[iso file] extra box maxr found in hinf, deleting
[iso file] Unknown box type stbk in parent minf
[iso file] extra box maxr found in hinf, deleting
[iso file] Track with no sample table !
[iso file] Track with no sample description box !
[iso file] Unknown box type 80rak in parent moov
[iso file] Incomplete box mdat - start 11495 size 832544
[iso file] Incomplete file while reading for dump - aborting parsing
[iso file] extra box maxr found in hinf, deleting
[iso file] Unknown box type stbk in parent minf
[iso file] extra box maxr found in hinf, deleting
[iso file] Track with no sample table !
[iso file] Track with no sample description box !
[iso file] Unknown box type 80rak in parent moov
[iso file] Incomplete box mdat - start 11495 size 832544
[iso file] Incomplete file while reading for dump - aborting parsing
MPEG-4 BIFS Scene Parsing
*** stack smashing detected ***: terminated
[1] 3737450 abort ./MP4Box -lsr ./poc/poc_8
gdb
*** stack smashing detected ***: terminated
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
────────────────────────────────────────────[ REGISTERS ]─────────────────────────────────────────────
RAX 0x0
*RBX 0x7ffff72bf040 ◂— 0x7ffff72bf040
*RCX 0x7ffff758218b (raise+203) ◂— mov rax, qword ptr [rsp + 0x108]
RDX 0x0
*RDI 0x2
*RSI 0x7fffffff68a0 ◂— 0x0
*R8 0x0
*R9 0x7fffffff68a0 ◂— 0x0
*R10 0x8
*R11 0x246
*R12 0x7fffffff6b20 ◂— 0x0
*R13 0x20
*R14 0x7ffff7ffb000 ◂— 0x202a2a2a00001000
*R15 0x1
*RBP 0x7fffffff6c20 —▸ 0x7ffff76f607c ◂— '*** %s ***: terminated\n'
*RSP 0x7fffffff68a0 ◂— 0x0
*RIP 0x7ffff758218b (raise+203) ◂— mov rax, qword ptr [rsp + 0x108]
──────────────────────────────────────────────[ DISASM ]──────────────────────────────────────────────
► 0x7ffff758218b <raise+203> mov rax, qword ptr [rsp + 0x108]
0x7ffff7582193 <raise+211> xor rax, qword ptr fs:[0x28]
0x7ffff758219c <raise+220> jne raise+260 <raise+260>
↓
0x7ffff75821c4 <raise+260> call __stack_chk_fail <__stack_chk_fail>
0x7ffff75821c9 nop dword ptr [rax]
0x7ffff75821d0 <killpg> endbr64
0x7ffff75821d4 <killpg+4> test edi, edi
0x7ffff75821d6 <killpg+6> js killpg+16 <killpg+16>
0x7ffff75821d8 <killpg+8> neg edi
0x7ffff75821da <killpg+10> jmp kill <kill>
0x7ffff75821df <killpg+15> nop
──────────────────────────────────────────────[ STACK ]───────────────────────────────────────────────
00:0000│ rsi r9 rsp 0x7fffffff68a0 ◂— 0x0
01:0008│ 0x7fffffff68a8 —▸ 0x7ffff7546278 ◂— 0x10001200005bb2
02:0010│ 0x7fffffff68b0 —▸ 0x7fffffff6c40 —▸ 0x5555555df3b0 ◂— 0x6b6
03:0018│ 0x7fffffff68b8 —▸ 0x7ffff7fe7c2e ◂— mov r11, rax
04:0020│ 0x7fffffff68c0 ◂— 0xcd2709f17adf5bb6
05:0028│ 0x7fffffff68c8 ◂— 0x0
06:0030│ 0x7fffffff68d0 ◂— 0x7
07:0038│ 0x7fffffff68d8 ◂— 0x1
────────────────────────────────────────────[ BACKTRACE ]─────────────────────────────────────────────
► f 0 0x7ffff758218b raise+203
f 1 0x7ffff7561859 abort+299
f 2 0x7ffff75cc3ee __libc_message+670
f 3 0x7ffff766eb4a __fortify_fail+42
f 4 0x7ffff766eb16
f 5 0x7ffff79064bc gf_bifs_dec_proto_list+2012
f 6 0xb6b6b6b6b6b6b6b6
f 7 0xb6b6b6b6b6b6b6b6
──────────────────────────────────────────────────────────────────────────────────────────────────────
pwndbg> bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7561859 in __GI_abort () at abort.c:79
#2 0x00007ffff75cc3ee in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff76f607c "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#3 0x00007ffff766eb4a in __GI___fortify_fail (msg=msg@entry=0x7ffff76f6064 "stack smashing detected") at fortify_fail.c:26
#4 0x00007ffff766eb16 in __stack_chk_fail () at stack_chk_fail.c:24
#5 0x00007ffff79064bc in gf_bifs_dec_proto_list () from /root/fuckit/test/gpac1210/bin/gcc/libgpac.so.10
#6 0xb6b6b6b6b6b6b6b6 in ?? ()
#7 0xb6b6b6b6b6b6b6b6 in ?? ()
#8 0xb6b6b6b6b6b6b6b6 in ?? ()
#9 0xb6b6b6b6b6b6b6b6 in ?? ()
#10 0xb6b6b6b6b6b6b6b6 in ?? ()
#11 0xb6b6b6b6b6b6b6b6 in ?? ()
#12 0xb6b6b6b6b6b6b6b6 in ?? ()
#13 0xb6b6b6b6b6b6b6b6 in ?? ()
#14 0xb6b6b6b6b6b6b6b6 in ?? ()
#15 0xb6b6b6b6b6b6b6b6 in ?? ()
#16 0xb6b6b6b6b6b6b6b6 in ?? ()
#17 0xb6b6b6b6b6b6b6b6 in ?? ()
#18 0xb6b6b6b6b6b6b6b6 in ?? ()
#19 0xb6b6b6b6b6b6b6b6 in ?? ()
#20 0xb6b6b6b6b6b6b6b6 in ?? ()
#21 0xb6b6b6b6b6b6b6b6 in ?? ()
#22 0xb6b6b6b6b6b6b6b6 in ?? ()
#23 0xb6b6b6b6b6b6b6b6 in ?? ()
#24 0xb6b6b6b6b6b6b6b6 in ?? ()
#25 0xb6b6b6b6b6b6b6b6 in ?? ()
#26 0xb6b6b6b6b6b6b6b6 in ?? ()
#27 0xb6b6b6b6b6b6b6b6 in ?? ()
#28 0xb6b6b6b6b6b6b6b6 in ?? ()
#29 0xb6b6b6b6b6b6b6b6 in ?? ()
#30 0xb6b6b6b6b6b6b6b6 in ?? ()
#31 0xb6b6b6b6b6b6b6b6 in ?? ()
#32 0xb6b6b6b6b6b6b6b6 in ?? ()
#33 0xb6b6b6b6b6b6b6b6 in ?? ()
#34 0xb6b6b6b6b6b6b6b6 in ?? ()
#35 0xb6b6b6b6b6b6b6b6 in ?? ()
#36 0xb6b6b6b6b6b6b6b6 in ?? ()
#37 0xb6b6b6b6b6b6b6b6 in ?? ()
#38 0xb6b6b6b6b6b6b6b6 in ?? ()
#39 0xb6b6b6b6b6b6b6b6 in ?? ()
#40 0xb6b6b6b6b6b6b6b6 in ?? ()
#41 0xb6b6b6b6b6b6b6b6 in ?? ()
#42 0xb6b6b6b6b6b6b6b6 in ?? ()
#43 0xb6b6b6b6b6b6b6b6 in ?? ()
#44 0xb6b6b6b6b6b6b6b6 in ?? ()
#45 0xb6b6b6b6b6b6b6b6 in ?? ()
#46 0xb6b6b6b6b6b6b6b6 in ?? ()
#47 0xb6b6b6b6b6b6b6b6 in ?? ()
#48 0xb6b6b6b6b6b6b6b6 in ?? ()
#49 0xb6b6b6b6b6b6b6b6 in ?? ()
#50 0xb6b6b6b6b6b6b6b6 in ?? ()
#51 0xb6b6b6b6b6b6b6b6 in ?? ()
#52 0xb6b6b6b6b6b6b6b6 in ?? ()
#53 0xb6b6b6b6b6b6b6b6 in ?? ()
#54 0xb6b6b6b6b6b6b6b6 in ?? ()
#55 0xb6b6b6b6b6b6b6b6 in ?? ()
#56 0xb6b6b6b6b6b6b6b6 in ?? ()
#57 0xb6b6b6b6b6b6b6b6 in ?? ()
#58 0xb6b6b6b6b6b6b6b6 in ?? ()
#59 0xb6b6b6b6b6b6b6b6 in ?? ()
#60 0xb6b6b6b6b6b6b6b6 in ?? ()
#61 0xb6b6b6b6b6b6b6b6 in ?? ()
#62 0xb6b6b6b6b6b6b6b6 in ?? ()
#63 0xb6b6b6b6b6b6b6b6 in ?? ()
#64 0xb6b6b6b6b6b6b6b6 in ?? ()
#65 0xb6b6b6b6b6b6b6b6 in ?? ()
#66 0xb6b6b6b6b6b6b6b6 in ?? ()
#67 0xb6b6b6b6b6b6b6b6 in ?? ()
#68 0xb6b6b6b6b6b6b6b6 in ?? ()
#69 0xb6b6b6b6b6b6b6b6 in ?? ()
#70 0xb6b6b6b6b6b6b6b6 in ?? ()
#71 0xb6b6b6b6b6b6b6b6 in ?? ()
#72 0xb6b6b6b6b6b6b6b6 in ?? ()
#73 0xb6b6b6b6b6b6b6b6 in ?? ()
#74 0xb6b6b6b6b6b6b6b6 in ?? ()
#75 0xb6b6b6b6b6b6b6b6 in ?? ()
#76 0xb6b6b6b6b6b6b6b6 in ?? ()
#77 0xb6b6b6b6b6b6b6b6 in ?? ()
#78 0xb6b6b6b6b6b6b6b6 in ?? ()
#79 0xb6b6b6b6b6b6b6b6 in ?? ()
#80 0xb6b6b6b6b6b6b6b6 in ?? ()
#81 0xb6b6b6b6b6b6b6b6 in ?? ()
#82 0xb6b6b6b6b6b6b6b6 in ?? ()
#83 0xb6b6b6b6b6b6b6b6 in ?? ()
#84 0xb6b6b6b6b6b6b6b6 in ?? ()
#85 0xb6b6b6b6b6b6b6b6 in ?? ()
#86 0xb6b6b6b6b6b6b6b6 in ?? ()
#87 0xb6b6b6b6b6b6b6b6 in ?? ()
#88 0xb6b6b6b6b6b6b6b6 in ?? ()
#89 0xb6b6b6b6b6b6b6b6 in ?? ()
#90 0xb6b6b6b6b6b6b6b6 in ?? ()
#91 0xb6b6b6b6b6b6b6b6 in ?? ()
#92 0xb6b6b6b6b6b6b6b6 in ?? ()
#93 0xb6b6b6b6b6b6b6b6 in ?? ()
#94 0xb6b6b6b6b6b6b6b6 in ?? ()
#95 0xb6b6b6b6b6b6b6b6 in ?? ()
#96 0xb6b6b6b6b6b6b6b6 in ?? ()
#97 0xb6b6b6b6b6b6b6b6 in ?? ()
#98 0x000080b6b6b6b6b6 in ?? ()
#99 0x0000000000000002 in ?? ()
#100 0x0000000000000044 in ?? ()
#101 0x0000000000000008 in ?? ()
#102 0x00005555555c7e60 in ?? ()
#103 0x00005555555cf500 in ?? ()
#104 0x0000000000000000 in ?? ()
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
A stack overflow was discovered in gf_bifs_dec_proto_list(). The vulnerability causes a segmentation fault and application crash.
Version:
System information
Ubuntu 20.04 focal, AMD EPYC 7742 64-Core @ 16x 2.25GHz
command:
poc_8.zip
Result
gdb
break gf_bifs_dec_proto_listThe text was updated successfully, but these errors were encountered: