Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

segmentation fault in dtsStreamReader.cpp:193 DTSStreamReader::findFrame #476

Closed
aug5t7 opened this issue Oct 18, 2021 · 1 comment
Closed
Labels
bug Something isn't working

Comments

@aug5t7
Copy link
Contributor

aug5t7 commented Oct 18, 2021

Hi, I found a segmentation fault.

Some info:

Ubuntu 20.04.3 LTS
tsMuxeR version git-c6a0277

To reproduce

  1. Compile tsMuxer
  2. Run tsmuxer
tsmuxer ./poc

POC
poc.zip

ASAN output:

tsMuxeR version git-c6a0277. github.com/justdan96/tsMuxer
AddressSanitizer:DEADLYSIGNAL
=================================================================
==381734==ERROR: AddressSanitizer: SEGV on unknown address 0x7ebc3a9ff810 (pc 0x5606ac8c6ded bp 0x7ffff6e52500 sp 0x7ffff6e52410 T0)
==381734==The signal is caused by a READ memory access.
    #0 0x5606ac8c6dec in DTSStreamReader::findFrame(unsigned char*, unsigned char*) tsMuxer/tsMuxer/dtsStreamReader.cpp:193
    #1 0x5606aca7930c in SimplePacketizerReader::checkStream(unsigned char*, int, AbstractStreamReader::ContainerType, int, int) tsMuxer/tsMuxer/simplePacketizerReader.cpp:247
    #2 0x5606ac9969e8 in METADemuxer::detectTrackReader(unsigned char*, int, AbstractStreamReader::ContainerType, int, int) tsMuxer/tsMuxer/metaDemuxer.cpp:751
    #3 0x5606ac994d60 in METADemuxer::DetectStreamReader(BufferedReaderManager&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) tsMuxer/tsMuxer/metaDemuxer.cpp:685
    #4 0x5606ac93e057 in detectStreamReader(char const*, MPLSParser*, bool) tsMuxer/tsMuxer/main.cpp:120
    #5 0x5606ac945bfd in main tsMuxer/tsMuxer/main.cpp:699
    #6 0x7f4e420360b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #7 0x5606ac8540ed in _start (tsMuxer/build/tsMuxer/tsmuxer+0x28d0ed)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV tsMuxer/tsMuxer/dtsStreamReader.cpp:193 in DTSStreamReader::findFrame(unsigned char*, unsigned char*)
==381734==ABORTING

gdb

gdb-peda$ r ./poc
Starting program: tsMuxer/build/tsMuxer/tsmuxer ./poc
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
tsMuxeR version git-c6a0277. github.com/justdan96/tsMuxer

Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
RAX: 0x7f6df393b020
RBX: 0x1
RCX: 0x7ffff393b010 ("AUPRINFO\377\377\377n")
RDX: 0xffffff6e00000010
RSI: 0x7ffff393b010 ("AUPRINFO\377\377\377n")
RDI: 0x0
RBP: 0x7fffffff70f0 --> 0x7fffffff71a0 --> 0x7fffffffd380 --> 0x7fffffffd850 --> 0x7fffffffda30 --> 0x7fffffffe220 (--> ...)
RSP: 0x7fffffff7090 --> 0x1
RIP: 0x5555556eb065 (<_ZN15DTSStreamReader9findFrameEPhS0_+69>:	mov    rax,QWORD PTR [rax])
R8 : 0x5555556eb020 (<_ZN15DTSStreamReader9findFrameEPhS0_>:	endbr64)
R9 : 0x0
R10: 0x22 ('"')
R11: 0x246
R12: 0x5555556bac00 (<_start>:	endbr64)
R13: 0x7fffffffe310 --> 0x2
R14: 0x0
R15: 0x0
EFLAGS: 0x10216 (carry PARITY ADJUST zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x5555556eb059 <_ZN15DTSStreamReader9findFrameEPhS0_+57>:	mov    rax,QWORD PTR [rbp-0x50]
   0x5555556eb05d <_ZN15DTSStreamReader9findFrameEPhS0_+61>:	mov    QWORD PTR [rbp-0x20],rax
   0x5555556eb061 <_ZN15DTSStreamReader9findFrameEPhS0_+65>:	mov    rax,QWORD PTR [rbp-0x20]
=> 0x5555556eb065 <_ZN15DTSStreamReader9findFrameEPhS0_+69>:	mov    rax,QWORD PTR [rax]
   0x5555556eb068 <_ZN15DTSStreamReader9findFrameEPhS0_+72>:	mov    QWORD PTR [rbp-0x38],rax
   0x5555556eb06c <_ZN15DTSStreamReader9findFrameEPhS0_+76>:	lea    rax,[rbp-0x38]
   0x5555556eb070 <_ZN15DTSStreamReader9findFrameEPhS0_+80>:	mov    rdi,rax
   0x5555556eb073 <_ZN15DTSStreamReader9findFrameEPhS0_+83>:
    call   0x555555805f87 <_Z9my_ntohllRKm>
[------------------------------------stack-------------------------------------]
0000| 0x7fffffff7090 --> 0x1
0008| 0x7fffffff7098 --> 0x7ffff393b068 --> 0x0
0016| 0x7fffffff70a0 --> 0x7f6df393b020
0024| 0x7fffffff70a8 --> 0x7fffffff74e0 --> 0x5555558c4d60 --> 0x5555556bd57a (<_ZN24BaseAbstractStreamReader17writeAdditionDataEPhS0_R8AVPacketPSt6vectorISt4pairIiiESaIS5_EE>:	endbr64)
0032| 0x7fffffff70b0 --> 0x7fffffff8260 --> 0x555555906910 --> 0x0
0040| 0x7fffffff70b8 --> 0x6effffff
0048| 0x7fffffff70c0 --> 0x0
0056| 0x7fffffff70c8 --> 0x7fffffff8500 --> 0x0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00005555556eb065 in DTSStreamReader::findFrame(unsigned char*, unsigned char*) ()
gdb-peda$ bt
#0  0x00005555556eb065 in DTSStreamReader::findFrame(unsigned char*, unsigned char*) ()
#1  0x000055555579f491 in SimplePacketizerReader::checkStream(unsigned char*, int, AbstractStreamReader::ContainerType, int, int) ()
#2  0x00005555557424fe in METADemuxer::detectTrackReader(unsigned char*, int, AbstractStreamReader::ContainerType, int, int) ()
#3  0x0000555555741afb in METADemuxer::DetectStreamReader(BufferedReaderManager&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) ()
#4  0x000055555571ca8a in detectStreamReader(char const*, MPLSParser*, bool) ()
#5  0x000055555571fafc in main ()
#6  0x00007ffff799f0b3 in __libc_start_main (main=0x55555571ed30 <main>, argc=0x2,
    argv=0x7fffffffe318, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
    stack_end=0x7fffffffe308) at ../csu/libc-start.c:308
#7  0x00005555556bac2e in _start ()
gdb-peda$
@justdan96
Copy link
Owner

Thanks for the report - can you suggest a suitable code change to resolve this issue?

jcdr428 referenced this issue Oct 19, 2021
@jcdr428 jcdr428 closed this as completed Oct 19, 2021
@jcdr428 jcdr428 added the bug Something isn't working label Jun 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants