Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV in /gpac/src/media_tools/dash_client.c:8158:6 in gf_dash_check_periods #2623

Closed
gandalf4a opened this issue Oct 8, 2023 · 0 comments
Closed

SEGV in /gpac/src/media_tools/dash_client.c:8158:6 in gf_dash_check_periods #2623

gandalf4a opened this issue Oct 8, 2023 · 0 comments

Comments

@gandalf4a
Copy link

Version​

$ ./MP4Box -version​
MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master​
```​
​
# Platform​
```​
$ uname -a​
Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic #33~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Sep  7 10:33:52 UTC 2 x86_64 x86_64 x86_64 GNU/Linux​
```​
​
# Asan​
```​
​/home/user/vul/MP4Box_crash/id000045sig11src000947time29283968execs272559ophavocrep8
[33m[MPD] Wrong namespace found for DASH MPD - cannot parse
[0mAddressSanitizer:DEADLYSIGNAL
=================================================================
==828592==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000060 (pc 0x7fa12475da75 bp 0x55a6e3597aa0 sp 0x7fffb8f09790 T0)
==828592==The signal is caused by a READ memory access.
==828592==Hint: address points to the zero page.
    #0 0x7fa12475da75 in gf_dash_check_periods /home/user/fuzzing_gpac/gpac/src/media_tools/dash_client.c:8158:6
    #1 0x7fa12475b8a7 in gf_dash_open /home/user/fuzzing_gpac/gpac/src/media_tools/dash_client.c:8581:6
    #2 0x7fa124ee97fe in dashdmx_configure_pid /home/user/fuzzing_gpac/gpac/src/filters/dmx_dash.c:1973:7
    #3 0x7fa124d0740c in gf_filter_pid_configure /home/user/fuzzing_gpac/gpac/src/filter_core/filter_pid.c:876:6
    #4 0x7fa124d262a6 in gf_filter_pid_connect_task /home/user/fuzzing_gpac/gpac/src/filter_core/filter_pid.c:1230:3
    #5 0x7fa124d7d47b in gf_fs_thread_proc /home/user/fuzzing_gpac/gpac/src/filter_core/filter_session.c:2105:3
    #6 0x7fa124d7b5cf in gf_fs_run /home/user/fuzzing_gpac/gpac/src/filter_core/filter_session.c:2405:3
    #7 0x7fa12462ac6a in gf_dasher_process /home/user/fuzzing_gpac/gpac/src/media_tools/dash_segmenter.c:1236:6
    #8 0x55a6e34786dc in do_dash /home/user/fuzzing_gpac/gpac/applications/mp4box/mp4box.c:4831:15
    #9 0x55a6e3469b6e in mp4box_main /home/user/fuzzing_gpac/gpac/applications/mp4box/mp4box.c:6245:7
    #10 0x7fa123629d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #11 0x7fa123629e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #12 0x55a6e3391dd4 in _start (/home/user/fuzzing_gpac/gpac/bin/gcc/MP4Box+0x82dd4) (BuildId: 53333ca7bff59dd9a3d1b2821e7c5f3a9aac76b9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/user/fuzzing_gpac/gpac/src/media_tools/dash_client.c:8158:6 in gf_dash_check_periods
==828592==ABORTING
```​
​
# Reproduce​
```​
./MP4Box -dash 10000 poc​
```​
 ​
# POC File​
​https://github.com/gandalf4a/crash_report/blob/main/gpac/MP4Box/segv_8158

# Credit​
```​
Gandalf4a​
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gandalf4a