Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

buffer overflow issue 8# #1205

Closed
niugx opened this issue Feb 13, 2019 · 1 comment
Closed

buffer overflow issue 8# #1205

niugx opened this issue Feb 13, 2019 · 1 comment

Comments

@niugx
Copy link

niugx commented Feb 13, 2019

there is a buffer overflow issue for crypt feature when use a crafted_drm_file.xml file.

overflow occur when use a crafted ID128 value.

root@ubuntu:/opt/niugx/cov_product/gpac/gpac-master/bin/gcc# gdb ./MP4Box
(gdb) set args -crypt drm_file.xml overview.mp4 -out overview_encrypted.mp4
(gdb) r
Starting program: /opt/niugx/cov_product/gpac/gpac-master/bin/gcc/MP4Box -crypt drm_file.xml overview.mp4 -out overview_encrypted.mp4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[CORE] 128bit blob is not 16-bytes long: 6770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C31
[XML/NHML] Cannot parse ID128
*** stack smashing detected ***: /opt/niugx/cov_product/gpac/gpac-master/bin/gcc/MP4Box terminated

Program received signal SIGABRT, Aborted.
0x00007ffff725bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff725bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff725f028 in __GI_abort () at abort.c:89
#2 0x00007ffff72982a4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff73a4113 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff732fbbc in __GI___fortify_fail (msg=, msg@entry=0x7ffff73a40fb "stack smashing detected") at fortify_fail.c:38
#4 0x00007ffff732fb60 in __stack_chk_fail () at stack_chk_fail.c:28
#5 0x00007ffff7664910 in gf_xml_parse_bit_sequence_bs (bsroot=0x6950d0, bs=0x695200) at utils/xml_parser.c:2173
#6 0x00007ffff766495f in gf_xml_parse_bit_sequence (bsroot=0x6950d0, data=0x7ffffffbdcb8, data_size=0x7ffffffbdc84) at utils/xml_parser.c:2181
#7 0x00007ffff7954e85 in gf_cenc_parse_drm_system_info (mp4=0x670c20, drm_file=0x7fffffffe7db "drm_file.xml") at media_tools/ismacryp.c:2817
#8 0x00007ffff79553ec in gf_crypt_file (mp4=0x670c20, drm_file=0x7fffffffe7db "drm_file.xml") at media_tools/ismacryp.c:2898
#9 0x000000000042188c in mp4boxMain (argc=6, argv=0x7fffffffe548) at main.c:5202
#10 0x0000000000423d05 in main (argc=6, argv=0x7fffffffe548) at main.c:5712

Guoxiang Niu, EaglEye Team

aureliendavid added a commit that referenced this issue Apr 11, 2019
@niugx
Copy link
Author

niugx commented Apr 19, 2019

Fixed.

Patch:
f3698bb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant