You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[iso file] extra box maxr found in hinf, deleting
[iso file] Unknown box type stbk in parent minf
[iso file] extra box maxr found in hinf, deleting
[iso file] Track with no sample table !
[iso file] Track with no sample description box !
[iso file] Unknown box type 80rak in parent moov
[iso file] Incomplete box mdat - start 11495 size 832544
[iso file] Incomplete file while reading for dump - aborting parsing
[iso file] extra box maxr found in hinf, deleting
[iso file] Unknown box type stbk in parent minf
[iso file] extra box maxr found in hinf, deleting
[iso file] Track with no sample table !
[iso file] Track with no sample description box !
[iso file] Unknown box type 80rak in parent moov
[iso file] Incomplete box mdat - start 11495 size 832544
[iso file] Incomplete file while reading for dump - aborting parsing
MPEG-4 BIFS Scene Parsing
*** stack smashing detected ***: terminated
[1] 3737450 abort ./MP4Box -lsr ./poc/poc_8
gdb
*** stack smashing detected ***: terminated
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
────────────────────────────────────────────[ REGISTERS ]─────────────────────────────────────────────
RAX 0x0
*RBX 0x7ffff72bf040 ◂— 0x7ffff72bf040
*RCX 0x7ffff758218b (raise+203) ◂— mov rax, qword ptr [rsp + 0x108]
RDX 0x0
*RDI 0x2
*RSI 0x7fffffff68a0 ◂— 0x0
*R8 0x0
*R9 0x7fffffff68a0 ◂— 0x0
*R10 0x8
*R11 0x246
*R12 0x7fffffff6b20 ◂— 0x0
*R13 0x20
*R14 0x7ffff7ffb000 ◂— 0x202a2a2a00001000
*R15 0x1
*RBP 0x7fffffff6c20 —▸ 0x7ffff76f607c ◂— '*** %s ***: terminated\n'
*RSP 0x7fffffff68a0 ◂— 0x0
*RIP 0x7ffff758218b (raise+203) ◂— mov rax, qword ptr [rsp + 0x108]
──────────────────────────────────────────────[ DISASM ]──────────────────────────────────────────────
► 0x7ffff758218b <raise+203> mov rax, qword ptr [rsp + 0x108]
0x7ffff7582193 <raise+211> xor rax, qword ptr fs:[0x28]
0x7ffff758219c <raise+220> jne raise+260 <raise+260>
↓
0x7ffff75821c4 <raise+260> call __stack_chk_fail <__stack_chk_fail>
0x7ffff75821c9 nop dword ptr [rax]
0x7ffff75821d0 <killpg> endbr64
0x7ffff75821d4 <killpg+4> test edi, edi
0x7ffff75821d6 <killpg+6> js killpg+16 <killpg+16>
0x7ffff75821d8 <killpg+8> neg edi
0x7ffff75821da <killpg+10> jmp kill <kill>
0x7ffff75821df <killpg+15> nop
──────────────────────────────────────────────[ STACK ]───────────────────────────────────────────────
00:0000│ rsi r9 rsp 0x7fffffff68a0 ◂— 0x0
01:0008│ 0x7fffffff68a8 —▸ 0x7ffff7546278 ◂— 0x10001200005bb2
02:0010│ 0x7fffffff68b0 —▸ 0x7fffffff6c40 —▸ 0x5555555df3b0 ◂— 0x6b6
03:0018│ 0x7fffffff68b8 —▸ 0x7ffff7fe7c2e ◂— mov r11, rax
04:0020│ 0x7fffffff68c0 ◂— 0xcd2709f17adf5bb6
05:0028│ 0x7fffffff68c8 ◂— 0x0
06:0030│ 0x7fffffff68d0 ◂— 0x7
07:0038│ 0x7fffffff68d8 ◂— 0x1
────────────────────────────────────────────[ BACKTRACE ]─────────────────────────────────────────────
► f 0 0x7ffff758218b raise+203
f 1 0x7ffff7561859 abort+299
f 2 0x7ffff75cc3ee __libc_message+670
f 3 0x7ffff766eb4a __fortify_fail+42
f 4 0x7ffff766eb16
f 5 0x7ffff79064bc gf_bifs_dec_proto_list+2012
f 6 0xb6b6b6b6b6b6b6b6
f 7 0xb6b6b6b6b6b6b6b6
──────────────────────────────────────────────────────────────────────────────────────────────────────
pwndbg> bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7561859 in __GI_abort () at abort.c:79
#2 0x00007ffff75cc3ee in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff76f607c "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#3 0x00007ffff766eb4a in __GI___fortify_fail (msg=msg@entry=0x7ffff76f6064 "stack smashing detected") at fortify_fail.c:26
#4 0x00007ffff766eb16 in __stack_chk_fail () at stack_chk_fail.c:24
#5 0x00007ffff79064bc in gf_bifs_dec_proto_list () from /root/fuckit/test/gpac1210/bin/gcc/libgpac.so.10
#6 0xb6b6b6b6b6b6b6b6 in ?? ()
#7 0xb6b6b6b6b6b6b6b6 in ?? ()
#8 0xb6b6b6b6b6b6b6b6 in ?? ()
#9 0xb6b6b6b6b6b6b6b6 in ?? ()
#10 0xb6b6b6b6b6b6b6b6 in ?? ()
#11 0xb6b6b6b6b6b6b6b6 in ?? ()
#12 0xb6b6b6b6b6b6b6b6 in ?? ()
#13 0xb6b6b6b6b6b6b6b6 in ?? ()
#14 0xb6b6b6b6b6b6b6b6 in ?? ()
#15 0xb6b6b6b6b6b6b6b6 in ?? ()
#16 0xb6b6b6b6b6b6b6b6 in ?? ()
#17 0xb6b6b6b6b6b6b6b6 in ?? ()
#18 0xb6b6b6b6b6b6b6b6 in ?? ()
#19 0xb6b6b6b6b6b6b6b6 in ?? ()
#20 0xb6b6b6b6b6b6b6b6 in ?? ()
#21 0xb6b6b6b6b6b6b6b6 in ?? ()
#22 0xb6b6b6b6b6b6b6b6 in ?? ()
#23 0xb6b6b6b6b6b6b6b6 in ?? ()
#24 0xb6b6b6b6b6b6b6b6 in ?? ()
#25 0xb6b6b6b6b6b6b6b6 in ?? ()
#26 0xb6b6b6b6b6b6b6b6 in ?? ()
#27 0xb6b6b6b6b6b6b6b6 in ?? ()
#28 0xb6b6b6b6b6b6b6b6 in ?? ()
#29 0xb6b6b6b6b6b6b6b6 in ?? ()
#30 0xb6b6b6b6b6b6b6b6 in ?? ()
#31 0xb6b6b6b6b6b6b6b6 in ?? ()
#32 0xb6b6b6b6b6b6b6b6 in ?? ()
#33 0xb6b6b6b6b6b6b6b6 in ?? ()
#34 0xb6b6b6b6b6b6b6b6 in ?? ()
#35 0xb6b6b6b6b6b6b6b6 in ?? ()
#36 0xb6b6b6b6b6b6b6b6 in ?? ()
#37 0xb6b6b6b6b6b6b6b6 in ?? ()
#38 0xb6b6b6b6b6b6b6b6 in ?? ()
#39 0xb6b6b6b6b6b6b6b6 in ?? ()
#40 0xb6b6b6b6b6b6b6b6 in ?? ()
