New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

failed to allocate LargeMmapAllocator in Ap4Array.h at Bento4 v1.5.1-628 when running mp42hls #361

Open
wuk0n9 opened this Issue Jan 25, 2019 · 0 comments

Comments

Projects
None yet
1 participant
@wuk0n9
Copy link

wuk0n9 commented Jan 25, 2019

A crafted input will lead to failed allocate LargeMmapAllocator in Ap4Array.h at Bento4 1.5.1-628.

Triggered by
./mp42hls crash3.mp4

Poc
poc1.zip

Bento4 Version 1.5.1-628
The ASAN information is as follows:

==56305==ERROR: AddressSanitizer failed to allocate 0xc00003000 (51539619840) bytes of LargeMmapAllocator (errno: 12)
==56305==Process memory map follows:
        0x000000400000-0x0000007b4000   /home/jas/Downloads/Bento4-SRC-1-5-1-628/cmakebuild/mp42hls
        0x0000009b4000-0x0000009b5000   /home/jas/Downloads/Bento4-SRC-1-5-1-628/cmakebuild/mp42hls
        0x0000009b5000-0x000000b5b000   /home/jas/Downloads/Bento4-SRC-1-5-1-628/cmakebuild/mp42hls
        0x00007fff7000-0x00008fff7000
        0x00008fff7000-0x02008fff7000
        0x02008fff7000-0x10007fff8000
        0x600000000000-0x602000000000
        0x602000000000-0x602000010000
        0x602000010000-0x603000000000
        0x603000000000-0x603000010000
        0x603000010000-0x604000000000
        0x604000000000-0x604000010000
        0x604000010000-0x606000000000
        0x606000000000-0x606000010000
        0x606000010000-0x607000000000
        0x607000000000-0x607000010000
        0x607000010000-0x608000000000
        0x608000000000-0x608000010000
        0x608000010000-0x60c000000000
        0x60c000000000-0x60c000010000
        0x60c000010000-0x60d000000000
        0x60d000000000-0x60d000010000
        0x60d000010000-0x60e000000000
        0x60e000000000-0x60e000010000
        0x60e000010000-0x611000000000
        0x611000000000-0x611000010000
        0x611000010000-0x616000000000
        0x616000000000-0x616000020000
        0x616000020000-0x619000000000
        0x619000000000-0x619000020000
        0x619000020000-0x621000000000
        0x621000000000-0x621000020000
        0x621000020000-0x631000000000
        0x631000000000-0x631000030000
        0x631000030000-0x640000000000
        0x640000000000-0x640000003000
        0x7ff016000000-0x7ff016100000
        0x7ff016200000-0x7ff016300000
        0x7ff01635e000-0x7ff0186b0000
        0x7ff0186b0000-0x7ff0187b8000   /lib/x86_64-linux-gnu/libm-2.23.so
        0x7ff0187b8000-0x7ff0189b7000   /lib/x86_64-linux-gnu/libm-2.23.so
        0x7ff0189b7000-0x7ff0189b8000   /lib/x86_64-linux-gnu/libm-2.23.so
        0x7ff0189b8000-0x7ff0189b9000   /lib/x86_64-linux-gnu/libm-2.23.so
        0x7ff0189b9000-0x7ff0189bc000   /lib/x86_64-linux-gnu/libdl-2.23.so
        0x7ff0189bc000-0x7ff018bbb000   /lib/x86_64-linux-gnu/libdl-2.23.so
        0x7ff018bbb000-0x7ff018bbc000   /lib/x86_64-linux-gnu/libdl-2.23.so
        0x7ff018bbc000-0x7ff018bbd000   /lib/x86_64-linux-gnu/libdl-2.23.so
        0x7ff018bbd000-0x7ff018bd5000   /lib/x86_64-linux-gnu/libpthread-2.23.so
        0x7ff018bd5000-0x7ff018dd4000   /lib/x86_64-linux-gnu/libpthread-2.23.so
        0x7ff018dd4000-0x7ff018dd5000   /lib/x86_64-linux-gnu/libpthread-2.23.so
        0x7ff018dd5000-0x7ff018dd6000   /lib/x86_64-linux-gnu/libpthread-2.23.so
        0x7ff018dd6000-0x7ff018dda000
        0x7ff018dda000-0x7ff018f9a000   /lib/x86_64-linux-gnu/libc-2.23.so
        0x7ff018f9a000-0x7ff01919a000   /lib/x86_64-linux-gnu/libc-2.23.so
        0x7ff01919a000-0x7ff01919e000   /lib/x86_64-linux-gnu/libc-2.23.so
        0x7ff01919e000-0x7ff0191a0000   /lib/x86_64-linux-gnu/libc-2.23.so
        0x7ff0191a0000-0x7ff0191a4000
        0x7ff0191a4000-0x7ff0191ba000   /lib/x86_64-linux-gnu/libgcc_s.so.1
        0x7ff0191ba000-0x7ff0193b9000   /lib/x86_64-linux-gnu/libgcc_s.so.1
        0x7ff0193b9000-0x7ff0193ba000   /lib/x86_64-linux-gnu/libgcc_s.so.1
        0x7ff0193ba000-0x7ff01952c000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
        0x7ff01952c000-0x7ff01972c000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
        0x7ff01972c000-0x7ff019736000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
        0x7ff019736000-0x7ff019738000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
        0x7ff019738000-0x7ff01973c000
        0x7ff01973c000-0x7ff019830000   /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0
        0x7ff019830000-0x7ff019a30000   /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0
        0x7ff019a30000-0x7ff019a33000   /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0
        0x7ff019a33000-0x7ff019a34000   /usr/lib/x86_64-linux-gnu/libasan.so.2.0.0
        0x7ff019a34000-0x7ff01a6a9000
        0x7ff01a6a9000-0x7ff01a6cf000   /lib/x86_64-linux-gnu/ld-2.23.so
        0x7ff01a81a000-0x7ff01a8b8000
        0x7ff01a8b8000-0x7ff01a8ce000
        0x7ff01a8ce000-0x7ff01a8cf000   /lib/x86_64-linux-gnu/ld-2.23.so
        0x7ff01a8cf000-0x7ff01a8d0000   /lib/x86_64-linux-gnu/ld-2.23.so
        0x7ff01a8d0000-0x7ff01a8d1000
        0x7ffc5d59c000-0x7ffc5d5bd000   [stack]
        0x7ffc5d5c2000-0x7ffc5d5c4000   [vvar]
        0x7ffc5d5c4000-0x7ffc5d5c6000   [vdso]
        0xffffffffff600000-0xffffffffff601000   [vsyscall]
==56305==End of process memory map.
==56305==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix.cc:121 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0)
    #0 0x7ff0197dc631  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631)
    #1 0x7ff0197e15e3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3)
    #2 0x7ff0197e9611  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xad611)
    #3 0x7ff01975ec0c  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22c0c)
    #4 0x7ff0197d54fe in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x994fe)
    #5 0x550cef in AP4_Array<AP4_ElstEntry>::EnsureCapacity(unsigned int) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4Array.h:172
    #6 0x550017 in AP4_ElstAtom::AP4_ElstAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ElstAtom.cpp:73
    #7 0x54fd41 in AP4_ElstAtom::Create(unsigned int, AP4_ByteStream&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ElstAtom.cpp:51
    #8 0x522fcb in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:545
    #9 0x520e72 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:221
    #10 0x4891c3 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:194
    #11 0x488c78 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:139
    #12 0x488805 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:88
    #13 0x523eba in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:764
    #14 0x520e72 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:221
    #15 0x4891c3 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:194
    #16 0x488c78 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:139
    #17 0x4a2174 in AP4_TrakAtom::AP4_TrakAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4TrakAtom.cpp:165
    #18 0x524ab5 in AP4_TrakAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4TrakAtom.h:58
    #19 0x52231f in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:379
    #20 0x520e72 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:221
    #21 0x4891c3 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:194
    #22 0x488c78 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4ContainerAtom.cpp:139
    #23 0x530ca3 in AP4_MoovAtom::AP4_MoovAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4MoovAtom.cpp:80
    #24 0x524a59 in AP4_MoovAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4MoovAtom.h:56
    #25 0x522198 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:359
    #26 0x520e72 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:221
    #27 0x5207c7 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4AtomFactory.cpp:151
    #28 0x48f2c5 in AP4_File::ParseStream(AP4_ByteStream&, AP4_AtomFactory&, bool) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4File.cpp:104
    #29 0x48ef34 in AP4_File::AP4_File(AP4_ByteStream&, bool) /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Core/Ap4File.cpp:78
    #30 0x45eebd in main /home/jas/Downloads/Bento4-SRC-1-5-1-628/Source/C++/Apps/Mp42Hls/Mp42Hls.cpp:1846
    #31 0x7ff018dfa82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #32 0x4549e8 in _start (/home/jas/Downloads/Bento4-SRC-1-5-1-628/cmakebuild/mp42hls+0x4549e8)

FoundBy: wu.an.1900@gamil.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment