Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A SEGV signal occurred when running mp4info #302

Open
swtkiwi opened this issue Jul 23, 2018 · 0 comments
Open

A SEGV signal occurred when running mp4info #302

swtkiwi opened this issue Jul 23, 2018 · 0 comments
Assignees
@barbibulle
Labels
fuzzing

Comments

@swtkiwi
Copy link

swtkiwi commented Jul 23, 2018

A SEGV signal occurred when running mp4info.

ASAN:SIGSEGV
=================================================================
==10114==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fb441f53886 bp 0x7ffe19a0af70 sp 0x7ffe19a0a700 T0)
    #0 0x7fb441f53885 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c885)
    #1 0x53a35c in memcpy /usr/include/x86_64-linux-gnu/bits/string3.h:53
    #2 0x53a35c in AP4_DataBuffer::SetData(unsigned char const*, unsigned int) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4DataBuffer.cpp:175
    #3 0x5da203 in AP4_AvccAtom::AP4_AvccAtom(unsigned int, unsigned char const*) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AvccAtom.cpp:160
    #4 0x5dc90a in AP4_AvccAtom::Create(unsigned int, AP4_ByteStream&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AvccAtom.cpp:95
    #5 0x5e5611 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:477
    #6 0x5eb917 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:220
    #7 0x4c48cb in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194
    #8 0x4c48cb in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:139
    #9 0x4c547e in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:88
    #10 0x5e6d2e in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:755
    #11 0x5eb917 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:220
    #12 0x5c128f in AP4_DrefAtom::AP4_DrefAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4DrefAtom.cpp:84
    #13 0x5c1784 in AP4_DrefAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4DrefAtom.cpp:50
    #14 0x5e7712 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:533
    #15 0x5eb917 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:220
    #16 0x4c48cb in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194
    #17 0x4c48cb in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:139
    #18 0x4c547e in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:88
    #19 0x5e6d2e in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:755
    #20 0x5eb917 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:220
    #21 0x4c48cb in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194
    #22 0x4c48cb in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:139
    #23 0x4c547e in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:88
    #24 0x5e6d2e in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:755
    #25 0x5eb917 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:220
    #26 0x4c48cb in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194
    #27 0x4c48cb in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:139
    #28 0x4c547e in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:88
    #29 0x5e6d2e in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:755
    #30 0x5eb917 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:220
    #31 0x4c48cb in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194
    #32 0x4c48cb in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:139
    #33 0x5604e2 in AP4_TrakAtom::AP4_TrakAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4TrakAtom.cpp:165
    #34 0x5e6a1b in AP4_TrakAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4TrakAtom.h:58
    #35 0x5e6a1b in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:377
    #36 0x5eb917 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:220
    #37 0x4c48cb in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194
    #38 0x4c48cb in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:139
    #39 0x5aa11c in AP4_MoovAtom::AP4_MoovAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4MoovAtom.cpp:80
    #40 0x5e732c in AP4_MoovAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4MoovAtom.h:56
    #41 0x5e732c in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:357
    #42 0x5eaac5 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:220
    #43 0x5eaac5 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:150
    #44 0x541abf in AP4_File::ParseStream(AP4_ByteStream&, AP4_AtomFactory&, bool) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4File.cpp:104
    #45 0x541abf in AP4_File::AP4_File(AP4_ByteStream&, bool) /home/swt_fuzz/Bento4/Source/C++/Core/Ap4File.cpp:78
    #46 0x43fa16 in main /home/swt_fuzz/Bento4/Source/C++/Apps/Mp4Info/Mp4Info.cpp:1571
    #47 0x7fb44158582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #48 0x446508 in _start (/home/swt_fuzz/Bento4/cmakebuild/mp4info+0x446508)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 __asan_memcpy
==10114==ABORTING

The testing program is mp4info
And the input file has been put at:
https://github.com/fCorleone/fuzz_programs/blob/master/Bento4/test10
@barbibulle barbibulle self-assigned this Aug 30, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barbibulle barbibulle

Labels
fuzzing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@barbibulle @swtkiwi