New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple Exploitable and Non-Exploitable issues Identified #181
Labels
Comments
|
Thanks for the bug reports. Have you used a fuzzer to generate the test files? I'd like to run more fuzzing in the future, so any hint you can share with me would be greatly appreciated. |
|
Yes, I used afl-fuzzer to fuzz the Bento4 software. I will email you the
setup when I have time, it is quite straight forward. Cheers!
…On Sun, Sep 10, 2017 at 8:10 AM, Gilles Boccon-Gibod < ***@***.***> wrote:
Closed #181 <#181>.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#181 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AdQY2n508HI6_K8hyxt5WpniGyZXy57Pks5sgyjpgaJpZM4PQ_eo>
.
|
|
Hi Gilles,
For the setting up of AFL Fuzzer, this reference provides a clear guide and
explanation which I've followed:
http://research.aurainfosec.io/hunting-for-bugs-101/
After setting up the AFL Fuzzer, download and decompress the Bento4 source
code.
Modify the Config.scons:
~/Bento4-1.5.0-616/Build/Targets/x86-unknown-linux$ cat Config.scons
LoadTool('gcc-generic', env, gcc_cross_prefix='afl',
use_gcc_cross_prefix_for_ar=False)
env.AppendUnique(CPPDEFINES = [('AP4_PLATFORM_BYTE_ORDER',
'AP4_PLATFORM_BYTE_ORDER_LITTLE_ENDIAN')])
env.AppendUnique(CCFLAGS = ['-m32'])
env.AppendUnique(CXXFLAGS = ['-m32'])
env.AppendUnique(LINKFLAGS = ['-m32'])
Build the target with the modified Config.scons and you are good to go with
the fuzzing.
Make 2 directory for the fuzzing, one directory for the sample .mp4 file
and another for the output results of the fuzzing.
mkdir bento4_in
mkdir bento4_out
Copy the .mp4 sample file provided by AFL into the bento4_in directory
cp afl/testcases/multimedia/h264/small_movie.mp4 bento4_in/
Start fuzzing with AFL
afl-fuzz -m none -i bento4_in/ -o bento4_out/ --
/home/ojk/Bento4-1.5.0-616/Build/Targets/x86-unknown-linux/Release/mp4tag
--show-tags --list-symbols --list-keys @@
When AFL detects a crash, the responsible crash file will be created in the
bento4_out/crashes directory. The crash file can then be used to verify the
crash by running it in a debugger such as GDB.
Hope that clarifies!
Regards,
…On Mon, Sep 11, 2017 at 4:40 PM, Gemini P ***@***.***> wrote:
Yes, I used afl-fuzzer to fuzz the Bento4 software. I will email you the
setup when I have time, it is quite straight forward. Cheers!
On Sun, Sep 10, 2017 at 8:10 AM, Gilles Boccon-Gibod <
***@***.***> wrote:
> Closed #181 <#181>.
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <#181 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AdQY2n508HI6_K8hyxt5WpniGyZXy57Pks5sgyjpgaJpZM4PQ_eo>
> .
>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Exploitable Write Access Violation:
Ap4StscAtom.cpp:95
m_Entries[i].m_SamplesPerChunk = samples_per_chunk;
Ap4StssAtom.cpp:87
m_Entries[i] = AP4_BytesToUInt32BE(&buffer[i*4]);
Ap4AtomSampleTable.cpp:143
result = m_SttsAtom->GetDts(index, dts, &duration);
Ap4StscAtom.h:49
AP4_Array<AP4_StscTableEntry>::SetItemCount
m_SampleDescriptionIndex(0) {}
AP4_AtomFactory::CreateAtomFromStream (this=0xbfffdec4, stream=..., type=1635148613,
size_32=28, size_64=28, atom=@0xbfffd40c: 0x0) at Source/C++/Core/Ap4AtomFactory.cpp:499
atom->SetType(AP4_ATOM_TYPE_AVCE);
Non Exploitable Memory Violation:
Ap4StszAtom.cpp:84
for (unsigned int i=0; i<sample_count; i++) {
The Proof of Concept file and the GDB backtrace, including the binary executable command has been provided.
bento4_vulns.zip
The text was updated successfully, but these errors were encountered: