You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
A heap-buffer-overflow has occurred when running program MP4Box,this can reproduce on the lattest commit.
System info:
Ubuntu 20.04.1 : clang 10.0.0 , gcc 9.3.0
Verification steps:
1.Get the source code of gpac
2.Compile
cd gpac-master
CC=gcc CXX=g++ CFLAGS="-fsanitize=address" CXXFLAGS="-fsanitize=address" ./configure
make
3.run MP4Box
./MP4Box -hint poc -out /dev/null
asan info
=================================================================
==47156==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000001892 at pc 0x7f5f1dea9b2c bp 0x7ffe02fd8810 sp 0x7ffe02fd8800
READ of size 1 at 0x602000001892 thread T0
#0 0x7f5f1dea9b2b in gp_rtp_builder_do_tx3g ietf/rtp_pck_3gpp.c:399
#1 0x7f5f1e76148a in gf_hinter_track_process media_tools/isom_hinter.c:808
#2 0x5622a222ce2b in HintFile /home/.../gpac/gpac-master/applications/mp4box/main.c:3499
#3 0x5622a2243d54 in mp4boxMain /home/.../gpac/gpac-master/applications/mp4box/main.c:6297
#4 0x7f5f1d3990b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#5 0x5622a21f6f1d in _start (/home/.../gpac/gpac-master/bin/gcc/MP4Box+0x48f1d)
0x602000001892 is located 0 bytes to the right of 2-byte region [0x602000001890,0x602000001892)
allocated by thread T0 here:
#0 0x7f5f20277bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
#1 0x7f5f1e29d6cd in Media_GetSample isomedia/media.c:617
SUMMARY: AddressSanitizer: heap-buffer-overflow ietf/rtp_pck_3gpp.c:399 in gp_rtp_builder_do_tx3g
Shadow bytes around the buggy address:
0x0c047fff82c0: fa fa fd fd fa fa 00 00 fa fa 00 00 fa fa fd fd
0x0c047fff82d0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd
0x0c047fff82e0: fa fa fd fa fa fa 00 00 fa fa 00 00 fa fa 00 00
0x0c047fff82f0: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
0x0c047fff8300: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
=>0x0c047fff8310: fa fa[02]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8330: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8340: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8350: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8360: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==47156==ABORTING
source code
396 pay_start = 2;
397 if (txt_size>2) {
398 /*seems 3GP only accepts BE UTF-16 (no LE, no UTF32)*/
399 if (((u8) data[2]==(u8) 0xFE) && ((u8) data[3]==(u8) 0xFF)) {
400 is_utf_16 = GF_TRUE;
401 pay_start = 4;
402 txt_size -= 2;
403 }
404 }
405 samp_size = data_size - pay_start;
The text was updated successfully, but these errors were encountered:
Hello,
A heap-buffer-overflow has occurred when running program MP4Box,this can reproduce on the lattest commit.
System info:
Ubuntu 20.04.1 : clang 10.0.0 , gcc 9.3.0
poc1.zip
Verification steps:
1.Get the source code of gpac
2.Compile
3.run MP4Box
asan info
source code
The text was updated successfully, but these errors were encountered: