oggvideotools heap overflow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
oggvideotools (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I use AddressSanitizer to build oggvideotools 0.9.1 and get segment fault as below. I use the command:
oggLength <testcase>
The testcase I used is put in the attachment.
This software can also be installed by command `apt install oggvideotools` but the version is 0.8a-7, which can also get segment fault with the same testcase.
MediaConverter:
MediaConverter:
MediaConverter:
=======
==32390==ERROR: AddressSanitizer: heap-buffer-
WRITE of size 4 at 0x60600000e4b8 thread T0
#0 0x46e492 in ExtractorInform
#1 0x4407e2 in StreamConfig:
#2 0x43ea66 in StreamSerialize
#3 0x43b0c4 in oggLengthCmd(int, char**) /home/wws/
#4 0x43b4e5 in main /home/wws/
#5 0x7f13e016782f in __libc_start_main (/lib/x86_
#6 0x43aa78 in _start (/home/
0x60600000e4b8 is located 0 bytes to the right of 56-byte region [0x60600000e480
allocated by thread T0 here:
#0 0x7f13e0b42532 in operator new(unsigned long) (/usr/lib/
#1 0x4468b4 in __gnu_cxx:
#2 0x4460b3 in std::allocator_
#3 0x4451fd in std::_Vector_
#4 0x443257 in std::vector<
#5 0x441d5e in std::vector<
#6 0x43e9a5 in StreamSerialize
#7 0x43b0c4 in oggLengthCmd(int, char**) /home/wws/
#8 0x43b4e5 in main /home/wws/
#9 0x7f13e016782f in __libc_start_main (/lib/x86_
SUMMARY: AddressSanitizer: heap-buffer-
Shadow bytes around the buggy address:
0x0c0c7fff9c40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff9c50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff9c60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff9c70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c7fff9c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0c7fff9c90: 00 00 00 00 00 00 00[fa]fa fa fa fa 00 00 00 00
0x0c0c7fff9ca0: 00 00 05 fa fa fa fa fa fd fd fd fd fd fd fd fa
0x0c0c7fff9cb0: fa fa fa fa 00 00 00 00 00 00 07 fa fa fa fa fa
0x0c0c7fff9cc0: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
0x0c0c7fff9cd0: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 06 fa
0x0c0c7fff9ce0: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==32390==ABORTING
My system is:
Description: Ubuntu 16.04.6 LTS
Release: 16.04
The software information:
oggvideotools:
Installed: 0.8a-7
Candidate: 0.8a-7
Version table:
*** 0.8a-7 500
500 https:/
500 http://
100 /var/lib/
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: oggvideotools 0.8a-7
ProcVersionSign
Uname: Linux 4.15.0-66-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.21
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Nov 14 19:56:47 2019
InstallationDate: Installed on 2019-01-24 (293 days ago)
InstallationMedia: Ubuntu 16.04.5 LTS "Xenial Xerus" - Release amd64 (20180731)
SourcePackage: oggvideotools
UpgradeStatus: No upgrade log present (probably fresh install)
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.