Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

when running mp4dump, there is a out-of-memory problem in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Ap4Array.h #354

Open
wcventure opened this issue Jan 1, 2019 · 1 comment

Comments

@wcventure
Copy link

Hi, there.

I test the program at the master branch.

commit 5a0ce8023ea312a2d87c194049106e893ed57767
Merge: 91d2bc6 bab5bb9
Author: Gilles Boccon-Gibod <bok@bok.net>
Date:   Fri Dec 28 22:42:38 2018 -0800

    Merge pull request #347 from orivej/apps

    Let Scons and CMake build all apps

An Out of Memory problem was discovered in function AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Ap4Array.h. The program tries to allocate with a large number size( 0x6eff83000 bytes) of memory.

Please use the "./mp4dump $POC" to reproduce the bug.
POC.zip

@wcventure
Copy link
Author

The ASAN dumps the stack trace as follows:

==9673==ERROR: AddressSanitizer failed to allocate 0x6eff83000 (29795823616) bytes of LargeMmapAllocator (error code: 12)
==9673==Process memory map follows:
        0x000000400000-0x000000852000   /home/wencheng/Documents/Experiment/Bento4/Build/mp4dump
        0x000000a52000-0x000000a53000   /home/wencheng/Documents/Experiment/Bento4/Build/mp4dump
        0x000000a53000-0x000000a6c000   /home/wencheng/Documents/Experiment/Bento4/Build/mp4dump
        0x000000a6c000-0x00000176e000
        0x00007fff7000-0x00008fff7000
        0x00008fff7000-0x02008fff7000
        0x02008fff7000-0x10007fff8000
        0x600000000000-0x602000000000
        0x602000000000-0x602000010000
        0x602000010000-0x603000000000
        0x603000000000-0x603000010000
        0x603000010000-0x604000000000
        0x604000000000-0x604000010000
        0x604000010000-0x606000000000
        0x606000000000-0x606000010000
        0x606000010000-0x607000000000
        0x607000000000-0x607000010000
        0x607000010000-0x608000000000
        0x608000000000-0x608000010000
        0x608000010000-0x60b000000000
        0x60b000000000-0x60b000010000
        0x60b000010000-0x60c000000000
        0x60c000000000-0x60c000010000
        0x60c000010000-0x60d000000000
        0x60d000000000-0x60d000010000
        0x60d000010000-0x60e000000000
        0x60e000000000-0x60e000010000
        0x60e000010000-0x611000000000
        0x611000000000-0x611000010000
        0x611000010000-0x615000000000
        0x615000000000-0x615000020000
        0x615000020000-0x616000000000
        0x616000000000-0x616000020000
        0x616000020000-0x619000000000
        0x619000000000-0x619000020000
        0x619000020000-0x621000000000
        0x621000000000-0x621000020000
        0x621000020000-0x624000000000
        0x624000000000-0x624000020000
        0x624000020000-0x631000000000
        0x631000000000-0x631000030000
        0x631000030000-0x640000000000
        0x640000000000-0x640000003000
        0x7ff5abd25000-0x7ff5ae077000
        0x7ff5ae077000-0x7ff5ae237000   /lib/x86_64-linux-gnu/libc-2.23.so
        0x7ff5ae237000-0x7ff5ae437000   /lib/x86_64-linux-gnu/libc-2.23.so
        0x7ff5ae437000-0x7ff5ae43b000   /lib/x86_64-linux-gnu/libc-2.23.so
        0x7ff5ae43b000-0x7ff5ae43d000   /lib/x86_64-linux-gnu/libc-2.23.so
        0x7ff5ae43d000-0x7ff5ae441000
        0x7ff5ae441000-0x7ff5ae457000   /lib/x86_64-linux-gnu/libgcc_s.so.1
        0x7ff5ae457000-0x7ff5ae656000   /lib/x86_64-linux-gnu/libgcc_s.so.1
        0x7ff5ae656000-0x7ff5ae657000   /lib/x86_64-linux-gnu/libgcc_s.so.1
        0x7ff5ae657000-0x7ff5ae65a000   /lib/x86_64-linux-gnu/libdl-2.23.so
        0x7ff5ae65a000-0x7ff5ae859000   /lib/x86_64-linux-gnu/libdl-2.23.so
        0x7ff5ae859000-0x7ff5ae85a000   /lib/x86_64-linux-gnu/libdl-2.23.so
        0x7ff5ae85a000-0x7ff5ae85b000   /lib/x86_64-linux-gnu/libdl-2.23.so
        0x7ff5ae85b000-0x7ff5ae862000   /lib/x86_64-linux-gnu/librt-2.23.so
        0x7ff5ae862000-0x7ff5aea61000   /lib/x86_64-linux-gnu/librt-2.23.so
        0x7ff5aea61000-0x7ff5aea62000   /lib/x86_64-linux-gnu/librt-2.23.so
        0x7ff5aea62000-0x7ff5aea63000   /lib/x86_64-linux-gnu/librt-2.23.so
        0x7ff5aea63000-0x7ff5aea7b000   /lib/x86_64-linux-gnu/libpthread-2.23.so
        0x7ff5aea7b000-0x7ff5aec7a000   /lib/x86_64-linux-gnu/libpthread-2.23.so
        0x7ff5aec7a000-0x7ff5aec7b000   /lib/x86_64-linux-gnu/libpthread-2.23.so
        0x7ff5aec7b000-0x7ff5aec7c000   /lib/x86_64-linux-gnu/libpthread-2.23.so
        0x7ff5aec7c000-0x7ff5aec80000
        0x7ff5aec80000-0x7ff5aed88000   /lib/x86_64-linux-gnu/libm-2.23.so
        0x7ff5aed88000-0x7ff5aef87000   /lib/x86_64-linux-gnu/libm-2.23.so
        0x7ff5aef87000-0x7ff5aef88000   /lib/x86_64-linux-gnu/libm-2.23.so
        0x7ff5aef88000-0x7ff5aef89000   /lib/x86_64-linux-gnu/libm-2.23.so
        0x7ff5aef89000-0x7ff5af0fb000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
        0x7ff5af0fb000-0x7ff5af2fb000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
        0x7ff5af2fb000-0x7ff5af305000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
        0x7ff5af305000-0x7ff5af307000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
