Invalid memory access at Bos::SsUsbDeviceCapability
larskanis opened this issue · 0 comments
larskanis commented
Compiled with clang with ASAN enabled results in a invalid memory access. It looks like the struct layout is wrong:
$ ruby -Ilib test/test_libusb_bos.rb -n /test_bos/
Run options: -n /test_bos/ --seed 9830
# Running:
=================================================================
==645952==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x50200011b9da at pc 0x7dc79a2705e5 bp 0x7ffcdb19e3d0 sp 0x7ffcdb19e3c8
READ of size 1 at 0x50200011b9da thread T0
#0 0x7dc79a2705e4 in memory_op_get_uint8 /home/lars/.rvm/gems/ruby-head/gems/ffi-1.17.0.rc1/ext/ffi_c/AbstractMemory.c:260:1
#1 0x7dc7be428d27 in vm_call_cfunc_with_frame_ /home/lars/.rvm/src/ruby-head/./vm_insnhelper.c:3525:11
#2 0x7dc7be3d972c in vm_sendish /home/lars/.rvm/src/ruby-head/./vm_insnhelper.c:5654:15
#3 0x7dc7be3d972c in vm_exec_core /home/lars/.rvm/src/ruby-head/insns.def:891:11
#4 0x7dc7be3ca440 in vm_exec_loop /home/lars/.rvm/src/ruby-head/vm.c:2579:22
#5 0x7dc7be3ca440 in rb_vm_exec /home/lars/.rvm/src/ruby-head/vm.c:2558:18
[...]
#29 0x651d57633296 in rb_main /home/lars/.rvm/src/ruby-head/./main.c:40:12
#30 0x651d57633296 in main /home/lars/.rvm/src/ruby-head/./main.c:59:12
#31 0x7dc7bd82814f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#32 0x7dc7bd828208 in __libc_start_main csu/../csu/libc-start.c:360:3
#33 0x651d57558344 in _start (/home/lars/.rvm/rubies/ruby-head/bin/ruby+0x2c344) (BuildId: c0bbc5e9d0782b4907f2ecd22b5f82a64ffbcc63)
0x50200011b9da is located 0 bytes after 10-byte region [0x50200011b9d0,0x50200011b9da)
allocated by thread T0 here:
#0 0x651d575f5572 in malloc (/home/lars/.rvm/rubies/ruby-head/bin/ruby+0xc9572) (BuildId: c0bbc5e9d0782b4907f2ecd22b5f82a64ffbcc63)
#1 0x7dc79a03f99e in libusb_get_ss_usb_device_capability_descriptor /home/lars/comcard/libusb/ext/tmp/x86_64-pc-linux-gnu/ports/libusb/1.0.27/libusb-1.0.27/libusb/descriptor.c:994:23
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/lars/.rvm/gems/ruby-head/gems/ffi-1.17.0.rc1/ext/ffi_c/AbstractMemory.c:260:1 in memory_op_get_uint8