Submeter #761339: jarikomppa soloud master-branch Memory Corruptioninformação

Título	jarikomppa soloud master-branch Memory Corruption
Descrição	### Description The crash occurs within SoLoud::Wav::loadwav at src/audiosource/wav/soloud_wav.cpp:126:38, which is invoked via loadMem. The AddressSanitizer report indicates an invalid WRITE memory access to an unknown address (0x7f6e9ae87400), likely caused by a crafted WAV file processing. ### Environment - OS: Linux x86_64 - Complier: Clang - Build Configuration: Release mode with ASan enabled. ### Vulnerability Details - Type: Segmentation Fault (SEGV) - Access Type: WRITE - Location: src/audiosource/wav/soloud_wav.cpp:126:38 - Function: SoLoud::Wav::loadwav ### Reproduce 1. Build soloud and harness with Release optimization and ASAN enabled. <details> <summary>harness.cpp</summary> ``` #include "soloud.h" #include "soloud_wav.h" #include <stdint.h> #include <stdlib.h> #include <stdio.h> int main(int argc, char *argv) { if (argc < 2) { return 1; } FILE f = fopen(argv[1], "rb"); if (!f) { return 1; } fseek(f, 0, SEEK_END); long len = ftell(f); fseek(f, 0, SEEK_SET); unsigned char buf = (unsigned char )malloc(len); if (!buf) { fclose(f); return 1; } if (fread(buf, 1, len, f) != (size_t)len) { free(buf); fclose(f); return 1; } fclose(f); SoLoud::Soloud soloud; soloud.init(SoLoud::Soloud::CLIP_ROUNDOFF \| SoLoud::Soloud::ENABLE_VISUALIZATION, SoLoud::Soloud::NULLDRIVER); SoLoud::Wav wav; int res = wav.loadMem(buf, len, false, false); if (res == 0) { SoLoud::handle h = soloud.play(wav); soloud.stop(h); } soloud.deinit(); free(buf); return 0; } ``` </details> 2. Run with the crashing [file](https://github.com/oneafter/0209/blob/main/so2/repro): ``` ./harness repro ``` <details> <summary>ASAN report</summary> ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==13495==ERROR: AddressSanitizer: SEGV on unknown address 0x7f6e9ae87400 (pc 0x561a743ff86b bp 0x7fff778b43f0 sp 0x7fff778b4300 T0) ==13495==The signal is caused by a WRITE memory access. #0 0x561a743ff86b in SoLoud::Wav::loadwav(SoLoud::MemoryFile) /src/soloud/src/audiosource/wav/soloud_wav.cpp:126:38 #1 0x561a744025d4 in SoLoud::Wav::loadMem(unsigned char const, unsigned int, bool, bool) /src/soloud/src/audiosource/wav/soloud_wav.cpp:314:10 #2 0x561a743a6124 in main /src/soloud/harness.cpp:39:19 #3 0x7f6d81dc01c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e) #4 0x7f6d81dc028a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e) #5 0x561a742c25d4 in _start (/src/soloud/harness+0x395d4) (BuildId: 564525bdfb4ff8144e0982209d7e978677d8be1c) ==13495==Register values: rax = 0x00007f6e9ae87400 rbx = 0x00007fff778b4300 rcx = 0x0000000000000005 rdx = 0x00007f6ce1c2b800 rdi = 0x00007f6d809001f4 rsi = 0x000000006e496f00 rbp = 0x00007fff778b43f0 rsp = 0x00007fff778b4300 r8 = 0x0000000000000000 r9 = 0x000000006e496f00 r10 = 0x00007f6d809001f0 r11 = 0x00007f6d809001f4 r12 = 0x0000000000000001 r13 = 0x0000000000000000 r14 = 0x0000561a745872a0 r15 = 0x0000000000000001 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /src/soloud/src/audiosource/wav/soloud_wav.cpp:126:38 in SoLoud::Wav::loadwav(SoLoud::MemoryFile*) ==13495==ABORTING ``` </details>
Fonte	⚠️ https://github.com/jarikomppa/soloud/issues/401
Utilizador	Oneafter (UID 92781)
Submissão	18/02/2026 15h06 (há 2 meses)
Moderação	28/02/2026 18h07 (10 days later)
Estado	Aceite
Entrada VulDB	348280 [jarikomppa soloud até 20200207 WAV File Parser soloud_wav.cpp SoLoud::Wav::loadwav Excesso de tampão]
Pontos	20

◂ Voltar Visão Geral Próximo ▸

Do you know our Splunk app?

Download it now for free!