Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Version:
./MP4Box -version MP4Box - GPAC version 1.1.0-DEV-rev1582-g94db9779c-master (c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io MINI build (encoders, decoders, audio and video output disabled) Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration: --static-mp4box --enable-debug -- Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_FREETYPE GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_DISABLE_3D
command:
./bin/gcc/MP4Box -disox -ttxt -2 -dump-chap-ogg -dump-cover -drtp -bt -out /dev/null POC2
POC2.zip
Result
Segmentation fault.
bt
Program received signal SIGSEGV, Segmentation fault. 0x000000000047aa77 in gf_node_get_name (p=0x4747474747474747) at scenegraph/base_scenegraph.c:1293 1293 if (!p || !(p->sgprivate->flags & GF_NODE_IS_DEF)) return NULL; LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA ──────────────────────────────────────────────────────────────────────────────────────────────────[ REGISTERS ]─────────────────────────────────────────────────────────────────────────────────────────────────── RAX 0x4747474747474747 ('GGGGGGGG') RBX 0x400788 ◂— 0x0 RCX 0x474747 (gf_xml_parse_bit_sequence_bs+486) ◂— sti RDX 0x7 RDI 0x4747474747474747 ('GGGGGGGG') RSI 0x10fd740 ◂— 0x47474747474747 /* 'GGGGGGG' */ R8 0x10fc550 —▸ 0x10fce00 —▸ 0x10eccb0 ◂— 0x0 R9 0x2 R10 0x0 R11 0x0 R12 0xd0a2b0 (__libc_csu_fini) ◂— endbr64 R13 0x0 R14 0x10a6018 (_GLOBAL_OFFSET_TABLE_+24) —▸ 0xd80db0 (__memmove_avx_unaligned_erms) ◂— endbr64 R15 0x0 RBP 0x7fffffff8100 —▸ 0x7fffffff85d0 ◂— 0x4747474747474747 ('GGGGGGGG') RSP 0x7fffffff8100 —▸ 0x7fffffff85d0 ◂— 0x4747474747474747 ('GGGGGGGG') RIP 0x47aa77 (gf_node_get_name+23) ◂— mov rax, qword ptr [rax] ────────────────────────────────────────────────────────────────────────────────────────────────────[ DISASM ]──────────────────────────────────────────────────────────────────────────────────────────────────── ► 0x47aa77 <gf_node_get_name+23> mov rax, qword ptr [rax] 0x47aa7a <gf_node_get_name+26> mov eax, dword ptr [rax + 4] 0x47aa7d <gf_node_get_name+29> test eax, eax 0x47aa7f <gf_node_get_name+31> js gf_node_get_name+40 <gf_node_get_name+40> ↓ 0x47aa88 <gf_node_get_name+40> mov rax, qword ptr [rbp - 0x18] 0x47aa8c <gf_node_get_name+44> mov rax, qword ptr [rax] 0x47aa8f <gf_node_get_name+47> mov rax, qword ptr [rax + 8] 0x47aa93 <gf_node_get_name+51> mov qword ptr [rbp - 0x10], rax 0x47aa97 <gf_node_get_name+55> mov rax, qword ptr [rbp - 0x10] 0x47aa9b <gf_node_get_name+59> mov rax, qword ptr [rax + 0xf0] 0x47aaa2 <gf_node_get_name+66> cmp qword ptr [rbp - 0x18], rax ────────────────────────────────────────────────────────────────────────────────────────────────[ SOURCE (CODE) ]───────────────────────────────────────────────────────────────────────────────────────────────── In file: /home/zxq/CVE_testing/source/gpac/src/scenegraph/base_scenegraph.c 1288 GF_EXPORT 1289 const char *gf_node_get_name(GF_Node*p) 1290 { 1291 GF_SceneGraph *sg; 1292 NodeIDedItem *reg_node; ► 1293 if (!p || !(p->sgprivate->flags & GF_NODE_IS_DEF)) return NULL; 1294 1295 sg = p->sgprivate->scenegraph; 1296 #ifndef GPAC_DISABLE_VRML 1297 /*if this is a proto, look in parent graph*/ 1298 if (p == (GF_Node*)sg->pOwningProto) sg = sg->parent_scene; ────────────────────────────────────────────────────────────────────────────────────────────────────[ STACK ]───────────────────────────────────────────────────────────────────────────────────────────────────── 00:0000│ rbp rsp 0x7fffffff8100 —▸ 0x7fffffff85d0 ◂— 0x4747474747474747 ('GGGGGGGG') 01:0008│ 0x7fffffff8108 —▸ 0x6e1eee (gf_dump_vrml_route+415) ◂— mov qword ptr [rbp - 0x488], rax 02:0010│ 0x7fffffff8110 —▸ 0x10f9bc0 ◂— 0x333 03:0018│ 0x7fffffff8118 ◂— 0x10 04:0020│ 0x7fffffff8120 —▸ 0x7fffffff8610 ◂— 0x4747474747474747 ('GGGGGGGG') 05:0028│ 0x7fffffff8128 —▸ 0x10f75f0 —▸ 0x10eccb0 ◂— 0x0 06:0030│ 0x7fffffff8130 —▸ 0xdba6f0 (funlockfile) ◂— endbr64 07:0038│ 0x7fffffff8138 ◂— 0x1 ──────────────────────────────────────────────────────────────────────────────────────────────────[ BACKTRACE ]─────────────────────────────────────────────────────────────────────────────────────────────────── ► f 0 0x47aa77 gf_node_get_name+23 f 1 0x6e1eee gf_dump_vrml_route+415 f 2 0x4747474747474747 f 3 0x4747474747474747 f 4 0x4747474747474747 f 5 0x4747474747474747 f 6 0x4747474747474747 f 7 0x4747474747474747 ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── pwndbg> bt #0 0x000000000047aa77 in gf_node_get_name (p=0x4747474747474747) at scenegraph/base_scenegraph.c:1293 #1 0x00000000006e1eee in gf_dump_vrml_route (sdump=0x10f75f0, r=0x7fffffff8610, dump_type=0) at scene_manager/scene_dump.c:2344 #2 0x4747474747474747 in ?? () #3 0x4747474747474747 in ?? () #4 0x4747474747474747 in ?? () #5 0x4747474747474747 in ?? () #6 0x4747474747474747 in ?? () #7 0x4747474747474747 in ?? () #8 0x4747474747474747 in ?? () #9 0x4747474747474747 in ?? () #10 0x4747474747474747 in ?? () #11 0x4747474747474747 in ?? () #12 0x4747474747474747 in ?? () #13 0x4747474747474747 in ?? () #14 0x4747474747474747 in ?? () #15 0x4747474747474747 in ?? () #16 0x4747474747474747 in ?? () #17 0x4747474747474747 in ?? () #18 0x4747474747474747 in ?? () #19 0x4747474747474747 in ?? () #20 0x4747474747474747 in ?? () #21 0x4747474747474747 in ?? () #22 0x4747474747474747 in ?? () #23 0x4747474747474747 in ?? () #24 0x4747474747474747 in ?? () #25 0x4747474747474747 in ?? () #26 0x4747474747474747 in ?? () #27 0x4747474747474747 in ?? () #28 0x4747474747474747 in ?? () #29 0x4747474747474747 in ?? () #30 0x4747474747474747 in ?? () #31 0x4747474747474747 in ?? () #32 0x4747474747474747 in ?? () #33 0x4747474747474747 in ?? () #34 0x4747474747474747 in ?? () #35 0x4747474747474747 in ?? () #36 0x4747474747474747 in ?? () #37 0x4747474747474747 in ?? () #38 0x4747474747474747 in ?? () #39 0x4747474747474747 in ?? () #40 0x4747474747474747 in ?? () #41 0x4747474747474747 in ?? () #42 0x4747474747474747 in ?? () #43 0x4747474747474747 in ?? () #44 0x4747474747474747 in ?? () #45 0x4747474747474747 in ?? () #46 0x4747474747474747 in ?? () #47 0x4747474747474747 in ?? () #48 0x4747474747474747 in ?? () #49 0x4747474747474747 in ?? () #50 0x4747474747474747 in ?? () #51 0x4747474747474747 in ?? () #52 0x4747474747474747 in ?? () #53 0x4747474747474747 in ?? () #54 0x4747474747474747 in ?? () #55 0x47474747ef474747 in ?? () #56 0x4747474747474747 in ?? () #57 0x4747474747474747 in ?? () #58 0x4747474747474747 in ?? () #59 0x0047474747474747 in ?? () #60 0x868bc44dfe5d4600 in ?? () #61 0x00007fffffff98b0 in ?? () #62 0x0000000000417966 in dump_isom_scene (file=<error reading variable: Cannot access memory at address 0x474747474747366f>, inName=<error reading variable: Cannot access memory at address 0x4747474747473667>, is_final_name=<error reading variable: Cannot access memory at address 0x4747474747473663>, dump_mode=<error reading variable: Cannot access memory at address 0x474747474747365f>, do_log=<error reading variable: Cannot access memory at address 0x474747474747365b>, no_odf_conv=<error reading variable: Cannot access memory at address 0x4747474747473657>) at filedump.c:213 Backtrace stopped: Cannot access memory at address 0x474747474747474f
The text was updated successfully, but these errors were encountered:
4b9736a
No branches or pull requests
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Version:
command:
POC2.zip
Result
bt
The text was updated successfully, but these errors were encountered: