You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GPAC v2.3 8684dfb was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577
The affect version
MP4Box - GPAC version 2.3-DEV-revrelease
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - https://gpac.io
Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452
GPAC Configuration:
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D
Test environment
$ uname -a
Linux ubuntu 5.4.0-152-generic #169~18.04.1-Ubuntu SMP Wed Jun 7 22:22:24 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
#0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007ffff20a27f1 in __GI_abort () at abort.c:79 #2 0x00007ffff20eb837 in __libc_message (action=action@entry=(do_abort | do_backtrace), fmt=fmt@entry=0x7ffff2218869 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007ffff2196b5f in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=0x1, msg=msg@entry=0x7ffff22187e6 "buffer overflow detected") at fortify_fail.c:33 #4 0x00007ffff2196b81 in __GI___fortify_fail (msg=msg@entry=0x7ffff22187e6 "buffer overflow detected") at fortify_fail.c:44 #5 0x00007ffff2194870 in __GI___chk_fail () at chk_fail.c:28 #6 0x00007ffff2193b02 in __strcpy_chk (dest=dest@entry=0x612000001426 "", src=src@entry=0x7ffffffe2f94 " MPEG-4 AVC|H264 Multiview Video ", destlen=destlen@entry=0x21) at strcpy_chk.c:30 #7 0x00007ffff4682517 in strcpy (__src=0x7ffffffe2f94 " MPEG-4 AVC|H264 Multiview Video ", __dest=0x612000001426 "") at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:90 #8 gf_isom_new_generic_sample_description (movie=, trackNumber=, URLname=URLname@entry=0x0, URNname=URNname@entry=0x0, udesc=udesc@entry=0x7ffffffe2f60, outDescriptionIndex=outDescriptionIndex@entry=0x617000011564) at isomedia/isom_write.c:4577 #9 0x00007ffff51556ad in mp4_mux_setup_pid (filter=, pid=0x613000001000, is_true_pid=) at filters/mux_isom.c:3218 #10 0x00007ffff4da6a44 in gf_filter_pid_configure (filter=filter@entry=0x619000014a80, pid=, ctype=ctype@entry=GF_PID_CONF_CONNECT) at filter_core/filter_pid.c:881 #11 0x00007ffff4dadedf in gf_filter_pid_connect_task (task=0x607000000f70) at filter_core/filter_pid.c:1241 #12 0x00007ffff4de4ea1 in gf_fs_thread_proc (sess_thread=sess_thread@entry=0x616000001c10) at filter_core/filter_session.c:2100 #13 0x00007ffff4de8e94 in gf_fs_run (fsess=0x616000001b80) at filter_core/filter_session.c:2400 #14 0x00007ffff47dfe76 in gf_dasher_process (dasher=) at media_tools/dash_segmenter.c:1255 #15 0x00005555555d7622 in do_dash () at mp4box.c:4832 #16 0x00005555555f5bb7 in mp4box_main (argc=, argv=) at mp4box.c:6256 #17 0x00007ffff2083c87 in __libc_start_main (main=0x5555555db180
, argc=0x4, argv=0x7fffffffdae8, init=, fini=, rtld_fini=, stack_end=0x7fffffffdad8) at ../csu/libc-start.c:310 #18 0x00005555555db23a in _start ()
Vul in source code:
isom_write.c
entry->Height = udesc->height;
strcpy(entry->compressor_name, udesc->compressor_name); // this
entry->color_table_index = -1;
Thank you very much for your attention and consideration.
The text was updated successfully, but these errors were encountered:
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: https://gpac.io/bug-reporting/
Description
GPAC v2.3 8684dfb was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577
The affect version
Test environment
Compiler with asan
Reproduce
./bin/gcc/MP4Box -dash 10000 ./poc
poc link:https://github.com/hanxuer/crashes/raw/main/gapc/01/poc.zip
Report
GDB backtrace: *** buffer overflow detected ***: ../../gpac-asan/bin/gcc/MP4Box terminated
#0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51
, argc=0x4, argv=0x7fffffffdae8, init=, fini=, rtld_fini=, stack_end=0x7fffffffdad8) at ../csu/libc-start.c:310#1 0x00007ffff20a27f1 in __GI_abort () at abort.c:79
#2 0x00007ffff20eb837 in __libc_message (action=action@entry=(do_abort | do_backtrace), fmt=fmt@entry=0x7ffff2218869 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff2196b5f in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=0x1, msg=msg@entry=0x7ffff22187e6 "buffer overflow detected") at fortify_fail.c:33
#4 0x00007ffff2196b81 in __GI___fortify_fail (msg=msg@entry=0x7ffff22187e6 "buffer overflow detected") at fortify_fail.c:44
#5 0x00007ffff2194870 in __GI___chk_fail () at chk_fail.c:28
#6 0x00007ffff2193b02 in __strcpy_chk (dest=dest@entry=0x612000001426 "", src=src@entry=0x7ffffffe2f94 " MPEG-4 AVC|H264 Multiview Video ", destlen=destlen@entry=0x21) at strcpy_chk.c:30
#7 0x00007ffff4682517 in strcpy (__src=0x7ffffffe2f94 " MPEG-4 AVC|H264 Multiview Video ", __dest=0x612000001426 "") at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:90
#8 gf_isom_new_generic_sample_description (movie=, trackNumber=, URLname=URLname@entry=0x0, URNname=URNname@entry=0x0, udesc=udesc@entry=0x7ffffffe2f60, outDescriptionIndex=outDescriptionIndex@entry=0x617000011564) at isomedia/isom_write.c:4577
#9 0x00007ffff51556ad in mp4_mux_setup_pid (filter=, pid=0x613000001000, is_true_pid=) at filters/mux_isom.c:3218
#10 0x00007ffff4da6a44 in gf_filter_pid_configure (filter=filter@entry=0x619000014a80, pid=, ctype=ctype@entry=GF_PID_CONF_CONNECT) at filter_core/filter_pid.c:881
#11 0x00007ffff4dadedf in gf_filter_pid_connect_task (task=0x607000000f70) at filter_core/filter_pid.c:1241
#12 0x00007ffff4de4ea1 in gf_fs_thread_proc (sess_thread=sess_thread@entry=0x616000001c10) at filter_core/filter_session.c:2100
#13 0x00007ffff4de8e94 in gf_fs_run (fsess=0x616000001b80) at filter_core/filter_session.c:2400
#14 0x00007ffff47dfe76 in gf_dasher_process (dasher=) at media_tools/dash_segmenter.c:1255
#15 0x00005555555d7622 in do_dash () at mp4box.c:4832
#16 0x00005555555f5bb7 in mp4box_main (argc=, argv=) at mp4box.c:6256
#17 0x00007ffff2083c87 in __libc_start_main (main=0x5555555db180
#18 0x00005555555db23a in _start ()
Vul in source code:
isom_write.c
entry->Height = udesc->height;
strcpy(entry->compressor_name, udesc->compressor_name); // this
entry->color_table_index = -1;
Thank you very much for your attention and consideration.
The text was updated successfully, but these errors were encountered: