Closed
Description
Hi,
Our fuzzer found a crash on MP4Box (the latest commit 987169b on master).
PoC: https://github.com/strongcourage/PoCs/blob/master/gpac_987169b/PoC_segv_gf_odf_delete_descriptor
Command: MP4Box -diso $PoC
ASAN says:
==26490==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000ff00 (pc 0x000000c3ef6d bp 0x60800000bfa0 sp 0x7fffe837bf90 T0)
#0 0xc3ef6c in gf_odf_delete_descriptor /home/dungnguyen/gueb-testing/gpac-head/src/odf/desc_private.c:164
#1 0x848f20 in gf_odf_del_esd /home/dungnguyen/gueb-testing/gpac-head/src/odf/odf_code.c:156
#2 0x980a2e in gf_m2ts_process_pmt /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:2186
#3 0x970944 in gf_m2ts_section_complete /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:1610
#4 0x971fa2 in gf_m2ts_gather_section /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:1740
#5 0x97991c in gf_m2ts_process_packet /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:3446
#6 0x97991c in gf_m2ts_process_data /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:3507
#7 0x986f65 in gf_m2ts_probe_file /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/mpegts.c:4641
#8 0x963fa9 in gf_media_import /home/dungnguyen/gueb-testing/gpac-head/src/media_tools/media_import.c:10998
#9 0x45b475 in convert_file_info /home/dungnguyen/gueb-testing/gpac-head/applications/mp4box/fileimport.c:124
#10 0x43ac0c in mp4boxMain /home/dungnguyen/gueb-testing/gpac-head/applications/mp4box/main.c:4804
#11 0x7f94de37a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#12 0x421eb8 in _start (/home/dungnguyen/PoCs/gpac_987169b/MP4Box-asan+0x421eb8)
Thanks,
Manh Dung
Metadata
Metadata
Assignees
Labels
No labels