Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEGV on unknown address 0x000000000038 #2516

Closed
chaoqu-ouc opened this issue Jul 4, 2023 · 0 comments
Closed

SEGV on unknown address 0x000000000038 #2516

chaoqu-ouc opened this issue Jul 4, 2023 · 0 comments

Comments

@chaoqu-ouc
Copy link

Hello,I use the fuzzer(AFL) to fuzz binary gpac and got some crashes.
The following is the details.

Title: SEGV on unknown address 0x000000000038

1. Description

SEGV on unknown address 0x000000000038 has occurred in function set_file_udta /root/gpac/applications/mp4box/fileimport.c:70:14
when running program MP4Box, this can reproduce on the lattest commit.

2. Software version info

fuzz@ubuntu:~/gpac2.1/gpac/bin/gcc$ MP4Box -version
MP4Box - GPAC version 2.3-DEV-rev395-g98979a443-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

3. System version info

./uname -a
Linux ouc7 5.4.0-150-generic #167-Ubuntu SMP Mon May 15 17:35:05 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

4. Command

./MP4Box -udta 3:type=name -udta 3:type=name:str="Director Commentary" poc

5. Result

[iso file] Unknown top-level box type Ytra
[iso file] Box "mehd" (start 84) has 88 extra bytes
[iso file] Unknown top-level box type mo^v
[iso file] Unknown top-level box type 000000FF
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==1680297==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000038 (pc 0x7fe43b404373 bp 0x00006e616d65 sp 0x7ffcf11b03e0 T1680297)
==1680297==The signal is caused by a READ memory access.
==1680297==Hint: address points to the zero page.
    #0 0x7fe43b404373 in gf_isom_remove_user_data (/usr/local/lib/libgpac.so.12+0x318373)
    #1 0x467b3d in set_file_udta /root/gpac/applications/mp4box/fileimport.c:70:14
    #2 0x44aeb1 in do_track_act /root/gpac/applications/mp4box/mp4box.c:5612:8
    #3 0x44aeb1 in mp4box_main /root/gpac/applications/mp4box/mp4box.c:6694:6
    #4 0x7fe43ad7f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
    #5 0x41304d in _start (/usr/local/bin/MP4Box+0x41304d)

UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV (/usr/local/lib/libgpac.so.12+0x318373) in gf_isom_remove_user_data
==1680297==ABORTING




6. Impact

This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution.

7. POC

POC file list
poc_lst.zip

Report of the Information Security Laboratory of Ocean University of China @OUC_ISLOUC @OUC_Blue_Whale

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant