We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Version:
./MP4Box -version MP4Box - GPAC version 1.1.0-DEV-rev1582-g94db9779c-master (c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io MINI build (encoders, decoders, audio and video output disabled) Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration: --static-mp4box --enable-debug -- Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_FREETYPE GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_DISABLE_3D
command:
./bin/gcc/MP4Box -svg POC2
POC2.zip
Result
Segmentation fault
bt
Program received signal SIGSEGV, Segmentation fault. 0x00000000004eb82b in gf_sg_vrml_field_pointer_del (field=0x0, FieldType=50) at scenegraph/vrml_tools.c:667 667 gf_sg_mfdouble_del( * ((MFDouble *) field)); LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA ──────────────────────────────────────────────────────────────────────────────────────────────────[ REGISTERS ]─────────────────────────────────────────────────────────────────────────────────────────────────── RAX 0x0 RBX 0x400788 ◂— 0x0 RCX 0x0 RDX 0xe03e5c ◂— 0xff6e7b77ff6e7b77 RDI 0x0 RSI 0x32 R8 0x7 R9 0x0 R10 0xffffffd8 R11 0x246 R12 0xd0a2b0 (__libc_csu_fini) ◂— endbr64 R13 0x0 R14 0x10a6018 (_GLOBAL_OFFSET_TABLE_+24) —▸ 0xd80db0 (__memmove_avx_unaligned_erms) ◂— endbr64 R15 0x0 RBP 0x7fffffff8610 —▸ 0x7fffffff8660 —▸ 0x7fffffff86b0 —▸ 0x7fffffff8700 —▸ 0x7fffffff8740 ◂— ... RSP 0x7fffffff85f0 ◂— 0x3200000000 RIP 0x4eb82b (gf_sg_vrml_field_pointer_del+254) ◂— mov edx, dword ptr [rax] ────────────────────────────────────────────────────────────────────────────────────────────────────[ DISASM ]──────────────────────────────────────────────────────────────────────────────────────────────────── ► 0x4eb82b <gf_sg_vrml_field_pointer_del+254> mov edx, dword ptr [rax] 0x4eb82d <gf_sg_vrml_field_pointer_del+256> mov rax, qword ptr [rax + 8] 0x4eb831 <gf_sg_vrml_field_pointer_del+260> mov edi, edx 0x4eb833 <gf_sg_vrml_field_pointer_del+262> mov rsi, rax 0x4eb836 <gf_sg_vrml_field_pointer_del+265> call gf_sg_mfdouble_del <gf_sg_mfdouble_del> 0x4eb83b <gf_sg_vrml_field_pointer_del+270> jmp gf_sg_vrml_field_pointer_del+682 <gf_sg_vrml_field_pointer_del+682> 0x4eb840 <gf_sg_vrml_field_pointer_del+275> mov rax, qword ptr [rbp - 0x18] 0x4eb844 <gf_sg_vrml_field_pointer_del+279> mov edx, dword ptr [rax] 0x4eb846 <gf_sg_vrml_field_pointer_del+281> mov rax, qword ptr [rax + 8] 0x4eb84a <gf_sg_vrml_field_pointer_del+285> mov edi, edx 0x4eb84c <gf_sg_vrml_field_pointer_del+287> mov rsi, rax ────────────────────────────────────────────────────────────────────────────────────────────────[ SOURCE (CODE) ]───────────────────────────────────────────────────────────────────────────────────────────────── In file: /home/zxq/CVE_testing/source/gpac/src/scenegraph/vrml_tools.c 662 break; 663 case GF_SG_VRML_MFFLOAT: 664 gf_sg_mffloat_del( * ((MFFloat *) field)); 665 break; 666 case GF_SG_VRML_MFDOUBLE: ► 667 gf_sg_mfdouble_del( * ((MFDouble *) field)); 668 break; 669 case GF_SG_VRML_MFTIME: 670 gf_sg_mftime_del( * ((MFTime *)field)); 671 break; 672 case GF_SG_VRML_MFINT32: ────────────────────────────────────────────────────────────────────────────────────────────────────[ STACK ]───────────────────────────────────────────────────────────────────────────────────────────────────── 00:0000│ rsp 0x7fffffff85f0 ◂— 0x3200000000 01:0008│ 0x7fffffff85f8 ◂— 0x0 02:0010│ 0x7fffffff8600 —▸ 0x10ecd40 ◂— 0x0 03:0018│ 0x7fffffff8608 —▸ 0x10fa7d0 —▸ 0x10fae00 ◂— 0x0 04:0020│ rbp 0x7fffffff8610 —▸ 0x7fffffff8660 —▸ 0x7fffffff86b0 —▸ 0x7fffffff8700 —▸ 0x7fffffff8740 ◂— ... 05:0028│ 0x7fffffff8618 —▸ 0x4e6a10 (gf_sg_proto_del_instance+120) ◂— jmp 0x4e6a8f 06:0030│ 0x7fffffff8620 ◂— 0x0 07:0038│ 0x7fffffff8628 —▸ 0x10fa720 —▸ 0x10fa770 ◂— 0x100000001 ──────────────────────────────────────────────────────────────────────────────────────────────────[ BACKTRACE ]─────────────────────────────────────────────────────────────────────────────────────────────────── ► f 0 0x4eb82b gf_sg_vrml_field_pointer_del+254 f 1 0x4e6a10 gf_sg_proto_del_instance+120 f 2 0x47bfc6 gf_node_del+431 f 3 0x4797a6 gf_node_unregister+897 f 4 0x4e4916 gf_sg_proto_del+193 f 5 0x47db5d gf_sg_command_del+675 f 6 0x6a0b93 gf_sm_au_del+122 f 7 0x6a0c24 gf_sm_reset_stream+73 ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── pwndbg> bt #0 0x00000000004eb82b in gf_sg_vrml_field_pointer_del (field=0x0, FieldType=50) at scenegraph/vrml_tools.c:667 #1 0x00000000004e6a10 in gf_sg_proto_del_instance (inst=0x10fa720) at scenegraph/vrml_proto.c:846 #2 0x000000000047bfc6 in gf_node_del (node=0x10fa720) at scenegraph/base_scenegraph.c:1899 #3 0x00000000004797a6 in gf_node_unregister (pNode=0x10fa720, parentNode=0x0) at scenegraph/base_scenegraph.c:761 #4 0x00000000004e4916 in gf_sg_proto_del (proto=0x10f9d60) at scenegraph/vrml_proto.c:117 #5 0x000000000047db5d in gf_sg_command_del (com=0x10f9c80) at scenegraph/commands.c:113 #6 0x00000000006a0b93 in gf_sm_au_del (sc=0x10f7ac0, au=0x10f9bd0) at scene_manager/scene_manager.c:113 #7 0x00000000006a0c24 in gf_sm_reset_stream (sc=0x10f7ac0) at scene_manager/scene_manager.c:126 #8 0x00000000006a0c58 in gf_sm_delete_stream (sc=0x10f7ac0) at scene_manager/scene_manager.c:133 #9 0x00000000006a0d03 in gf_sm_del (ctx=0x10ed170) at scene_manager/scene_manager.c:147 #10 0x000000000041797b in dump_isom_scene (file=0x7fffffffe637 "gf_sg_vrml_field_pointer_del-gf_sg_proto_del_instance/POC2", inName=0x10da460 <outfile> "gf_sg_vrml_field_pointer_del-gf_sg_proto_del_instance/POC2", is_final_name=GF_FALSE, dump_mode=GF_SM_DUMP_SVG, do_log=GF_FALSE, no_odf_conv=GF_FALSE) at filedump.c:216 #11 0x000000000041521f in mp4boxMain (argc=3, argv=0x7fffffffe358) at main.c:6044 #12 0x000000000041719b in main (argc=3, argv=0x7fffffffe358) at main.c:6496 #13 0x0000000000d09a40 in __libc_start_main () #14 0x000000000040211e in _start () pwndbg>
The text was updated successfully, but these errors were encountered:
6a5effb
No branches or pull requests
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Version:
command:
POC2.zip
Result
bt
The text was updated successfully, but these errors were encountered: