إرسال #733345: floooh sokol 33e2271 Memory Corruptionالمعلومات

عنوان	floooh sokol 33e2271 Memory Corruption
الوصف	### Description We discovered a SIGSEGV in sokol_gfx. The crash occurs within _sg_pipeline_desc_defaults (called by sg_make_pipeline). The ASAN report indicates a READ memory access violation at address 0x7f595547577c. This suggests that while sokol is attempting to apply default values to a partially initialized sg_pipeline_desc, it attempts to read from an invalid pointer provided in the descriptor. Vendor confirmed and fixed this vulnerability in commit [16cbcc8](https://github.com/seyhajin/sokol/commit/16cbcc864012898793cd2bc57f802499a264ea40). ### Environment - OS: Linux x86_64 - Complier: Clang with -fsanitize=address - Tools: AddressSanitizer - Affected Version: `master branch` ### Vulnerability Details - Target: sokol (sokol_gfx.h) - Crash Type: Segmentation Fault (SEGV) on unknown address - Location: sokol_gfx.h:24061 (in _sg_pipeline_desc_defaults) - Function: _sg_pipeline_desc_defaults(const sg_pipeline_desc* desc, sg_pipeline_desc* def) - Root Cause Analysis: The stack trace is sg_make_pipeline -> _sg_pipeline_desc_defaults. Unlike previous crashes that occurred during validation (_sg_validate_*), this one happens earlier or in parallel when applying defaults. The function _sg_pipeline_desc_defaults reads fields from the user-provided descriptor to fill in missing values. The crash at READ memory access implies that the fuzzer provided a valid-looking pointer that actually points to unmapped memory, or provided an index that led to an out-of-bounds read when accessing internal lookup tables. ### Reproduce 1. Compile the sokol test [harness](https://github.com/oneafter/1212/blob/main/harness.c) with AddressSanitizer enabled (-fsanitize=address -g) 2. Run the fuzzer harness with the attached [repro](https://github.com/oneafter/1212/blob/main/segv4) input: ``` ./harness repro ``` ASAN report ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==17958==ERROR: AddressSanitizer: SEGV on unknown address 0x7f595547577c (pc 0x564b05c15866 bp 0x7ffeecede0f0 sp 0x7ffeecede060 T0) ==17958==The signal is caused by a READ memory access. #0 0x564b05c15866 in _sg_pipeline_desc_defaults /src/sokol/./sokol_gfx.h:24061:30 #1 0x564b05c13c25 in sg_make_pipeline /src/sokol/./sokol_gfx.h:25146:33 #2 0x564b05c29497 in fuzz_input /src/sokol/harness_gfx_traditional.c:129:31 #3 0x564b05c2d4b5 in main /src/sokol/harness_gfx_traditional.c:206:9 #4 0x7f59ffba51c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #5 0x7f59ffba528a in __libc_start_main csu/../csu/libc-start.c:360:3 #6 0x564b05b17a64 in _start (/src/sokol/harness_gfx_traditional_fuzzer+0x8ba64) (BuildId: 756621c3a83311878fe2c1bf2919da032f4ab964) ==17958==Register values: rax = 0x00007f5955475783 rbx = 0x00007ffeecede060 rcx = 0x00000feb2aa8eaef rdx = 0x00000feb2aa8eaf0 rdi = 0x00007f595547577c rsi = 0x0000564b06595e60 rbp = 0x00007ffeecede0f0 rsp = 0x00007ffeecede060 r8 = 0x0000000000000001 r9 = 0x00007f59fdf0002c r10 = 0x0000000000000008 r11 = 0x0000000000000000 r12 = 0x00007f59fdf00020 r13 = 0x00007f59fdc00000 r14 = 0x00007f59fdf00020 r15 = 0x0000564b05c33c28 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /src/sokol/./sokol_gfx.h:24061:30 in _sg_pipeline_desc_defaults ==17958==ABORTING ```
المصدر	⚠️ https://github.com/floooh/sokol/issues/1403
المستخدم	Oneafter (UID 92781)
ارسال	07/01/2026 07:25 AM (5 أشهر منذ)
الاعتدال	17/01/2026 05:21 PM (10 days later)
الحالة	مكرر
إدخال VulDB	338533 [floooh sokol حتى 16cbcc864012898793cd2bc57f802499a264ea40 sokol_gfx.h _sg_pipeline_desc_defaults تلف الذاكرة]
النقاط	0

التالي ▸نظرة عامة ◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!