#327 Memcpy-param-overlap in mp3-util.h
There is no check that the values passed on to memcpy on mp3-util.h:277 are sensible. When the binary is compiled with ASAN, it shows an error where there is a memcpy-param-overlap, in that the p->mp3_buffer + leftover is inside the buffer mad_stream.this_frame.
Attached are two samples of the input file. The command to trigger the bug is --single-threaded <file> -t aiff /dev/null channels 1 rate 16k fade 3 norm. An information about the binary: 32 bit, limited to 800MB memory, under Linux Ubuntu 16.04, compiled with libmad only.</file>
The output of SoX with -V -V enabled:
time: Oct 3 2018 08:02:13
uname: <removed> #178-Ubuntu SMP Tue Jun 11 08:30:22 UTC 2019 x86_64
compiler: gcc 4.2.1 Compatible Clang 7.0.0 (branches/release_70)
arch: 1248 48 44 L </removed>
Sorry, I mean source address (mad_stream.this_frame) + copied length (leftover) is inside the range of the target address (p->mp3_buffer)
Fixed.