An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. Upstream Issue: https://github.com/aubio/aubio/issues/189
Reproduced with aubio-0.4.2-8.fc28.x86_64: # aubionotes testcase2 2>&1 | ./asan_symbolizer.py -d ================================================================= ==70==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000436f08 at pc 0x000000421379 bp 0x7ffff1b85950 sp 0x7ffff1b85940 READ of size 4 at 0x000000436f08 thread T0 #0 0x421378 in new_aubio_pitchyinfft /usr/src/debug/aubio-0.4.2-8.fc28.x86_64/build/../src/pitch/pitchyinfft.c:73 #1 0x418397 in new_aubio_pitch /usr/src/debug/aubio-0.4.2-8.fc28.x86_64/build/../src/pitch/pitch.c:181 #2 0x404598 in main /usr/src/debug/aubio-0.4.2-8.fc28.x86_64/build/../examples/aubionotes.c:143 #3 0x7f28b733524a in __libc_start_main (/lib64/libc.so.6+0x2324a) #3 0x4022f9 in ?? ??:0 0x000000436f08 is located 0 bytes to the right of global variable 'freqs' defined in '../src/pitch/pitchyinfft.c:43:21' (0x436e80) of size 136 0x000000436f08 is located 56 bytes to the left of global variable 'weight' defined in '../src/pitch/pitchyinfft.c:50:21' (0x436f40) of size 136 SUMMARY: AddressSanitizer: global-buffer-overflow (/usr/bin/aubionotes+0x421378) Shadow bytes around the buggy address: 0x00008007ed90: 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 0x00008007eda0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x00008007edb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008007edc0: 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x00008007edd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x00008007ede0: 00[f9]f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x00008007edf0: 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 0x00008007ee00: 00 01 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x00008007ee10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008007ee20: 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 0x00008007ee30: 00 00 00 03 f9 f9 f9 f9 00 00 00 00 00 00 00 07 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==70==ABORTING
Created aubio tracking bugs for this issue: Affects: fedora-all [bug 1610611]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.