Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A NULL pointer dereference in the function SetupWriters isomedia/isom_store.c:171 #1659

Closed
Clingto opened this issue Dec 15, 2020 · 0 comments

Comments

@Clingto
Copy link

Clingto commented Dec 15, 2020

System info:
Ubuntu 16.04.6 LTS, X64, gcc 5.4.0, gpac (latest master c4f8bc6 and the latest V1.0.1 d8538e8)

I think it is probably due to an imcomplete fix of #1485

Compile Command:

$ CC="gcc -fsanitize=address -g" CXX="g++ -fsanitize=address -g" ./configure --static-mp4box --extra-ldflags="-ldl -g"
$ make

Run Command:

$ MP4Box -hint $SetupWriters-null-pointer -out /dev/null 

POC file:
https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-c4f8bc6e_poc/SetupWriters-null-pointer

gdb info:

                                               
Program received signal SIGSEGV, Segmentation fault.
0x00000000005570be in SetupWriters ()
(gdb) bt
#0  0x00000000005570be in SetupWriters ()
#1  0x0000000000559c36 in WriteInterleaved ()
#2  0x000000000055a57f in WriteToFile ()
#3  0x000000000054d70f in gf_isom_write ()
#4  0x000000000054d893 in gf_isom_close ()
#5  0x00000000004171c3 in mp4boxMain ()
#6  0x00007ffff6ec7840 in __libc_start_main (main=0x409dc0 <main>, argc=5, argv=0x7fffffffdf78, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdf68) at ../csu/libc-start.c:291
#7  0x0000000000409df9 in _start ()

ASAN info:

ASAN:SIGSEGV
=================================================================
==27206==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000028 (pc 0x000000778288 bp 0x7ffccf34fdd0 sp 0x7ffccf34fd40 T0)
    #0 0x778287 in SetupWriters isomedia/isom_store.c:171
    #1 0x77fd9c in WriteInterleaved isomedia/isom_store.c:1611
    #2 0x7811f2 in WriteToFile isomedia/isom_store.c:1885
    #3 0x75ba6e in gf_isom_write isomedia/isom_read.c:592
    #4 0x75bf43 in gf_isom_close isomedia/isom_read.c:616
    #5 0x42c0c0 in mp4boxMain /opt/data/yyp/fuzzsequence/test/0-day/SRC_asan/applications/mp4box/main.c:6718
    #6 0x7f218ddaf83f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
    #7 0x417638 in _start (/opt/data/yyp/fuzzsequence/test/0-day/SRC_asan/build/bin/MP4Box+0x417638)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV isomedia/isom_store.c:171 SetupWriters
==27206==ABORTING

Addition: This bug was found with our fuzzer, which is based on AFL. Our fuzzer is developed by Yuanpingyu(cfenicey@gmail.com) 、Xiangkun Jia(xiangkun@iscas.ac.cn) 、Marsman1996(lqliuyuwei@outlook.com) and Yanhao.

@jeanlf jeanlf closed this as completed in dae9900 Jan 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant