Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
An invalid memory address dereference was discovered in dump_od_to_saf.isra(). The vulnerability causes a segmentation fault and application crash.
Version:
MP4Box - GPAC version 1.1.0-DEV-revUNKNOWN_REV (c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration: Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D
System information Ubuntu 20.04 focal, AMD EPYC 7742 64-Core @ 16x 2.25GHz
command:
./MP4Box -lsr poc
poc.zip Result
[iso file] Unknown box type stbU in parent minf [iso file] Track with no sample table ! [iso file] Track with no sample description box ! [iso file] extra box maxr found in hinf, deleting [iso file] extra box maxr found in hinf, deleting [iso file] Box "lpod" (start 11062) has 1 extra bytes [iso file] Box "REFT" is larger than container box [iso file] Box "tref" size 28 (start 11054) invalid (read 261) [iso file] Incomplete box mdat - start 11495 size 861261 [iso file] Incomplete file while reading for dump - aborting parsing [iso file] Unknown box type stbU in parent minf [iso file] Track with no sample table ! [iso file] Track with no sample description box ! [iso file] extra box maxr found in hinf, deleting [iso file] extra box maxr found in hinf, deleting [iso file] Box "lpod" (start 11062) has 1 extra bytes [iso file] Box "REFT" is larger than container box [iso file] Box "tref" size 28 (start 11054) invalid (read 261) [iso file] Incomplete box mdat - start 11495 size 861261 [iso file] Incomplete file while reading for dump - aborting parsing MPEG-4 BIFS Scene Parsing Scene loaded - dumping 2 systems streams [1] 3146070 segmentation fault ./MP4Box -lsr ./submit/poc1
gdb
Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7ab7dcc in dump_od_to_saf.isra () from /root/fuckit/test/gpac-master/bin/gcc/libgpac.so.10 LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA ────────────────────────────────────────────[ REGISTERS ]───────────────────────────────────────────── RAX 0x61 RBX 0x5555555df200 ◂— 0x1 RCX 0x5555555df330 ◂— 0x8001000f RDX 0x7ffff72bf040 ◂— 0x7ffff72bf040 RDI 0x5555555dfe10 ◂— 0xfbad2c84 RSI 0x7ffff7e46910 ◂— ' streamType="%d" objectTypeIndication="%d" timeStampResolution="%d"' R8 0x3e8 R9 0x27 R10 0x7ffff7e4690b ◂— 0x7473200000000022 /* '"' */ R11 0x7fffffff70e3 ◂— 0xcba6003936373233 /* '32769' */ R12 0x5555555decc0 —▸ 0x5555555dfe10 ◂— 0xfbad2c84 R13 0x0 R14 0x5555555df150 ◂— 0x0 R15 0x0 RBP 0x0 RSP 0x7fffffff7220 —▸ 0x5555555df330 ◂— 0x8001000f RIP 0x7ffff7ab7dcc (dump_od_to_saf.isra+204) ◂— movzx edx, byte ptr [rax + 8] ──────────────────────────────────────────────[ DISASM ]────────────────────────────────────────────── ► 0x7ffff7ab7dcc <dump_od_to_saf.isra+204> movzx edx, byte ptr [rax + 8] 0x7ffff7ab7dd0 <dump_od_to_saf.isra+208> mov ecx, dword ptr [rax + 4] 0x7ffff7ab7dd3 <dump_od_to_saf.isra+211> xor eax, eax 0x7ffff7ab7dd5 <dump_od_to_saf.isra+213> call gf_fprintf@plt <gf_fprintf@plt> 0x7ffff7ab7dda <dump_od_to_saf.isra+218> mov rdx, qword ptr [r14] 0x7ffff7ab7ddd <dump_od_to_saf.isra+221> test rdx, rdx 0x7ffff7ab7de0 <dump_od_to_saf.isra+224> jne dump_od_to_saf.isra+392 <dump_od_to_saf.isra+392> 0x7ffff7ab7de6 <dump_od_to_saf.isra+230> mov rdi, qword ptr [r12] 0x7ffff7ab7dea <dump_od_to_saf.isra+234> test r15, r15 0x7ffff7ab7ded <dump_od_to_saf.isra+237> je dump_od_to_saf.isra+266 <dump_od_to_saf.isra+266> 0x7ffff7ab7def <dump_od_to_saf.isra+239> mov rdx, qword ptr [r15 + 8] ──────────────────────────────────────────────[ STACK ]─────────────────────────────────────────────── 00:0000│ rsp 0x7fffffff7220 —▸ 0x5555555df330 ◂— 0x8001000f 01:0008│ 0x7fffffff7228 ◂— 0x100000002 02:0010│ 0x7fffffff7230 —▸ 0x5555555df030 —▸ 0x5555555df580 ◂— 0x0 03:0018│ 0x7fffffff7238 ◂— 0x0 04:0020│ 0x7fffffff7240 —▸ 0x5555555df030 —▸ 0x5555555df580 ◂— 0x0 05:0028│ 0x7fffffff7248 ◂— 0x0 06:0030│ 0x7fffffff7250 ◂— 0x0 07:0038│ 0x7fffffff7258 —▸ 0x5555555df150 ◂— 0x0 ────────────────────────────────────────────[ BACKTRACE ]───────────────────────────────────────────── ► f 0 0x7ffff7ab7dcc dump_od_to_saf.isra+204 f 1 0x7ffff7ac27dd gf_sm_dump+1853 f 2 0x555555584418 dump_isom_scene+616 f 3 0x55555557b42c mp4boxMain+9228 f 4 0x7ffff75630b3 __libc_start_main+243 ────────────────────────────────────────────────────────────────────────────────────────────────────── pwndbg> bt #0 0x00007ffff7ab7dcc in dump_od_to_saf.isra () from /root/fuckit/test/gpac-master/bin/gcc/libgpac.so.10 #1 0x00007ffff7ac27dd in gf_sm_dump () from /root/fuckit/test/gpac-master/bin/gcc/libgpac.so.10 #2 0x0000555555584418 in dump_isom_scene () #3 0x000055555557b42c in mp4boxMain () #4 0x00007ffff75630b3 in __libc_start_main (main=0x55555556c420 <main>, argc=3, argv=0x7fffffffe1a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe198) at ../csu/libc-start.c:308 #5 0x000055555556c45e in _start ()
The text was updated successfully, but these errors were encountered:
339fe39
No branches or pull requests
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
An invalid memory address dereference was discovered in dump_od_to_saf.isra(). The vulnerability causes a segmentation fault and application crash.
Version:
System information
Ubuntu 20.04 focal, AMD EPYC 7742 64-Core @ 16x 2.25GHz
command:
poc.zip
Result
gdb
The text was updated successfully, but these errors were encountered: