Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV in mp4dump #434

Closed
c0d3xpl0it opened this issue Sep 29, 2019 · 4 comments
Closed

SEGV in mp4dump #434

c0d3xpl0it opened this issue Sep 29, 2019 · 4 comments
Assignees
@barbibulle
Labels
fuzzing

Comments

@c0d3xpl0it
Copy link

System Details
Commit ID: bc1b02a
Test Machine : Ubuntu 16.04.3 LTS
MP4 File Dumper - Version 1.2
(Bento4 Version 1.5.1.0)

Command
mp4dump --verbosity 2 POC-file

ASAN Output

ASAN:DEADLYSIGNAL
=================================================================
==12343==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000054cbf4 bp 0x7fff4ca92010 sp 0x7fff4ca91f30 T0)
    #0 0x54cbf3 in AP4_DescriptorListInspector::Action(AP4_Descriptor*) const /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4Descriptor.h:124:9
    #1 0x69aa85 in AP4_List<AP4_Descriptor>::Apply(AP4_List<AP4_Descriptor>::Item::Operator const&) const /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4List.h:353:9
    #2 0x69aa85 in AP4_InitialObjectDescriptor::Inspect(AP4_AtomInspector&) /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4ObjectDescriptor.cpp:327
    #3 0x586b12 in AP4_IodsAtom::InspectFields(AP4_AtomInspector&) /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4IodsAtom.cpp:112:9
    #4 0x53e7a4 in AP4_Atom::Inspect(AP4_AtomInspector&) /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4Atom.cpp:263:5
    #5 0x57843c in AP4_AtomListInspector::Action(AP4_Atom*) const /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4Atom.h:532:9
    #6 0x673506 in AP4_List<AP4_Atom>::Apply(AP4_List<AP4_Atom>::Item::Operator const&) const /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4List.h:353:9
    #7 0x673506 in AP4_ContainerAtom::InspectChildren(AP4_AtomInspector&) /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:220
    #8 0x53e7a4 in AP4_Atom::Inspect(AP4_AtomInspector&) /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4Atom.cpp:263:5
    #9 0x5283ae in main /home/fuzzer/victim/Bento4/Source/C++/Apps/Mp4Dump/Mp4Dump.cpp:350:9
    #10 0x7efe540e182f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291
    #11 0x451258 in _start (/home/fuzzer/victim/Bento4/mp4dump+0x451258)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4Descriptor.h:124:9 in AP4_DescriptorListInspector::Action(AP4_Descriptor*) const
==12343==ABORTING
@barbibulle barbibulle self-assigned this Oct 8, 2019
@NicoleG25
Copy link

@barbibulle was this issue ever addressed?
Please note that CVE-2019-17452 was assigned.
If you disagree with the assignment you may contact Mitre directly.
If the issue was indeed fixed then could you kindly point me to the commit fixing the issue?
Thanks in advance ! :)

@barbibulle
Copy link
Contributor

@NicoleG25 The crash report doesn't include the POC file, so I can't reproduce this. @c0d3xpl0it do you still have the files used when you created this bug report?

@pokiz
Copy link

pokiz commented Feb 23, 2022
edited

@barbibulle I just reproduced this error with a fresh master build.
I put the faulty file here for reference: https://github.com/pokiz/tmp/blob/main/NOK_1080p_H264_AAC_25fps_7200K.mp4

@barbibulle
Copy link
Contributor

Fixed now.

CastagnaIT pushed a commit to CastagnaIT/Bento4 that referenced this issue Jul 3, 2022
@barbibulle @CastagnaIT
fix axiomatic-systems#434
19ae32c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barbibulle barbibulle

Labels
fuzzing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@barbibulle @pokiz @c0d3xpl0it @NicoleG25