SEGV in mp4info

[c0d3xpl0it]

System Details
Commit ID: bc1b02a
Test Machine : Ubuntu 16.04.3 LTS
MP4 File Info - Version 1.3.4
(Bento4 Version 1.5.1.0)

Command
mp4info --show-samples POC-file

ASAN Output

ASAN:DEADLYSIGNAL
=================================================================
==17894==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000000583949 bp 0x7ffd5359b2c0 sp 0x7ffd5359b1f0 T0)
    #0 0x583948 in AP4_Descriptor::GetTag() /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4Descriptor.h:61:42
    #1 0x583948 in AP4_DescriptorFinder::Test(AP4_Descriptor*) const /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4Descriptor.h:92
    #2 0x582ce9 in AP4_List<AP4_Descriptor>::Find(AP4_List<AP4_Descriptor>::Item::Finder const&, AP4_Descriptor*&) const /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4List.h:431:13
    #3 0x582ce9 in AP4_EsDescriptor::GetDecoderConfigDescriptor() const /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4EsDescriptor.cpp:207
    #4 0x5b7151 in AP4_MpegSampleDescription::AP4_MpegSampleDescription(unsigned int, AP4_EsdsAtom*) /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4SampleDescription.cpp:583:13
    #5 0x5b8df8 in AP4_MpegVideoSampleDescription::AP4_MpegVideoSampleDescription(unsigned short, unsigned short, unsigned short, char const*, AP4_EsdsAtom*) /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4SampleDescription.cpp:801:5
    #6 0x6b2e80 in AP4_MpegVideoSampleEntry::ToSampleDescription() /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4SampleEntry.cpp:934:16
    #7 0x5ae4b2 in AP4_StsdAtom::GetSampleDescription(unsigned int) /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4StsdAtom.cpp:181:39
    #8 0x6912f5 in AP4_AtomSampleTable::GetSampleDescription(unsigned int) /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4AtomSampleTable.cpp:207:25
    #9 0x5868e4 in AP4_Track::GetSampleDescription(unsigned int) /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4Track.cpp:445:28
    #10 0x52b2a7 in ShowTrackInfo_Text(AP4_Movie&, AP4_Track&, AP4_ByteStream&, bool, bool, bool, bool) /home/fuzzer/victim/Bento4/Source/C++/Apps/Mp4Info/Mp4Info.cpp:1152:46
    #11 0x52b2a7 in ShowTrackInfo(AP4_Movie&, AP4_Track&, AP4_ByteStream&, bool, bool, bool, bool) /home/fuzzer/victim/Bento4/Source/C++/Apps/Mp4Info/Mp4Info.cpp:1276
    #12 0x52a66c in ShowTracks(AP4_Movie&, AP4_List<AP4_Track>&, AP4_ByteStream&, bool, bool, bool, bool) /home/fuzzer/victim/Bento4/Source/C++/Apps/Mp4Info/Mp4Info.cpp:1386:9
    #13 0x527cd8 in main /home/fuzzer/victim/Bento4/Source/C++/Apps/Mp4Info/Mp4Info.cpp:1650:13
    #14 0x7f473c79282f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291
    #15 0x4521f8 in _start (/home/fuzzer/victim/Bento4/mp4info+0x4521f8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/fuzzer/victim/Bento4/Source/C++/Core/Ap4Descriptor.h:61:42 in AP4_Descriptor::GetTag()
==17894==ABORTING

[DorHayun]

Hi, is there a fix for this issue?

[barbibulle]

I can't reproduce this problem, as the issue reported here doesn't include the fuzzed input file that triggered the crash.