You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MP4Box - GPAC version 2.3-DEV-rev40-g3602a5ded-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io
Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452
GPAC Configuration: --enable-sanitizer --verbose
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_PNG GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D
Reproduce
complie and run
./configure --enable-sanitizer --enable-debug
make
./MP4Box -info mp3_dmx_process_poc2
information reported by sanitizer
[MP3Dmx] invalid frame, resyncing
=================================================================
==29937==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a00000e322 at pc 0x7fe02eb39490 bp 0x7ffdcd4a3c40 sp 0x7ffdcd4a33e8
READ of size 316 at 0x61a00000e322 thread T0
#0 0x7fe02eb3948f in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:790
#1 0x7fe02c490c9f in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
#2 0x7fe02c490c9f in mp3_dmx_process filters/reframe_mp3.c:677
#3 0x7fe02c0700ed in gf_filter_process_task filter_core/filter.c:2828
#4 0x7fe02c032082 in gf_fs_thread_proc filter_core/filter_session.c:1859
#5 0x7fe02c03e856 in gf_fs_run filter_core/filter_session.c:2120
#6 0x7fe02ba7c806 in gf_media_import media_tools/media_import.c:1228
#7 0x55576950e3b1 in convert_file_info /home/qianshuidewajueji/gpac/applications/mp4box/fileimport.c:130
#8 0x5557694dddb5 in mp4box_main /home/qianshuidewajueji/gpac/applications/mp4box/mp4box.c:6302
#9 0x7fe028d14082 in __libc_start_main ../csu/libc-start.c:308
#10 0x5557694b1cfd in _start (/home/qianshuidewajueji/gpac/bin/gcc/MP4Box+0xa3cfd)
0x61a00000e322 is located 0 bytes to the right of 1186-byte region [0x61a00000de80,0x61a00000e322)
allocated by thread T0 here:
#0 0x7fe02ebabc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fe02c492248 in mp3_dmx_process filters/reframe_mp3.c:547
#2 0x7fe02c0700ed in gf_filter_process_task filter_core/filter.c:2828
#3 0x7fe02c032082 in gf_fs_thread_proc filter_core/filter_session.c:1859
#4 0x7fe02c03e856 in gf_fs_run filter_core/filter_session.c:2120
#5 0x7fe02ba7c806 in gf_media_import media_tools/media_import.c:1228
#6 0x55576950e3b1 in convert_file_info /home/qianshuidewajueji/gpac/applications/mp4box/fileimport.c:130
#7 0x5557694dddb5 in mp4box_main /home/qianshuidewajueji/gpac/applications/mp4box/mp4box.c:6302
#8 0x7fe028d14082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:790 in __interceptor_memcpy
Shadow bytes around the buggy address:
0x0c347fff9c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c347fff9c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c347fff9c30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c347fff9c40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c347fff9c50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c347fff9c60: 00 00 00 00[02]fa fa fa fa fa fa fa fa fa fa fa
0x0c347fff9c70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c347fff9c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c347fff9c90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c347fff9ca0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c347fff9cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==29937==ABORTING
The text was updated successfully, but these errors were encountered:
qianshuidewajueji
changed the title
in mp3_dmx_process filters/reframe_mp3.c:677
heap-buffer-overflow in function mp3_dmx_process filters/reframe_mp3.c:677
Feb 9, 2023
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Version
Reproduce
complie and run
information reported by sanitizer
Poc
https://github.com/qianshuidewajueji/poc/blob/main/gpac/mp3_dmx_process_poc2
The text was updated successfully, but these errors were encountered: