#10 SEGV in function StreamSerializer::extractStreams() in streamSerializer.cpp

[xiaoxiong]

Tested in Ubuntu 16.04, 64bit

The tesecase is put in the attachment and the oggvideotools vision is 0.9.1

I use the following command:

./oggLength oggLength_SEGV

and get:

Segmentation fault

I use valgrind to analysis the bug and get the below information:

==7902== Memcheck, a memory error detector
==7902== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==7902== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==7902== Command: /home/wws/Music/Fuzz/target_progs/target_oggvideotools/install/bin/oggLength /home/wws/Music/Fuzz/cmp/fuzz_out_oggvideotools_oggLength/crashes/id:000025,sig:11,src:000146,op:flip1,pos:5
==7902== 
==7902== Invalid read of size 8
==7902==    at 0x41F650: StreamSerializer::extractStreams() (streamSerializer.cpp:163)
==7902==    by 0x4261A2: StreamSerializer::open(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) (streamSerializer.cpp:75)
==7902==    by 0x40F6A3: oggLengthCmd(int, char**) (oggLength.cpp:86)
==7902==    by 0x40E412: main (oggLength.cpp:136)
==7902==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==7902== 
==7902== 
==7902== Process terminating with default action of signal 11 (SIGSEGV)
==7902==  Access not within mapped region at address 0x0
==7902==    at 0x41F650: StreamSerializer::extractStreams() (streamSerializer.cpp:163)
==7902==    by 0x4261A2: StreamSerializer::open(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) (streamSerializer.cpp:75)
==7902==    by 0x40F6A3: oggLengthCmd(int, char**) (oggLength.cpp:86)
==7902==    by 0x40E412: main (oggLength.cpp:136)
==7902==  If you believe this happened as a result of a stack
==7902==  overflow in your program's main thread (unlikely but
==7902==  possible), you can try to increase the size of the
==7902==  main thread stack using the --main-stacksize= flag.
==7902==  The main thread stack size used in this run was 8388608.
==7902== 
==7902== HEAP SUMMARY:
==7902==     in use at exit: 157,974 bytes in 18 blocks
==7902==   total heap usage: 22 allocs, 4 frees, 162,629 bytes allocated
==7902== 
==7902== LEAK SUMMARY:
==7902==    definitely lost: 0 bytes in 0 blocks
==7902==    indirectly lost: 0 bytes in 0 blocks
==7902==      possibly lost: 0 bytes in 0 blocks
==7902==    still reachable: 157,974 bytes in 18 blocks
==7902==         suppressed: 0 bytes in 0 blocks
==7902== Rerun with --leak-check=full to see details of leaked memory
==7902== 
==7902== For counts of detected and suppressed errors, rerun with: -v
==7902== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)

I use AddressSanitizer to build oggvideotools, this file can cause SEGV signal in function StreamSerializer::extractStreams() with the following command:

./oggLength oggLength_SEGV

This is the ASAN information:

ASAN:SIGSEGV
=================================================================
==7905==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000043e4b9 bp 0x7ffe756519d0 sp 0x7ffe75651720 T0)
    #0 0x43e4b8 in StreamSerializer::extractStreams() oggvideotools-0.9.1/src/main/streamSerializer.cpp:163
    #1 0x43da8f in StreamSerializer::open(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) oggvideotools-0.9.1/src/main/streamSerializer.cpp:75
    #2 0x43b044 in oggLengthCmd(int, char**) oggvideotools-0.9.1/src/binaries/oggLength.cpp:86
    #3 0x43b4e5 in main oggvideotools-0.9.1/src/binaries/oggLength.cpp:136
    #4 0x7f6e840b082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #5 0x43aa78 in _start (target_oggvideotools/install/bin/oggLength+0x43aa78)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV 
oggvideotools-0.9.1/src/main/streamSerializer.cpp:163 StreamSerializer::extractStreams()
==7905==ABORTING