#41 0xb6b6b6b6b6b6b6b6 in ?? ()
#42 0xb6b6b6b6b6b6b6b6 in ?? ()
#43 0xb6b6b6b6b6b6b6b6 in ?? ()
#44 0xb6b6b6b6b6b6b6b6 in ?? ()
#45 0xb6b6b6b6b6b6b6b6 in ?? ()
#46 0xb6b6b6b6b6b6b6b6 in ?? ()
#47 0xb6b6b6b6b6b6b6b6 in ?? ()
#48 0xb6b6b6b6b6b6b6b6 in ?? ()
#49 0xb6b6b6b6b6b6b6b6 in ?? ()
#50 0xb6b6b6b6b6b6b6b6 in ?? ()
#51 0xb6b6b6b6b6b6b6b6 in ?? ()
#52 0xb6b6b6b6b6b6b6b6 in ?? ()
#53 0xb6b6b6b6b6b6b6b6 in ?? ()
#54 0xb6b6b6b6b6b6b6b6 in ?? ()
#55 0xb6b6b6b6b6b6b6b6 in ?? ()
#56 0xb6b6b6b6b6b6b6b6 in ?? ()
#57 0xb6b6b6b6b6b6b6b6 in ?? ()
#58 0xb6b6b6b6b6b6b6b6 in ?? ()
#59 0xb6b6b6b6b6b6b6b6 in ?? ()
#60 0xb6b6b6b6b6b6b6b6 in ?? ()
#61 0xb6b6b6b6b6b6b6b6 in ?? ()
#62 0xb6b6b6b6b6b6b6b6 in ?? ()
#63 0xb6b6b6b6b6b6b6b6 in ?? ()
#64 0xb6b6b6b6b6b6b6b6 in ?? ()
#65 0xb6b6b6b6b6b6b6b6 in ?? ()
#66 0xb6b6b6b6b6b6b6b6 in ?? ()
#67 0xb6b6b6b6b6b6b6b6 in ?? ()
#68 0xb6b6b6b6b6b6b6b6 in ?? ()
#69 0xb6b6b6b6b6b6b6b6 in ?? ()
#70 0xb6b6b6b6b6b6b6b6 in ?? ()
#71 0xb6b6b6b6b6b6b6b6 in ?? ()
#72 0xb6b6b6b6b6b6b6b6 in ?? ()
#73 0xb6b6b6b6b6b6b6b6 in ?? ()
#74 0xb6b6b6b6b6b6b6b6 in ?? ()
#75 0xb6b6b6b6b6b6b6b6 in ?? ()
#76 0xb6b6b6b6b6b6b6b6 in ?? ()
#77 0xb6b6b6b6b6b6b6b6 in ?? ()
#78 0xb6b6b6b6b6b6b6b6 in ?? ()
#79 0xb6b6b6b6b6b6b6b6 in ?? ()
#80 0xb6b6b6b6b6b6b6b6 in ?? ()
#81 0xb6b6b6b6b6b6b6b6 in ?? ()
#82 0xb6b6b6b6b6b6b6b6 in ?? ()
#83 0xb6b6b6b6b6b6b6b6 in ?? ()
#84 0xb6b6b6b6b6b6b6b6 in ?? ()
#85 0xb6b6b6b6b6b6b6b6 in ?? ()
#86 0xb6b6b6b6b6b6b6b6 in ?? ()
#87 0xb6b6b6b6b6b6b6b6 in ?? ()
#88 0xb6b6b6b6b6b6b6b6 in ?? ()
#89 0xb6b6b6b6b6b6b6b6 in ?? ()
#90 0xb6b6b6b6b6b6b6b6 in ?? ()
#91 0xb6b6b6b6b6b6b6b6 in ?? ()
#92 0xb6b6b6b6b6b6b6b6 in ?? ()
#93 0xb6b6b6b6b6b6b6b6 in ?? ()
#94 0xb6b6b6b6b6b6b6b6 in ?? ()
#95 0xb6b6b6b6b6b6b6b6 in ?? ()
#96 0xb6b6b6b6b6b6b6b6 in ?? ()
#97 0xb6b6b6b6b6b6b6b6 in ?? ()
#98 0x000080b6b6b6b6b6 in ?? ()
#99 0x0000000000000002 in ?? ()
#100 0x0000000000000044 in ?? ()
#101 0x0000000000000008 in ?? ()
#102 0x00005555555c7e60 in ?? ()
#103 0x00005555555cf500 in ?? ()
#104 0x0000000000000000 in ?? ()
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
A stack overflow was discovered in gf_bifs_dec_proto_list(). The vulnerability causes a segmentation fault and application crash.
Version:
System information
Ubuntu 20.04 focal, AMD EPYC 7742 64-Core @ 16x 2.25GHz
command:
poc_8.zip
Result
gdb
break gf_bifs_dec_proto_listThe text was updated successfully, but these errors were encountered: