Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Abort failed in MP4Box #2007

Closed
ZFeiXQ opened this issue Dec 22, 2021 · 1 comment
Closed

Abort failed in MP4Box #2007

ZFeiXQ opened this issue Dec 22, 2021 · 1 comment

Comments

@ZFeiXQ
Copy link

ZFeiXQ commented Dec 22, 2021

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!

Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/

Version:

./MP4Box -version
MP4Box - GPAC version 1.1.0-DEV-rev1574-g8b22f0912-master
(c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:
 GPAC Filters: https://doi.org/10.1145/3339825.3394929
 GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: 
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB

command:

./bin/gcc/MP4Box -hint POC10

POC10.zip

Result

Abort

bt

Program received signal SIGABRT, Aborted.
[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x7ffff697e740 (0x00007ffff697e740)
RCX: 0x7ffff74fb18b (<__GI_raise+203>:	mov    rax,QWORD PTR [rsp+0x108])
RDX: 0x0 
RSI: 0x7fffffff8060 --> 0x0 
RDI: 0x2 
RBP: 0x7fffffff83b0 --> 0x7ffff76a0b80 --> 0x0 
RSP: 0x7fffffff8060 --> 0x0 
RIP: 0x7ffff74fb18b (<__GI_raise+203>:	mov    rax,QWORD PTR [rsp+0x108])
R8 : 0x0 
R9 : 0x7fffffff8060 --> 0x0 
R10: 0x8 
R11: 0x246 
R12: 0x7fffffff82d0 --> 0x5555555eafa0 --> 0x7374626c ('lbts')
R13: 0x10 
R14: 0x7ffff7ffb000 --> 0x6565726600001000 
R15: 0x1
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff74fb17f <__GI_raise+191>:	mov    edi,0x2
   0x7ffff74fb184 <__GI_raise+196>:	mov    eax,0xe
   0x7ffff74fb189 <__GI_raise+201>:	syscall 
=> 0x7ffff74fb18b <__GI_raise+203>:	mov    rax,QWORD PTR [rsp+0x108]
   0x7ffff74fb193 <__GI_raise+211>:	xor    rax,QWORD PTR fs:0x28
   0x7ffff74fb19c <__GI_raise+220>:	jne    0x7ffff74fb1c4 <__GI_raise+260>
   0x7ffff74fb19e <__GI_raise+222>:	mov    eax,r8d
   0x7ffff74fb1a1 <__GI_raise+225>:	add    rsp,0x118
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff8060 --> 0x0 
0008| 0x7fffffff8068 --> 0x0 
0016| 0x7fffffff8070 --> 0x5555555e7d50 --> 0x5555555eaa30 --> 0x100010000000006 
0024| 0x7fffffff8078 --> 0xf6015b1303ad4900 
0032| 0x7fffffff8080 --> 0x5 
0040| 0x7fffffff8088 --> 0x5555555e83e0 --> 0x5555555ebe10 --> 0x5555555ebbb0 --> 0x0 
0048| 0x7fffffff8090 --> 0x7fffffff81e0 --> 0x0 
0056| 0x7fffffff8098 --> 0x0 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGABRT
__GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
50	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
gdb-peda$ bt
#0  __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff74da859 in __GI_abort () at abort.c:79
#2  0x00007ffff75453ee in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff766f285 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff754d47c in malloc_printerr (str=str@entry=0x7ffff7671600 "free(): invalid next size (fast)") at malloc.c:5347
#4  0x00007ffff754ed2c in _int_free (av=0x7ffff76a0b80 <main_arena>, p=0x5555555e1640, have_lock=0x0) at malloc.c:4249
#5  0x00007ffff78cc82b in stco_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#6  0x00007ffff78f8b6c in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#7  0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#8  0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#9  0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#10 0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#11 0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#12 0x00007ffff78f9bc7 in gf_isom_box_array_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#13 0x00007ffff79031b7 in gf_isom_delete_movie () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#14 0x00007ffff79064c3 in gf_isom_close () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#15 0x000055555557bd12 in mp4boxMain ()
#16 0x00007ffff74dc0b3 in __libc_start_main (main=0x55555556d420 <main>, argc=0x3, argv=0x7fffffffe318, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffe308) at ../csu/libc-start.c:308
#17 0x000055555556d45e in _start ()
gdb-peda$ 

@jeanlf
Copy link
Member

jeanlf commented Jan 3, 2022

fixed when fixing #1999, thanks for the report

@jeanlf jeanlf closed this as completed Jan 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants