[BUG] A SEGV in `draco::DecoderBuffer::Peek<unsigned int>(unsigned int*)` at `decoder_buffer.h:89:9`

## Description

- Version: Latest commit [4e12ab2](https://github.com/google/draco/commit/4e12ab27d0fe690cf98e96dc33c2bd52e1485163)
- Environment:Ubuntu 20.04.6 LTS, Clang 18.1.8


## Steps to reproduce

```bash
export CC="clang"
export CXX="clang++"
export CFLAGS="-fsanitize=address -g -O0 -fno-omit-frame-pointer"
export CXXFLAGS="-fsanitize=address -g -O0 -fno-omit-frame-pointer -stdlib=libc++"
export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
export SRC=$PWD
export WORK=$SRC/build
mkdir -p $WORK
git clone https://github.com/google/draco
cd draco && git checkout 4e12ab2  
cd $WORK
cmake ../draco
make -j$(nproc)

for fuzzer in $(find $SRC/draco/src/draco/tools/fuzz -name '*.cc'); do
  fuzzer_basename=$(basename -s .cc $fuzzer)
  $CXX $CXXFLAGS \
    -I $SRC/ \
    -I $SRC/draco/src \
    -I $WORK/ \
    $LIB_FUZZING_ENGINE \
    $fuzzer \
    $WORK/libdraco.a \
    -o $WORK/$fuzzer_basename
done

wget https://github.com/user-attachments/files/19824955/draco_crash_3.txt -O draco_crash_3.in
$WORK/draco_pc_decoder_without_dequantization_fuzzer draco_crash_3.in
```

## Sanitizer output

```
==22==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000cd08 (pc 0x0000007e1935 bp 0x7ffc40ffb9e8 sp 0x7ffc40ffb908 T0)
==22==The signal is caused by a READ memory access.
    #0 0x7e1935 in bool draco::DecoderBuffer::Peek<unsigned int>(unsigned int*) /src/draco/src/draco/core/decoder_buffer.h:89:9
    #1 0x7e1935 in bool draco::DecoderBuffer::Decode<unsigned int>(unsigned int*) /src/draco/src/draco/core/decoder_buffer.h:69:10
    #2 0x7e1935 in bool draco::DynamicIntegerPointsKdTreeDecoder<6>::DecodePoints<draco::PointAttributeVectorOutputIterator<unsigned int> >(draco::DecoderBuffer*, draco::PointAttributeVectorOutputIterator<unsigned int>&, unsigned int) /src/draco/src/draco/compression/point_cloud/algorithms/dynamic_integer_points_kd_tree_decoder.h:186:16

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /src/draco/src/draco/core/decoder_buffer.h:89:9 in bool draco::DecoderBuffer::Peek<unsigned int>(unsigned int*)
==22==ABORTING
```

## POC

[draco_crash_3.txt](https://github.com/user-attachments/files/19824955/draco_crash_3.txt)

## Credit

Reported by Yifan Zhang, [PLL](https://pl.cs.pku.edu.cn/en/)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[BUG] A SEGV in `draco::DecoderBuffer::Peek<unsigned int>(unsigned int*)` at `decoder_buffer.h:89:9` #1103

Description

Steps to reproduce

Sanitizer output

POC

Credit

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[BUG] A SEGV in draco::DecoderBuffer::Peek<unsigned int>(unsigned int*) at decoder_buffer.h:89:9 #1103

Description

Description

Steps to reproduce

Sanitizer output

POC

Credit

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

[BUG] A SEGV in `draco::DecoderBuffer::Peek<unsigned int>(unsigned int*)` at `decoder_buffer.h:89:9` #1103