Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi, I found a segmentation fault.
Some info:
Ubuntu 20.04.3 LTS tsMuxeR version git-c6a0277
To reproduce
tsmuxer ./poc
POC poc.zip
ASAN output:
tsMuxeR version git-c6a0277. github.com/justdan96/tsMuxer AddressSanitizer:DEADLYSIGNAL ================================================================= ==381734==ERROR: AddressSanitizer: SEGV on unknown address 0x7ebc3a9ff810 (pc 0x5606ac8c6ded bp 0x7ffff6e52500 sp 0x7ffff6e52410 T0) ==381734==The signal is caused by a READ memory access. #0 0x5606ac8c6dec in DTSStreamReader::findFrame(unsigned char*, unsigned char*) tsMuxer/tsMuxer/dtsStreamReader.cpp:193 #1 0x5606aca7930c in SimplePacketizerReader::checkStream(unsigned char*, int, AbstractStreamReader::ContainerType, int, int) tsMuxer/tsMuxer/simplePacketizerReader.cpp:247 #2 0x5606ac9969e8 in METADemuxer::detectTrackReader(unsigned char*, int, AbstractStreamReader::ContainerType, int, int) tsMuxer/tsMuxer/metaDemuxer.cpp:751 #3 0x5606ac994d60 in METADemuxer::DetectStreamReader(BufferedReaderManager&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) tsMuxer/tsMuxer/metaDemuxer.cpp:685 #4 0x5606ac93e057 in detectStreamReader(char const*, MPLSParser*, bool) tsMuxer/tsMuxer/main.cpp:120 #5 0x5606ac945bfd in main tsMuxer/tsMuxer/main.cpp:699 #6 0x7f4e420360b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) #7 0x5606ac8540ed in _start (tsMuxer/build/tsMuxer/tsmuxer+0x28d0ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV tsMuxer/tsMuxer/dtsStreamReader.cpp:193 in DTSStreamReader::findFrame(unsigned char*, unsigned char*) ==381734==ABORTING
gdb
gdb-peda$ r ./poc Starting program: tsMuxer/build/tsMuxer/tsmuxer ./poc [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". tsMuxeR version git-c6a0277. github.com/justdan96/tsMuxer Program received signal SIGSEGV, Segmentation fault. [----------------------------------registers-----------------------------------] RAX: 0x7f6df393b020 RBX: 0x1 RCX: 0x7ffff393b010 ("AUPRINFO\377\377\377n") RDX: 0xffffff6e00000010 RSI: 0x7ffff393b010 ("AUPRINFO\377\377\377n") RDI: 0x0 RBP: 0x7fffffff70f0 --> 0x7fffffff71a0 --> 0x7fffffffd380 --> 0x7fffffffd850 --> 0x7fffffffda30 --> 0x7fffffffe220 (--> ...) RSP: 0x7fffffff7090 --> 0x1 RIP: 0x5555556eb065 (<_ZN15DTSStreamReader9findFrameEPhS0_+69>: mov rax,QWORD PTR [rax]) R8 : 0x5555556eb020 (<_ZN15DTSStreamReader9findFrameEPhS0_>: endbr64) R9 : 0x0 R10: 0x22 ('"') R11: 0x246 R12: 0x5555556bac00 (<_start>: endbr64) R13: 0x7fffffffe310 --> 0x2 R14: 0x0 R15: 0x0 EFLAGS: 0x10216 (carry PARITY ADJUST zero sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x5555556eb059 <_ZN15DTSStreamReader9findFrameEPhS0_+57>: mov rax,QWORD PTR [rbp-0x50] 0x5555556eb05d <_ZN15DTSStreamReader9findFrameEPhS0_+61>: mov QWORD PTR [rbp-0x20],rax 0x5555556eb061 <_ZN15DTSStreamReader9findFrameEPhS0_+65>: mov rax,QWORD PTR [rbp-0x20] => 0x5555556eb065 <_ZN15DTSStreamReader9findFrameEPhS0_+69>: mov rax,QWORD PTR [rax] 0x5555556eb068 <_ZN15DTSStreamReader9findFrameEPhS0_+72>: mov QWORD PTR [rbp-0x38],rax 0x5555556eb06c <_ZN15DTSStreamReader9findFrameEPhS0_+76>: lea rax,[rbp-0x38] 0x5555556eb070 <_ZN15DTSStreamReader9findFrameEPhS0_+80>: mov rdi,rax 0x5555556eb073 <_ZN15DTSStreamReader9findFrameEPhS0_+83>: call 0x555555805f87 <_Z9my_ntohllRKm> [------------------------------------stack-------------------------------------] 0000| 0x7fffffff7090 --> 0x1 0008| 0x7fffffff7098 --> 0x7ffff393b068 --> 0x0 0016| 0x7fffffff70a0 --> 0x7f6df393b020 0024| 0x7fffffff70a8 --> 0x7fffffff74e0 --> 0x5555558c4d60 --> 0x5555556bd57a (<_ZN24BaseAbstractStreamReader17writeAdditionDataEPhS0_R8AVPacketPSt6vectorISt4pairIiiESaIS5_EE>: endbr64) 0032| 0x7fffffff70b0 --> 0x7fffffff8260 --> 0x555555906910 --> 0x0 0040| 0x7fffffff70b8 --> 0x6effffff 0048| 0x7fffffff70c0 --> 0x0 0056| 0x7fffffff70c8 --> 0x7fffffff8500 --> 0x0 [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGSEGV 0x00005555556eb065 in DTSStreamReader::findFrame(unsigned char*, unsigned char*) () gdb-peda$ bt #0 0x00005555556eb065 in DTSStreamReader::findFrame(unsigned char*, unsigned char*) () #1 0x000055555579f491 in SimplePacketizerReader::checkStream(unsigned char*, int, AbstractStreamReader::ContainerType, int, int) () #2 0x00005555557424fe in METADemuxer::detectTrackReader(unsigned char*, int, AbstractStreamReader::ContainerType, int, int) () #3 0x0000555555741afb in METADemuxer::DetectStreamReader(BufferedReaderManager&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) () #4 0x000055555571ca8a in detectStreamReader(char const*, MPLSParser*, bool) () #5 0x000055555571fafc in main () #6 0x00007ffff799f0b3 in __libc_start_main (main=0x55555571ed30 <main>, argc=0x2, argv=0x7fffffffe318, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe308) at ../csu/libc-start.c:308 #7 0x00005555556bac2e in _start () gdb-peda$
The text was updated successfully, but these errors were encountered:
Thanks for the report - can you suggest a suitable code change to resolve this issue?
Sorry, something went wrong.
Merge pull request #480 from justdan96/jcdr428-patch-1
7a227e4
[bug] hdrSize should be uint64_t
No branches or pull requests
Hi, I found a segmentation fault.
Some info:
To reproduce
POC
poc.zip
ASAN output:
gdb
The text was updated successfully, but these errors were encountered: