Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV in gf_dash_setup_groups /gpac/src/media_tools/dash_client.c:5382:11 #2621

Closed
gandalf4a opened this issue Oct 8, 2023 · 0 comments
Closed

SEGV in gf_dash_setup_groups /gpac/src/media_tools/dash_client.c:5382:11 #2621

gandalf4a opened this issue Oct 8, 2023 · 0 comments

Comments

@gandalf4a
Copy link

Version

$ ./MP4Box -version
MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master

Platform

$ uname -a
Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic #33~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Sep  7 10:33:52 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

Asan

/home/user/vul/MP4Box_crash/id000073sig11src000947time30252119execs283200ophavocrep2
[32m[DASH] Updated manifest:
[0m[32m        P#1: start 0 - duration 0 - xlink none
[0m[32m[DASH] Manifest after update:
[0m[32m        P#1: start 0 - duration 0 - xlink none
[0m[32m[DASH] Setting up period start 0 duration 0 xlink none ID DID1
[0mAddressSanitizer:DEADLYSIGNAL
=================================================================
==831999==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55d7af75c8f5 bp 0x7ffc25365a10 sp 0x7ffc253651c0 T0)
==831999==The signal is caused by a READ memory access.
==831999==Hint: address points to the zero page.
    #0 0x55d7af75c8f5 in strcmp (/home/user/fuzzing_gpac/gpac/bin/gcc/MP4Box+0x998f5) (BuildId: 53333ca7bff59dd9a3d1b2821e7c5f3a9aac76b9)
    #1 0x7fc7875519a1 in gf_dash_setup_groups /home/user/fuzzing_gpac/gpac/src/media_tools/dash_client.c:5382:11
    #2 0x7fc7875a0551 in gf_dash_setup_period /home/user/fuzzing_gpac/gpac/src/media_tools/dash_client.c:6263:2
    #3 0x7fc78755886f in dash_setup_period_and_groups /home/user/fuzzing_gpac/gpac/src/media_tools/dash_client.c:7686:7
    #4 0x7fc78755886f in gf_dash_process_internal /home/user/fuzzing_gpac/gpac/src/media_tools/dash_client.c:8018:7
    #5 0x7fc78755886f in gf_dash_process /home/user/fuzzing_gpac/gpac/src/media_tools/dash_client.c:8089:9
    #6 0x7fc787ce2e03 in dashdmx_process /home/user/fuzzing_gpac/gpac/src/filters/dmx_dash.c:3192:6
    #7 0x7fc787bafa33 in gf_filter_process_task /home/user/fuzzing_gpac/gpac/src/filter_core/filter.c:2971:7
    #8 0x7fc787b7d47b in gf_fs_thread_proc /home/user/fuzzing_gpac/gpac/src/filter_core/filter_session.c:2105:3
    #9 0x7fc787b7b5cf in gf_fs_run /home/user/fuzzing_gpac/gpac/src/filter_core/filter_session.c:2405:3
    #10 0x7fc78742ac6a in gf_dasher_process /home/user/fuzzing_gpac/gpac/src/media_tools/dash_segmenter.c:1236:6
    #11 0x55d7af82c6dc in do_dash /home/user/fuzzing_gpac/gpac/applications/mp4box/mp4box.c:4831:15
    #12 0x55d7af81db6e in mp4box_main /home/user/fuzzing_gpac/gpac/applications/mp4box/mp4box.c:6245:7
    #13 0x7fc786429d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #14 0x7fc786429e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #15 0x55d7af745dd4 in _start (/home/user/fuzzing_gpac/gpac/bin/gcc/MP4Box+0x82dd4) (BuildId: 53333ca7bff59dd9a3d1b2821e7c5f3a9aac76b9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/user/fuzzing_gpac/gpac/bin/gcc/MP4Box+0x998f5) (BuildId: 53333ca7bff59dd9a3d1b2821e7c5f3a9aac76b9) in strcmp
==831999==ABORTING

Reproduce

./MP4Box -dash 10000 poc

POC File

https://github.com/gandalf4a/crash_report/blob/main/gpac/MP4Box/segv_998f5

Credit

Gandalf4a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gandalf4a