You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dear Bento4 developers, I used AFL++ to fuzz test Bento4 and found some problems.
To debug a program built with ASan, here is some output
=================================================================
==1982814==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000011f at pc 0x0000008aa64d bp 0x7fffba272270 sp 0x7fffba272268
READ of size 1 at 0x60200000011f thread T0
#0 0x8aa64c in AP4_Dec3Atom::AP4_Dec3Atom(unsigned int, unsigned char const*) /home/zt/Bento4/Source/C++/Core/Ap4Dec3Atom.cpp:161:57
#1 0x8a1f6e in AP4_Dec3Atom::Create(unsigned int, AP4_ByteStream&) /home/zt/Bento4/Source/C++/Core/Ap4Dec3Atom.cpp:56:16
#2 0x703433 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/zt/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:769:24
#3 0x6f99a8 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/zt/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:234:14
#4 0x833287 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/zt/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194:12
#5 0x588686 in AP4_AudioSampleEntry::AP4_AudioSampleEntry(unsigned int, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/zt/Bento4/Source/C++/Core/Ap4SampleEntry.cpp:420:5
#6 0x51763d in AP4_EncaSampleEntry::AP4_EncaSampleEntry(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/zt/Bento4/Source/C++/Core/Ap4Protection.cpp:74:5
#7 0x70135f in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/zt/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:298:24
#8 0x6f99a8 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/zt/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:234:14
#9 0x5bbc96 in AP4_StsdAtom::AP4_StsdAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/zt/Bento4/Source/C++/Core/Ap4StsdAtom.cpp:101:13
#10 0x5b5c06 in AP4_StsdAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/zt/Bento4/Source/C++/Core/Ap4StsdAtom.cpp:57:16
#11 0x7018e6 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/zt/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:458:20
#12 0x6f99a8 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/zt/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:234:14
#13 0x6f79ac in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) /home/zt/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:154:12
#14 0x4f0896 in AP4_File::ParseStream(AP4_ByteStream&, AP4_AtomFactory&, bool) /home/zt/Bento4/Source/C++/Core/Ap4File.cpp:104:12
#15 0x4f1ec4 in AP4_File::AP4_File(AP4_ByteStream&, bool) /home/zt/Bento4/Source/C++/Core/Ap4File.cpp:78:5
#16 0x4ca35b in main /home/zt/Bento4/Source/C++/Apps/Mp42Aac/Mp42Aac.cpp:250:22
#17 0x7fadc2fd5082 in __libc_start_main /build/glibc-wuryBv/glibc-2.31/csu/../csu/libc-start.c:308:16
#18 0x41eccd in _start (/home/zt/Bento4/build/mp42aac+0x41eccd)
0x60200000011f is located 0 bytes to the right of 15-byte region [0x602000000110,0x60200000011f)
allocated by thread T0 here:
#0 0x4c6c8d in operator new[](unsigned long) (/home/zt/Bento4/build/mp42aac+0x4c6c8d)
#1 0x4e9450 in AP4_DataBuffer::AP4_DataBuffer(unsigned int) /home/zt/Bento4/Source/C++/Core/Ap4DataBuffer.cpp:55:16
#2 0x703433 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/zt/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:769:24
#3 0x6f99a8 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/zt/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:234:14
#4 0x833287 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /home/zt/Bento4/Source/C++/Core/Ap4ContainerAtom.cpp:194:12
#5 0x588686 in AP4_AudioSampleEntry::AP4_AudioSampleEntry(unsigned int, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /home/zt/Bento4/Source/C++/Core/Ap4SampleEntry.cpp:420:5
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/zt/Bento4/Source/C++/Core/Ap4Dec3Atom.cpp:161:57 in AP4_Dec3Atom::AP4_Dec3Atom(unsigned int, unsigned char const*)
Shadow bytes around the buggy address:
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff8000: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
0x0c047fff8010: fa fa 04 fa fa fa fd fa fa fa 01 fa fa fa 00 fa
=>0x0c047fff8020: fa fa 00[07]fa fa 00 07 fa fa fa fa fa fa fa fa
0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1982814==ABORTING
Dear Bento4 developers, I used AFL++ to fuzz test Bento4 and found some problems.
To debug a program built with ASan, here is some output
Crash input:
https://github.com/zhangteng0526/crashes/blob/main/Bento4/input1
Validation steps
环境
The text was updated successfully, but these errors were encountered: