[LV2] Possible bug in lv2_atom_sequence_append_event
Bent Bisballe Nyeng
deva at aasimon.org
Fri Jul 17 00:27:55 PDT 2015
I received an ASAN runtime error after compiling with clang
-fsanitize=address.
It tells of a buffer overflow in the memcpy line in the
lv2_atom_sequence_append_event function:
http://lv2plug.in/git/cgit.cgi/lv2.git/tree/lv2/lv2plug.in/ns/ext/atom/util.h?id=60eb52f31976763497cd0355cc0d6b46af6c465f#n169
My code allocates a buffer of 4096 bytes for the sequence and I only
append a single event atom, so I was puzzled to the reason for this.
Looking at the lv2_atom_sequence_append_event code I noticed that the
size argument for memcpy is "total_size" which as I understand it is the
expected total size of the new sequence and not the size of the new
element in the sequence which is actually being memcpy'ed to the end of
the sequence...? Shouldn't it be "(uint32_t)sizeof(*event)" instead?
Kind regards
Bent Bisballe Nyeng
More information about the Devel
mailing list