SEGV in /gpac/src/filters/dasher.c:2003:11 in get_base_ds

[gandalf4a]

Version

$ ./MP4Box -version
MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master

Platform

$ uname -a
Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic #33~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Sep  7 10:33:52 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

Asan

/home/user/vul/MP4Box_crash/id000075sig11src000922time30851494execs289679ophavocrep2
[32m[iso file] Unknown box type stbf in parent minf
[0m[33m[iso file] Track with no sample table !
[0m[33m[iso file] Track with no sample description box !
[0m[33m[IsoMedia] Track 1 type 00000000 not natively handled
[0m[31m[IsoMedia] Failed to create pid for track 1, could not extract codec/streamtype info
[0m[32m[Dasher] No template assigned, using $File$_dash$FS$$Number$
[0m[32m[Dasher] No bitrate property assigned to PID V2, computing from bitstream
[0m[32m[Dasher] No bitrate property assigned to PID V3, computing from bitstream
[0m[32m[Dasher] No bitrate property assigned to PID V4, computing from bitstream
[0m[32m[Dasher] No bitrate property assigned to PID V5, computing from bitstream
[0m[32m[Dasher] No bitrate property assigned to PID V64, computing from bitstream
[0m[32m[Dasher] No bitrate property assigned to PID V7, computing from bitstream
[0m[32m[Dasher] No bitrate property assigned to PID V8, computing from bitstream
[0m[32m[Dasher] No bitrate property assigned to PID V9, computing from bitstream
[0m[32m[Dasher] No bitrate property assigned to PID V10, computing from bitstream
[0mAddressSanitizer:DEADLYSIGNAL
=================================================================
==832201==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000024 (pc 0x7f005de3b704 bp 0x7ffc289969b0 sp 0x7ffc2898fa40 T0)
==832201==The signal is caused by a READ memory access.
==832201==Hint: address points to the zero page.
    #0 0x7f005de3b704 in get_base_ds /home/user/fuzzing_gpac/gpac/src/filters/dasher.c:2003:11
    #1 0x7f005de3b704 in dasher_setup_sources /home/user/fuzzing_gpac/gpac/src/filters/dasher.c:4183:19
    #2 0x7f005de3b704 in dasher_setup_period /home/user/fuzzing_gpac/gpac/src/filters/dasher.c:7023:3
    #3 0x7f005de5be25 in dasher_switch_period /home/user/fuzzing_gpac/gpac/src/filters/dasher.c:6478:9
    #4 0x7f005de14d45 in dasher_process /home/user/fuzzing_gpac/gpac/src/filters/dasher.c:9683:6
    #5 0x7f005ddafa33 in gf_filter_process_task /home/user/fuzzing_gpac/gpac/src/filter_core/filter.c:2971:7
    #6 0x7f005dd7d47b in gf_fs_thread_proc /home/user/fuzzing_gpac/gpac/src/filter_core/filter_session.c:2105:3
    #7 0x7f005dd7b5cf in gf_fs_run /home/user/fuzzing_gpac/gpac/src/filter_core/filter_session.c:2405:3
    #8 0x7f005d62ac6a in gf_dasher_process /home/user/fuzzing_gpac/gpac/src/media_tools/dash_segmenter.c:1236:6
    #9 0x560ee54c46dc in do_dash /home/user/fuzzing_gpac/gpac/applications/mp4box/mp4box.c:4831:15
    #10 0x560ee54b5b6e in mp4box_main /home/user/fuzzing_gpac/gpac/applications/mp4box/mp4box.c:6245:7
    #11 0x7f005c629d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #12 0x7f005c629e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #13 0x560ee53dddd4 in _start (/home/user/fuzzing_gpac/gpac/bin/gcc/MP4Box+0x82dd4) (BuildId: 53333ca7bff59dd9a3d1b2821e7c5f3a9aac76b9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/user/fuzzing_gpac/gpac/src/filters/dasher.c:2003:11 in get_base_ds
==832201==ABORTING

Reproduce

./MP4Box -dash 10000 poc

POC File

https://github.com/gandalf4a/crash_report/blob/main/gpac/MP4Box/segv_2003

Credit

Gandalf4a