You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
there is a buffer overflow issue for crypt feature when use a crafted_drm_file.xml file.
overflow occur when use a crafted key value.
root@ubuntu:/opt/niugx/cov_product/gpac/gpac-master/bin/gcc# gdb ./MP4Box
(gdb) set args -crypt crafted_drm_file.xml overview.mp4 -out overview_encrypted.mp4
(gdb) r
Starting program: /opt/niugx/cov_product/gpac/gpac-master/bin/gcc/MP4Box -crypt crafted_drm_file.xml overview.mp4 -out overview_encrypted.mp4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[CORE] 128bit blob is not 16-bytes long: 5544694d47473326622665665a396b3611111111111111111111111111111111111111111111111111111111111111111111111111111111
[CENC] Cannnot parse key value
*** Error in `/opt/niugx/cov_product/gpac/gpac-master/bin/gcc/MP4Box': free(): corrupted unsorted chunks: 0x0000000000692030 ***
Program received signal SIGABRT, Aborted.
0x00007ffff725bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff725bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007ffff725f028 in __GI_abort () at abort.c:89 #2 0x00007ffff72982a4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff73a66b0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007ffff72a455e in malloc_printerr (ptr=, str=0x7ffff73a6800 "free(): corrupted unsorted chunks", action=1) at malloc.c:4996 #4 _int_free (av=, p=, have_lock=0) at malloc.c:3840 #5 0x00007ffff6812e1b in inflateEnd () from /lib/x86_64-linux-gnu/libz.so.1 #6 0x00007ffff68183d9 in gzclose_r () from /lib/x86_64-linux-gnu/libz.so.1 #7 0x00007ffff76609fd in xml_sax_read_file (parser=0x68ba30) at utils/xml_parser.c:1177 #8 0x00007ffff7660db2 in gf_xml_sax_parse_file (parser=0x68ba30, fileName=0x7fffffffe7d3 "crafted_drm_file.xml", OnProgress=0x0) at utils/xml_parser.c:1269 #9 0x00007ffff794c69a in load_crypt_file (file=0x7fffffffe7d3 "crafted_drm_file.xml") at media_tools/ismacryp.c:388 #10 0x00007ffff79552ad in gf_crypt_file (mp4=0x670c20, drm_file=0x7fffffffe7d3 "crafted_drm_file.xml") at media_tools/ismacryp.c:2882 #11 0x000000000042188c in mp4boxMain (argc=6, argv=0x7fffffffe548) at main.c:5202 #12 0x0000000000423d05 in main (argc=6, argv=0x7fffffffe548) at main.c:5712
(gdb)
Guoxiang Niu, EaglEye Team
The text was updated successfully, but these errors were encountered:
there is a buffer overflow issue for crypt feature when use a crafted_drm_file.xml file.
overflow occur when use a crafted key value.
root@ubuntu:/opt/niugx/cov_product/gpac/gpac-master/bin/gcc# gdb ./MP4Box
(gdb) set args -crypt crafted_drm_file.xml overview.mp4 -out overview_encrypted.mp4
(gdb) r
Starting program: /opt/niugx/cov_product/gpac/gpac-master/bin/gcc/MP4Box -crypt crafted_drm_file.xml overview.mp4 -out overview_encrypted.mp4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[CORE] 128bit blob is not 16-bytes long: 5544694d47473326622665665a396b3611111111111111111111111111111111111111111111111111111111111111111111111111111111
[CENC] Cannnot parse key value
*** Error in `/opt/niugx/cov_product/gpac/gpac-master/bin/gcc/MP4Box': free(): corrupted unsorted chunks: 0x0000000000692030 ***
Program received signal SIGABRT, Aborted.
0x00007ffff725bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff725bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff725f028 in __GI_abort () at abort.c:89
#2 0x00007ffff72982a4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff73a66b0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff72a455e in malloc_printerr (ptr=, str=0x7ffff73a6800 "free(): corrupted unsorted chunks", action=1) at malloc.c:4996
#4 _int_free (av=, p=, have_lock=0) at malloc.c:3840
#5 0x00007ffff6812e1b in inflateEnd () from /lib/x86_64-linux-gnu/libz.so.1
#6 0x00007ffff68183d9 in gzclose_r () from /lib/x86_64-linux-gnu/libz.so.1
#7 0x00007ffff76609fd in xml_sax_read_file (parser=0x68ba30) at utils/xml_parser.c:1177
#8 0x00007ffff7660db2 in gf_xml_sax_parse_file (parser=0x68ba30, fileName=0x7fffffffe7d3 "crafted_drm_file.xml", OnProgress=0x0) at utils/xml_parser.c:1269
#9 0x00007ffff794c69a in load_crypt_file (file=0x7fffffffe7d3 "crafted_drm_file.xml") at media_tools/ismacryp.c:388
#10 0x00007ffff79552ad in gf_crypt_file (mp4=0x670c20, drm_file=0x7fffffffe7d3 "crafted_drm_file.xml") at media_tools/ismacryp.c:2882
#11 0x000000000042188c in mp4boxMain (argc=6, argv=0x7fffffffe548) at main.c:5202
#12 0x0000000000423d05 in main (argc=6, argv=0x7fffffffe548) at main.c:5712
(gdb)
Guoxiang Niu, EaglEye Team
The text was updated successfully, but these errors were encountered: