Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stack buffer overflow in MP4Box at src/filters/dmx_nhml.c in nhmldmx_init_parsing #1909

Closed
3 tasks done
AntsKnows opened this issue Sep 7, 2021 · 0 comments
Closed
3 tasks done

Comments

@AntsKnows
Copy link

  • I looked for a similar issue and couldn't find any.
  • I tried with the latest version of GPAC. Installers available at http://gpac.io/downloads/gpac-nightly-builds/
  • I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command-line ...).

Step to reproduce:

1.get latest commit code (GPAC version 1.1.0-DEV-rev1221-gd626acad8-master)
2.compile with --enable-sanitizer
3.make 5 dirs which every of them has a large name(length=255), this makes the file's abs-path lengh larger than 1024, we called it large.nhml
4.run MP4Box -add {path to large.nhml} -new new.mp4
Env:
Ubunut 20.04 , clang 12.0.1

My cmd line an ASAN report
MP4Box -add ~/12341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341231234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123/12341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341231234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123/12341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341231234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123/12341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341231234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123/12341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341231234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123/large.nhml -new new.mp4

ASAN report:

=336368==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc4519e5a8 at pc 0x000000491bf8 bp 0x7ffc4519e030 sp 0x7ffc4519d7f0
WRITE of size 2564 at 0x7ffc4519e5a8 thread T0
    #0 0x491bf7 in __interceptor_strcpy (/home/lly/pro/gpac_asan/bin/gcc/MP4Box+0x491bf7)
    #1 0x7f4bfc71ad1b in nhmldmx_init_parsing dmx_nhml.c
    #2 0x7f4bfc7161c1 in nhmldmx_process (/home/lly/pro/gpac_asan/bin/gcc/libgpac.so.10+0xfb91c1)
    #3 0x7f4bfc6454f7 in gf_filter_process_task filter.c
    #4 0x7f4bfc6275a5 in gf_fs_thread_proc filter_session.c
    #5 0x7f4bfc626aa0 in gf_fs_run (/home/lly/pro/gpac_asan/bin/gcc/libgpac.so.10+0xec9aa0)
    #6 0x7f4bfc150959 in gf_media_import (/home/lly/pro/gpac_asan/bin/gcc/libgpac.so.10+0x9f3959)
    #7 0x526c94 in import_file (/home/lly/pro/gpac_asan/bin/gcc/MP4Box+0x526c94)
    #8 0x4eb8b6 in do_add_cat main.c
    #9 0x4e7c66 in mp4boxMain (/home/lly/pro/gpac_asan/bin/gcc/MP4Box+0x4e7c66)
    #10 0x7f4bfb3d90b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #11 0x429a4d in _start (/home/lly/pro/gpac_asan/bin/gcc/MP4Box+0x429a4d)

Address 0x7ffc4519e5a8 is located in stack of thread T0 at offset 1384 in frame
    #0 0x7f4bfc71a56f in nhmldmx_init_parsing dmx_nhml.c

  This frame has 141 object(s):

Maybe fix for issue 1908 dose not consider this situation that there is a stack buffer overflow in nhmldmx_init_parsing

@jeanlf jeanlf closed this as completed in ae28282 Sep 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant