Code Monkey home page Code Monkey logo

Comments (4)

gabe-sherman avatar gabe-sherman commented on May 24, 2024 1

All set, thanks for your help!

from raylib.

raysan5 avatar raysan5 commented on May 24, 2024

@gabe-sherman The additional check should address the issue but note this issue could be related to bad/malicious data provided by the library users...

Please, let me know if the proposed improvement fixes the issue.

from raylib.

gabe-sherman avatar gabe-sherman commented on May 24, 2024

Thanks for your quick response! With the newest commit the segmentation fault is avoided but a heap-buffer overflow still does occur. Here's the asan output for that if you're interested:

==2938248==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000008f at pc 0x5555558cf817 bp 0x7fffffffd570 sp 0x7fffffffcd40
READ of size 7274154 at 0x60300000008f thread T0
    #0 0x5555558cf816 in __asan_memcpy (/home/gabesherman/harness_test/AutoHarn-Results/raylib/hopper-08/reproducer+0x37b816) (BuildId: 82400a458698d34e43fc9abcb28ba75a29f03a7d)
    #1 0x55555595962c in LoadImageRaw /home/gabesherman/harness_test/AutoHarn-Evaluation/raylib/lib_asan/src/rtextures.c:323:9
    #2 0x55555590b4ed in main /home/gabesherman/harness_test/AutoHarn-Results/raylib/hopper-08/reproducer.c:33:16
    #3 0x7ffff7c29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #4 0x7ffff7c29e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #5 0x55555584d6a4 in _start (/home/gabesherman/harness_test/AutoHarn-Results/raylib/hopper-08/reproducer+0x2f96a4) (BuildId: 82400a458698d34e43fc9abcb28ba75a29f03a7d)

0x60300000008f is located 0 bytes to the right of 31-byte region [0x603000000070,0x60300000008f)
allocated by thread T0 here:
    #0 0x5555558d04ee in __interceptor_malloc (/home/gabesherman/harness_test/AutoHarn-Results/raylib/hopper-08/reproducer+0x37c4ee) (BuildId: 82400a458698d34e43fc9abcb28ba75a29f03a7d)
    #1 0x555555c39283 in LoadFileData /home/gabesherman/harness_test/AutoHarn-Evaluation/raylib/lib_asan/src/utils.c:208:41
    #2 0x5555559593de in LoadImageRaw /home/gabesherman/harness_test/AutoHarn-Evaluation/raylib/lib_asan/src/rtextures.c:312:31
    #3 0x55555590b4ed in main /home/gabesherman/harness_test/AutoHarn-Results/raylib/hopper-08/reproducer.c:33:16
    #4 0x7ffff7c29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/gabesherman/harness_test/AutoHarn-Results/raylib/hopper-08/reproducer+0x37b816) (BuildId: 82400a458698d34e43fc9abcb28ba75a29f03a7d) in __asan_memcpy
Shadow bytes around the buggy address:
  0x0c067fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c067fff8000: fa fa 00 00 00 fa fa fa 00 00 00 07 fa fa 00 00
=>0x0c067fff8010: 00[07]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==2938248==ABORTING

from raylib.

raysan5 avatar raysan5 commented on May 24, 2024

@gabe-sherman latest commit should address this issue.

from raylib.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.