Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leaks in gf_mpd_parse_string media_tools/mpd.c:75 #2679

Closed
tswcbyy2008 opened this issue Nov 7, 2023 · 0 comments
Closed

memory leaks in gf_mpd_parse_string media_tools/mpd.c:75 #2679

tswcbyy2008 opened this issue Nov 7, 2023 · 0 comments

Comments

@tswcbyy2008
Copy link

tswcbyy2008 commented Nov 7, 2023

1.Version
./MP4Box -version
MP4Box - GPAC version 2.3-DEV-rev617-g671976fcc-master
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io/

Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration:
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D

2.ASAN
[DASH] Updated manifest:
P#1: start 0 - duration 0 - xlink none
[DASH] Manifest after update:
P#1: start 0 - duration 0 - xlink none
[DASH] Setting up period start 0 duration 0 xlink none ID DID1
[DASH] AS#1 changed quality to bitrate 10 kbps - Width 1280 Height 720 FPS 30/1 (playback speed 1)
[DASH] AS#2 changed quality to bitrate 120 kbps - Width 384 Height 256 FPS 30/1 (playback speed 1)
[DASH] No ROUTE entity on HTTP request
[DASH] Segment duration unknown - cannot estimate current startNumber
[DASH] Cannot try to download (null)... out of memory ?
[DASH] AS#3 changed quality to bitrate 120 kbps - Width 448 Height 256 FPS 30/1 (playback speed 1)
[DASH] AS#4 changed quality to bitrate 120 kbps - Width 448 Height 256 FPS 30/1 (playback speed 1)
[DASH] AS#5 changed quality to bitrate 120 kbps - Width 384 Height 256 FPS 30/1 (playback speed 1)
[DASH] Adaptation 16: non-video in a video group - disabling it
[DASH] AS#6 changed quality to bitrate 31 kbps (playback speed 1)
[DASH] AS#6 changed quality to bitrate 120 kbps - Width 448 Height 256 FPS 30/1 (playback speed 1)
[DASH] AS#7 changed quality to bitrate 120 kbps - Width 448 Height 256 FPS 30/1 (playback speed 1)
[DASH] AS#8 changed quality to bitrate 120 kbps - Width 384 Height 208 FPS 30/1 (playback speed 1)
[DASH] AS#9 changed quality to bitrate 120 kbps - Width 448 Height 208 FPS 30/1 (playback speed 1)
[DASH] AS#10 changed quality to bitrate 120 kbps - Width 448 Height 208 FPS 30/1 (playback speed 1)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78047975763 ms: Initializing Timeline: startNumber=1 segmentNumber=78047975 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.8048e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78047975763 ms: Initializing Timeline: startNumber=1 segmentNumber=78047975 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.8048e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] Segment duration unknown - cannot estimate current startNumber
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78047975763 ms: Initializing Timeline: startNumber=1 segmentNumber=78047975 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.8048e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78047975763 ms: Initializing Timeline: startNumber=1 segmentNumber=78047975 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.8048e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78047975763 ms: Initializing Timeline: startNumber=1 segmentNumber=78047975 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.8048e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78047975763 ms: Initializing Timeline: startNumber=1 segmentNumber=78047975 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.8048e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78047975763 ms: Initializing Timeline: startNumber=1 segmentNumber=78047975 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.8048e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78047975763 ms: Initializing Timeline: startNumber=1 segmentNumber=78047975 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.8048e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78047975763 ms: Initializing Timeline: startNumber=1 segmentNumber=78047975 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.8048e+07)
[DASHDmx] group 0 error locating plugin for segment - mime type video/mp4 name crashes/live_dash_track1_init.mp4: Requested URL is not valid or cannot be found
Filters not connected:
fout (dst=id_000070,sig_06,src_000600,time_26661155,execs_144902,op_havoc,rep_1_dash.mpd:gpac:segdur=10000/1000:profile=full:!sap:buf=1500:!check_dur:pssh=v:subs_sidx=0) (idx=1)

Arg segdur set but not used
Arg profile set but not used
Arg !sap set but not used
Arg buf set but not used
Arg !check_dur set but not used
Arg pssh set but not used
Arg subs_sidx set but not used

=================================================================
==2943152==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 20 byte(s) in 2 object(s) allocated from:
#0 0x7fb5f41339a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454
#1 0x7fb5f2fd4bbc in gf_mpd_parse_string media_tools/mpd.c:75
#2 0x7fb5f2fd4bbc in gf_mpd_parse_common_representation_attr media_tools/mpd.c:665

SUMMARY: AddressSanitizer: 20 byte(s) leaked in 2 allocation(s).

3.Reproduction
./MP4Box -dash 10000 $poc

4.POC file
crash.zip

5.Impact
Malicious files that are opened may cause a crash

6.Credit
LOVERJIE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant