Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14 #2666

Closed
Frank-Z7 opened this issue Oct 25, 2023 · 0 comments
Closed

SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14 #2666

Frank-Z7 opened this issue Oct 25, 2023 · 0 comments

Comments

@Frank-Z7
Copy link

SEGV in MP4Box

Description

SEGV in gpac/MP4Box.

#0 0x7ffff6697edd in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14

Version

MP4Box - GPAC version 2.3-DEV-rev605-gfc9e29089-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:
        GPAC Filters: https://doi.org/10.1145/3339825.3394929
        GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration:
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_FFMPEG GPAC_HAS_VORBIS GPAC_HAS_LINUX_DVB

ASAN Log

./MP4Box -def -saf -unhint -ocr -out /dev/null poc5gpac

AddressSanitizer:DEADLYSIGNAL
=================================================================
==3351432==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000002c (pc 0x7ffff6697edd bp 0x7ffffffe65f0 sp 0x7ffffffe6420 T0)
==3351432==The signal is caused by a READ memory access.
==3351432==Hint: address points to the zero page.
    #0 0x7ffff6697edd in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14
    #1 0x7ffff6910e8e in gf_media_export_saf /afltest/gpac/src/media_tools/media_export.c:851:16
    #2 0x7ffff69121c1 in gf_media_export /afltest/gpac/src/media_tools/media_export.c:1391:49
    #3 0x4fe755 in mp4box_main /afltest/gpac/applications/mp4box/mp4box.c:6577:7
    #4 0x7ffff58cc082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x42adad in _start (/afltest/gpac/bin/gcc/MP4Box+0x42adad)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /afltest/gpac/src/isomedia/media_odf.c:522:14 in gf_isom_find_od_id_for_track
==3351432==ABORTING

Reproduction

git clone https://github.com/gpac/gpac.git
cd gpac
./configure --enable-sanitizer
make -j24

./bin/gcc/MP4Box -def -saf -unhint -ocr -out /dev/null poc5gpac

PoC

poc5gpac: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/poc5gpac

Impact

This vulnerability is capable of causing crashes.

Reference

https://github.com/gpac/gpac

Environment

ubuntu:20.04
gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
clang version 10.0.0-4ubuntu1
afl-cc++4.09

Credit

Zeng Yunxiang

Song Jiaxuan
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Frank-Z7