==12341==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300000efb0 at pc 0x00000098190d bp 0x7ffd5d0bb3c0 sp 0x7ffd5d0bb3b0
WRITE of size 2 at 0x60300000efb0 thread T0
#0 0x98190c in gf_m2ts_process_pmt /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:2183
#1 0x970944 in gf_m2ts_section_complete /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:1610
#2 0x971fa2 in gf_m2ts_gather_section /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:1740
#3 0x97991c in gf_m2ts_process_packet /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:3446
#4 0x97991c in gf_m2ts_process_data /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:3507
#5 0x986f65 in gf_m2ts_probe_file /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:4641
#6 0x963fa9 in gf_media_import /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/media_import.c:10998
#7 0x45b475 in convert_file_info /home/dungnguyen/gueb-testing/gpac-head/applications/mp4box/fileimport.c:124
#8 0x43ac0c in mp4boxMain /home/dungnguyen/gueb-testing/gpac-head/applications/mp4box/main.c:4804
#9 0x7f58ce76782f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#10 0x421eb8 in _start (/home/dungnguyen/PoCs/gpac_987169b/MP4Box-asan+0x421eb8)
0x60300000efb0 is located 0 bytes inside of 26-byte region [0x60300000efb0,0x60300000efca)
freed by thread T0 here:
#0 0x7f58d022d961 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98961)
#1 0x972421 in gf_m2ts_gather_section /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:1730
previously allocated by thread T0 here:
#0 0x7f58d022d602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x972081 in gf_m2ts_gather_section /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:1705
Thanks,
Manh Dung
The text was updated successfully, but these errors were encountered:
Hi,
Our fuzzer found an UAF on MP4Box (the latest commit 987169b on master).
PoC: https://github.com/strongcourage/PoCs/blob/master/gpac_987169b/PoC_uaf_mpegts.c:2183
Command: MP4Box -info $PoC
ASAN says:
Thanks,
Manh Dung
The text was updated successfully, but these errors were encountered: