Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple Exploitable and Non-Exploitable issues Identified #181

Closed
9emin1 opened this issue Sep 8, 2017 · 3 comments
Closed

Multiple Exploitable and Non-Exploitable issues Identified #181

9emin1 opened this issue Sep 8, 2017 · 3 comments
Assignees
Labels

Comments

@9emin1
Copy link

9emin1 commented Sep 8, 2017

Exploitable Write Access Violation:

Ap4StscAtom.cpp:95
m_Entries[i].m_SamplesPerChunk = samples_per_chunk;

Ap4StssAtom.cpp:87
m_Entries[i] = AP4_BytesToUInt32BE(&buffer[i*4]);

Ap4AtomSampleTable.cpp:143
result = m_SttsAtom->GetDts(index, dts, &duration);

Ap4StscAtom.h:49
AP4_Array<AP4_StscTableEntry>::SetItemCount
m_SampleDescriptionIndex(0) {}

AP4_AtomFactory::CreateAtomFromStream (this=0xbfffdec4, stream=..., type=1635148613,
size_32=28, size_64=28, atom=@0xbfffd40c: 0x0) at Source/C++/Core/Ap4AtomFactory.cpp:499
atom->SetType(AP4_ATOM_TYPE_AVCE);

Non Exploitable Memory Violation:

Ap4StszAtom.cpp:84
for (unsigned int i=0; i<sample_count; i++) {

The Proof of Concept file and the GDB backtrace, including the binary executable command has been provided.
bento4_vulns.zip

barbibulle added a commit that referenced this issue Sep 10, 2017
@barbibulle
Copy link
Contributor

Thanks for the bug reports.
I have pushed some fixes to master, and all test cases seem to pass on my test machine.
Let me know if it also works for you.

Have you used a fuzzer to generate the test files? I'd like to run more fuzzing in the future, so any hint you can share with me would be greatly appreciated.

@barbibulle barbibulle self-assigned this Sep 10, 2017
@barbibulle barbibulle added the bug label Sep 10, 2017
@9emin1
Copy link
Author

9emin1 commented Sep 11, 2017 via email

@9emin1
Copy link
Author

9emin1 commented Sep 12, 2017 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants