[BUG] A SEGV in `draco::KdTreeAttributesDecoder::DecodeDataNeededByPortableTransforms` at `src/draco/compression/attributes/kd_tree_attributes_decoder.cc:453`

[JJLeo]

Description

• Version: Latest commit 4e12ab2
• Environment:Ubuntu 20.04.6 LTS, Clang 18.1.8

Steps to reproduce

export CC="clang"
export CXX="clang++"
export CFLAGS="-fsanitize=address -g -O0 -fno-omit-frame-pointer"
export CXXFLAGS="-fsanitize=address -g -O0 -fno-omit-frame-pointer -stdlib=libc++"
export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
export SRC=$PWD
export WORK=$SRC/build
mkdir -p $WORK
git clone https://github.com/google/draco
cd draco && git checkout 4e12ab2  
cd $WORK
cmake ../draco
make -j$(nproc)

for fuzzer in $(find $SRC/draco/src/draco/tools/fuzz -name '*.cc'); do
  fuzzer_basename=$(basename -s .cc $fuzzer)
  $CXX $CXXFLAGS \
    -I $SRC/ \
    -I $SRC/draco/src \
    -I $WORK/ \
    $LIB_FUZZING_ENGINE \
    $fuzzer \
    $WORK/libdraco.a \
    -o $WORK/$fuzzer_basename
done

wget https://github.com/user-attachments/files/20199653/draco_crash_4.txt -O draco_crash_4.in
$WORK/draco_pc_decoder_fuzzer draco_crash_4.in

Sanitizer output

==792==ERROR: AddressSanitizer: SEGV on unknown address 0x604000000034 (pc 0x604000000034 bp 0x7fffda6634d0 sp 0x7fffda663438 T0)
==792==The signal is caused by a READ memory access.
==792==Hint: PC is at a non-executable region. Maybe a wild jump?
    #0 0x604000000034  (<unknown module>)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (<unknown module>) 
==792==ABORTING

GDB backtrace

#21 0x00000000007a26ef in draco::KdTreeAttributesDecoder::DecodeDataNeededByPortableTransforms (
    this=0x60d000000040, in_buffer=0x7ffe8cd85ac0)
    at /src/draco/src/draco/compression/attributes/kd_tree_attributes_decoder.cc:453

POC

draco_crash_4.txt

Credit

Reported by Yifan Zhang, PLL