Skip to content

Stack buffer overflow in MP4Box at src/filters/dmx_nhml.c in nhmldmx_init_parsing #1909

Closed
@AntsKnows

Description

@AntsKnows
  • I looked for a similar issue and couldn't find any.
  • I tried with the latest version of GPAC. Installers available at http://gpac.io/downloads/gpac-nightly-builds/
  • I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command-line ...).

Step to reproduce:

1.get latest commit code (GPAC version 1.1.0-DEV-rev1221-gd626acad8-master)
2.compile with --enable-sanitizer
3.make 5 dirs which every of them has a large name(length=255), this makes the file's abs-path lengh larger than 1024, we called it large.nhml
4.run MP4Box -add {path to large.nhml} -new new.mp4
Env:
Ubunut 20.04 , clang 12.0.1

My cmd line an ASAN report
MP4Box -add ~/12341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341231234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123/12341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341231234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123/12341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341231234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123/12341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341231234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123/12341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341231234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123/large.nhml -new new.mp4

ASAN report:

=336368==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc4519e5a8 at pc 0x000000491bf8 bp 0x7ffc4519e030 sp 0x7ffc4519d7f0
WRITE of size 2564 at 0x7ffc4519e5a8 thread T0
    #0 0x491bf7 in __interceptor_strcpy (/home/lly/pro/gpac_asan/bin/gcc/MP4Box+0x491bf7)
    #1 0x7f4bfc71ad1b in nhmldmx_init_parsing dmx_nhml.c
    #2 0x7f4bfc7161c1 in nhmldmx_process (/home/lly/pro/gpac_asan/bin/gcc/libgpac.so.10+0xfb91c1)
    #3 0x7f4bfc6454f7 in gf_filter_process_task filter.c
    #4 0x7f4bfc6275a5 in gf_fs_thread_proc filter_session.c
    #5 0x7f4bfc626aa0 in gf_fs_run (/home/lly/pro/gpac_asan/bin/gcc/libgpac.so.10+0xec9aa0)
    #6 0x7f4bfc150959 in gf_media_import (/home/lly/pro/gpac_asan/bin/gcc/libgpac.so.10+0x9f3959)
    #7 0x526c94 in import_file (/home/lly/pro/gpac_asan/bin/gcc/MP4Box+0x526c94)
    #8 0x4eb8b6 in do_add_cat main.c
    #9 0x4e7c66 in mp4boxMain (/home/lly/pro/gpac_asan/bin/gcc/MP4Box+0x4e7c66)
    #10 0x7f4bfb3d90b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #11 0x429a4d in _start (/home/lly/pro/gpac_asan/bin/gcc/MP4Box+0x429a4d)

Address 0x7ffc4519e5a8 is located in stack of thread T0 at offset 1384 in frame
    #0 0x7f4bfc71a56f in nhmldmx_init_parsing dmx_nhml.c

  This frame has 141 object(s):

Maybe fix for issue 1908 dose not consider this situation that there is a stack buffer overflow in nhmldmx_init_parsing

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions