Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Out of Read in gf_dash_setup_period media_tools/dash_client.c:6374 #2763

Closed
Janette88 opened this issue Feb 27, 2024 · 0 comments
Closed

Out of Read in gf_dash_setup_period media_tools/dash_client.c:6374 #2763

Janette88 opened this issue Feb 27, 2024 · 0 comments

Comments

@Janette88
Copy link

Janette88 commented Feb 27, 2024

Description

Out of Read in gf_dash_setup_period media_tools/dash_client.c:6374

Version

git log
commit 422b78ecf79ceeee97104d219cc4f184b1348cec (HEAD -> master, origin/master, origin/HEAD)
Author: Aurelien David <aurelien.david@telecom-paristech.fr>
Date:   Mon Feb 26 10:53:25 2024 +0100
./MP4Box -version
MP4Box - GPAC version 2.3-DEV-rev921-g422b78ecf-master
./configure --enable-sanitizer
make

ASAN log

./MP4Box -info  ok2.dat

[DASH] Updated manifest:
	P#1: start 0 - duration 0 - xlink none
[DASH] Manifest after update:
	P#1: start 0 - duration 0 - xlink none
[DASH] Setting up period start 0 duration 0 xlink none ID DID1
AddressSanitizer:DEADLYSIGNAL
=================================================================
==112724==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f6994dc5a47 bp 0x7ffd323b6110 sp 0x7ffd323b60c8 T0)
==112724==The signal is caused by a READ memory access.
==112724==Hint: address points to the zero page.
    #0 0x7f6994dc5a46  (/lib/x86_64-linux-gnu/libc.so.6+0x184a46)
    #1 0x7f6994cd4db5 in _IO_str_init_static_internal /build/glibc-wuryBv/glibc-2.31/libio/strops.c:41
    #2 0x7f6994ca4421 in _IO_strfile_read ../libio/strfile.h:95
    #3 0x7f6994ca4421 in __GI___isoc99_vsscanf /build/glibc-wuryBv/glibc-2.31/stdio-common/isoc99_vsscanf.c:33
    #4 0x7f699ac85854 in __interceptor___isoc99_vsscanf ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1474
    #5 0x7f699ac8597e in __interceptor___isoc99_sscanf ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1497
    #6 0x7f6997b5d12e in gf_dash_setup_period media_tools/dash_client.c:6374
    #7 0x7f6997b5d12e in dash_setup_period_and_groups media_tools/dash_client.c:7736
    #8 0x7f6997b5d12e in gf_dash_process_internal media_tools/dash_client.c:8068
    #9 0x7f6997b5d12e in gf_dash_process media_tools/dash_client.c:8139
    #10 0x7f69981f1f15 in dashdmx_process filters/dmx_dash.c:3194
    #11 0x7f69980ac2b5 in gf_filter_process_task filter_core/filter.c:3025
    #12 0x7f69980793f1 in gf_fs_thread_proc filter_core/filter_session.c:2100
    #13 0x7f699807e1a6 in gf_fs_run filter_core/filter_session.c:2400
    #14 0x7f6997a9f406 in gf_media_import media_tools/media_import.c:1239
    #15 0x563a09e4b4b1 in convert_file_info /home/fuzz/gpac/applications/mp4box/fileimport.c:130
    #16 0x563a09e15ff4 in mp4box_main /home/fuzz/gpac/applications/mp4box/mp4box.c:6391
    #17 0x7f6994c65082 in __libc_start_main ../csu/libc-start.c:308
    #18 0x563a09ded09d in _start (/home/fuzz/gpac/bin/gcc/MP4Box+0xa609d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x184a46) 
==112724==ABORTING
poc download:  https://github.com/Janette88/test_pocs/blob/main/ok2.dat
**Impact**
An OOB read on the heap can potentially cause a crash or information disclosure in some cases. Could be leveraged with other vulnerabilities for a more serious impact.

Credit: Jq Wang

gorinje pushed a commit to Bevara/Access-open that referenced this issue Mar 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant