search

axiomatic-systems / Bento4

Full-featured MP4 format, MPEG DASH, HLS, CMAF SDK and tools
http://www.bento4.com
2.03k stars 483 forks source link

AddressSanitizer: FPE in mp42aac #966

Open gpriamo opened 6 months ago

gpriamo commented 6 months ago

Describe the bug

AddressSanitizer: FPE on unknown address in mp42aac.

To Reproduce

Built Bento4 main branch according to the instructions in the README.md file.

ASAN Output

./mp42aaac <testcase> /dev/null

AddressSanitizer:DEADLYSIGNAL
=================================================================
==1929927==ERROR: AddressSanitizer: FPE on unknown address 0x00000062e380 (pc 0x00000062e380 bp 0x7fff78068250 sp 0x7fff78067d40 T0)
    #0 0x62e380 in AP4_TfraAtom::AP4_TfraAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&) Source/C++/Core/Ap4TfraAtom.cpp:153:53
    #1 0x62d7fb in AP4_TfraAtom::Create(unsigned int, AP4_ByteStream&) Source/C++/Core/Ap4TfraAtom.cpp:53:16
    #2 0x558a62 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) Source/C++/Core/Ap4AtomFactory.cpp:443:20
    #3 0x5562c1 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) Source/C++/Core/Ap4AtomFactory.cpp:234:14
    #4 0x590b19 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) Source/C++/Core/Ap4ContainerAtom.cpp:196:12
    #5 0x590926 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) Source/C++/Core/Ap4ContainerAtom.cpp:140:5
    #6 0x4ddc16 in AP4_MoovAtom::AP4_MoovAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) Source/C++/Core/Ap4MoovAtom.cpp:79:5
    #7 0x55c11d in AP4_MoovAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) Source/C++/Core/Ap4MoovAtom.h:56:20
    #8 0x55855b in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) Source/C++/Core/Ap4AtomFactory.cpp:393:20
    #9 0x5562c1 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) Source/C++/Core/Ap4AtomFactory.cpp:234:14
    #10 0x55542e in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) Source/C++/Core/Ap4AtomFactory.cpp:154:12
    #11 0x4da683 in AP4_File::ParseStream(AP4_ByteStream&, AP4_AtomFactory&, bool) Source/C++/Core/Ap4File.cpp:104:12
    #12 0x4dad7d in AP4_File::AP4_File(AP4_ByteStream&, bool) Source/C++/Core/Ap4File.cpp:78:5
    #13 0x4cf8ee in main Source/C++/Apps/Mp42Aac/Mp42Aac.cpp:250:22
    #14 0x7fd70b154082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
    #15 0x41d5ed in _start (target+0x41d5ed)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE Source/C++/Core/Ap4TfraAtom.cpp:153:53 in AP4_TfraAtom::AP4_TfraAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&)
==1929927==ABORTING

Environment info

OS: Ubuntu 20.04.6
Bento v1.6.0-641 (and main branch)

Testcase

testcase.zip

EDIT: I just noticed a similar crash was reported in #946 though the stacktraces diverge starting from frame number 4