there is a buffer overflow issue for crypt feature when use a crafted_drm_file.xml file.
overflow occur when use a crafted ID128 value.
root@ubuntu:/opt/niugx/cov_product/gpac/gpac-master/bin/gcc# gdb ./MP4Box
(gdb) set args -crypt drm_file.xml overview.mp4 -out overview_encrypted.mp4
(gdb) r
Starting program: /opt/niugx/cov_product/gpac/gpac-master/bin/gcc/MP4Box -crypt drm_file.xml overview.mp4 -out overview_encrypted.mp4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[CORE] 128bit blob is not 16-bytes long: 6770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C31
[XML/NHML] Cannot parse ID128
*** stack smashing detected ***: /opt/niugx/cov_product/gpac/gpac-master/bin/gcc/MP4Box terminated
Program received signal SIGABRT, Aborted.
0x00007ffff725bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff725bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007ffff725f028 in __GI_abort () at abort.c:89 #2 0x00007ffff72982a4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff73a4113 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007ffff732fbbc in __GI___fortify_fail (msg=, msg@entry=0x7ffff73a40fb "stack smashing detected") at fortify_fail.c:38 #4 0x00007ffff732fb60 in __stack_chk_fail () at stack_chk_fail.c:28 #5 0x00007ffff7664910 in gf_xml_parse_bit_sequence_bs (bsroot=0x6950d0, bs=0x695200) at utils/xml_parser.c:2173 #6 0x00007ffff766495f in gf_xml_parse_bit_sequence (bsroot=0x6950d0, data=0x7ffffffbdcb8, data_size=0x7ffffffbdc84) at utils/xml_parser.c:2181 #7 0x00007ffff7954e85 in gf_cenc_parse_drm_system_info (mp4=0x670c20, drm_file=0x7fffffffe7db "drm_file.xml") at media_tools/ismacryp.c:2817 #8 0x00007ffff79553ec in gf_crypt_file (mp4=0x670c20, drm_file=0x7fffffffe7db "drm_file.xml") at media_tools/ismacryp.c:2898 #9 0x000000000042188c in mp4boxMain (argc=6, argv=0x7fffffffe548) at main.c:5202 #10 0x0000000000423d05 in main (argc=6, argv=0x7fffffffe548) at main.c:5712
Guoxiang Niu, EaglEye Team
The text was updated successfully, but these errors were encountered:
there is a buffer overflow issue for crypt feature when use a crafted_drm_file.xml file.
overflow occur when use a crafted ID128 value.
root@ubuntu:/opt/niugx/cov_product/gpac/gpac-master/bin/gcc# gdb ./MP4Box
(gdb) set args -crypt drm_file.xml overview.mp4 -out overview_encrypted.mp4
(gdb) r
Starting program: /opt/niugx/cov_product/gpac/gpac-master/bin/gcc/MP4Box -crypt drm_file.xml overview.mp4 -out overview_encrypted.mp4
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[CORE] 128bit blob is not 16-bytes long: 6770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C316770616363656E6364726D746F6F6C31
[XML/NHML] Cannot parse ID128
*** stack smashing detected ***: /opt/niugx/cov_product/gpac/gpac-master/bin/gcc/MP4Box terminated
Program received signal SIGABRT, Aborted.
0x00007ffff725bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff725bc37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff725f028 in __GI_abort () at abort.c:89
#2 0x00007ffff72982a4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff73a4113 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff732fbbc in __GI___fortify_fail (msg=, msg@entry=0x7ffff73a40fb "stack smashing detected") at fortify_fail.c:38
#4 0x00007ffff732fb60 in __stack_chk_fail () at stack_chk_fail.c:28
#5 0x00007ffff7664910 in gf_xml_parse_bit_sequence_bs (bsroot=0x6950d0, bs=0x695200) at utils/xml_parser.c:2173
#6 0x00007ffff766495f in gf_xml_parse_bit_sequence (bsroot=0x6950d0, data=0x7ffffffbdcb8, data_size=0x7ffffffbdc84) at utils/xml_parser.c:2181
#7 0x00007ffff7954e85 in gf_cenc_parse_drm_system_info (mp4=0x670c20, drm_file=0x7fffffffe7db "drm_file.xml") at media_tools/ismacryp.c:2817
#8 0x00007ffff79553ec in gf_crypt_file (mp4=0x670c20, drm_file=0x7fffffffe7db "drm_file.xml") at media_tools/ismacryp.c:2898
#9 0x000000000042188c in mp4boxMain (argc=6, argv=0x7fffffffe548) at main.c:5202
#10 0x0000000000423d05 in main (argc=6, argv=0x7fffffffe548) at main.c:5712
Guoxiang Niu, EaglEye Team
The text was updated successfully, but these errors were encountered: