Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

a heap-buffer-overflow in GPMF_parser.c line 129 in functions GPMF_Validate #31

Closed
Edward-L opened this issue Jun 29, 2018 · 1 comment

Comments

@Edward-L
Copy link

a heap-buffer-overflow in GPMF_parser.c line 129 in functions GPMF_Validate

asan report

=================================================================
==126379==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62300000f900 at pc 0x402d7c bp 0x7ffedf84d6e0 sp 0x7ffedf84d6d8
READ of size 4 at 0x62300000f900 thread T0
    #0 0x402d7b in GPMF_Validate ../GPMF_parser.c:129
    #1 0x401425 in main /opt/lxf/gpmf-parser-master/demo/GPMF_demo.c:71
    #2 0x7f3595eb8f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #3 0x401108 (/opt/lxf/gpmf-parser-master/demo/gpmfdemo_asan+0x401108)

0x62300000f900 is located 0 bytes to the right of 6144-byte region [0x62300000e100,0x62300000f900)
allocated by thread T0 here:
    #0 0x7f35962b4b0a in __interceptor_realloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54b0a)
    #1 0x429352 in GetGPMFPayload /opt/lxf/gpmf-parser-master/demo/GPMF_mp4reader.c:86
    #2 0x4013c8 in main /opt/lxf/gpmf-parser-master/demo/GPMF_demo.c:62
    #3 0x7f3595eb8f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: heap-buffer-overflow ../GPMF_parser.c:129 GPMF_Validate
Shadow bytes around the buggy address:
  0x0c467fff9ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c467fff9ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c467fff9ef0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c467fff9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c467fff9f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c467fff9f20:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c467fff9f30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c467fff9f40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c467fff9f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c467fff9f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c467fff9f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==126379==ABORTING

poc

@dnewman-gpsw
Copy link
Collaborator

I just pushed changes address this report.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants