Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null Pointer Dereference(npd) Bug #394

Open
5hadowblad3 opened this issue May 14, 2019 · 1 comment

Comments

@5hadowblad3
Copy link

commented May 14, 2019

Hi, recently when I experience the new version of bento4. I find an NPD bug in program "mp42aac".

./mp42acc inputs

The bug logic is that when the data size is not large enough and apply reallocation, the reallocation does not check whether the new buffer is successfully allocated.
This is the execution trace.
4c7a.png">
image

In SetDataSize, the function realloc buffer when new size is larger than the current one.
This means the two values of two size variable are not zero.
image
In reallocation, there is no null pointer check for the return value of the allocation and leads to the crash when apply AP4_CopyMemory which is an alias of memcpy function.
image

I have uploaded the report and related bug trace to help understand this problem.
report_input.zip

@5hadowblad3

This comment has been minimized.

Copy link
Author

commented May 24, 2019

I look into the related bug and fix #342 , this is the same cause but does not fix the root cause since it only modifies the upper layer of mp42hls but this function is used in many programs and the bug still occurs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.