You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dear Bento4 developers, I used AFL++ to fuzz test Bento4 and found some problems.
To debug a program built with ASan, here is some output
unable to autodetect fragment duration, using default
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1718535==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000006b229c bp 0x60b000000408 sp 0x7ffe5a6079e0 T0)
==1718535==The signal is caused by a READ memory access.
==1718535==Hint: address points to the zero page.
#0 0x6b229c in AP4_StsdAtom::AP4_StsdAtom(AP4_SampleTable*) /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Core/Ap4StsdAtom.cpp:75:47
#1 0x825ed3 in AP4_SampleTable::GenerateStblAtom(AP4_ContainerAtom*&) /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Core/Ap4SampleTable.cpp:59:30
#2 0x6fb497 in AP4_TrakAtom::AP4_TrakAtom(AP4_SampleTable*, unsigned int, char const*, unsigned int, unsigned long long, unsigned long long, unsigned long long, unsigned int, unsigned long long, unsigned short, char const*, unsigned int, unsigned int, unsigned short, unsigned short, int const*) /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Core/Ap4TrakAtom.cpp:131:28
#3 0x6f60dd in AP4_Track::AP4_Track(AP4_SampleTable*, unsigned int, unsigned int, unsigned long long, unsigned int, unsigned long long, AP4_Track const*) /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Core/Ap4Track.cpp:183:22
#4 0x4cf67a in Fragment(AP4_File&, AP4_ByteStream&, AP4_Array<TrackCursor*>&, unsigned int, unsigned int, bool, bool, bool) /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Apps/Mp4Fragment/Mp4Fragment.cpp:360:39
#5 0x4cf67a in main /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Apps/Mp4Fragment/Mp4Fragment.cpp:1475:5
#6 0x7f0e35d8b082 in __libc_start_main /build/glibc-wuryBv/glibc-2.31/csu/../csu/libc-start.c:308:16
#7 0x41c90d in _start (/home/zt/cnvd/Bento4/Bento4-fuzzer/build/mp4fragment+0x41c90d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Core/Ap4StsdAtom.cpp:75:47 in AP4_StsdAtom::AP4_StsdAtom(AP4_SampleTable*)
==1718535==ABORTING
unable to autodetect fragment duration, using default
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1686304==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f80a52d6915 bp 0x7ffe1023fd70 sp 0x7ffe1023f528 T0)
==1686304==The signal is caused by a READ memory access.
==1686304==Hint: address points to the zero page.
#0 0x7f80a52d6915 /build/glibc-wuryBv/glibc-2.31/string/../sysdeps/x86_64/multiarch/strlen-avx2.S:65
#1 0x42f3e8 in strlen (/home/zt/cnvd/Bento4/Bento4-fuzzer/build/mp4fragment+0x42f3e8)
#2 0x5e3c2f in AP4_MdhdAtom::AP4_MdhdAtom(unsigned long long, unsigned long long, unsigned int, unsigned long long, char const*) /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Core/Ap4MdhdAtom.cpp:69:9
#3 0x6fb6d1 in AP4_TrakAtom::AP4_TrakAtom(AP4_SampleTable*, unsigned int, char const*, unsigned int, unsigned long long, unsigned long long, unsigned long long, unsigned int, unsigned long long, unsigned short, char const*, unsigned int, unsigned int, unsigned short, unsigned short, int const*) /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Core/Ap4TrakAtom.cpp:143:22
#4 0x6f60dd in AP4_Track::AP4_Track(AP4_SampleTable*, unsigned int, unsigned int, unsigned long long, unsigned int, unsigned long long, AP4_Track const*) /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Core/Ap4Track.cpp:183:22
#5 0x4cf67a in Fragment(AP4_File&, AP4_ByteStream&, AP4_Array<TrackCursor*>&, unsigned int, unsigned int, bool, bool, bool) /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Apps/Mp4Fragment/Mp4Fragment.cpp:360:39
#6 0x4cf67a in main /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Apps/Mp4Fragment/Mp4Fragment.cpp:1475:5
#7 0x7f80a5172082 in __libc_start_main /build/glibc-wuryBv/glibc-2.31/csu/../csu/libc-start.c:308:16
#8 0x41c90d in _start (/home/zt/cnvd/Bento4/Bento4-fuzzer/build/mp4fragment+0x41c90d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/glibc-wuryBv/glibc-2.31/string/../sysdeps/x86_64/multiarch/strlen-avx2.S:65
==1686304==ABORTING
Dear Bento4 developers, I used AFL++ to fuzz test Bento4 and found some problems.
To debug a program built with ASan, here is some output
Crash input:
poc.zip
poc1.zip
Validation steps
环境
The text was updated successfully, but these errors were encountered: