntu/tmp/atomicparsley-20210124.204813.840499f/src/util.cpp:330
#9 0x00005555555a02d0 in APar_ExtractTrackDetails (uint32_buffer=uint32_buffer@entry=0x602000000050 "",
isofile=isofile@entry=0x615000000580, track=track@entry=0x7fffffffd6a0,
track_info=track_info@entry=0x7fffffffd6b0)
at /home/ubuntu/tmp/atomicparsley-20210124.204813.840499f/src/extracts.cpp:1286
#10 0x00005555555a243b in APar_ExtractDetails (isofile=, optional_output=)
at /home/ubuntu/tmp/atomicparsley-20210124.204813.840499f/src/extracts.cpp:1638

I've attached the file. Please download and check the file.
2021-05-04-09_19_50_0x5b55f77d_0xb1c1261c.zip
@github-actions
Copy link

github-actions bot commented Jul 9, 2021

Thanks for filing an issue! Please note that this project is only passively maintained, so your best bet for getting an issue resolved is through a pull request that is easy to verify! Please read this for more information.

wez added a commit that referenced this issue Jul 9, 2021
@wez
avoid buffer overrun when populating track_hdlr_name
abbce70 
speculative fix for #30
@wez
Copy link
Owner

wez commented Jul 9, 2021

I've pushed a speculative fix for this; looks like a missing bounds check. Please let me know how this goes!

@tank0123
Copy link
Author

I checked the code you wrote.
However, there was still a memory leak, so I wrote a patch code.

Please check #31 (comment).

wez added a commit that referenced this issue Jul 11, 2021
@wez
fix memory leak and avoid some heap allocations
020176f 
It's not necessary to heap allocate these small buffers; using
the stack avoids the need to remember to free them as well.

Refs: #30
Fixes: #31
@wez wez closed this as completed Jul 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wez @tank0123