New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
3 UAF bugs in box_funcs.c #1440
Comments
2) UAF Bug 2PoC: https://github.com/strongcourage/PoCs/blob/master/gpac_56eaea8/uaf2 ASAN says: |
3) UAF Bug 3PoC: https://github.com/strongcourage/PoCs/blob/master/gpac_56eaea8/uaf3 ASAN says: |
aureliendavid
added a commit
that referenced
this issue
Mar 26, 2020
|
Hi, This should be fixed by the commit above. You can close the issue if you confirm it fixed. Thanks for the report. |
|
Hi Aurelien, Thanks for your patch. I do confirm that those UAF bugs have been fixed completely. Best. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Hi GPAC Team,
I found 3 new UAF bugs on the lastest commit 56eaea8 of GPAC version 0.8.0.
I think it is probably due to an imcomplete fix of the UAF bug #1340. Actually, these new bugs share the same buggy function which is
gf_isom_box_del()in src/isomedia/box_funcs.c with #1340, but have different alloc functionesds_New()insrc/isomedia/box_code_base.c(instead ofstco_New()).Command:
MP4Box -info $POCorMP4Box -diso $POC1) UAF Bug 1
PoC: https://github.com/strongcourage/PoCs/blob/master/gpac_56eaea8/uaf1
ASAN says:
The text was updated successfully, but these errors were encountered: