Closed
Description
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
- [Yes ] I looked for a similar issue and couldn't find any.
- [ Yes] I tried with the latest version of GPAC. Installers available at http://gpac.io/downloads/gpac-nightly-builds/
- [ Yes] I give enough information for contributors to reproduce my issue (meaningful title, github labels, platform and compiler, command-line ...). I can share files anonymously with this dropbox: https://www.mediafire.com/filedrop/filedrop_hosted.php?drop=eec9e058a9486fe4e99c33021481d9e1826ca9dbc242a6cfaab0fe95da5e5d95
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Version:
./MP4Box -version
MP4Box - GPAC version 1.1.0-DEV-rev1574-g8b22f0912-master
(c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io
Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452
GPAC Configuration:
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB
command:
./bin/gcc/MP4Box -hint POC5
Result
Abort
bt
Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
RAX: 0x400001
RBX: 0x0
RCX: 0x0
RDX: 0x5555555e8080 --> 0x7374737a ('zsts')
RSI: 0x0
RDI: 0x5555555db330 --> 0x5555555e0620 --> 0x5555555dfa20 --> 0x7472616b ('kart')
RBP: 0x5555555da950 --> 0x0
RSP: 0x7fffffff5c30 --> 0x7fffffff7040 --> 0xffffffff
RIP: 0x7ffff7a107d0 (<gf_hinter_finalize+1040>: movzx eax,WORD PTR [r15+0x2])
R8 : 0x0
R9 : 0x5555555eac20 --> 0x5555555eab70 --> 0x5555555ea8a0 --> 0x0
R10: 0x5555555e3860 --> 0x7374626c ('lbts')
R11: 0x7ffff76a0be0 --> 0x5555555eacc0 --> 0x0
R12: 0x5555555e82c0 --> 0x10002
R13: 0x5
R14: 0x7fffffff5cb0 ("a=x-copyright: MP4/3GP File hinted with GPAC 1.1.0-DEV-rev1574-g8b22f0912-master - (c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io")
R15: 0x0
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x7ffff7a107c4 <gf_hinter_finalize+1028>: call 0x7ffff7768fd0 <gf_isom_sdp_add_line@plt>
0x7ffff7a107c9 <gf_hinter_finalize+1033>: jmp 0x7ffff7a1041e <gf_hinter_finalize+94>
0x7ffff7a107ce <gf_hinter_finalize+1038>: xchg ax,ax
=> 0x7ffff7a107d0 <gf_hinter_finalize+1040>: movzx eax,WORD PTR [r15+0x2]
0x7ffff7a107d5 <gf_hinter_finalize+1045>: cmp WORD PTR [r15+0x4],ax
0x7ffff7a107da <gf_hinter_finalize+1050>: jne 0x7ffff7a10657 <gf_hinter_finalize+663>
0x7ffff7a107e0 <gf_hinter_finalize+1056>: jmp 0x7ffff7a10650 <gf_hinter_finalize+656>
0x7ffff7a107e5 <gf_hinter_finalize+1061>: nop DWORD PTR [rax]
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff5c30 --> 0x7fffffff7040 --> 0xffffffff
0008| 0x7fffffff5c38 --> 0x100000000
0016| 0x7fffffff5c40 --> 0x2
0024| 0x7fffffff5c48 --> 0x7ffff76a15c0 --> 0xfbad2887
0032| 0x7fffffff5c50 --> 0x1
0040| 0x7fffffff5c58 --> 0x25 ('%')
0048| 0x7fffffff5c60 --> 0x25 ('%')
0056| 0x7fffffff5c68 --> 0x7ffff76a24a0 --> 0x0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00007ffff7a107d0 in gf_hinter_finalize () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
gdb-peda$ bt
#0 0x00007ffff7a107d0 in gf_hinter_finalize () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10
#1 0x000055555557967d in HintFile ()
#2 0x000055555557d257 in mp4boxMain ()
#3 0x00007ffff74dc0b3 in __libc_start_main (main=0x55555556d420 <main>, argc=0x3, argv=0x7fffffffe318, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffe308) at ../csu/libc-start.c:308
#4 0x000055555556d45e in _start ()
Metadata
Metadata
Assignees
Labels
No labels