*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
The is a null pointer bug.
GPAC version 0.5.2-426-gc5ad4e4+dfsg5-5
System info: Ubuntu 20.04.1 LTS, x64 , gcc 9.3.0
Run Command:
$ MP4Box -def poc.mp4
gdb info:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff73b0ed5 in MergeTrack (trak=<optimized out>, traf=<optimized out>,
moof_box=<optimized out>, moof_offset=<optimized out>,
compressed_diff=<optimized out>, cumulated_offset=<optimized out>,
is_first_merge=<optimized out>) at isomedia/track.c:1086
1086 if (size >
key_info[3])
(gdb) bt
#0 0x00007ffff73b0ed5 in MergeTrack (trak=<optimized out>, traf=<optimized
out>, moof_box=<optimized out>, moof_offset=<optimized out>,
compressed_diff=<optimized out>, cumulated_offset=<optimized out>,
is_first_merge=<optimized out>) at isomedia/track.c:1086
#1 0x00007ffff72f4226 in MergeFragment (moof=0x4b8580, mov=<optimized out>) at
isomedia/isom_intern.c:90
#2 0x00007ffff72f8071 in gf_isom_parse_movie_boxes_internal (mov=<optimized
out>, boxType=0x0, bytesMissing=<optimized out>,
progressive_mode=GF_FALSE) at isomedia/isom_intern.c:622
#3 gf_isom_parse_movie_boxes (mov=<optimized out>, boxType=0x0,
bytesMissing=<optimized out>, progressive_mode=GF_FALSE)
at isomedia/isom_intern.c:747
#4 0x00007ffff72f91da in gf_isom_open_file (
fileName=0x7fffffffe6d4
"out_mp4box_wrl/default/crashes/id:000178,sig:11,src:002654,time:6287616,op:havoc,rep:4",
OpenMode=GF_ISOM_OPEN_READ, tmp_dir=0x0) at isomedia/isom_intern.c:867
#5 0x000000000042b599 in mp4boxMain (argc=<optimized out>, argv=<optimized
out>) at main.c:5670
#6 0x00007ffff6d750b3 in __libc_start_main (main=0x4362a0 <main>, argc=3,
argv=0x7fffffffe448, init=<optimized out>,
fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe438)
at ../csu/libc-start.c:308
#7 0x000000000040e98e in _start ()
ASAN info:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3432849==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000038 (pc
0x7f13f563a3da bp 0x7fff8e5d0fa0 sp 0x7fff8e5d0c80 T0)
==3432849==The signal is caused by a WRITE memory access.
==3432849==Hint: address points to the zero page.
#0 0x7f13f563a3da in MergeTrack
/home/topsec/Downloads/gpac/src/isomedia/track.c:1087:21
#1 0x7f13f54db5c8 in MergeFragment
/home/topsec/Downloads/gpac/src/isomedia/isom_intern.c:90:7
#2 0x7f13f54e190f in gf_isom_parse_movie_boxes_internal
/home/topsec/Downloads/gpac/src/isomedia/isom_intern.c:622:9
#3 0x7f13f54e190f in gf_isom_parse_movie_boxes
/home/topsec/Downloads/gpac/src/isomedia/isom_intern.c:747:6
#4 0x7f13f54e3dea in gf_isom_open_file
/home/topsec/Downloads/gpac/src/isomedia/isom_intern.c:867:19
#5 0x4f0f92 in mp4boxMain
/home/topsec/Downloads/gpac/applications/mp4box/main.c:5670:12
#6 0x7f13f46b70b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#7 0x4289ed in _start
(/home/topsec/Downloads/gpac/afl_build/bin/gcc/MP4Box+0x4289ed)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/topsec/Downloads/gpac/src/isomedia/track.c:1087:21 in MergeTrack
==3432849==ABORTING
edit by github address: https://github.com/gpac/gpac/issues/1702
** Affects: gpac (Ubuntu)
Importance: Undecided
Status: New
** Tags: community-security
--
gpac application crashes on read
https://bugs.launchpad.net/bugs/1919305
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
