221” : Bugs : midicsv package : Ubuntu
$ uname -a
Linux 6176901723ae 5.15.0-122-generic #132-Ubuntu SMP Thu Aug 29 13:45:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
build setting
$ git clone https:/
( also possible https:/
$ head Makefile
CC = clang
CFLAGS = -g -Wall -fsanitize=address
INSTALL_DEST = /usr/local
# You shouldn’t need to change anything after this line
VERSION = 1.1
PROGRAMS = midicsv csvmidi
( edit Makefile for address sanitizer )
When I run the attached poc file, a heap buffer overflow error occurs as follows.
The following is the ASAN crash log that occurred when I ran the poc.
$ ./midicsv /tmp/poc/poc19
0, 0, Header, 1, 13, 384
1, 0, Start_track
1, 0, Time_signature, 4, 2, 24, 8
1, 0, Key_signature, 0, “major”
1, 0, Unknown_event, 00x
1, 100, Unknown_event, 00x
1, 181, Unknown_event, 00x
1, 184, Unknown_event, 00x
1, 190, Pitch_bend_c, 2, 55
=======
==52723==ERROR: AddressSanitizer: heap-buffer-
READ of size 1 at 0x603000000029 thread T0
#0 0x4ecd00 in trackcsv /tmp/midicsv/
#1 0x4ebd26 in main /tmp/midicsv/
error: failed to decompress ‘.debug_aranges’, zlib is not available
error: failed to decompress ‘.debug_info’, zlib is not available
error: failed to decompress ‘.debug_abbrev’, zlib is not available
error: failed to decompress ‘.debug_line’, zlib is not available
error: failed to decompress ‘.debug_str’, zlib is not available
error: failed to decompress ‘.debug_loc’, zlib is not available
error: failed to decompress ‘.debug_ranges’, zlib is not available
#2 0x7fa008f59082 in __libc_start_main (/lib/x86_
#3 0x41c2ed in _start (/tmp/midicsv/
Read more here: Source link