Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stack-buffer-overflow in MP4Box at src/filters/dmx_nhml.c:1004 in nhmldmx_send_sample #1911

Closed
3 tasks done
AntsKnows opened this issue Sep 7, 2021 · 1 comment
Closed
3 tasks done

Comments

@AntsKnows
Copy link

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!

  • I looked for a similar issue and couldn't find any.
  • I tried with the latest version of GPAC. Installers available at http://gpac.io/downloads/gpac-nightly-builds/
  • I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command-line ...).

Step to reproduce:

1.get latest commit code (GPAC version 1.1.0-DEV-rev1221-gd626acad8-master)
2.compile with --enable-sanitizer
3.run MP4Box -add poc.nhml -new new.mp4
Env:
Ubunut 20.04 , clang 12.0.1

ASAN report

==344946==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe54d816f0 at pc 0x000000491bf8 bp 0x7ffe54d80610 sp 0x7ffe54d7fdd0
WRITE of size 5081 at 0x7ffe54d816f0 thread T0
    #0 0x491bf7 in __interceptor_strcpy (/home/lly/pro/gpac_asan/bin/gcc/MP4Box+0x491bf7)
    #1 0x7fefcb5fca2d in nhmldmx_send_sample /home/lly/pro/gpac_asan/src/filters/dmx_nhml.c:1004:6
    #2 0x7fefcb5fca2d in nhmldmx_process /home/lly/pro/gpac_asan/src/filters/dmx_nhml.c:1341:7
    #3 0x7fefcb529997 in gf_filter_process_task /home/lly/pro/gpac_asan/src/filter_core/filter.c:2441:7
    #4 0x7fefcb50b965 in gf_fs_thread_proc /home/lly/pro/gpac_asan/src/filter_core/filter_session.c:1664:3
    #5 0x7fefcb50ae60 in gf_fs_run /home/lly/pro/gpac_asan/src/filter_core/filter_session.c:1901:2
    #6 0x7fefcb02c708 in gf_media_import /home/lly/pro/gpac_asan/src/media_tools/media_import.c:1486:2
    #7 0x526ea9 in import_file /home/lly/pro/gpac_asan/applications/mp4box/fileimport.c:1289:7
    #8 0x4eb996 in do_add_cat /home/lly/pro/gpac_asan/applications/mp4box/main.c:4257:10
    #9 0x4e7d46 in mp4boxMain /home/lly/pro/gpac_asan/applications/mp4box/main.c:5746:13
    #10 0x7fefca2ad0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #11 0x429a4d in _start (/home/lly/pro/gpac_asan/bin/gcc/MP4Box+0x429a4d)

Address 0x7ffe54d816f0 is located in stack of thread T0 at offset 4304 in frame
    #0 0x7fefcb5fb93f in nhmldmx_process /home/lly/pro/gpac_asan/src/filters/dmx_nhml.c:1314

poc.zip

jeanlf pushed a commit that referenced this issue Sep 9, 2021
@jeanlf
Copy link
Contributor

jeanlf commented Sep 9, 2021

now fixed, thanks for the report

@jeanlf jeanlf closed this as completed Sep 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants