Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

two segment fault in Ap4SampleDescription.h in when running mp42ts #291

Closed
92wyunchao opened this issue Jul 20, 2018 · 0 comments
Closed

two segment fault in Ap4SampleDescription.h in when running mp42ts #291

92wyunchao opened this issue Jul 20, 2018 · 0 comments
Assignees
@barbibulle
Labels
fuzzing

Comments

@92wyunchao
Copy link

92wyunchao commented Jul 20, 2018
edited

POC to trigger the two bugs.
poc.zip

(1)mp42ts poc1 out.ts
ASan:
==97945==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000000537e60 bp 0x7ffc715da790 sp 0x7ffc715da5e0 T0)
#0 0x537e5f in AP4_SampleDescription::GetType() const /home/s2e/1/Bento4-master/Source/C++/Core/Ap4SampleDescription.h:127
#1 0x537e5f in AP4_Mpeg2TsVideoSampleStream::WriteSample(AP4_Sample&, AP4_DataBuffer&, AP4_SampleDescription*, bool, AP4_ByteStream&) /home/s2e/1/Bento4-master/Source/C++/Core/Ap4Mpeg2Ts.cpp:524
#2 0x529953 in WriteSamples(AP4_Mpeg2TsWriter&, AP4_Track*, SampleReader*, AP4_Mpeg2TsWriter::SampleStream*, AP4_Track*, SampleReader*, AP4_Mpeg2TsWriter::SampleStream*, unsigned int) /home/s2e/1/Bento4-master/Source/C++/Apps/Mp42Ts/Mp42Ts.cpp:305
#3 0x529953 in main /home/s2e/1/Bento4-master/Source/C++/Apps/Mp42Ts/Mp42Ts.cpp:620
#4 0x7fa66bec782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#5 0x4527f8 in _start (/home/s2e/1/Bento4-master/cmakebuild/mp42ts+0x4527f8)

(2)mp42ts poc2 out.ts
ASan:
==104133==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000000c (pc 0x000000536e46 bp 0x7ffed568fc30 sp 0x7ffed568fb00 T0)
#0 0x536e45 in AP4_SampleDescription::GetFormat() const /home/s2e/1/Bento4-master/Source/C++/Core/Ap4SampleDescription.h:128
#1 0x536e45 in AP4_Mpeg2TsAudioSampleStream::WriteSample(AP4_Sample&, AP4_DataBuffer&, AP4_SampleDescription*, bool, AP4_ByteStream&) /home/s2e/1/Bento4-master/Source/C++/Core/Ap4Mpeg2Ts.cpp:412
#2 0x529b1e in WriteSamples(AP4_Mpeg2TsWriter&, AP4_Track*, SampleReader*, AP4_Mpeg2TsWriter::SampleStream*, AP4_Track*, SampleReader*, AP4_Mpeg2TsWriter::SampleStream*, unsigned int) /home/s2e/1/Bento4-master/Source/C++/Apps/Mp42Ts/Mp42Ts.cpp:294
#3 0x529b1e in main /home/s2e/1/Bento4-master/Source/C++/Apps/Mp42Ts/Mp42Ts.cpp:620
#4 0x7f3ffb20582f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#5 0x4527f8 in _start (/home/s2e/1/Bento4-master/cmakebuild/mp42ts+0x4527f8)
@92wyunchao 92wyunchao changed the title two null pointer deference in Ap4SampleDescription.h in when running mp42ts two segment fault in Ap4SampleDescription.h in when running mp42ts Jul 20, 2018
@barbibulle barbibulle self-assigned this Jul 21, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barbibulle barbibulle

Labels
fuzzing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@barbibulle @92wyunchao