Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Version:
./MP4Box -version MP4Box - GPAC version 1.1.0-DEV-rev1582-g94db9779c-master (c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io MINI build (encoders, decoders, audio and video output disabled) Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration: --static-mp4box --enable-debug -- Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_FREETYPE GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_DISABLE_3D
command:
./bin/gcc/MP4Box -svg POC1
POC1.zip
Result
Segmentation fault
bt
Program received signal SIGSEGV, Segmentation fault. gf_node_unregister (pNode=0x10f9b70, parentNode=0x10fa140) at scenegraph/base_scenegraph.c:682 682 pSG = pNode->sgprivate->scenegraph; LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA ──────────────────────────────────────────────────────────────────────────────────────────────────[ REGISTERS ]─────────────────────────────────────────────────────────────────────────────────────────────────── RAX 0x0 RBX 0x7 RCX 0x1 RDX 0x10fa140 —▸ 0x10fa290 ◂— 0x300000095 RDI 0x10f9b70 ◂— 0x0 RSI 0x10fa140 —▸ 0x10fa290 ◂— 0x300000095 R8 0x0 R9 0x0 R10 0xfffffff9 R11 0x246 R12 0xd0a2b0 (__libc_csu_fini) ◂— endbr64 R13 0x0 R14 0x10a6018 (_GLOBAL_OFFSET_TABLE_+24) —▸ 0xd80db0 (__memmove_avx_unaligned_erms) ◂— endbr64 R15 0x0 RBP 0x7fffffff7690 —▸ 0x7fffffff76c0 —▸ 0x7fffffff76f0 —▸ 0x7fffffff7720 —▸ 0x7fffffff7740 ◂— ... RSP 0x7fffffff7650 —▸ 0x10fa140 —▸ 0x10fa290 ◂— 0x300000095 RIP 0x479467 (gf_node_unregister+66) ◂— mov rax, qword ptr [rax + 8] ────────────────────────────────────────────────────────────────────────────────────────────────────[ DISASM ]──────────────────────────────────────────────────────────────────────────────────────────────────── ► 0x479467 <gf_node_unregister+66> mov rax, qword ptr [rax + 8] 0x47946b <gf_node_unregister+70> mov qword ptr [rbp - 0x28], rax 0x47946f <gf_node_unregister+74> cmp qword ptr [rbp - 0x40], 0 0x479474 <gf_node_unregister+79> je gf_node_unregister+284 <gf_node_unregister+284> ↓ 0x479541 <gf_node_unregister+284> cmp qword ptr [rbp - 0x28], 0 0x479546 <gf_node_unregister+289> je gf_node_unregister+320 <gf_node_unregister+320> ↓ 0x479565 <gf_node_unregister+320> mov rax, qword ptr [rbp - 0x38] 0x479569 <gf_node_unregister+324> mov rax, qword ptr [rax] 0x47956c <gf_node_unregister+327> movzx eax, word ptr [rax + 2] 0x479570 <gf_node_unregister+331> test ax, ax 0x479573 <gf_node_unregister+334> jne gf_node_unregister+367 <gf_node_unregister+367> ────────────────────────────────────────────────────────────────────────────────────────────────[ SOURCE (CODE) ]───────────────────────────────────────────────────────────────────────────────────────────────── In file: /home/zxq/CVE_testing/source/gpac/src/scenegraph/base_scenegraph.c 677 Bool detach=0; 678 #endif 679 GF_SceneGraph *pSG; 680 681 if (!pNode) return GF_OK; ► 682 pSG = pNode->sgprivate->scenegraph; 683 684 if (parentNode) { 685 GF_ParentList *nlist = pNode->sgprivate->parents; 686 if (nlist) { 687 GF_ParentList *prev = NULL; ────────────────────────────────────────────────────────────────────────────────────────────────────[ STACK ]───────────────────────────────────────────────────────────────────────────────────────────────────── 00:0000│ rsp 0x7fffffff7650 —▸ 0x10fa140 —▸ 0x10fa290 ◂— 0x300000095 01:0008│ 0x7fffffff7658 —▸ 0x10f9b70 ◂— 0x0 02:0010│ 0x7fffffff7660 ◂— 0x0 03:0018│ 0x7fffffff7668 —▸ 0x10a6018 (_GLOBAL_OFFSET_TABLE_+24) —▸ 0xd80db0 (__memmove_avx_unaligned_erms) ◂— endbr64 04:0020│ 0x7fffffff7670 ◂— 0x0 05:0028│ 0x7fffffff7678 —▸ 0x450b75 (gf_free+28) ◂— nop 06:0030│ 0x7fffffff7680 ◂— 0x5 07:0038│ 0x7fffffff7688 ◂— 0x5789c1222d7c1900 ──────────────────────────────────────────────────────────────────────────────────────────────────[ BACKTRACE ]─────────────────────────────────────────────────────────────────────────────────────────────────── ► f 0 0x479467 gf_node_unregister+66 f 1 0x47ad0f gf_node_unregister_children+45 f 2 0x4ea690 gf_sg_vrml_parent_destroy+70 f 3 0x4c4593 SBBone_Del+318 f 4 0x4dbb98 gf_sg_mpeg4_node_del+2586 f 5 0x47bfe4 gf_node_del+461 f 6 0x4797a6 gf_node_unregister+897 f 7 0x566822 gf_bifs_dec_node+1888 ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── pwndbg> bt #0 gf_node_unregister (pNode=0x10f9b70, parentNode=0x10fa140) at scenegraph/base_scenegraph.c:682 #1 0x000000000047ad0f in gf_node_unregister_children (container=0x10fa140, child=0x10fa320) at scenegraph/base_scenegraph.c:1369 #2 0x00000000004ea690 in gf_sg_vrml_parent_destroy (pNode=0x10fa140) at scenegraph/vrml_tools.c:162 #3 0x00000000004c4593 in SBBone_Del (node=0x10fa140) at scenegraph/mpeg4_nodes.c:27956 #4 0x00000000004dbb98 in gf_sg_mpeg4_node_del (node=0x10fa140) at scenegraph/mpeg4_nodes.c:37958 #5 0x000000000047bfe4 in gf_node_del (node=0x10fa140) at scenegraph/base_scenegraph.c:1902 #6 0x00000000004797a6 in gf_node_unregister (pNode=0x10fa140, parentNode=0x0) at scenegraph/base_scenegraph.c:761 #7 0x0000000000566822 in gf_bifs_dec_node (codec=0x10f70b0, bs=0x10e4c30, NDT_Tag=1) at bifs/field_decode.c:912 #8 0x000000000055c98c in gf_bifs_dec_proto_list (codec=0x10f70b0, bs=0x10e4c30, proto_list=0x0) at bifs/com_dec.c:1132 #9 0x000000000055c94f in gf_bifs_dec_proto_list (codec=0x10f70b0, bs=0x10e4c30, proto_list=0x10f9600) at bifs/com_dec.c:1125 #10 0x000000000055d37f in BD_DecSceneReplace (codec=0x10f70b0, bs=0x10e4c30, proto_list=0x10f9600) at bifs/com_dec.c:1332 #11 0x000000000056c8d2 in BM_SceneReplace (codec=0x10f70b0, bs=0x10e4c30, com_list=0x10f7430) at bifs/memory_decoder.c:860 #12 0x000000000056cb53 in BM_ParseCommand (codec=0x10f70b0, bs=0x10e4c30, com_list=0x10f7430) at bifs/memory_decoder.c:908 #13 0x000000000056cffd in gf_bifs_decode_command_list (codec=0x10f70b0, ESID=8, data=0x10f74b0 '\320' <repeats 191 times>, <incomplete sequence \372>, data_length=8208, com_list=0x10f7430) at bifs/memory_decoder.c:1009 #14 0x00000000006be1da in gf_sm_load_run_isom (load=0x7fffffff88a0) at scene_manager/loader_isom.c:303 #15 0x00000000006a214a in gf_sm_load_run (load=0x7fffffff88a0) at scene_manager/scene_manager.c:719 #16 0x000000000041786e in dump_isom_scene (file=0x7fffffffe60f "gf_node_unregister-gf_node_unregister_children/id:000515,sig:11,src:007933+012329,op:splice,rep:16", inName=0x10da460 <outfile> "gf_node_unregister-gf_node_unregister_children/id:000515,sig:11,src:007933+012329,op:splice,rep:16", is_final_name=GF_FALSE, dump_mode=GF_SM_DUMP_SVG, do_log=GF_FALSE, no_odf_conv=GF_FALSE) at filedump.c:199 #17 0x000000000041521f in mp4boxMain (argc=3, argv=0x7fffffffe328) at main.c:6044 #18 0x000000000041719b in main (argc=3, argv=0x7fffffffe328) at main.c:6496 #19 0x0000000000d09a40 in __libc_start_main () #20 0x000000000040211e in _start ()
The text was updated successfully, but these errors were encountered:
70c6f6f
No branches or pull requests
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Version:
command:
POC1.zip
Result
bt
The text was updated successfully, but these errors were encountered: