This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug string/21347] New: crash in memcpy.S during attempted libvpx decoding
- From: "brian.carpenter at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sun, 02 Apr 2017 05:02:42 +0000
- Subject: [Bug string/21347] New: crash in memcpy.S during attempted libvpx decoding
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=21347
Bug ID: 21347
Summary: crash in memcpy.S during attempted libvpx decoding
Product: glibc
Version: 2.19
Status: UNCONFIRMED
Severity: critical
Priority: P2
Component: string
Assignee: unassigned at sourceware dot org
Reporter: brian.carpenter at gmail dot com
Target Milestone: ---
Compiled Google's libvpx with afl-clang-fast and while fuzzing vpxdec with AFL,
this segfault in glibc 2.19 was triggered:
ASAN_SYMBOLIZER_PATH=/usr/lib/llvm-3.5/bin/llvm-symbolizer
ASAN_OPTIONS=detect_leaks=0,symbolize=1 ~/libvpx/vpxdec --keep-going test077 -o
/dev/shm/out.file
Warning: Warning: Read invalid frame size (128) - not a raw file?
Warning: Warning: Read invalid frame size (150) - not a raw file?
Warning: Failed to decode frame 2: Bitstream not supported by this decoder
Warning: Warning: Read invalid frame size (9) - not a raw file?
Warning: Failed to decode frame 3: Corrupt frame detected
Warning: Additional information: Truncated packet or corrupt partition 1 length
ASAN:SIGSEGV
=================================================================
==26803==ERROR: AddressSanitizer: SEGV on unknown address 0x62a000030000 (pc
0x7f1be36ac8bb bp 0x00000000079a sp 0x7ffff38617f8 T0)
#0 0x7f1be36ac8ba
/build/glibc-qK83Be/glibc-2.19/string/../sysdeps/x86_64/memcpy.S:270
#1 0x7f1be369d29d in _IO_default_xsputn
/build/glibc-qK83Be/glibc-2.19/libio/genops.c:463
#2 0x7f1be369b991 in _IO_file_xsputn
/build/glibc-qK83Be/glibc-2.19/libio/fileops.c:1345
#3 0x7f1be3691aac in fwrite
/build/glibc-qK83Be/glibc-2.19/libio/iofwrite.c:43
#4 0x4faffe in write_image_file /root/libvpx/vpxdec.c:291:7
#5 0x4f6761 in main_loop /root/libvpx/vpxdec.c:980:11
#6 0x4f6761 in main /root/libvpx/vpxdec.c:1070
#7 0x7f1be3648b44 in __libc_start_main
/build/glibc-qK83Be/glibc-2.19/csu/libc-start.c:287
#8 0x4edd6c in _start (/root/libvpx/vpxdec+0x4edd6c)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/build/glibc-qK83Be/glibc-2.19/string/../sysdeps/x86_64/memcpy.S:270 ??
==26803==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.