Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039 #2356

Closed
3 tasks done
xidoo123 opened this issue Dec 17, 2022 · 0 comments
Closed
3 tasks done

buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039 #2356

xidoo123 opened this issue Dec 17, 2022 · 0 comments

Comments

@xidoo123
Copy link

Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!

Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/

Description

buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039

Version info

latest version atm

MP4Box - GPAC version 2.1-DEV-rev644-g5c4df2a67-master
(c) 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:
	GPAC Filters: https://doi.org/10.1145/3339825.3394929
	GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: --enable-sanitizer
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_LINUX_DVB  GPAC_DISABLE_3D

Reproduce

compile and run

./configure --enable-sanitizer
make
./MP4Box import -cat poc_bof10.mp4

Crash reported by sanitizer

[Core] exp-golomb read failed, not enough bits in bitstream !
[HEVC] Error parsing NAL unit type 33
[HEVC] Error parsing Sequence Param Set
[HEVC] Error parsing NAL unit type 32
[HEVC] 8 layers in VPS but only 4 supported in GPAC
[HEVC] Error parsing NAL unit type 32
[HEVC] Error parsing Video Param Set
[HEVC] Error parsing NAL unit type 33
Track Importing HEVC - Width 1 Height 6 FPS 488447261/488447261
[HEVC] Error parsing NAL unit type 390)
[HEVC] SEI user message type 249 size error (109 but 15 remain), skipping SEI message
media_tools/av_parsers.c:8039:32: runtime error: index 4 out of bounds for type 'u8 [4]'

POC

poc_bof10.zip

Impact

Potentially causing DoS and RCE

Credit

Xdchase
@jeanlf jeanlf closed this as completed in 55c8b3a Dec 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@xidoo123