Skip to content

Fix multiple ubsan crashes #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
antlarr wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Fix multiple ubsan crashes #42

antlarr wants to merge 4 commits into from

Conversation

@antlarr
Copy link

@antlarr antlarr commented Mar 6, 2017
edited
Loading

These commits fix #41, #31, #32, #34, #36, #37, #38, #39 and #40

antlarr added 3 commits March 6, 2017 13:57
@antlarr
Always check the number of coefficients
c48e4c6 
When building the library with NDEBUG, asserts are eliminated
so it's better to always check that the number of coefficients
is inside the array range.

This fixes the 00191-audiofile-indexoob issue in mpruett#41
@antlarr
Check for multiplication overflow in MSADPCM decodeSample
beacc44 
Check for multiplication overflow (using __builtin_mul_overflow
if available) in MSADPCM.cpp decodeSample and return an empty
decoded block if an error occurs.

This fixes the 00193-audiofile-signintoverflow-MSADPCM case of mpruett#41
@antlarr
Check for multiplication overflow in sfconvert
7d65f89 
Checks that a multiplication doesn't overflow when
calculating the buffer size, and if it overflows,
reduce the buffer size instead of failing.

This fixes the 00192-audiofile-signintoverflow-sfconvert case
in mpruett#41
This was referenced Mar 6, 2017
Open
Open
Open
Open
Open
Open
Open
Open
@Mic92
Copy link

Mic92 commented Mar 21, 2017

What is the opinion of the maintainers on these patches?

Mic92
Mic92 reviewed Mar 21, 2017
View reviewed changes
libaudiofile/WAVE.cpp
readU16(&numCoefficients);

/* numCoefficients should be at least 7. */
assert(numCoefficients >= 7 && numCoefficients <= 255);
Copy link

@Mic92 Mic92 Mar 21, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the assert statement still needed in this case?

Copy link
Author

@antlarr antlarr Mar 23, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, in case the code is built with DEBUG defined (as I guess @mpruett does) the assert would fail and I didn't want to change that behavior for the main developer. Also, in the general case (when DEBUG is not defined, as most distributions build this code), the assert is already a NOP.

@Mic92 Mic92 mentioned this pull request Mar 21, 2017
Open
1 task
@NeQuissimus NeQuissimus mentioned this pull request Oct 30, 2017
Closed
74 tasks
@anthraxx anthraxx mentioned this pull request Sep 2, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Mic92 Mic92 Mic92 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

multiple ubsan crashes

2 participants

@antlarr @Mic92