        0x7ff5af307000-0x7ff5af30b000
        0x7ff5af30b000-0x7ff5af331000   /lib/x86_64-linux-gnu/ld-2.23.so
        0x7ff5af4bf000-0x7ff5af507000
        0x7ff5af507000-0x7ff5af530000
        0x7ff5af530000-0x7ff5af531000   /lib/x86_64-linux-gnu/ld-2.23.so
        0x7ff5af531000-0x7ff5af532000   /lib/x86_64-linux-gnu/ld-2.23.so
        0x7ff5af532000-0x7ff5af533000
        0x7fff7f5cf000-0x7fff7f5f0000   [stack]
        0x7fff7f5fa000-0x7fff7f5fd000   [vvar]
        0x7fff7f5fd000-0x7fff7f5ff000   [vdso]
        0xffffffffff600000-0xffffffffff601000   [vsyscall]
==9673==End of process memory map.
==9673==AddressSanitizer CHECK failed: /build/llvm-toolchain-3.8-_PD09B/llvm-toolchain-3.8-3.8/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:183 "((0 && "unable to mmap")) != (0)" (0x0, 0x0)
    #0 0x50989d in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/wencheng/Documents/Experiment/Bento4/Build/mp4dump+0x50989d)
    #1 0x5104c3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/home/wencheng/Documents/Experiment/Bento4/Build/mp4dump+0x5104c3)
    #2 0x5106b1 in __sanitizer::ReportMmapFailureAndDie(unsigned long, char const*, char const*, int, bool) (/home/wencheng/Documents/Experiment/Bento4/Build/mp4dump+0x5106b1)
    #3 0x519622 in __sanitizer::MmapOrDie(unsigned long, char const*, bool) (/home/wencheng/Documents/Experiment/Bento4/Build/mp4dump+0x519622)
    #4 0x46741c in __asan::asan_memalign(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType) (/home/wencheng/Documents/Experiment/Bento4/Build/mp4dump+0x46741c)
    #5 0x531838 in operator new(unsigned long) (/home/wencheng/Documents/Experiment/Bento4/Build/mp4dump+0x531838)
    #6 0x6b6a4e in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity(unsigned int) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4Array.h:172:25
    #7 0x6b5768 in AP4_Array<AP4_CttsTableEntry>::SetItemCount(unsigned int) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4Array.h:210:25
    #8 0x6b3771 in AP4_CttsAtom::AP4_CttsAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4CttsAtom.cpp:79:5
    #9 0x6b2fd2 in AP4_CttsAtom::Create(unsigned int, AP4_ByteStream&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4CttsAtom.cpp:52:16
    #10 0x5669ad in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:459:20
    #11 0x56266e in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:221:14
    #12 0x55cf1f in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194:12
    #13 0x55cad9 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:139:5
    #14 0x55bddb in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:88:20
    #15 0x56a2c1 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:764:20
    #16 0x56266e in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:221:14
    #17 0x55cf1f in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194:12
    #18 0x55cad9 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:139:5
    #19 0x55bddb in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:88:20
    #20 0x56a2c1 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:764:20
    #21 0x56266e in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:221:14
    #22 0x55cf1f in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194:12
    #23 0x55cad9 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:139:5
    #24 0x55bddb in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:88:20
    #25 0x56a2c1 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:764:20
    #26 0x56266e in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:221:14
    #27 0x55cf1f in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194:12
    #28 0x55cad9 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:139:5
    #29 0x677a2b in AP4_TrakAtom::AP4_TrakAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4TrakAtom.cpp:165:5
    #30 0x56c6e0 in AP4_TrakAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4TrakAtom.h:58:20
    #31 0x565a06 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:379:20
    #32 0x56266e in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:221:14
    #33 0x55cf1f in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194:12
    #34 0x55cad9 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:139:5
    #35 0x6996dd in AP4_MoovAtom::AP4_MoovAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4MoovAtom.cpp:79:5
    #36 0x56c580 in AP4_MoovAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4MoovAtom.h:56:20
    #37 0x565617 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:359:20
    #38 0x56266e in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:221:14
    #39 0x5615f7 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) /home/wencheng/Documents/Experiment/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:151:12
    #40 0x5383ad in main /home/wencheng/Documents/Experiment/Bento4/Source/C++/Apps/Mp4Dump/Mp4Dump.cpp:342:12
    #41 0x7ff5ae09782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    #42 0x460168 in _start (/home/wencheng/Documents/Experiment/Bento4/Build/mp4dump+0x460168)

Aborted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant