New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] heap buffer overflow in gf_utf8_wcslen, utils/utf.c:442 #2179
Comments
|
The fix seems to fix the |
|
@rbouqueau Thank you for your response!
|
|
gf_utf8_wcslen is not memory guarded, it assumes the caller uses a properly allocated buffer of short with a terminating NULL (last 2 bytes at 0) which is supposed to be the case in libgpac - the issue was that xtra box was not following this, resulting in the crash. same goes for gf_wcs_to_utf8 (calling wcslen), caller has to make sure the string is properly formated. Closing, if you see any other crash involving these please let us know. If needed, we may introduce a gf_utf16_is_legal at some point. |

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Describe the bug
There is a heap-overflow bug in gf_utf8_wcslen, utils/utf.c:442, can be triggered via MP4Box+ ASan
Step to reproduce
./configure --enable-sanitizer && make -j$(nproc)
./MP4Box -diso poc
Sanitizer output
version
system: ubuntu 20.04.3 LTS
compiler: gcc 9.3.0
gpac version: latest commit a4015fa
Credit
Han Zheng
NCNIPC of China
Hexhive
POC
POC.zip
The text was updated successfully, but these errors were encountered: