[LV2] Possible bug in lv2_atom_sequence_append_event

Bent Bisballe Nyeng deva at aasimon.org
Fri Jul 17 00:27:55 PDT 2015


I received an ASAN runtime error after compiling with clang 
-fsanitize=address.
It tells of a buffer overflow in the memcpy line in the 
lv2_atom_sequence_append_event function:
http://lv2plug.in/git/cgit.cgi/lv2.git/tree/lv2/lv2plug.in/ns/ext/atom/util.h?id=60eb52f31976763497cd0355cc0d6b46af6c465f#n169

My code allocates a buffer of 4096 bytes for the sequence and I only 
append a single event atom, so I was puzzled to the reason for this.

Looking at the lv2_atom_sequence_append_event code I noticed that the 
size argument for memcpy is "total_size" which as I understand it is the 
expected total size of the new sequence and not the size of the new 
element in the sequence which is actually being memcpy'ed to the end of 
the sequence...? Shouldn't it be "(uint32_t)sizeof(*event)" instead?

Kind regards
Bent Bisballe Nyeng


More information about the Devel mailing list