heap-buffer-overflow of Ap4BitStream.cpp in function WriteBytes

[NigelX]

heap-buffer-overflow of Ap4BitStream.cpp in function WriteBytes
Hi

I found an crash erro.

System info：
Ubuntu 20.04 : clang 10.0.0 , gcc 9.3.0

Bento4 version 1.6.0.0

commit:0c7705733de80172712e487dd6fdd28387fd7184

poc.zip

---

Verification steps：
1.Get the source code of Bento4
2.Compile the Bento4

$ cd Bento4
$ mkdir check_build && cd check_build
$ cmake ../ -DCMAKE_C_COMPILER=clang  -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_FLAGS="-fsanitize=address" -DCMAKE_CXX_FLAGS="-fsanitize=address"
$ make -j 32

3.run avcinfo

$ ./avcinfo poc  

asan info

=================================================================
==3643438==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000016 at pc 0x000000433137 bp 0x7ffd33d807e0 sp 0x7ffd33d7ffa0
READ of size 8 at 0x602000000016 thread T0
    #0 0x433136 in memcpy (/home/hh/Downloads/Bento4/target/avcinfo+0x433136)
    #1 0x4d0bae in AP4_BitStream::WriteBytes(unsigned char const*, unsigned int) /home/hh/Downloads/Bento4/Source/C++/Codecs/Ap4BitStream.cpp:133:9
    #2 0x4c72cf in PrintSliceInfo(unsigned char const*) /home/hh/Downloads/Bento4/Source/C++/Apps/AvcInfo/AvcInfo.cpp:84:10
    #3 0x4c72cf in main /home/hh/Downloads/Bento4/Source/C++/Apps/AvcInfo/AvcInfo.cpp:171:21
    #4 0x7f3c202f10b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x41c3dd in _start (/home/hh/Downloads/Bento4/target/avcinfo+0x41c3dd)

0x602000000016 is located 0 bytes to the right of 6-byte region [0x602000000010,0x602000000016)
allocated by thread T0 here:
    #0 0x4c439d in operator new[](unsigned long) (/home/hh/Downloads/Bento4/target/avcinfo+0x4c439d)
    #1 0x4d425f in AP4_DataBuffer::ReallocateBuffer(unsigned int) /home/hh/Downloads/Bento4/Source/C++/Core/Ap4DataBuffer.cpp:210:28
    #2 0x4d425f in AP4_DataBuffer::SetDataSize(unsigned int) /home/hh/Downloads/Bento4/Source/C++/Core/Ap4DataBuffer.cpp:151:33

SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/hh/Downloads/Bento4/target/avcinfo+0x433136) in memcpy
Shadow bytes around the buggy address:
  0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa[06]fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==3643438==ABORTING