Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory Leak in gf_isom_add_chapter isomedia/isom_write.c:3182 #2672

Closed
ReturnHere opened this issue Nov 1, 2023 · 0 comments
Closed

Memory Leak in gf_isom_add_chapter isomedia/isom_write.c:3182 #2672

ReturnHere opened this issue Nov 1, 2023 · 0 comments

Comments

@ReturnHere
Copy link

1、Version
./MP4Box -version
MP4Box - GPAC version 2.3-DEV-rev617-g671976fcc-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration:
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D

2、ASAN Log
[Dasher] No template assigned, using $File$_dash$FS$$Number$
[IsoMedia] Failed to fetch initial sample 1 for track 1
[IsoMedia] Failed to fetch initial sample 1 for track 1
AddressSanitizer:DEADLYSIGNAL

==3416==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x7f340d3b22bc bp 0x7fff33ecd7f0 sp 0x7fff33eccf78 T0)
==3416==The signal is caused by a READ memory access.
==3416==Hint: this fault was caused by a dereference of a high value address (see register values below). Dissassemble the provided pc to learn which register was used.
#0 0x7f340d3b22bc (/lib/x86_64-linux-gnu/libc.so.6+0x1b22bc)
#1 0x7f340f85b8ce in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:450
#2 0x7f340e473095 in gf_isom_add_chapter isomedia/isom_write.c:3182
#3 0x7f340ee901db in mp4_mux_setup_pid filters/mux_isom.c:3763
#4 0x7f340eb04d02 in gf_filter_pid_configure filter_core/filter_pid.c:876
#5 0x7f340eb09a3c in gf_filter_pid_connect_task filter_core/filter_pid.c:1230
#6 0x7f340eb4642f in gf_fs_thread_proc filter_core/filter_session.c:2105
#7 0x7f340eb4d74e in gf_fs_run filter_core/filter_session.c:2405
#8 0x7f340e5b8626 in gf_dasher_process media_tools/dash_segmenter.c:1236
#9 0x560c71d604d9 in do_dash /home/returnzero/gpac/applications/mp4box/mp4box.c:4831
#10 0x560c71d604d9 in mp4box_main /home/returnzero/gpac/applications/mp4box/mp4box.c:6245
#11 0x7f340d229d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#12 0x7f340d229e3f in __libc_start_main_impl ../csu/libc-start.c:392
#13 0x560c71cf6214 in _start (/home/returnzero/gpac/bin/gcc/MP4Box+0x4e214)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x1b22bc)
==3416==ABORTING

3、Reproduction
./MP4Box -dash 10000 $poc

4、poc
crash65.zip

5、Impact
This vulnerability is capable of causing crashes, or lead to dos.

6、 Env
Linux returnzero-virtual-machine 6.2.0-36-generic #37~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct 9 15:34:04 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
AFL++ 4.09a

7、Credit
ReturnZero

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant