Program received signal SIGSEGV, Segmentation fault.
0x000000000055aeee in gf_odf_avc_cfg_write_bs ()
(gdb) bt
#00x000000000055aeee in gf_odf_avc_cfg_write_bs ()
#10x000000000055b1ff in gf_odf_avc_cfg_write ()
#20x00000000004f9ba1 in AVC_RewriteESDescriptorEx ()
#30x00000000006cf2a8 in video_sample_entry_Read ()
#40x0000000000512ce5 in gf_isom_box_parse_ex ()
#50x000000000051333b in gf_isom_box_array_read_ex ()
#60x0000000000512ce5 in gf_isom_box_parse_ex ()
#70x000000000051333b in gf_isom_box_array_read_ex ()
#80x00000000006d09d0 in stbl_Read ()
#90x0000000000512ce5 in gf_isom_box_parse_ex ()
#100x000000000051333b in gf_isom_box_array_read_ex ()
#110x00000000006ce02b in minf_Read ()
#120x0000000000512ce5 in gf_isom_box_parse_ex ()
#130x000000000051333b in gf_isom_box_array_read_ex ()
#140x00000000006cd2f0 in mdia_Read ()
#150x0000000000512ce5 in gf_isom_box_parse_ex ()
#160x000000000051333b in gf_isom_box_array_read_ex ()
#170x00000000006d351d in trak_Read ()
#180x0000000000512ce5 in gf_isom_box_parse_ex ()
#190x000000000051333b in gf_isom_box_array_read_ex ()
#200x00000000006ce545 in moov_Read ()
#210x00000000005137e1 in gf_isom_box_parse_ex.constprop ()
#220x0000000000513e15 in gf_isom_parse_root_box ()
#230x000000000051b4fe in gf_isom_parse_movie_boxes.part ()
#240x000000000051c48c in gf_isom_open_file ()
#250x000000000041c082 in mp4boxMain ()
#260x00007ffff72ed830 in __libc_start_main (main=0x40eb70 <main>, argc=5, argv=0x7fffffffe318, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe308) at ../csu/libc-start.c:291
#270x000000000040eba9 in _start ()
ASAN info:
ASAN:SIGSEGV
=================================================================
==25871==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000000797a2b bp 0x60200000ed98 sp 0x7fffffff7230 T0)
#00x797a2a in gf_odf_avc_cfg_write_bs odf/descriptors.c:567
#10x79821e in gf_odf_avc_cfg_write odf/descriptors.c:631
#20x68b393 in AVC_RewriteESDescriptorEx isomedia/avc_ext.c:1063
#30xaddd66 in video_sample_entry_Read isomedia/box_code_base.c:4408
#40x6c3d6e in gf_isom_box_read isomedia/box_funcs.c:1528
#50x6c3d6e in gf_isom_box_parse_ex isomedia/box_funcs.c:208
#60x6c47bc in gf_isom_box_array_read_ex isomedia/box_funcs.c:1419
#70x6c3d6e in gf_isom_box_read isomedia/box_funcs.c:1528
#80x6c3d6e in gf_isom_box_parse_ex isomedia/box_funcs.c:208
#90x6c47bc in gf_isom_box_array_read_ex isomedia/box_funcs.c:1419
#100xae19df in stbl_Read isomedia/box_code_base.c:5381
#110x6c3d6e in gf_isom_box_read isomedia/box_funcs.c:1528
#120x6c3d6e in gf_isom_box_parse_ex isomedia/box_funcs.c:208
#130x6c47bc in gf_isom_box_array_read_ex isomedia/box_funcs.c:1419
#140xadb4fe in minf_Read isomedia/box_code_base.c:3500
#150x6c3d6e in gf_isom_box_read isomedia/box_funcs.c:1528
#160x6c3d6e in gf_isom_box_parse_ex isomedia/box_funcs.c:208
#170x6c47bc in gf_isom_box_array_read_ex isomedia/box_funcs.c:1419
#180xad96ef in mdia_Read isomedia/box_code_base.c:3021
#190x6c3d6e in gf_isom_box_read isomedia/box_funcs.c:1528
#200x6c3d6e in gf_isom_box_parse_ex isomedia/box_funcs.c:208
#210x6c47bc in gf_isom_box_array_read_ex isomedia/box_funcs.c:1419
#220xae8ad8 in trak_Read isomedia/box_code_base.c:7129
#230x6c3d6e in gf_isom_box_read isomedia/box_funcs.c:1528
#240x6c3d6e in gf_isom_box_parse_ex isomedia/box_funcs.c:208
#250x6c47bc in gf_isom_box_array_read_ex isomedia/box_funcs.c:1419
#260xadc064 in moov_Read isomedia/box_code_base.c:3745
#270x6c5114 in gf_isom_box_read isomedia/box_funcs.c:1528
#280x6c5114 in gf_isom_box_parse_ex isomedia/box_funcs.c:208
#290x6c5974 in gf_isom_parse_root_box isomedia/box_funcs.c:42
#300x6da6a0 in gf_isom_parse_movie_boxes isomedia/isom_intern.c:206
#310x6dd2f3 in gf_isom_parse_movie_boxes isomedia/isom_intern.c:194
#320x6dd2f3 in gf_isom_open_file isomedia/isom_intern.c:615
#330x42f88a in mp4boxMain /home/aota09/yyp/fuzzcompare/test/gpac/test-crash/build_asan_00dfc93/applications/mp4box/main.c:4767
#340x7ffff638082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#350x41e228 in _start (/home/aota09/yyp/fuzzcompare/test/gpac/test-crash/bin_asan/bin/MP4Box+0x41e228)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV odf/descriptors.c:567 gf_odf_avc_cfg_write_bs
==25871==ABORTING
Edit
This bug issue still exists in latest version 0.8.0: 4c19ae5 and 0.9.0: 1de1f8d
Addition: This bug was found with our fuzzer, which is based on AFL. Our fuzzer is developed by Yuanpingyu(cfenicey@gmail.com) 、Yanhao and Marsman1996(lqliuyuwei@outlook.com)
The text was updated successfully, but these errors were encountered:
Clingto
changed the title
AddressSanitizer: SEGV in gf_odf_avc_cfg_write_bs odf/descriptors.c:567
AddressSanitizer: NULL pointer dereference in gf_odf_avc_cfg_write_bs odf/descriptors.c:567
Dec 24, 2019
System info:
Ubuntu 16.04.6 LTS, X64, gcc 5.4.0, gpac (latest master 00dfc93)
Compile Command:
Run Command:
POC file:
https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-gf_odf_avc_cfg_write_bs
gdb info:
ASAN info:
Edit
This bug issue still exists in latest version 0.8.0: 4c19ae5 and 0.9.0: 1de1f8d
Addition: This bug was found with our fuzzer, which is based on AFL. Our fuzzer is developed by Yuanpingyu(cfenicey@gmail.com) 、Yanhao and Marsman1996(lqliuyuwei@outlook.com)
The text was updated successfully, but these errors were encountered: