/home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:3089:23: runtime error: left shift of 128 by 24 places cannot be represented in type 'int'
Valgrind says:
==21951== Invalid read of size 1
==21951== at 0xBC1380: gf_m2ts_process_pmt (mpegts.c:2236)
==21951== by 0xBAD409: gf_m2ts_section_complete (mpegts.c:1610)
==21951== by 0xBAE791: gf_m2ts_gather_section.isra.14 (mpegts.c:1740)
==21951== by 0xBB8FFF: gf_m2ts_process_packet (mpegts.c:3446)
==21951== by 0xBB8FFF: gf_m2ts_process_data (mpegts.c:3507)
==21951== by 0xBD3B58: gf_m2ts_probe_file (mpegts.c:4641)
==21951== by 0xB9B594: gf_media_import (media_import.c:10998)
==21951== by 0x49B08B: convert_file_info (fileimport.c:124)
==21951== by 0x4621D5: mp4boxMain (main.c:4804)
==21951== by 0x57BC82F: (below main) (libc-start.c:291)
==21951== Address 0x5d8c465 is 0 bytes after a block of size 5 alloc'd
==21951== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21951== by 0xBAB2FA: gf_m2ts_section_complete (mpegts.c:1550)
==21951== by 0xBAE791: gf_m2ts_gather_section.isra.14 (mpegts.c:1740)
==21951== by 0xBB8FFF: gf_m2ts_process_packet (mpegts.c:3446)
==21951== by 0xBB8FFF: gf_m2ts_process_data (mpegts.c:3507)
==21951== by 0xBD3B58: gf_m2ts_probe_file (mpegts.c:4641)
==21951== by 0xB9B594: gf_media_import (media_import.c:10998)
==21951== by 0x49B08B: convert_file_info (fileimport.c:124)
==21951== by 0x4621D5: mp4boxMain (main.c:4804)
==21951== by 0x57BC82F: (below main) (libc-start.c:291)
Thanks,
Manh Dung
The text was updated successfully, but these errors were encountered:
Hi,
Our fuzzer found a crash on MP4Box (the latest commit 987169b on master).
PoC: https://github.com/strongcourage/PoCs/blob/master/gpac_987169b/PoC_re_mpegts.c:2236
Command: MP4Box -info $PoC
ASAN says:
Valgrind says:
Thanks,
Manh Dung
The text was updated successfully, but these errors were encountered: