You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is another out-of-memory bug in the latest version (1.6.0-640) of mp4info because of the function AP4_UrlAtom::AP4_UrlAtom() at Ap4UrlAtom.cpp:71.
Unlike the issue #771, this vunerability happened in the different function AP4_UrlAtom::AP4_UrlAtom().
Here is the output of program with address sanitizer attached.
Bug Report
=================================================================
==973793==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0xdd000000 bytes
#0 0x7f40c85f9787 in operator new[](unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cc:107 #1 0x55f6be8e4ce7 in AP4_UrlAtom::AP4_UrlAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4UrlAtom.cpp:71 #2 0x55f6be8e4ed2 in AP4_UrlAtom::Create(unsigned int, AP4_ByteStream&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4UrlAtom.cpp:47 #3 0x55f6be843fc4 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:585 #4 0x55f6be845530 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:234 #5 0x55f6be865836 in AP4_DrefAtom::AP4_DrefAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4DrefAtom.cpp:84 #6 0x55f6be865c13 in AP4_DrefAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4DrefAtom.cpp:50 #7 0x55f6be841d44 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:580 #8 0x55f6be845530 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:234 #9 0x55f6be85241a in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:194 #10 0x55f6be8527c3 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:139 #11 0x55f6be852ced in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:88 #12 0x55f6be841cf4 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:816 #13 0x55f6be845530 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:234 #14 0x55f6be85241a in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:194 #15 0x55f6be8527c3 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:139 #16 0x55f6be852ced in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:88 #17 0x55f6be841cf4 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:816 #18 0x55f6be845530 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:234 #19 0x55f6be85241a in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:194 #20 0x55f6be8527c3 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:139 #21 0x55f6be852ced in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:88 #22 0x55f6be841cf4 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:816 #23 0x55f6be845530 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:234 #24 0x55f6be85241a in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:194 #25 0x55f6be8527c3 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:139 #26 0x55f6be8e02a8 in AP4_TrakAtom::AP4_TrakAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4TrakAtom.cpp:165 #27 0x55f6be84239f in AP4_TrakAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4TrakAtom.h:58 #28 0x55f6be84239f in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:413 #29 0x55f6be845530 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:234 #30 0x55f6be85241a in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:194
==973793==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: out-of-memory ../../../../src/libsanitizer/asan/asan_new_delete.cc:107 in operator new[](unsigned long)
==973793==ABORTING
Hi I'd like to ask whether memory size checker will be included in Bento4 or not. According to CVE-2023-30551, it can cause an out of memory crash if files are sufficiently large, so it is better to add extra function to check memory size. Thanks.
Hi,
There is another out-of-memory bug in the latest version (1.6.0-640) of mp4info because of the function AP4_UrlAtom::AP4_UrlAtom() at Ap4UrlAtom.cpp:71.
Unlike the issue #771, this vunerability happened in the different function AP4_UrlAtom::AP4_UrlAtom().
Here is the output of program with address sanitizer attached.
Bug Report
=================================================================
==973793==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0xdd000000 bytes
#0 0x7f40c85f9787 in operator new[](unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cc:107
#1 0x55f6be8e4ce7 in AP4_UrlAtom::AP4_UrlAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4UrlAtom.cpp:71
#2 0x55f6be8e4ed2 in AP4_UrlAtom::Create(unsigned int, AP4_ByteStream&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4UrlAtom.cpp:47
#3 0x55f6be843fc4 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:585
#4 0x55f6be845530 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:234
#5 0x55f6be865836 in AP4_DrefAtom::AP4_DrefAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4DrefAtom.cpp:84
#6 0x55f6be865c13 in AP4_DrefAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4DrefAtom.cpp:50
#7 0x55f6be841d44 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:580
#8 0x55f6be845530 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:234
#9 0x55f6be85241a in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:194
#10 0x55f6be8527c3 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:139
#11 0x55f6be852ced in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:88
#12 0x55f6be841cf4 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:816
#13 0x55f6be845530 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:234
#14 0x55f6be85241a in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:194
#15 0x55f6be8527c3 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:139
#16 0x55f6be852ced in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:88
#17 0x55f6be841cf4 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:816
#18 0x55f6be845530 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:234
#19 0x55f6be85241a in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:194
#20 0x55f6be8527c3 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:139
#21 0x55f6be852ced in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:88
#22 0x55f6be841cf4 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:816
#23 0x55f6be845530 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:234
#24 0x55f6be85241a in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:194
#25 0x55f6be8527c3 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:139
#26 0x55f6be8e02a8 in AP4_TrakAtom::AP4_TrakAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4TrakAtom.cpp:165
#27 0x55f6be84239f in AP4_TrakAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4TrakAtom.h:58
#28 0x55f6be84239f in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:413
#29 0x55f6be845530 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4AtomFactory.cpp:234
#30 0x55f6be85241a in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/ubuntu/targets/Bento4-1.6.0-639_sanitizer/Source/C++/Core/Ap4ContainerAtom.cpp:194
==973793==HINT: if you don't care about these errors you may set allocator_may_return_null=1
SUMMARY: AddressSanitizer: out-of-memory ../../../../src/libsanitizer/asan/asan_new_delete.cc:107 in operator new[](unsigned long)
==973793==ABORTING
Envionment
OS: Ubuntu 20.04.5 LTS x86_64
Release: v1.6.0-640
Program: mp4info
How to reproduce
$ mp4info poc-file
poc-file is attached.
poc-file.txt
The text was updated successfully, but these errors were encountered: