Open
Description
A crafted input will lead to failed allocate LargeMmapAllocator in Ap4Array.h at Bento4 1.5.1-628.
Triggered by
./mp42hls crash3.mp4
Poc
poc1.zip
Bento4 Version 1.5.1-628
The ASAN information is as follows:
==56305==ERROR: AddressSanitizer failed to allocate 0xc00003000 (51539619840) bytes of LargeMmapAllocator (errno: 12)
==56305==Process memory map follows:
0x000000400000-0x0000007b4000 /home/jas/Downloads/Bento4-SRC-1-5-1-628/cmakebuild/mp42hls
0x0000009b4000-0x0000009b5000 /home/jas/Downloads/Bento4-SRC-1-5-1-628/cmakebuild/mp42hls
0x0000009b5000-0x000000b5b000 /home/jas/Downloads/Bento4-SRC-1-5-1-628/cmakebuild/mp42hls
0x00007fff7000-0x00008fff7000
0x00008fff7000-0x02008fff7000
0x02008fff7000-0x10007fff8000
0x600000000000-0x602000000000
0x602000000000-0x602000010000
0x602000010000-0x603000000000
0x603000000000-0x603000010000
0x603000010000-0x604000000000
0x604000000000-0x604000010000
0x604000010000-0x606000000000
0x606000000000-0x606000010000
0x606000010000-0x607000000000
0x607000000000-0x607000010000
0x607000010000-0x608000000000
0x608000000000-0x608000010000
0x608000010000-0x60c000000000
0x60c000000000-0x60c000010000
0x60c000010000-0x60d000000000
0x60d000000000-0x60d000010000
0x60d000010000-0x60e000000000
0x60e000000000-0x60e000010000
0x60e000010000-0x611000000000
0x611000000000-0x611000010000
0x611000010000-0x616000000000
0x616000000000-0x616000020000
0x616000020000-0x619000000000
0x619000000000-0x619000020000
0x619000020000-0x621000000000
0x621000000000-0x621000020000
0x621000020000-0x631000000000
0x631000000000-0x631000030000
0x631000030000-0x640000000000
0x640000000000-0x640000003000
0x7ff016000000-0x7ff016100000
0x7ff016200000-0x7ff016300000
0x7ff01635e000-0x7ff0186b0000
0x7ff0186b0000-0x7ff0187b8000 /lib/x86_64-linux-gnu/libm-2.23.so
0x7ff0187b8000-0x7ff0189b7000 /lib/x86_64-linux-gnu/libm-2.23.so
0x7ff0189b7000-0x7ff0189b8000 /lib/x86_64-linux-gnu/libm-2.23.so
0x7ff0189b8000-0x7ff0189b9000 /lib/x86_64-linux-gnu/libm-2.23.so
0x7ff0189b9000-0x7ff0189bc000 /lib/x86_64-linux-gnu/libdl-2.23.so
0x7ff0189bc000-0x7ff018bbb000 /lib/x86_64-linux-gnu/libdl-2.23.so
0x7ff018bbb000-0x7ff018bbc000 /lib/x86_64-linux-gnu/libdl-2.23.so
0x7ff018bbc000-0x7ff018bbd000 /lib/x86_64-linux-gnu/libdl-2.23.so
0x7ff018bbd000-0x7ff018bd5000 /lib/x86_64-linux-gnu/libpthread-2.23.so
0x7ff018bd5000-0x7ff018dd4000 /lib/x86_64-linux-gnu/libpthread-2.23.so
0x7ff018dd4000-0x7ff018dd5000 /lib/x86_64-linux-gnu/libpthread-2.23.so
0x7ff018dd5000-0x7ff018dd6000 /lib/x86_64-linux-gnu/libpthread-2.23.so
0x7ff018dd6000-0x7ff018dda000
0x7ff018dda000-0x7ff018f9a000 /lib/x86_64-linux-gnu/libc-2.23.so
0x7ff018f9a000-0x7ff01919a000 /lib/x86_64-linux-gnu/libc-2.23.so
0x7ff01919a000-0x7ff01919e000 /lib/x86_64-linux-gnu/libc-2.23.so
0x7ff01919e000-0x7ff0191a0000 /lib/x86_64-linux-gnu/libc-2.23.so
0x7ff0191a0000-0x7ff0191a4000
0x7ff0191a4000-0x7ff0191ba000 /lib/x86_64-linux-gnu/libgcc_s.so.1
0x7ff0191ba000-0x7ff0193b9000 /lib/x86_64-linux-gnu/libgcc_s.so.1
0x7ff0193b9000-0x7ff0193ba000 /lib/x86_64-linux-gnu/libgcc_s.so.1
0x7ff0193ba000-0x7ff01952c000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
0x7ff01952c000-0x7ff01972c000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
0x7ff01972c000-0x7ff019736000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
0x7ff019736000-0x7ff019738000 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
0x7ff019738000-0x7ff01973c000
0x7ff01973c000-0x7ff019830000 /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0
0x7ff019830000-0x7ff019a30000 /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0
0x7ff019a30000-0x7ff019a33000 /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0
0x7ff019a33000-0x7ff019a34000 /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0
0x7ff019a34000-0x7ff01a6a9000
0x7ff01a6a9000-0x7ff01a6cf000 /lib/x86_64-linux-gnu/ld-2.23.so
0x7ff01a81a000-0x7ff01a8b8000
0x7ff01a8b8000-0x7ff01a8ce000
0x7ff01a8ce000-0x7ff01a8cf000 /lib/x86_64-linux-gnu/ld-2.23.so
0x7ff01a8cf000-0x7ff01a8d0000 /lib/x86_64-linux-gnu/ld-2.23.so
0x7ff01a8d0000-0x7ff01a8d1000
0x7ffc5d59c000-0x7ffc5d5bd000 [stack]
0x7ffc5d5c2000-0x7ffc5d5c4000 [vvar]
0x7ffc5d5c4000-0x7ffc5d5c6000 [vdso]
0xffffffffff600000-0xffffffffff601000 [vsyscall]
==56305==End of process memory map.
==56305==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix.cc:121 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0)
#0 0x7ff0197dc631 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
#1 0x7ff0197e15e3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
#2 0x7ff0197e9611 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xad611)
#3 0x7ff01975ec0c (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22c0c)
#4 0x7ff0197d54fe in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x994fe)
#5 0x550cef in AP4_Array<AP4_ElstEntry>::EnsureCapacity(unsigned int) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4Array.h:172
#6 0x550017 in AP4_ElstAtom::AP4_ElstAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ElstAtom.cpp:73
#7 0x54fd41 in AP4_ElstAtom::Create(unsigned int, AP4_ByteStream&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ElstAtom.cpp:51
#8 0x522fcb in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:545
#9 0x520e72 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:221
#10 0x4891c3 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:194
#11 0x488c78 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:139
#12 0x488805 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:88
#13 0x523eba in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:764
#14 0x520e72 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:221
#15 0x4891c3 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:194
#16 0x488c78 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:139
#17 0x4a2174 in AP4_TrakAtom::AP4_TrakAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4TrakAtom.cpp:165
#18 0x524ab5 in AP4_TrakAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4TrakAtom.h:58
#19 0x52231f in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:379
#20 0x520e72 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:221
#21 0x4891c3 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:194
#22 0x488c78 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:139
#23 0x530ca3 in AP4_MoovAtom::AP4_MoovAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4MoovAtom.cpp:80
#24 0x524a59 in AP4_MoovAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4MoovAtom.h:56
#25 0x522198 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:359
#26 0x520e72 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:221
#27 0x5207c7 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:151
#28 0x48f2c5 in AP4_File::ParseStream(AP4_ByteStream&, AP4_AtomFactory&, bool) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4File.cpp:104
#29 0x48ef34 in AP4_File::AP4_File(AP4_ByteStream&, bool) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4File.cpp:78
#30 0x45eebd in main /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Apps/Mp42Hls/Mp42Hls.cpp:1846
#31 0x7ff018dfa82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#32 0x4549e8 in _start (/home/jas/Downloads/Bento4-SRC-1-5-1-628/cmakebuild/mp42hls+0x4549e8)
FoundBy: wu.an.1900@gamil.com
Metadata
Metadata
Assignees
Labels
No labels