Bug#777159:

Brian Carpenter brian.carpenter at gmail.com
Thu Feb 26 04:40:22 UTC 2015 

Are we sure this is fixed? I just cloned the cvs repo for lame on
sourceforge and compiled it (LAME 64bits version 3.100 (alpha 2, Feb 26
2015 04:31:03) (http://lame.sf.net)) and ran it against AFL and I'm still
seeing an FPE:

==30731== Process terminating with default action of signal 8 (SIGFPE):
dumping core
==30731==  Integer divide by zero at address 0x8040BE4D7
==30731==    at 0x41CB4E: parse_wave_header (get_audio.c:1462)
==30731==    by 0x41CB4E: parse_file_header (get_audio.c:1697)
==30731==    by 0x41CB4E: open_wave_file (get_audio.c:1809)
==30731==    by 0x41CB4E: init_infile (get_audio.c:622)
==30731==    by 0x4055FE: init_files (lame_main.c:116)
==30731==    by 0x4055FE: lame_main (lame_main.c:636)
==30731==    by 0x402410: c_main (main.c:470)
==30731==    by 0x402410: main (main.c:438)
Floating point exception

gdb-peda$ file ~/lame/frontend/lame
gdb-peda$ set args -V2 --preset insane test00 /dev/null
gdb-peda$ r
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?

Program received signal SIGFPE, Arithmetic exception.
[----------------------------------registers-----------------------------------]
RAX: 0x10
RBX: 0x7ff2d0 --> 0xfbad2488
RCX: 0x0
RDX: 0x0
RSI: 0x0
RDI: 0x7e52b0 --> 0xfff88e3b
RBP: 0x7e52b0 --> 0xfff88e3b
RSP: 0x7ffffff31f90 --> 0x0
RIP: 0x41cb72 (<init_infile+13970>:     div    r15)
R8 : 0x0
R9 : 0x10
R10: 0x0
R11: 0x0
R12: 0x7fffffffba50 --> 0x303074736574 ('test00')
R13: 0xe
R14: 0x0
R15: 0x0
EFLAGS: 0x10206 (carry PARITY adjust zero sign trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
   0x41cb67 <init_infile+13959>:        sar    r8d,0x3
   0x41cb6b <init_infile+13963>:        imul   r8d,r15d
   0x41cb6f <init_infile+13967>:        movsxd r15,r8d
=> 0x41cb72 <init_infile+13970>:        div    r15
   0x41cb75 <init_infile+13973>:        mov    rsi,rax
   0x41cb78 <init_infile+13976>:        call   0x4e6360
<lame_set_num_samples>
   0x41cb7d <init_infile+13981>:        mov    rdi,rbp
   0x41cb80 <init_infile+13984>:        call   0x4e64e0
<lame_get_num_samples>
[------------------------------------stack-------------------------------------]
0000| 0x7ffffff31f90 --> 0x0
0008| 0x7ffffff31f98 --> 0x7361622f00000000 ('')
0016| 0x7ffffff31fa0 --> 0x5622 ('"V')
0024| 0x7ffffff31fa8 --> 0x7e5210 --> 0x0
0032| 0x7ffffff31fb0 --> 0x0
0040| 0x7ffffff31fb8 --> 0xff00
0048| 0x7ffffff31fc0 --> 0x7ffffff31ff0 --> 0x7ffff72f3058 -->
0xc001a00000ce0
0056| 0x7ffffff31fc8 --> 0x3ff0000000000000
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGFPE
0x000000000041cb72 in init_infile ()

Hexdump of the offending test case:
0000000 4952 4646 0032 0000 4157 4556 6d66 2074
0000010 0010 0000 0001 0001 5622 0000 ac44 0000
0000020 0002 0000 6164 6174 0010 0000 0000 0000
0000030 0000 0000 0000 0000 0000
000003a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20150225/23d5f43c/attachment.html>

More information about the pkg-multimedia-maintainers mailing list