Skip to content
Snippets Groups Projects

a div zero vul in function fetch_and_process_audio() in libtheora 1.1.1

    • Closed Issue created by Jiangxin @Jiangxin 
    ╭─root@linux-jiangxin in /home/jiangxin/experiment/fuzz/AFL/target/libtheora-1.1.1/examples 
╰$ gdb encoder_example
GNU gdb (GDB) 7.9
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from encoder_example...done.

(gdb) run ../fuzz/out/Master2/crashes/id:000000,sig:08,src:000000,op:flip1,pos:22 xxx.y4m

Compressing....                                                          pgl쭌躲£¿K+y*ªFၑﲘ።ڗܙ䆾V䔍ᤆ"h1^E³¯¹3⛟䪩Rp¨푳meɆ
/
Program received signal SIGFPE, Arithmetic exception.
fetch_and_process_audio (audio=0x83b010, audiopage=audiopage@entry=0x7fffffffda10, vo=vo@entry=0x7fffffffde10, vd=vd@entry=0x7fffffffdb20, vb=vb@entry=0x7fffffffdbb0, audioflag=audioflag@entry=0) at encoder_example.c:947
947	      int toread=4096/2/audio_ch;

(gdb) bt
#0  fetch_and_process_audio (audio=0x83b010, audiopage=audiopage@entry=0x7fffffffda10, vo=vo@entry=0x7fffffffde10, vd=vd@entry=0x7fffffffdb20, vb=vb@entry=0x7fffffffdbb0, audioflag=audioflag@entry=0) at encoder_example.c:947
#1  0x0000000000405a9b in main (argc=<optimized out>, argv=<optimized out>) at encoder_example.c:1754
(gdb) p audio_ch
$1 = 0
    Edited

    Designs

    Child items ...

    • Activity

    Please register or sign in to reply