File analyzer crash - Githubissues

MediaArea / MediaInfoLib

Convenient unified display of the most relevant technical and tag data for video and audio files.

https://mediaarea.net/MediaInfo

BSD 2-Clause "Simplified" License

628 stars 170 forks source link

File analyzer crash #1613

Closed mexmer closed 1 year ago

mexmer commented 1 year ago

When mediainfo is analyzing large or more complex PDF it might crash due limited depth of analyzer. there is element walker stack initialized to maximum of 64 elements https://github.com/MediaArea/MediaInfoLib/blob/69b69c03a361a629b9e3f30a8cabcd298311d046/Source/MediaInfo/File__Analyze.cpp#L294

but code never checks this limit, or resize the stack, optimisticaly incrementing Element_Level above the size of Elements, which causes crash, when accessing Elements beyond it's boundary (eg. Element_Level reaches 64 or higher value)

as "workaround" we increased size to 1024 elements, but this is not proper solution, code should check properly, if Element_Level is not higher that allocated size and either stop processing or resize Elements

JeromeMartinez commented 1 year ago

There should never be so many levels, please share a sample file (publicly or privately) which creates so many levels.

mexmer commented 1 year ago

unfortunatelly i can't share the file, it's customers PDF, created by their accounting system (our software does forensic file analysis and use mediainfo as one of components)

while i agree with you, this should not happen, it does, so we need to deal with it.

JeromeMartinez commented 1 year ago

Having a file for debugging would be faster, anyway let's try a different way. Please provide (publicly or privately) the output of mediainfo --Details=1 YourFile.pdf (there should be no private content but better if you double check) so we can have an idea about where is the too deep parsing

mexmer commented 1 year ago

Here is the output 7fdf6f85-bdc7-4fe7-872f-232d7227df4a.pdf.zip i noticed when running command line tool, we are using version 21.03 of mediainfolib, so i will retest with latest sable release, just to make sure it's still actual.

mexmer commented 1 year ago

just tested windows build of 22.09 on windows, and seems it's not crashing anymore. so i'm closing this, as it's not valid for latest source.

i had some issue compiling this on visual studio 2019 (latest build of VS 2019, tried various SDK), there were issues with byte/std::byte conflict when stdcpplatest is selected, also there is XMLDocument conflict between msxml (which is included automaticaly from windows sdk) and tinyxml2