We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
A null pointer dereference was discovered in lsr_read_anim_values_ex(). The vulnerability causes a segmentation fault and application crash.
Version:
MP4Box - GPAC version 1.1.0-DEV-rev1555-g339e7a736-master (c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration: --prefix=/root/fuck_bin/gpac/test Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D
System information Ubuntu 20.04 focal, AMD EPYC 7742 64-Core @ 16x 2.25GHz
command:
./MP4Box -bt
lsr_read_anim_values_ex.part-lsr_read_animateTransform.zip
Result
lsr_read_anim_values_ex.part-lsr_read_animateTransform/id:000439,si g:11,src:004575+004803,op:splice,rep:2
../../test/lib/MP4Box -bt lsr_read_anim_values_ex.part-lsr_read_animateTransform/id:000439,si g:11,src:004575+004803,op:splice,rep:2 [iso file] extra box maxr found in hinf, deleting [iso file] extra box maxr found in hinf, deleting [iso file] Unknown box type 80rak in parent moov [iso file] Incomplete box mdat - start 11495 size 853091 [iso file] Incomplete file while reading for dump - aborting parsing [iso file] extra box maxr found in hinf, deleting [iso file] extra box maxr found in hinf, deleting [iso file] Unknown box type 80rak in parent moov [iso file] Incomplete box mdat - start 11495 size 853091 [iso file] Incomplete file while reading for dump - aborting parsing MPEG-4 LASeR Scene Parsing [LASeR] memory overread - corrupted decoding [1] 1634950 segmentation fault ../../test/lib/MP4Box -bt
gdb
Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7b551a6 in lsr_read_anim_values_ex.part () from /root/fuck_bin/gpac/test/lib/libgpac.so.10 LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA ────────────────────────────────────────────[ REGISTERS ]───────────────────────────────────────────── RAX 0x0 RBX 0x5 RCX 0x5555555c6010 ◂— 0x70006 RDX 0x6 RDI 0x5555556e4020 ◂— 0x0 RSI 0x1 R8 0x5555556e4000 ◂— 0x0 R9 0x0 R10 0x7ffff7759e4a ◂— 'gf_list_insert' R11 0x206 R12 0x5555555e1020 ◂— 0x54 /* 'T' */ R13 0x5555556e4000 ◂— 0x0 R14 0x5555555e35c0 —▸ 0x5555555e3630 ◂— 0x0 R15 0x5555556e4020 ◂— 0x0 RBP 0x3 RSP 0x7fffffff6c90 ◂— 0xf00000003 RIP 0x7ffff7b551a6 (lsr_read_anim_values_ex.part+1078) ◂— movss xmm0, dword ptr [rax] ──────────────────────────────────────────────[ DISASM ]────────────────────────────────────────────── ► 0x7ffff7b551a6 <lsr_read_anim_values_ex.part+1078> movss xmm0, dword ptr [rax] 0x7ffff7b551aa <lsr_read_anim_values_ex.part+1082> movss dword ptr [r13 + 8], xmm0 0x7ffff7b551b0 <lsr_read_anim_values_ex.part+1088> call gf_list_get@plt <gf_list_get@plt> 0x7ffff7b551b5 <lsr_read_anim_values_ex.part+1093> test rax, rax 0x7ffff7b551b8 <lsr_read_anim_values_ex.part+1096> je lsr_read_anim_values_ex.part+1108 <lsr_read_anim_values_ex.part+1108> 0x7ffff7b551ba <lsr_read_anim_values_ex.part+1098> movss xmm0, dword ptr [rax] 0x7ffff7b551be <lsr_read_anim_values_ex.part+1102> movss dword ptr [r13], xmm0 0x7ffff7b551c4 <lsr_read_anim_values_ex.part+1108> mov esi, 2 0x7ffff7b551c9 <lsr_read_anim_values_ex.part+1113> mov rdi, r15 0x7ffff7b551cc <lsr_read_anim_values_ex.part+1116> call gf_list_get@plt <gf_list_get@plt> 0x7ffff7b551d1 <lsr_read_anim_values_ex.part+1121> test rax, rax ──────────────────────────────────────────────[ STACK ]─────────────────────────────────────────────── 00:0000│ rsp 0x7fffffff6c90 ◂— 0xf00000003 01:0008│ 0x7fffffff6c98 ◂— 0x7fff00000008 02:0010│ 0x7fffffff6ca0 ◂— 0x350000006e /* 'n' */ 03:0018│ 0x7fffffff6ca8 —▸ 0x5555555e1020 ◂— 0x54 /* 'T' */ 04:0020│ 0x7fffffff6cb0 ◂— 0x0 05:0028│ 0x7fffffff6cb8 —▸ 0x5555555e0f00 —▸ 0x5555555e0f20 —▸ 0x5555555e0f60 —▸ 0x5555555e0f40 ◂— ... 06:0030│ 0x7fffffff6cc0 ◂— 0x0 07:0038│ 0x7fffffff6cc8 ◂— 0x2748627e3b91600 ────────────────────────────────────────────[ BACKTRACE ]───────────────────────────────────────────── ► f 0 0x7ffff7b551a6 lsr_read_anim_values_ex.part+1078 f 1 0x7ffff7b5d9e8 lsr_read_animateTransform+424 f 2 0x7ffff7b5beeb lsr_read_scene_content_model+1547 f 3 0x7ffff7b5c89c lsr_read_group_content.part+316 f 4 0x7ffff7b60a76 lsr_read_svg+838 f 5 0x7ffff7b58817 lsr_read_command_list+759 f 6 0x7ffff7b5ab74 lsr_decode_laser_unit+708 f 7 0x7ffff7b6239d gf_laser_decode_command_list+333 ────────────────────────────────────────────────────────────────────────────────────────────────────── pwndbg> bt #0 0x00007ffff7b551a6 in lsr_read_anim_values_ex.part () from /root/fuck_bin/gpac/test/lib/libgpac.so.10 #1 0x00007ffff7b5d9e8 in lsr_read_animateTransform () from /root/fuck_bin/gpac/test/lib/libgpac.so.10 #2 0x00007ffff7b5beeb in lsr_read_scene_content_model () from /root/fuck_bin/gpac/test/lib/libgpac.so.10 #3 0x00007ffff7b5c89c in lsr_read_group_content.part () from /root/fuck_bin/gpac/test/lib/libgpac.so.10 #4 0x00007ffff7b60a76 in lsr_read_svg () from /root/fuck_bin/gpac/test/lib/libgpac.so.10 #5 0x00007ffff7b58817 in lsr_read_command_list () from /root/fuck_bin/gpac/test/lib/libgpac.so.10 #6 0x00007ffff7b5ab74 in lsr_decode_laser_unit () from /root/fuck_bin/gpac/test/lib/libgpac.so.10 #7 0x00007ffff7b6239d in gf_laser_decode_command_list () from /root/fuck_bin/gpac/test/lib/libgpac.so.10 #8 0x00007ffff7aa3061 in gf_sm_load_run_isom () from /root/fuck_bin/gpac/test/lib/libgpac.so.10 #9 0x00005555555844a8 in dump_isom_scene () #10 0x000055555557b42c in mp4boxMain () #11 0x00007ffff75630b3 in __libc_start_main (main=0x55555556c420 <main>, argc=3, argv=0x7fffffffe1c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe1b8) at ../csu/libc-start.c:308 #12 0x000055555556c45e in _start ()
The text was updated successfully, but these errors were encountered:
76b9e3f
No branches or pull requests
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
A null pointer dereference was discovered in lsr_read_anim_values_ex(). The vulnerability causes a segmentation fault and application crash.
Version:
System information
Ubuntu 20.04 focal, AMD EPYC 7742 64-Core @ 16x 2.25GHz
command:
lsr_read_anim_values_ex.part-lsr_read_animateTransform.zip
Result
lsr_read_anim_values_ex.part-lsr_read_animateTransform/id:000439,si
g:11,src:004575+004803,op:splice,rep:2
gdb
lsr_read_anim_values_ex.part-lsr_read_animateTransform/id:000439,si
g:11,src:004575+004803,op:splice,rep:2
The text was updated successfully, but these errors were encountered: