You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MP4Box - GPAC version 2.3-DEV-rev35-gbbca86917-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io
Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452
GPAC Configuration: --enable-sanitizer --enable-debug
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D
reproduce
complie and run
./configure --enable-sanitizer
make
./MP4Box -info poc
information reported by sanitizer
=================================================================
==4003817==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000001114 at pc 0x7fa5cde90b3b bp 0x7ffe09c26cd0 sp 0x7ffe09c26cc0
READ of size 1 at 0x603000001114 thread T0
#0 0x7fa5cde90b3a in gf_m2ts_process_sdt media_tools/mpegts.c:828
#1 0x7fa5cde8cb21 in gf_m2ts_section_complete media_tools/mpegts.c:623
#2 0x7fa5cde8ff0b in gf_m2ts_gather_section media_tools/mpegts.c:760
#3 0x7fa5cdeb0db9 in gf_m2ts_process_packet media_tools/mpegts.c:2703
#4 0x7fa5cdeb3125 in gf_m2ts_process_data media_tools/mpegts.c:2812
#5 0x7fa5cdeb8145 in gf_m2ts_probe_buffer media_tools/mpegts.c:3196
#6 0x7fa5cdeb886c in gf_m2ts_probe_data media_tools/mpegts.c:3251
#7 0x7fa5ceb1df9f in m2tsdmx_probe_data filters/dmx_m2ts.c:1438
#8 0x7fa5ce8d92a4 in gf_filter_pid_raw_new filter_core/filter.c:4210
#9 0x7fa5cec2cb68 in filein_process filters/in_file.c:492
#10 0x7fa5ce8c1be4 in gf_filter_process_task filter_core/filter.c:2828
#11 0x7fa5ce86c6d7 in gf_fs_thread_proc filter_core/filter_session.c:1859
#12 0x7fa5ce86fce8 in gf_fs_run filter_core/filter_session.c:2120
#13 0x7fa5cde7b742 in gf_media_import media_tools/media_import.c:1228
#14 0x55d5db4c09ab in convert_file_info /root/gpac/applications/mp4box/fileimport.c:130
#15 0x55d5db47907d in mp4box_main /root/gpac/applications/mp4box/mp4box.c:6302
#16 0x55d5db47bcc0 in main /root/gpac/applications/mp4box/mp4box.c:6846
#17 0x7fa5c8e02082 in __libc_start_main ../csu/libc-start.c:308
#18 0x55d5db439b6d in _start (/root/gpac/bin/gcc/MP4Box+0x104b6d)
Address 0x603000001114 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow media_tools/mpegts.c:828 in gf_m2ts_process_sdt
Shadow bytes around the buggy address:
0x0c067fff81d0: 00 00 00 fa fa fa 00 00 00 00 fa fa 00 00 00 fa
0x0c067fff81e0: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
0x0c067fff81f0: fd fa fa fa 00 00 01 fa fa fa fd fd fd fa fa fa
0x0c067fff8200: 00 00 00 03 fa fa 00 00 00 03 fa fa 00 00 00 00
0x0c067fff8210: fa fa 00 00 04 fa fa fa 00 00 01 fa fa fa fa fa
=>0x0c067fff8220: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fff8270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==4003817==ABORTING
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
version
reproduce
complie and run
information reported by sanitizer
poc
https://github.com/xxy1126/Vuln/blob/main/gpac/3
The text was updated successfully, but these errors were encountered: