- attached poc-2.crash
AddressSanitizer: negative-size-param: (size=-8), size=-8 passed to memcpy in Mem_File_Reader::read_avail
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883691#44
The file in question that causes the crash can be found here: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=2;bug=883691;filename=poc-2.crash;msg=35
Comments (7)
-
reporter -
repo owner Thanks, I'm taking a look tonight.
-
repo owner I believe this is addressed by what will shortly become game-music-emu 0.6.2, containing a fix for what seems to be the precise issue, along with a minimal bit of additional hardening. If that is uncool for Debian packaging then I made sure to split out the smallest possible fix as a separate commit so it can be applied on its own if need be.
Note that I wasn't able to reproduce the precise issue on my system with the crasher file, but there was a useful backtrace in the linked information that seems to confirm the logic error upon inspection.
-
repo owner The signed tarball for 0.6.2 is now available from the Downloads page. I believe this resolves the proximate issue (I suspect others will still lurk however!). But if you can still reproduce, please reopen.
-
repo owner - changed status to resolved
-
reporter Thanks for the fast response!
From what I can see, you only fixed this issue and added some more checks (thanks!) but there don't seem to be any other functional changes. That should be fine
-
reporter Oh and I forgot to mention that I can confirm that this fixes this crash.
- Log in to comment
The file in question
Crash can also be reproduced by running e.g. "ffplay" on the file, as long as ffmpeg is built with gme support (which is the case on e.g. Debian).