You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command-line ...).
Hi, there.
There is a segmentation fault caused by buffer overflow (overwrite) in svc_parse_slice, av_parsers.c:5788 in commit 592ba26.
This vulnerability is similar to the npd reported in #1898. However, this one is more serious since it allows memory manipulation.
Here is my environment, compiler info and gpac version:
Distributor ID: Ubuntu
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial
gcc: 5.4.0
MP4Box - GPAC version 1.1.0-DEV-rev1170-g592ba26-master
(c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io
MINI build (encoders, decoders, audio and video output disabled)
Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452
GPAC Configuration: --static-bin --enable-debug
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_FREETYPE GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_DISABLE_3D
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[AVC|H264] Warning: Error parsing NAL unit
[AVC|H264] Error parsing Sequence Param Set
[AVC|H264] Warning: Error parsing NAL unit
[AVC|H264] Error parsing Sequence Param Set
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[Core] exp-golomb read failed, not enough bits in bitstream !
[AVC|H264] Warning: Error parsing NAL unit
Segmentation fault (core dumped)
Here is the trace reported by gdb:
Stopped reason: SIGSEGV
gef➤ bt
#0 0x0000000000bccc05 in svc_parse_slice (si=0x7fffffff5020, avc=0x24ae050, bs=0x2491de0) at /mnt/data/playground/gpac/src/media_tools/av_parsers.c:5788
#1 gf_avc_parse_nalu (bs=0x2491de0, avc=0x24ae050) at /mnt/data/playground/gpac/src/media_tools/av_parsers.c:6062
#2 0x000000000144109d in naludmx_parse_nal_avc (is_islice=<synthetic pointer>, is_slice=<synthetic pointer>, skip_nal=<synthetic pointer>, nal_type=0x14, size=0x2c, data=0x24b84a1 "trak", ctx=0x24ada70) at /mnt/data/playground/gpac/src/filters/reframe_nalu.c:2348
#3 naludmx_process (filter=0x24a0bd0) at /mnt/data/playground/gpac/src/filters/reframe_nalu.c:2874
#4 0x0000000000fe4c18 in gf_filter_process_task (task=0x248e770) at /mnt/data/playground/gpac/src/filter_core/filter.c:2441
#5 0x0000000000f7b909 in gf_fs_thread_proc (sess_thread=sess_thread@entry=0x248c2b0) at /mnt/data/playground/gpac/src/filter_core/filter_session.c:1640
#6 0x0000000000f93558 in gf_fs_run (fsess=fsess@entry=0x248c220) at /mnt/data/playground/gpac/src/filter_core/filter_session.c:1877
#7 0x0000000000c18b4b in gf_media_import (importer=importer@entry=0x7fffffff5bf0) at /mnt/data/playground/gpac/src/media_tools/media_import.c:1178
#8 0x0000000000497345 in convert_file_info (inName=0x7fffffffe159 "tmp", trackID=0x0) at /mnt/data/playground/gpac/applications/mp4box/fileimport.c:128
#9 0x0000000000456aaa in mp4boxMain (argc=<optimized out>, argv=<optimized out>) at /mnt/data/playground/gpac/applications/mp4box/main.c:5925
#10 0x0000000001f06bb6 in generic_start_main ()
#11 0x0000000001f071a5 in __libc_start_main ()
#12 0x000000000041c4e9 in _start ()
The text was updated successfully, but these errors were encountered:
Hi, there.
There is a segmentation fault caused by buffer overflow (overwrite) in svc_parse_slice, av_parsers.c:5788 in commit 592ba26.

This vulnerability is similar to the npd reported in #1898. However, this one is more serious since it allows memory manipulation.
Here is my environment, compiler info and gpac version:
To reproduce, run
POC:
poc.zip
(unzip first)
Program output:
Here is the trace reported by gdb:
The text was updated successfully, but these errors were encountered: