Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A crafted input will lead to Memory allocation failed in Ap4Array.h at Bento4 1.5.1-627
Triggered by ./mp42hls crash.mp4
Poc crash.mp4.zip
Bento4 Version 1.5.1-627 The ASAN information is as follows:
==7934==ERROR: AddressSanitizer failed to allocate 0xc00003000 (51539619840) bytes of LargeMmapAllocator (errno: 12) ==7934==Process memory map follows: 0x000000400000-0x0000005aa000 /home/jas/Downloads/Bento4-SRC-1-5-1-627/cmakebuild/mp42hls 0x0000007a9000-0x0000007aa000 /home/jas/Downloads/Bento4-SRC-1-5-1-627/cmakebuild/mp42hls 0x0000007aa000-0x0000007b9000 /home/jas/Downloads/Bento4-SRC-1-5-1-627/cmakebuild/mp42hls 0x0000007b9000-0x0000007ba000 0x00007fff7000-0x00008fff7000 0x00008fff7000-0x02008fff7000 0x02008fff7000-0x10007fff8000 0x600000000000-0x602000000000 0x602000000000-0x602000010000 0x602000010000-0x603000000000 0x603000000000-0x603000010000 0x603000010000-0x604000000000 0x604000000000-0x604000010000 0x604000010000-0x606000000000 0x606000000000-0x606000010000 0x606000010000-0x607000000000 0x607000000000-0x607000010000 0x607000010000-0x608000000000 0x608000000000-0x608000010000 0x608000010000-0x60c000000000 0x60c000000000-0x60c000010000 0x60c000010000-0x60d000000000 0x60d000000000-0x60d000010000 0x60d000010000-0x60e000000000 0x60e000000000-0x60e000010000 0x60e000010000-0x611000000000 0x611000000000-0x611000010000 0x611000010000-0x616000000000 0x616000000000-0x616000020000 0x616000020000-0x619000000000 0x619000000000-0x619000020000 0x619000020000-0x621000000000 0x621000000000-0x621000020000 0x621000020000-0x631000000000 0x631000000000-0x631000030000 0x631000030000-0x640000000000 0x640000000000-0x640000003000 0x7f29f5000000-0x7f29f5100000 0x7f29f5200000-0x7f29f5300000 0x7f29f53a3000-0x7f29f76f5000 0x7f29f76f5000-0x7f29f77fd000 /lib/x86_64-linux-gnu/libm-2.23.so 0x7f29f77fd000-0x7f29f79fc000 /lib/x86_64-linux-gnu/libm-2.23.so 0x7f29f79fc000-0x7f29f79fd000 /lib/x86_64-linux-gnu/libm-2.23.so 0x7f29f79fd000-0x7f29f79fe000 /lib/x86_64-linux-gnu/libm-2.23.so 0x7f29f79fe000-0x7f29f7a01000 /lib/x86_64-linux-gnu/libdl-2.23.so 0x7f29f7a01000-0x7f29f7c00000 /lib/x86_64-linux-gnu/libdl-2.23.so 0x7f29f7c00000-0x7f29f7c01000 /lib/x86_64-linux-gnu/libdl-2.23.so 0x7f29f7c01000-0x7f29f7c02000 /lib/x86_64-linux-gnu/libdl-2.23.so 0x7f29f7c02000-0x7f29f7c1a000 /lib/x86_64-linux-gnu/libpthread-2.23.so 0x7f29f7c1a000-0x7f29f7e19000 /lib/x86_64-linux-gnu/libpthread-2.23.so 0x7f29f7e19000-0x7f29f7e1a000 /lib/x86_64-linux-gnu/libpthread-2.23.so 0x7f29f7e1a000-0x7f29f7e1b000 /lib/x86_64-linux-gnu/libpthread-2.23.so 0x7f29f7e1b000-0x7f29f7e1f000 0x7f29f7e1f000-0x7f29f7fdf000 /lib/x86_64-linux-gnu/libc-2.23.so 0x7f29f7fdf000-0x7f29f81df000 /lib/x86_64-linux-gnu/libc-2.23.so 0x7f29f81df000-0x7f29f81e3000 /lib/x86_64-linux-gnu/libc-2.23.so 0x7f29f81e3000-0x7f29f81e5000 /lib/x86_64-linux-gnu/libc-2.23.so 0x7f29f81e5000-0x7f29f81e9000 0x7f29f81e9000-0x7f29f81ff000 /lib/x86_64-linux-gnu/libgcc_s.so.1 0x7f29f81ff000-0x7f29f83fe000 /lib/x86_64-linux-gnu/libgcc_s.so.1 0x7f29f83fe000-0x7f29f83ff000 /lib/x86_64-linux-gnu/libgcc_s.so.1 0x7f29f83ff000-0x7f29f8571000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 0x7f29f8571000-0x7f29f8771000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 0x7f29f8771000-0x7f29f877b000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 0x7f29f877b000-0x7f29f877d000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 0x7f29f877d000-0x7f29f8781000 0x7f29f8781000-0x7f29f8875000 /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0 0x7f29f8875000-0x7f29f8a75000 /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0 0x7f29f8a75000-0x7f29f8a78000 /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0 0x7f29f8a78000-0x7f29f8a79000 /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0 0x7f29f8a79000-0x7f29f96ee000 0x7f29f96ee000-0x7f29f9714000 /lib/x86_64-linux-gnu/ld-2.23.so 0x7f29f98b9000-0x7f29f98fd000 0x7f29f98fd000-0x7f29f9913000 0x7f29f9913000-0x7f29f9914000 /lib/x86_64-linux-gnu/ld-2.23.so 0x7f29f9914000-0x7f29f9915000 /lib/x86_64-linux-gnu/ld-2.23.so 0x7f29f9915000-0x7f29f9916000 0x7ffd66377000-0x7ffd66398000 [stack] 0x7ffd663e0000-0x7ffd663e2000 [vvar] 0x7ffd663e2000-0x7ffd663e4000 [vdso] 0xffffffffff600000-0xffffffffff601000 [vsyscall] ==7934==End of process memory map. ==7934==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix.cc:121 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0) #0 0x7f29f8821631 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631) #1 0x7f29f88265e3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3) #2 0x7f29f882e611 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xad611) #3 0x7f29f87a3c0c (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22c0c) #4 0x7f29f881a4fe in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x994fe) #5 0x53cc17 in AP4_Array<AP4_ElstEntry>::EnsureCapacity(unsigned int) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4Array.h:172 #6 0x53cc17 in AP4_ElstAtom::AP4_ElstAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4ElstAtom.cpp:73 #7 0x53d113 in AP4_ElstAtom::Create(unsigned int, AP4_ByteStream&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4ElstAtom.cpp:51 #8 0x50fa1f in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4AtomFactory.cpp:545 #9 0x5114d9 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4AtomFactory.cpp:221 #10 0x46f3db in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4ContainerAtom.cpp:194 #11 0x46f3db in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4ContainerAtom.cpp:139 #12 0x46fb0e in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4ContainerAtom.cpp:88 #13 0x50e31b in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4AtomFactory.cpp:764 #14 0x5114d9 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4AtomFactory.cpp:221 #15 0x46f3db in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4ContainerAtom.cpp:194 #16 0x46f3db in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4ContainerAtom.cpp:139 #17 0x489f7a in AP4_TrakAtom::AP4_TrakAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4TrakAtom.cpp:165 #18 0x50f738 in AP4_TrakAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4TrakAtom.h:58 #19 0x50f738 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4AtomFactory.cpp:379 #20 0x5114d9 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4AtomFactory.cpp:221 #21 0x46f3db in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4ContainerAtom.cpp:194 #22 0x46f3db in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4ContainerAtom.cpp:139 #23 0x51ede4 in AP4_MoovAtom::AP4_MoovAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4MoovAtom.cpp:80 #24 0x50e523 in AP4_MoovAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4MoovAtom.h:56 #25 0x50e523 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4AtomFactory.cpp:359 #26 0x510cb9 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4AtomFactory.cpp:221 #27 0x510cb9 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4AtomFactory.cpp:151 #28 0x474edf in AP4_File::ParseStream(AP4_ByteStream&, AP4_AtomFactory&, bool) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4File.cpp:104 #29 0x474edf in AP4_File::AP4_File(AP4_ByteStream&, bool) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4File.cpp:78 #30 0x440240 in main /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Apps/Mp42Hls/Mp42Hls.cpp:1837 #31 0x7f29f7e3f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #32 0x4445b8 in _start (/home/jas/Downloads/Bento4-SRC-1-5-1-627/cmakebuild/mp42hls+0x4445b8)
FoundBy: yjiiit@aliyun.com
The text was updated successfully, but these errors were encountered:
Someone requested a CVE for this, which got assigned CVE-2018-20095.
Sorry, something went wrong.
8922f0d
No branches or pull requests
A crafted input will lead to Memory allocation failed in Ap4Array.h at Bento4 1.5.1-627
Triggered by
./mp42hls crash.mp4
Poc
crash.mp4.zip
Bento4 Version 1.5.1-627
The ASAN information is as follows:
FoundBy: yjiiit@aliyun.com
The text was updated successfully, but these errors were encountered: