libsndfile crashed with SIGSEGV in wav_w64_read_fmt_chunk()

Bug #1807823 reported by Jaeseung Choi on 2018-12-11
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libsndfile (Ubuntu)
Medium
Unassigned

Bug Description

- When running 'sndfile-info' program from 'sndfile-programs' package, the program crashed while trying to write on invalid memory address. The crash point is wav_w64_read_fmt_chunk() function of libsndfile.so, so the bug seems to reside in 'libsndfile' package.
- 'sndfile-play' program from 'sndfile-programs' package also crashes with the same input.

ProblemType: Crash
DistroRelease: Ubuntu 16.04
Package: sndfile-programs 1.0.25-10ubuntu0.16.04.1
ProcVersionSignature: Ubuntu 4.15.0-42.45~16.04.1-generic 4.15.18
Uname: Linux 4.15.0-42-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Dec 10 22:51:36 2018
ExecutablePath: /usr/bin/sndfile-info
InstallationDate: Installed on 2018-12-06 (5 days ago)
InstallationMedia: Ubuntu 16.04.5 LTS "Xenial Xerus" - Release amd64 (20180731)
ProcCmdline: sndfile-info crash-0_00018173
SegvAnalysis:
 Segfault happened at: 0x7ff526d6a3d1 <wav_w64_read_fmt_chunk+2513>: movb $0x0,0x10(%rbx,%rcx,1)
 PC (0x7ff526d6a3d1) ok
 source "$0x0" ok
 destination "0x10(%rbx,%rcx,1)" (0x100d4b42f) not located in a known VMA region (needed writable region)!
SegvReason: writing unknown VMA
Signal: 11
SourcePackage: libsndfile
StacktraceTop:
 wav_w64_read_fmt_chunk (psf=psf@entry=0xd4b420, fmtsize=875972178) at wav_w64.c:333
 rf64_read_header (framesperblock=<synthetic pointer>, blockalign=<synthetic pointer>, psf=0xd4b420) at rf64.c:224
 rf64_open (psf=psf@entry=0xd4b420) at rf64.c:88
 psf_open_file (psf=0xd4b420, sfinfo=sfinfo@entry=0x7ffd71fd0930) at sndfile.c:2746
 sf_open (path=path@entry=0x7ffd71fd2301 "crash-0_00018173", mode=mode@entry=16, sfinfo=sfinfo@entry=0x7ffd71fd0930) at sndfile.c:333
Title: sndfile-info crashed with SIGSEGV in wav_w64_read_fmt_chunk()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Jaeseung Choi (jschoi.2022) wrote :
information type: Private → Public
Jaeseung Choi (jschoi.2022) wrote :

StacktraceTop:
 wav_w64_read_fmt_chunk (psf=psf@entry=0xd4b420, fmtsize=875972178) at wav_w64.c:333
 rf64_read_header (framesperblock=<synthetic pointer>, blockalign=<synthetic pointer>, psf=0xd4b420) at rf64.c:224
 rf64_open (psf=psf@entry=0xd4b420) at rf64.c:88
 psf_open_file (psf=0xd4b420, sfinfo=sfinfo@entry=0x7ffd71fd0930) at sndfile.c:2746
 sf_open (path=path@entry=0x7ffd71fd2301 "crash-0_00018173", mode=mode@entry=16, sfinfo=sfinfo@entry=0x7ffd71fd0930) at sndfile.c:333

Changed in libsndfile (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers