You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Double-Free vulnerability cause buffer overflow is observed in miniaudio.h while fuzzing MINIAUDIO (v0.10.35 and master branch) using ASAN with AFL FUZZER
=================================================================
==2775==ERROR: AddressSanitizer: attempting double-free on 0x615000000080 in thread T0:
-0 0x7f68180667cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
-1 0x7f6817307042 in _IO_fclose (/lib/x86_64-linux-gnu/libc.so.6+0x85042)
-2 0x7f6818064908 in __interceptor_fclose (/lib/x86_64-linux-gnu/libasan.so.5+0x10b908)
-3 0x5649865b7e0b in ma_default_vfs_close__stdio ../miniaudio.h:44307
-4 0x5649865b7e0b in ma_default_vfs_close ../miniaudio.h:44491
-5 0x5649865b7e0b in ma_vfs_or_default_close ../miniaudio.h:44624
-6 0x5649865b7e0b in ma_vfs_or_default_close ../miniaudio.h:44619
-7 0x5649865b7e0b in ma_decoder_init_vfs ../miniaudio.h:47429
-8 0x564986018047 in ma_decoder_init_file ../miniaudio.h:47768
-9 0x564986018047 in main /home/zero/newfuz/audio/1/examples/simple_looping.c:43
-10 0x7f68172a90b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
-11 0x56498601889d in _start (/home/zero/newfuz/audio/1/examples/simple_looping+0x30c89d)
0x615000000080 is located 0 bytes inside of 472-byte region [0x615000000080,0x615000000258)
freed by thread T0 here:
-0 0x7f68180667cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
-1 0x7f6817307042 in _IO_fclose (/lib/x86_64-linux-gnu/libc.so.6+0x85042)
previously allocated by thread T0 here:
-0 0x7f6818066bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
-1 0x7f6817307aad in _IO_fopen (/lib/x86_64-linux-gnu/libc.so.6+0x85aad)
SUMMARY: AddressSanitizer: double-free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf) in __interceptor_free
==2775==ABORTING
Request team to implement proper patch and validate
The text was updated successfully, but these errors were encountered:
Thanks for the report. This should be fixed in the dev branch and will be released shortly. Feel free to reopen this issue if it's still not fixed properly.
Hi Team,
Double-Free vulnerability cause buffer overflow is observed in miniaudio.h while fuzzing MINIAUDIO (v0.10.35 and master branch) using ASAN with AFL FUZZER
Steps to Reproduce -
cd examples
afl-gcc -fsanitize=address -fsanitize=leak -fsanitize=undefined simple_looping.c -o simple_looping -ldl -lm -lpthread
./simple_looping POC1
Download link to POC1
OUTPUT -
=================================================================
==2775==ERROR: AddressSanitizer: attempting double-free on 0x615000000080 in thread T0:
-0 0x7f68180667cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
-1 0x7f6817307042 in _IO_fclose (/lib/x86_64-linux-gnu/libc.so.6+0x85042)
-2 0x7f6818064908 in __interceptor_fclose (/lib/x86_64-linux-gnu/libasan.so.5+0x10b908)
-3 0x5649865b7e0b in ma_default_vfs_close__stdio ../miniaudio.h:44307
-4 0x5649865b7e0b in ma_default_vfs_close ../miniaudio.h:44491
-5 0x5649865b7e0b in ma_vfs_or_default_close ../miniaudio.h:44624
-6 0x5649865b7e0b in ma_vfs_or_default_close ../miniaudio.h:44619
-7 0x5649865b7e0b in ma_decoder_init_vfs ../miniaudio.h:47429
-8 0x564986018047 in ma_decoder_init_file ../miniaudio.h:47768
-9 0x564986018047 in main /home/zero/newfuz/audio/1/examples/simple_looping.c:43
-10 0x7f68172a90b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
-11 0x56498601889d in _start (/home/zero/newfuz/audio/1/examples/simple_looping+0x30c89d)
0x615000000080 is located 0 bytes inside of 472-byte region [0x615000000080,0x615000000258)
freed by thread T0 here:
-0 0x7f68180667cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
-1 0x7f6817307042 in _IO_fclose (/lib/x86_64-linux-gnu/libc.so.6+0x85042)
previously allocated by thread T0 here:
-0 0x7f6818066bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
-1 0x7f6817307aad in _IO_fopen (/lib/x86_64-linux-gnu/libc.so.6+0x85aad)
SUMMARY: AddressSanitizer: double-free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf) in __interceptor_free
==2775==ABORTING
Request team to implement proper patch and validate
The text was updated successfully, but these errors were encountered: