AddressSanitizer: negative-size-param: (size=-8), size=-8 passed to memcpy in Mem_File_Reader::read_avail

Comments (7)

1. 

   Sebastian Dröge reporter

   • attached poc-2.crash

   The file in question

   Crash can also be reproduced by running e.g. "ffplay" on the file, as long as ffmpeg is built with gme support (which is the case on e.g. Debian).

   • 2017-12-06T17:06:54+00:00
2. 

   Michael Pyne repo owner

   Thanks, I'm taking a look tonight.

   • 2017-12-06T23:43:37+00:00
3. 

   Michael Pyne repo owner

   I believe this is addressed by what will shortly become game-music-emu 0.6.2, containing a fix for what seems to be the precise issue, along with a minimal bit of additional hardening. If that is uncool for Debian packaging then I made sure to split out the smallest possible fix as a separate commit so it can be applied on its own if need be.

   Note that I wasn't able to reproduce the precise issue on my system with the crasher file, but there was a useful backtrace in the linked information that seems to confirm the logic error upon inspection.

   • 2017-12-07T03:33:05+00:00
4. 

   Michael Pyne repo owner

   The signed tarball for 0.6.2 is now available from the Downloads page. I believe this resolves the proximate issue (I suspect others will still lurk however!). But if you can still reproduce, please reopen.

   • 2017-12-07T03:43:21+00:00
5. 

   Michael Pyne repo owner

   • changed status to resolved

   • 2017-12-07T03:43:32+00:00
6. 

   Sebastian Dröge reporter

   Thanks for the fast response!

   From what I can see, you only fixed this issue and added some more checks (thanks!) but there don't seem to be any other functional changes. That should be fine

   • 2017-12-07T08:09:52+00:00
7. 

   Sebastian Dröge reporter

   Oh and I forgot to mention that I can confirm that this fixes this crash.

   • 2017-12-07T08:16:18+00:00
8. Log in to comment