Skip to content

Abort failed in MP4Box #2007

Closed
Closed
@ZFeiXQ

Description

@ZFeiXQ

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!

Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/

Version:

./MP4Box -version
MP4Box - GPAC version 1.1.0-DEV-rev1574-g8b22f0912-master
(c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:
 GPAC Filters: https://doi.org/10.1145/3339825.3394929
 GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: 
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB

command:

./bin/gcc/MP4Box -hint POC10

POC10.zip

Result

Abort

bt

Program received signal SIGABRT, Aborted.
[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x7ffff697e740 (0x00007ffff697e740)
RCX: 0x7ffff74fb18b (<__GI_raise+203>:	mov    rax,QWORD PTR [rsp+0x108])
RDX: 0x0 
RSI: 0x7fffffff8060 --> 0x0 
RDI: 0x2 
RBP: 0x7fffffff83b0 --> 0x7ffff76a0b80 --> 0x0 
RSP: 0x7fffffff8060 --> 0x0 
RIP: 0x7ffff74fb18b (<__GI_raise+203>:	mov    rax,QWORD PTR [rsp+0x108])
R8 : 0x0 
R9 : 0x7fffffff8060 --> 0x0 
R10: 0x8 
R11: 0x246 
R12: 0x7fffffff82d0 --> 0x5555555eafa0 --> 0x7374626c ('lbts')
R13: 0x10 
R14: 0x7ffff7ffb000 --> 0x6565726600001000 
R15: 0x1
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff74fb17f <__GI_raise+191>:	mov    edi,0x2
   0x7ffff74fb184 <__GI_raise+196>:	mov    eax,0xe
   0x7ffff74fb189 <__GI_raise+201>:	syscall 
=> 0x7ffff74fb18b <__GI_raise+203>:	mov    rax,QWORD PTR [rsp+0x108]
   0x7ffff74fb193 <__GI_raise+211>:	xor    rax,QWORD PTR fs:0x28
   0x7ffff74fb19c <__GI_raise+220>:	jne    0x7ffff74fb1c4 <__GI_raise+260>
   0x7ffff74fb19e <__GI_raise+222>:	mov    eax,r8d
   0x7ffff74fb1a1 <__GI_raise+225>:	add    rsp,0x118
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff8060 --> 0x0 
0008| 0x7fffffff8068 --> 0x0 
0016| 0x7fffffff8070 --> 0x5555555e7d50 --> 0x5555555eaa30 --> 0x100010000000006 
0024| 0x7fffffff8078 --> 0xf6015b1303ad4900 
0032| 0x7fffffff8080 --> 0x5 
0040| 0x7fffffff8088 --> 0x5555555e83e0 --> 0x5555555ebe10 --> 0x5555555ebbb0 --> 0x0 
0048| 0x7fffffff8090 --> 0x7fffffff81e0 --> 0x0 
0056| 0x7fffffff8098 --> 0x0 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGABRT
__GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
50	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
gdb-peda$ bt
#0  __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff74da859 in __GI_abort () at abort.c:79
#2  0x00007ffff75453ee in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff766f285 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff754d47c in malloc_printerr (str=str@entry=0x7ffff7671600 "free(): invalid next size (fast)") at malloc.c:5347
#4  0x00007ffff754ed2c in _int_free (av=0x7ffff76a0b80 <main_arena>, p=0x5555555e1640, have_lock=0x0) at malloc.c:4249
#5  0x00007ffff78cc82b in stco_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#6  0x00007ffff78f8b6c in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#7  0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#8  0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#9  0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#10 0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#11 0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#12 0x00007ffff78f9bc7 in gf_isom_box_array_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#13 0x00007ffff79031b7 in gf_isom_delete_movie () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#14 0x00007ffff79064c3 in gf_isom_close () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#15 0x000055555557bd12 in mp4boxMain ()
#16 0x00007ffff74dc0b3 in __libc_start_main (main=0x55555556d420 <main>, argc=0x3, argv=0x7fffffffe318, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffe308) at ../csu/libc-start.c:308
#17 0x000055555556d45e in _start ()
gdb-peda$ 

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions