We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
A null pointer dereference was discovered in gf_sg_vrml_mf_alloc(). The vulnerability causes a segmentation fault and application crash.
Version:
MP4Box - GPAC version 1.1.0-DEV-revUNKNOWN_REV (c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration: Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D
System information Ubuntu 20.04 focal, AMD EPYC 7742 64-Core @ 16x 2.25GHz
command:
./MP4Box -lsr ./poc5
poc5.zip
Result
./MP4Box -lsr ./poc5 [iso file] extra box maxr found in hinf, deleting [iso file] extra box maxr found in hinf, deleting [iso file] Unknown box type 80rak in parent moov [iso file] Incomplete box mdat - start 11495 size 861206 [iso file] Incomplete file while reading for dump - aborting parsing [iso file] extra box maxr found in hinf, deleting [iso file] extra box maxr found in hinf, deleting [iso file] Unknown box type 80rak in parent moov [iso file] Incomplete box mdat - start 11495 size 861206 [iso file] Incomplete file while reading for dump - aborting parsing MPEG-4 BIFS Scene Parsing [1] 1371476 segmentation fault ./MP4Box -lsr ./poc5
gdb
Program received signal SIGSEGV, Segmentation fault. 0x00007ffff78a0f7d in gf_sg_vrml_mf_alloc () from /root/fuckit/test/gpac-master/bin/gcc/libgpac.so.10 LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA ────────────────────────────────────────────[ REGISTERS ]───────────────────────────────────────────── RAX 0x0 RBX 0x9f03c RCX 0x10 RDX 0x7ffff7e078a0 (CSWTCH.120) ◂— 0xc080c0804080404 RDI 0x32 RSI 0x32 R8 0x0 R9 0x0 R10 0x7ffff775bdeb ◂— 'gf_sg_vrml_mf_alloc' R11 0x7ffff78a0f30 (gf_sg_vrml_mf_alloc) ◂— endbr64 R12 0x0 R13 0x8 R14 0x0 R15 0x7fffffff6d60 ◂— 0x30646c6569665f /* '_field0' */ RBP 0x32 RSP 0x7fffffff6bf0 ◂— 0x9f03c RIP 0x7ffff78a0f7d (gf_sg_vrml_mf_alloc+77) ◂— cmp dword ptr [r12], ebx ──────────────────────────────────────────────[ DISASM ]────────────────────────────────────────────── ► 0x7ffff78a0f7d <gf_sg_vrml_mf_alloc+77> cmp dword ptr [r12], ebx 0x7ffff78a0f81 <gf_sg_vrml_mf_alloc+81> je gf_sg_vrml_mf_alloc+125 <gf_sg_vrml_mf_alloc+125> ↓ 0x7ffff78a0fad <gf_sg_vrml_mf_alloc+125> add rsp, 8 0x7ffff78a0fb1 <gf_sg_vrml_mf_alloc+129> pop rbx 0x7ffff78a0fb2 <gf_sg_vrml_mf_alloc+130> pop rbp 0x7ffff78a0fb3 <gf_sg_vrml_mf_alloc+131> pop r12 0x7ffff78a0fb5 <gf_sg_vrml_mf_alloc+133> pop r13 0x7ffff78a0fb7 <gf_sg_vrml_mf_alloc+135> ret 0x7ffff78a0fb8 <gf_sg_vrml_mf_alloc+136> nop dword ptr [rax + rax] 0x7ffff78a0fc0 <gf_sg_vrml_mf_alloc+144> mov edx, ebx 0x7ffff78a0fc2 <gf_sg_vrml_mf_alloc+146> imul r13, rdx ──────────────────────────────────────────────[ STACK ]─────────────────────────────────────────────── 00:0000│ rsp 0x7fffffff6bf0 ◂— 0x9f03c 01:0008│ 0x7fffffff6bf8 —▸ 0x7fffffff6d30 ◂— 0x3200000000 02:0010│ 0x7fffffff6c00 —▸ 0x5555555ded70 ◂— 0x0 03:0018│ 0x7fffffff6c08 ◂— 0x555df8c0 04:0020│ 0x7fffffff6c10 —▸ 0x5555555d2730 ◂— 0x0 05:0028│ 0x7fffffff6c18 —▸ 0x7ffff790f44d (BD_DecMFFieldVec+589) ◂— mov r14d, eax 06:0030│ 0x7fffffff6c20 ◂— 0x0 07:0038│ 0x7fffffff6c28 ◂— 0x0 ────────────────────────────────────────────[ BACKTRACE ]───────────────────────────────────────────── ► f 0 0x7ffff78a0f7d gf_sg_vrml_mf_alloc+77 f 1 0x7ffff790f44d BD_DecMFFieldVec+589 f 2 0x7ffff7906205 gf_bifs_dec_proto_list+1333 f 3 0x7ffff7906549 BD_DecSceneReplace+73 f 4 0x7ffff7914e2e BM_SceneReplace+110 f 5 0x7ffff7914ff3 BM_ParseCommand+179 f 6 0x7ffff7915323 gf_bifs_decode_command_list+163 f 7 0x7ffff7aa1da2 gf_sm_load_run_isom+1218 ────────────────────────────────────────────────────────────────────────────────────────────────────── pwndbg> bt #0 0x00007ffff78a0f7d in gf_sg_vrml_mf_alloc () from /root/fuckit/test/gpac-master/bin/gcc/libgpac.so.10 #1 0x00007ffff790f44d in BD_DecMFFieldVec () from /root/fuckit/test/gpac-master/bin/gcc/libgpac.so.10 #2 0x00007ffff7906205 in gf_bifs_dec_proto_list () from /root/fuckit/test/gpac-master/bin/gcc/libgpac.so.10 #3 0x00007ffff7906549 in BD_DecSceneReplace () from /root/fuckit/test/gpac-master/bin/gcc/libgpac.so.10 #4 0x00007ffff7914e2e in BM_SceneReplace () from /root/fuckit/test/gpac-master/bin/gcc/libgpac.so.10 #5 0x00007ffff7914ff3 in BM_ParseCommand () from /root/fuckit/test/gpac-master/bin/gcc/libgpac.so.10 #6 0x00007ffff7915323 in gf_bifs_decode_command_list () from /root/fuckit/test/gpac-master/bin/gcc/libgpac.so.10 #7 0x00007ffff7aa1da2 in gf_sm_load_run_isom () from /root/fuckit/test/gpac-master/bin/gcc/libgpac.so.10 #8 0x00005555555844a8 in dump_isom_scene () #9 0x000055555557b42c in mp4boxMain () #10 0x00007ffff75630b3 in __libc_start_main (main=0x55555556c420 <main>, argc=3, argv=0x7fffffffe1a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe198) at ../csu/libc-start.c:308 #11 0x000055555556c45e in _start ()
The text was updated successfully, but these errors were encountered:
fixed #1962 #1963
8a3c021
fixed by fixing #1962 - thanks for these reports !
Sorry, something went wrong.
No branches or pull requests
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
A null pointer dereference was discovered in gf_sg_vrml_mf_alloc(). The vulnerability causes a segmentation fault and application crash.
Version:
System information
Ubuntu 20.04 focal, AMD EPYC 7742 64-Core @ 16x 2.25GHz
command:
poc5.zip
Result
gdb
The text was updated successfully, but these errors were encountered: