AddressSanitizer: stack-buffer-overflow in xv.c ReadFileType() #15
Description
This occurs upon any attempt to read a plain text file.
=================================================================
==1591672==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f8d2c10353e at pc 0x7f8d2ef9e00a bp 0x7ffcb4ea7f70 sp 0x7ffcb4ea7730
READ of size 31 at 0x7f8d2c10353e thread T0
#0 0x7f8d2ef9e009 in StrstrCheck ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:652
#1 0x7f8d2effbb0a in __interceptor_strstr ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:669
#2 0x7f8d2effbb0a in __interceptor_strstr ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:662
#3 0x5613594c45b4 in ReadFileType (/home/matt/jasper/xv/tmp_cmake/xv/src/xv+0x7f5b4) (BuildId: dd2b17c4b2fe400fee221df9fbb0e8ad1d27da06)
#4 0x5613594c77a5 in openPic (/home/matt/jasper/xv/tmp_cmake/xv/src/xv+0x827a5) (BuildId: dd2b17c4b2fe400fee221df9fbb0e8ad1d27da06)
#5 0x5613594b79b3 in main (/home/matt/jasper/xv/tmp_cmake/xv/src/xv+0x729b3) (BuildId: dd2b17c4b2fe400fee221df9fbb0e8ad1d27da06)
#6 0x7f8d2e908b89 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#7 0x7f8d2e908c44 in __libc_start_main_impl ../csu/libc-start.c:360
#8 0x5613594ba8e0 in _start (/home/matt/jasper/xv/tmp_cmake/xv/src/xv+0x758e0) (BuildId: dd2b17c4b2fe400fee221df9fbb0e8ad1d27da06)
Address 0x7f8d2c10353e is located in stack of thread T0 at offset 62 in frame
#0 0x5613594c352f in ReadFileType (/home/matt/jasper/xv/tmp_cmake/xv/src/xv+0x7e52f) (BuildId: dd2b17c4b2fe400fee221df9fbb0e8ad1d27da06)
This frame has 1 object(s):
[32, 62) 'magicno' (line 3041) <== Memory access at offset 62 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:652 in StrstrCheck
Shadow bytes around the buggy address:
0x7f8d2c103280: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 00 00 00 00
0x7f8d2c103300: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x7f8d2c103380: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 00 00 00 00
0x7f8d2c103400: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 00 00 00 00
0x7f8d2c103480: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x7f8d2c103500: f1 f1 f1 f1 00 00 00[06]f3 f3 f3 f3 00 00 00 00
0x7f8d2c103580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f8d2c103600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f8d2c103680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f8d2c103700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7f8d2c103780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1591672==ABORTING