You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3351432==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000002c (pc 0x7ffff6697edd bp 0x7ffffffe65f0 sp 0x7ffffffe6420 T0)
==3351432==The signal is caused by a READ memory access.
==3351432==Hint: address points to the zero page.
#0 0x7ffff6697edd in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14#1 0x7ffff6910e8e in gf_media_export_saf /afltest/gpac/src/media_tools/media_export.c:851:16#2 0x7ffff69121c1 in gf_media_export /afltest/gpac/src/media_tools/media_export.c:1391:49#3 0x4fe755 in mp4box_main /afltest/gpac/applications/mp4box/mp4box.c:6577:7#4 0x7ffff58cc082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16#5 0x42adad in _start (/afltest/gpac/bin/gcc/MP4Box+0x42adad)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /afltest/gpac/src/isomedia/media_odf.c:522:14 in gf_isom_find_od_id_for_track
==3351432==ABORTING
Reproduction
git clone https://github.com/gpac/gpac.git
cd gpac
./configure --enable-sanitizer
make -j24
./bin/gcc/MP4Box -def -saf -unhint -ocr -out /dev/null poc5gpac
SEGV in MP4Box
Description
SEGV in gpac/MP4Box.
#0 0x7ffff6697edd in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14
Version
MP4Box - GPAC version 2.3-DEV-rev605-gfc9e29089-master (c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration: Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_FFMPEG GPAC_HAS_VORBIS GPAC_HAS_LINUX_DVB
ASAN Log
./MP4Box -def -saf -unhint -ocr -out /dev/null poc5gpac
Reproduction
git clone https://github.com/gpac/gpac.git cd gpac ./configure --enable-sanitizer make -j24 ./bin/gcc/MP4Box -def -saf -unhint -ocr -out /dev/null poc5gpac
PoC
poc5gpac: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/poc5gpac
Impact
This vulnerability is capable of causing crashes.
Reference
https://github.com/gpac/gpac
Environment
Credit
Zeng Yunxiang
Song Jiaxuan
The text was updated successfully, but these errors were encountered: