We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https://huntr.dev/bounties/0758b3a2-8ff2-45fc-8543-7633d605d24e/ (not public?)
Description Null Pointer Dereference in gf_utf8_wcslen () Proof of Concept POC is here. bt Program received signal SIGSEGV, Segmentation fault. [----------------------------------registers-----------------------------------] RAX: 0x24 ('$') RBX: 0x5555555e2870 --> 0x5555555e2840 --> 0x2000000020000000 ('') RCX: 0x0 RDX: 0x7ffff697e740 (0x00007ffff697e740) RSI: 0x0 RDI: 0x0 RBP: 0x2 RSP: 0x7fffffff7ff8 --> 0x7ffff78f7d71 (<xtra_box_dump+129>: lea ebx,[rax*4+0x0]) RIP: 0x7ffff77ac884 (<gf_utf8_wcslen+4>: cmp WORD PTR [rdi],0x0) R8 : 0x0 R9 : 0x24 ('$') R10: 0x7ffff7e0cbc7 --> 0x22 ('"') R11: 0x7fffffff7ec7 --> 0x58c47a4e82a90030 R12: 0x5555555db220 --> 0x7ffffbad2c84 R13: 0x5555555e2920 --> 0x58747261 ('artX') R14: 0x5555555e28a0 --> 0x0 R15: 0x7ffff7e71725 --> 0x2020200058323025 ('%02X') EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x7ffff77ac874: data16 nop WORD PTR cs:[rax+rax*1+0x0] 0x7ffff77ac87f: nop 0x7ffff77ac880 <gf_utf8_wcslen>: endbr64 => 0x7ffff77ac884 <gf_utf8_wcslen+4>: cmp WORD PTR [rdi],0x0 0x7ffff77ac888 <gf_utf8_wcslen+8>: je 0x7ffff77ac8a8 <gf_utf8_wcslen+40> 0x7ffff77ac88a <gf_utf8_wcslen+10>: mov rax,rdi 0x7ffff77ac88d <gf_utf8_wcslen+13>: nop DWORD PTR [rax] 0x7ffff77ac890 <gf_utf8_wcslen+16>: add rax,0x2 [------------------------------------stack-------------------------------------] 0000| 0x7fffffff7ff8 --> 0x7ffff78f7d71 (<xtra_box_dump+129>: lea ebx,[rax*4+0x0]) 0008| 0x7fffffff8000 --> 0x5555555db650 --> 0x73747473 ('stts') 0016| 0x7fffffff8008 --> 0x2 0024| 0x7fffffff8010 --> 0x0 0032| 0x7fffffff8018 --> 0x6458c47a4e82a900 0040| 0x7fffffff8020 --> 0x5555555db220 --> 0x7ffffbad2c84 0048| 0x7fffffff8028 --> 0x5555555da950 --> 0x0 0056| 0x7fffffff8030 --> 0x5555555e2920 --> 0x58747261 ('artX') [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGSEGV 0x00007ffff77ac884 in gf_utf8_wcslen () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 gdb-peda$ bt #0 0x00007ffff77ac884 in gf_utf8_wcslen () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #1 0x00007ffff78f7d71 in xtra_box_dump () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #2 0x00007ffff78fa5f2 in gf_isom_box_dump () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #3 0x00007ffff78e99f6 in gf_isom_dump () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #4 0x0000555555588c15 in dump_isom_xml () #5 0x000055555557c564 in mp4boxMain () #6 0x00007ffff74dc0b3 in __libc_start_main (main=0x55555556d420 <main>, argc=0x5, argv=0x7fffffffe328, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe318) at ../csu/libc-start.c:308 #7 0x000055555556d45e in _start ()
The text was updated successfully, but these errors were encountered:
confirmed fixed from 586e817
Sorry, something went wrong.
No branches or pull requests
https://huntr.dev/bounties/0758b3a2-8ff2-45fc-8543-7633d605d24e/ (not public?)
poc2.mp4
The text was updated successfully, but these errors were encountered: