Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation fault caused by null pointer dereference in MP4fragment, Ap4StsdAtom.cpp:75 #800

Open
5hadowblad3 opened this issue Oct 19, 2022 · 0 comments

Comments

@5hadowblad3
Copy link

Hi, there.

There is a segmentation fault caused by null pointer dereference in MP4fragment, Ap4StsdAtom.cpp:75 in the newest commit 5e7bb34.

The reason for this issue is that the return value of the GetSampleDescription is unchecked.
image

To reproduce, run:

./mp4fragment poc /dev/null

Here is the trace reported by ASAN:

==3437252==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000005fcb24 bp 0x60b000000300 sp 0x7ffec2967f00 T0)
 ==3437252==The signal is caused by a READ memory access.
 ==3437252==Hint: address points to the zero page.
     #0 0x5fcb24 in AP4_StsdAtom::AP4_StsdAtom(AP4_SampleTable*)  /benchmark/Bento4/Source/C++/Core/Ap4StsdAtom.cpp:75:47
     #1 0x6b7b51 in AP4_SampleTable::GenerateStblAtom(AP4_ContainerAtom*&)  /benchmark/Bento4/Source/C++/Core/Ap4SampleTable.cpp:59:30
     #2 0x620f26 in AP4_TrakAtom::AP4_TrakAtom(AP4_SampleTable*, unsigned int, char const*, unsigned int, unsigned long long, unsigned long long, unsigned long long, unsigned int, unsigned long long, unsigned short, char const*, unsigned int, unsigned int, unsigned short, unsigned short, int const*)  /benchmark/Bento4/Source/C++/Core/Ap4TrakAtom.cpp:131:28
     #3 0x61e255 in AP4_Track::AP4_Track(AP4_SampleTable*, unsigned int, unsigned int, unsigned long long, unsigned int, unsigned long long, AP4_Track const*)  /benchmark/Bento4/Source/C++/Core/Ap4Track.cpp:183:22
     #4 0x500733 in Fragment(AP4_File&, AP4_ByteStream&, AP4_Array<TrackCursor*>&, unsigned int, unsigned int, bool, bool, bool)  /benchmark/Bento4/Source/C++/Apps/Mp4Fragment/Mp4Fragment.cpp:360:39
     #5 0x500733 in main  /benchmark/Bento4/Source/C++/Apps/Mp4Fragment/Mp4Fragment.cpp:1475:5
     #6 0x7f0f643e9082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
     #7 0x41d8ad in _start ( /benchmark/Bento4/build-a/mp4fragment+0x41d8ad)
 
 AddressSanitizer can not provide additional info.
 SUMMARY: AddressSanitizer: SEGV  /benchmark/Bento4/Source/C++/Core/Ap4StsdAtom.cpp:75:47 in AP4_StsdAtom::AP4_StsdAtom(AP4_SampleTable*)
 ==3437252==ABORTING

mp4fragment_npd_Ap4StsdAtom.cpp75.zip
(unzip first)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant