Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Signed integer overflow #2067

Closed
AAArdu opened this issue Jan 26, 2022 · 1 comment
Closed

Signed integer overflow #2067

AAArdu opened this issue Jan 26, 2022 · 1 comment

Comments

@AAArdu
Copy link

AAArdu commented Jan 26, 2022

Description

There are some signed-integer-overflow caused runtime error and are detected by UndefinedBehaviorSanitizer

System info

Ubuntu 20.04.2 LTS
clang version 12.0.0-++20210402082642+04ba60cfe598-1~exp1~20210402063359.71
MP4Box - GPAC version 1.1.0-DEV-rev1663-g881c6a94a-master

Build command

./configure --static-mp4box --prefix=`realpath ./install` --enable-sanitizer --cc=clang --cxx=clang++

Crash command

MP4Box -isma -timescale 600 -out /dev/null poc_file

Pocs

POCs

Crash output

poc_3

media_tools/av_parsers.c:5271:24: runtime error: signed integer overflow: 160041545 * 16 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior media_tools/av_parsers.c:5271:24 in /zhengjie/collect/collec.sh: line 13:  9327 Aborted (core dumped) 

poc_9

[iso file] Box "oinf" size 15 (start 0) invalid (read 18)
[iso file] Unknown top-level box type )85B691
[ODF] Error reading descriptor (tag 2 size 1): Invalid MPEG-4 Descriptor
[iso file] Box "sinf" (start 635) has 81 extra bytes
[ODF] Error reading descriptor (tag 2 size 1): Invalid MPEG-4 Descriptor
[ODF] Not enough bytes (11) to read descriptor (size=81)
[ODF] Error reading descriptor (tag 2 size 17): Invalid MPEG-4 Descriptor
[iso file] Box "stco" (start 859) has 239 extra bytes
[iso file] Box "stco" is larger than container box
[iso file] Box "stbl" size 339 (start 536) invalid (read 578)
[iso file] Unknown box type mvex in parent minf
[iso file] Unknown box type moov in parent minf
[iso file] Unknown box type 00000000 in parent minf
[iso file] Unknown box type u7Fl  in parent minf
media_tools/av_parsers.c:5271:24: runtime error: signed integer overflow: 551209680 * 16 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior media_tools/av_parsers.c:5271:24 in /zhengjie/collect/collec.sh: line 13: 16205 Aborted (core dumped)

poc_19

media_tools/av_parsers.c:5271:24: runtime error: signed integer overflow: 414855863 * 16 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior media_tools/av_parsers.c:5271:24 in /zhengjie/collect/collec.sh: line 13: 27854 Aborted (core dumped)
@AAArdu
Copy link
Author

AAArdu commented Jan 27, 2022

Sorry for uploading the wrong POC.
Here is the true POC
poc.zip

@jeanlf jeanlf closed this as completed in 0cd19f4 Jan 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant