Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
An invalid memory address dereference was discovered in svg_node_start(). The vulnerability causes a segmentation fault and application crash.
Version:
MP4Box - GPAC version 1.1.0-DEV-revUNKNOWN_REV (c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration: Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D
System information Ubuntu 20.04 focal, AMD EPYC 7742 64-Core @ 16x 2.25GHz
command:
./MP4Box -lsr poc_2.xsr
poc_2.zip
Result
[Parser] LASeR Scene Parsing: ./poc/poc_2.xsr [1] 75845 segmentation fault ./MP4Box -lsr ./poc/poc_2.xsr
gdb
Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7aa5f97 in svg_node_start () from /root/fuckit/test/gpac1210/bin/gcc/libgpac.so.10 LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA ────────────────────────────────────────────[ REGISTERS ]───────────────────────────────────────────── RAX 0x0 RBX 0x5555555c7750 ◂— 0x0 RCX 0x0 RDX 0x5555555ce2b0 —▸ 0x5555555ce0e3 ◂— 0x7572742200706172 /* 'rap' */ RDI 0x7ffff7e447c9 ◂— 'Unable to parse chunk: %s' RSI 0x5555555ce0e3 ◂— 0x7572742200706172 /* 'rap' */ R8 0x7fffffff5c3c ◂— 0x0 R9 0x5555555ce0e3 ◂— 0x7572742200706172 /* 'rap' */ R10 0x0 R11 0x0 R12 0x5555555ce2b0 —▸ 0x5555555ce0e3 ◂— 0x7572742200706172 /* 'rap' */ R13 0x5555555ce0d5 ◂— 0x6e65637300666173 /* 'saf' */ R14 0x1 R15 0x0 RBP 0x5555555cf390 —▸ 0x7fffffff7310 ◂— 0x7 RSP 0x7fffffff5bb0 ◂— 0x0 RIP 0x7ffff7aa5f97 (svg_node_start+3095) ◂— mov rdi, qword ptr [rax + 0x20] ──────────────────────────────────────────────[ DISASM ]────────────────────────────────────────────── ► 0x7ffff7aa5f97 <svg_node_start+3095> mov rdi, qword ptr [rax + 0x20] 0x7ffff7aa5f9b <svg_node_start+3099> call gf_list_count@plt <gf_list_count@plt> 0x7ffff7aa5fa0 <svg_node_start+3104> test eax, eax 0x7ffff7aa5fa2 <svg_node_start+3106> sete r15b 0x7ffff7aa5fa6 <svg_node_start+3110> test r14d, r14d 0x7ffff7aa5fa9 <svg_node_start+3113> jne svg_node_start+6240 <svg_node_start+6240> 0x7ffff7aa5faf <svg_node_start+3119> xor esi, esi 0x7ffff7aa5fb1 <svg_node_start+3121> nop dword ptr [rax] 0x7ffff7aa5fb8 <svg_node_start+3128> mov rdi, qword ptr [rbp + 0x50] 0x7ffff7aa5fbc <svg_node_start+3132> mov edx, r15d 0x7ffff7aa5fbf <svg_node_start+3135> pxor xmm0, xmm0 ──────────────────────────────────────────────[ STACK ]─────────────────────────────────────────────── 00:0000│ rsp 0x7fffffff5bb0 ◂— 0x0 01:0008│ 0x7fffffff5bb8 —▸ 0x5555555ce0d9 ◂— 'sceneUnit' 02:0010│ 0x7fffffff5bc0 ◂— 0x0 03:0018│ 0x7fffffff5bc8 ◂— 0x0 04:0020│ 0x7fffffff5bd0 —▸ 0x5555555ce0d5 ◂— 0x6e65637300666173 /* 'saf' */ 05:0028│ 0x7fffffff5bd8 ◂— 0x0 06:0030│ 0x7fffffff5be0 ◂— 0x0 07:0038│ 0x7fffffff5be8 ◂— 0x3000000020 /* ' ' */ ────────────────────────────────────────────[ BACKTRACE ]───────────────────────────────────────────── ► f 0 0x7ffff7aa5f97 svg_node_start+3095 f 1 0x7ffff781fbc5 xml_sax_node_start+453 f 2 0x7ffff7820e6c xml_sax_parse+3596 f 3 0x7ffff78213d6 gf_xml_sax_parse_intern+950 f 4 0x7ffff7821595 gf_xml_sax_parse+165 f 5 0x7ffff7821633 xml_sax_read_file.part+115 f 6 0x7ffff7821927 gf_xml_sax_parse_file+295 f 7 0x7ffff7aa42da load_svg_run+58 ────────────────────────────────────────────────────────────────────────────────────────────────────── pwndbg> bt #0 0x00007ffff7aa5f97 in svg_node_start () from /root/fuckit/test/gpac1210/bin/gcc/libgpac.so.10 #1 0x00007ffff781fbc5 in xml_sax_node_start () from /root/fuckit/test/gpac1210/bin/gcc/libgpac.so.10 #2 0x00007ffff7820e6c in xml_sax_parse () from /root/fuckit/test/gpac1210/bin/gcc/libgpac.so.10 #3 0x00007ffff78213d6 in gf_xml_sax_parse_intern () from /root/fuckit/test/gpac1210/bin/gcc/libgpac.so.10 #4 0x00007ffff7821595 in gf_xml_sax_parse () from /root/fuckit/test/gpac1210/bin/gcc/libgpac.so.10 #5 0x00007ffff7821633 in xml_sax_read_file.part () from /root/fuckit/test/gpac1210/bin/gcc/libgpac.so.10 #6 0x00007ffff7821927 in gf_xml_sax_parse_file () from /root/fuckit/test/gpac1210/bin/gcc/libgpac.so.10 #7 0x00007ffff7aa42da in load_svg_run () from /root/fuckit/test/gpac1210/bin/gcc/libgpac.so.10 #8 0x00005555555844a8 in dump_isom_scene () #9 0x000055555557b42c in mp4boxMain () #10 0x00007ffff75630b3 in __libc_start_main (main=0x55555556c420 <main>, argc=3, argv=0x7fffffffe188, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe178) at ../csu/libc-start.c:308 #11 0x000055555556c45e in _start ()
The text was updated successfully, but these errors were encountered:
29f31f4
No branches or pull requests
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
An invalid memory address dereference was discovered in svg_node_start(). The vulnerability causes a segmentation fault and application crash.
Version:
System information
Ubuntu 20.04 focal, AMD EPYC 7742 64-Core @ 16x 2.25GHz
command:
poc_2.zip
Result
gdb
The text was updated successfully, but these errors were encountered: