Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ERROR: AddressSanitizer: NULL pointer dereference in ilst_item_Read isomedia/box_code_apple.c:119 #1338

Closed
Clingto opened this issue Nov 9, 2019 · 4 comments

Comments

@Clingto
Copy link

Clingto commented Nov 9, 2019

Hello, I found a similar issue but I am not sure they are the same.
#1263

System info:
Ubuntu 16.04.6 LTS, X64, gcc 5.4.0, gpac (latest master 00dfc93)
Compile Command:

$ CC="gcc -fsanitize=address -g" CXX="g++ -fsanitize=address -g" ./configure --static-mp4box
$ make

Run Command:

$ MP4Box -diso -out /dev/null $POC-new-ilst_item_Read

POC file:
https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-ilst_item_Read

gdb info:

Program received signal SIGSEGV, Segmentation fault.
0x00000000006c499d in ilst_item_Read ()
(gdb) bt
#0  0x00000000006c499d in ilst_item_Read ()
#1  0x00000000005137e1 in gf_isom_box_parse_ex.constprop ()
#2  0x0000000000513e15 in gf_isom_parse_root_box ()
#3  0x000000000051b4fe in gf_isom_parse_movie_boxes.part ()
#4  0x000000000051c48c in gf_isom_open_file ()
#5  0x000000000041c082 in mp4boxMain ()
#6  0x00007ffff72ed830 in __libc_start_main (main=0x40eb70 <main>, argc=5, argv=0x7fffffffe318, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe308) at ../csu/libc-start.c:291
#7  0x000000000040eba9 in _start ()

ASAN info:

ASAN:SIGSEGV
=================================================================
==27902==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000000ac4185 bp 0x7fffffff8230 sp 0x7fffffff8220 T0)
    #0 0xac4184 in ilst_item_Read isomedia/box_code_apple.c:119
    #1 0x6c5114 in gf_isom_box_read isomedia/box_funcs.c:1528
    #2 0x6c5114 in gf_isom_box_parse_ex isomedia/box_funcs.c:208
    #3 0x6c5974 in gf_isom_parse_root_box isomedia/box_funcs.c:42
    #4 0x6da6a0 in gf_isom_parse_movie_boxes isomedia/isom_intern.c:206
    #5 0x6dd2f3 in gf_isom_parse_movie_boxes isomedia/isom_intern.c:194
    #6 0x6dd2f3 in gf_isom_open_file isomedia/isom_intern.c:615
    #7 0x42f88a in mp4boxMain /home/aota09/yyp/fuzzcompare/test/gpac/test-crash/build_asan_00dfc93/applications/mp4box/main.c:4767
    #8 0x7ffff638082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #9 0x41e228 in _start (/home/aota09/yyp/fuzzcompare/test/gpac/test-crash/bin_asan/bin/MP4Box+0x41e228)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV isomedia/box_code_apple.c:119 ilst_item_Read
==27902==ABORTING

Edit

This bug issue still exists in latest version 0.8.0: 4c19ae5 and 0.9.0: 1de1f8d


Addition: This bug was found with our fuzzer, which is based on AFL. Our fuzzer is developed by Yuanpingyu(cfenicey@gmail.com) 、Yanhao and Marsman1996(lqliuyuwei@outlook.com)

@Clingto Clingto changed the title ERROR: AddressSanitizer: SEGV in ilst_item_Read isomedia/box_code_apple.c:119 ERROR: AddressSanitizer: NULL pointer dereference in ilst_item_Read isomedia/box_code_apple.c:119 Dec 24, 2019
@carnil
Copy link

carnil commented Dec 31, 2019

CVE-2019-20165 was assigned for this issue.

@NicoleG25
Copy link

Is there any plan to address this vulnerability ? @jeanlf

@aureliendavid
Copy link
Contributor

if time allows I plan to take a look at opened CVEs in the coming week

aureliendavid added a commit that referenced this issue Jan 8, 2020
@aureliendavid
Copy link
Contributor

Thanks for the report.

This should be fixed in master / 0.8.0 as of the above commit.

It will be included in filters / 0.9.0 in the next merge.

Feel free to reopen the issue if necessary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants