[LV2] Possible bug in lv2_atom_sequence_append_event

Bent Bisballe Nyeng deva at aasimon.org
Fri Jul 17 01:03:06 PDT 2015

After some more reading I have now realised that the lv2 code does not 
contain an error; I simply misunderstood the value of 
(uint32_t)sizeof(*event) to be the total size fo the entire event, which 
it is clearly not, but merely the size of the "baseclass" type 
LV2_Atom_Event. Added to that is the body size of the actual event which 
in my case should be 3 midi data bytes... it wasn't - I errornously had 
it set to the total size of the midi event /including/ the LV2_Atom_Event.

Sorry for the noise.

Kind regards
Bent Bisballe Nyeng

On 07/17/15 09:27, Bent Bisballe Nyeng wrote:
> I received an ASAN runtime error after compiling with clang
> -fsanitize=address.
> It tells of a buffer overflow in the memcpy line in the
> lv2_atom_sequence_append_event function:
> http://lv2plug.in/git/cgit.cgi/lv2.git/tree/lv2/lv2plug.in/ns/ext/atom/util.h?id=60eb52f31976763497cd0355cc0d6b46af6c465f#n169
> My code allocates a buffer of 4096 bytes for the sequence and I only
> append a single event atom, so I was puzzled to the reason for this.
> Looking at the lv2_atom_sequence_append_event code I noticed that the
> size argument for memcpy is "total_size" which as I understand it is the
> expected total size of the new sequence and not the size of the new
> element in the sequence which is actually being memcpy'ed to the end of
> the sequence...? Shouldn't it be "(uint32_t)sizeof(*event)" instead?
> Kind regards
> Bent Bisballe Nyeng
> _______________________________________________
> Devel mailing list
> Devel at lists.lv2plug.in
> http://lists.lv2plug.in/listinfo.cgi/devel-lv2plug.in

More information about the Devel mailing list