Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exhaustive memory misunhandle #396

Open
5hadowblad3 opened this issue May 24, 2019 · 0 comments
Open

Exhaustive memory misunhandle #396

5hadowblad3 opened this issue May 24, 2019 · 0 comments
Assignees
Labels

Comments

@5hadowblad3
Copy link

5hadowblad3 commented May 24, 2019

A memory allocation failure unhandled in Ap4SdpAtom.cpp and leads to crashes.

./mp42aac input_file /dev/null

In file Source/C++/Core/Ap4SdpAtom.cpp
image

AP4_SdpAtom allocate a new buffer to parse the atom in the stream.
The unhandled memory allocation failure cause the read content memcpy to a null pointer.
image
This is the start points.

In file In file Source/C++/Core/Ap4ByteStream.cpp
image
image

AP4_CopyMemory is the macro define of memcpy and the path formed.

Asan trace report:

==79431==AddressSanitizer CHECK failed: ../../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0)) != (0)" (0x0, 0x0)
#0 0xf725e797 (/usr/lib32/libasan.so.2+0x9f797)
#1 0xf7263a69 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib32/libasan.so.2+0xa4a69)
#2 0xf71d507b (/usr/lib32/libasan.so.2+0x1607b)
#3 0xf7261e80 (/usr/lib32/libasan.so.2+0xa2e80)
#4 0xf71da229 (/usr/lib32/libasan.so.2+0x1b229)
#5 0xf7256e16 in operator new[](unsigned int) (/usr/lib32/libasan.so.2+0x97e16)
#6 0x873013b in AP4_SdpAtom::AP4_SdpAtom(unsigned int, AP4_ByteStream&) /mnt/data/playground/mp42-a/Source/C++/Core/Ap4SdpAtom.cpp:60
#7 0x82dcab1 in AP4_SdpAtom::Create(unsigned int, AP4_ByteStream&) /mnt/data/playground/mp42-a/Source/C++/Core/Ap4SdpAtom.h:54
#8 0x82dcab1 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /mnt/data/playground/mp42-a/Source/C++/Core/Ap4AtomFactory.cpp:595
#9 0x83016d3 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /mnt/data/playground/mp42-a/Source/C++/Core/Ap4AtomFactory.cpp:221
#10 0x82b6bae in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /mnt/data/playground/mp42-a/Source/C++/Core/Ap4ContainerAtom.cpp:194
#11 0x82b6bae in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /mnt/data/playground/mp42-a/Source/C++/Core/Ap4ContainerAtom.cpp:139
#12 0x82be680 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /mnt/data/playground/mp42-a/Source/C++/Core/Ap4ContainerAtom.cpp:88
#13 0x82dc711 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /mnt/data/playground/mp42-a/Source/C++/Core/Ap4AtomFactory.cpp:764
#14 0x82fa1f7 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /mnt/data/playground/mp42-a/Source/C++/Core/Ap4AtomFactory.cpp:221
#15 0x82fa1f7 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) /mnt/data/playground/mp42-a/Source/C++/Core/Ap4AtomFactory.cpp:151
#16 0x809a044 in AP4_File::ParseStream(AP4_ByteStream&, AP4_AtomFactory&, bool) /mnt/data/playground/mp42-a/Source/C++/Core/Ap4File.cpp:104
#17 0x809a044 in AP4_File::AP4_File(AP4_ByteStream&, bool) /mnt/data/playground/mp42-a/Source/C++/Core/Ap4File.cpp:78
#18 0x8082ce7 in main /mnt/data/playground/mp42-a/Source/C++/Apps/Mp42Aac/Mp42Aac.cpp:250
#19 0xf69df636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
#20 0x808df1b (/mnt/data/playground/mp42-a/Build/mp42aac+0x808df1b)

input_file.zip

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants