floooh Sokol Heap-Based Buffer Overflow Vulnerability in Pipeline Initialization Function

A heap-based buffer overflow vulnerability has been identified in the floooh Sokol graphics library, specifically in the version prior to the commit 33e2271c431bf21de001e972f72da17a984da932. The issue arises in the function '_sg_pipeline_common_init' within the 'sokol_gfx.h' file. This vulnerability is caused by an incorrect pointer offset calculation or the use of a large negative index, leading to a write operation 1040 bytes before a valid heap allocation. The vulnerability can be exploited locally, and a public exploit is available.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, where the overflowed buffer is located in the heap memory. This type of vulnerability can corrupt heap metadata or adjacent data structures, potentially allowing for arbitrary code execution or other forms of memory corruption.

Reproduction

The vulnerability can be reproduced by compiling the Sokol library with AddressSanitizer enabled, and then running a fuzzer harness that inputs data triggering the buffer overflow. The AddressSanitizer will report the heap-buffer-overflow error, indicating the vulnerability has been successfully exploited.

Remediation

Users are advised to update to the version containing the patch for this vulnerability, specifically the commit 33e2271c431bf21de001e972f72da17a984da932.