Closed ZFeiXQ closed 2 years ago
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Version:
./MP4Box -version MP4Box - GPAC version 1.1.0-DEV-rev1574-g8b22f0912-master (c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration: Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB
command:
./bin/gcc/MP4Box -hint POC7
POC7.zip
Result
Segmentation fault
bt
Program received signal SIGSEGV, Segmentation fault. _int_malloc (av=av@entry=0x7ffff76a0b80 <main_arena>, bytes=bytes@entry=56) at malloc.c:3643 3643 malloc.c: No such file or directory. LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA [ REGISTERS ] RAX 0x7ffff76a0c20 (main_arena+160) —▸ 0x5555555e0ba0 ◂— 0x1400000014 RBX 0x7ffff76a0b80 (main_arena) ◂— 0x0 RCX 0x7ffff76a0c10 (main_arena+144) —▸ 0x7ffff76a0c00 (main_arena+128) —▸ 0x5555555e0b00 ◂— 0x1400000014 RDX 0x8013f76a0c24 RDI 0x7ffff76a0b80 (main_arena) ◂— 0x0 RSI 0x7ffff76a0b90 (main_arena+16) ◂— 0x0 R8 0x5555555e0ba0 ◂— 0x1400000014 R9 0x7fffffff7f00 ◂— 0x67 /* 'g' */ R10 0x7ffff76d927a ◂— 'gf_isom_box_size' R11 0x7ffff78fa0d0 (gf_isom_box_size) ◂— endbr64 R12 0xffffffffffffffb0 R13 0x40 R14 0x4 R15 0x5555555e2a00 ◂— 0x1473746383 RBP 0x38 RSP 0x7fffffff7e40 ◂— 0x0 RIP 0x7ffff754fc5e (_int_malloc+110) ◂— cmp qword ptr [rdx + 0x10], r8 [ DISASM ] ► 0x7ffff754fc5e <_int_malloc+110> cmp qword ptr [rdx + 0x10], r8 0x7ffff754fc62 <_int_malloc+114> jne _int_malloc+2760 <_int_malloc+2760> ↓ 0x7ffff75506b8 <_int_malloc+2760> lea rdi, [rip + 0x121361] 0x7ffff75506bf <_int_malloc+2767> call malloc_printerr <malloc_printerr> 0x7ffff75506c4 <_int_malloc+2772> nop dword ptr [rax] 0x7ffff75506c8 <_int_malloc+2776> mov r9, qword ptr [rdx + 8] 0x7ffff75506cc <_int_malloc+2780> test r9b, 4 0x7ffff75506d0 <_int_malloc+2784> jne _int_malloc+3747 <_int_malloc+3747> 0x7ffff75506d6 <_int_malloc+2790> mov rax, qword ptr [rsp + 0x78] 0x7ffff75506db <_int_malloc+2795> jmp _int_malloc+2818 <_int_malloc+2818> 0x7ffff75506dd <_int_malloc+2797> nop dword ptr [rax] [ STACK ] 00:0000│ rsp 0x7fffffff7e40 ◂— 0x0 01:0008│ 0x7fffffff7e48 —▸ 0x7ffff78fabec (gf_isom_box_array_read_ex+860) ◂— mov r12d, eax 02:0010│ 0x7fffffff7e50 ◂— 0x0 03:0018│ 0x7fffffff7e58 —▸ 0x7ffff7e0cd89 ◂— 0x627473006c627473 /* 'stbl' */ 04:0020│ 0x7fffffff7e60 —▸ 0x5555555db530 ◂— 0x73747373 /* 'ssts' */ 05:0028│ 0x7fffffff7e68 ◂— 0x5101650c1f57a700 06:0030│ 0x7fffffff7e70 ◂— 0x8 07:0038│ 0x7fffffff7e78 —▸ 0x5555555e00d0 ◂— 0x7374626c /* 'lbts' */ [ BACKTRACE ] ► f 0 0x7ffff754fc5e _int_malloc+110 f 1 0x7ffff75522d4 malloc+116 f 2 0x7ffff78c17d2 co64_box_new+18 f 3 0x7ffff78f8aa9 gf_isom_box_new+153 f 4 0x7ffff791009c shift_chunk_offsets.part+284 f 5 0x7ffff79103a7 inplace_shift_moov_meta_offsets+231 f 6 0x7ffff7910e3c inplace_shift_mdat+732 f 7 0x7ffff7915009 WriteToFile+2713 pwndbg> bt #0 _int_malloc (av=av@entry=0x7ffff76a0b80 <main_arena>, bytes=bytes@entry=56) at malloc.c:3643 #1 0x00007ffff75522d4 in __GI___libc_malloc (bytes=56) at malloc.c:3058 #2 0x00007ffff78c17d2 in co64_box_new () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #3 0x00007ffff78f8aa9 in gf_isom_box_new () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #4 0x00007ffff791009c in shift_chunk_offsets.part () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #5 0x00007ffff79103a7 in inplace_shift_moov_meta_offsets () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #6 0x00007ffff7910e3c in inplace_shift_mdat () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #7 0x00007ffff7915009 in WriteToFile () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #8 0x00007ffff7906432 in gf_isom_write () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #9 0x00007ffff79064b8 in gf_isom_close () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #10 0x000055555557bd12 in mp4boxMain () #11 0x00007ffff74dc0b3 in __libc_start_main (main=0x55555556d420 <main>, argc=3, argv=0x7fffffffe348, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe338) at ../csu/libc-start.c:308 #12 0x000055555556d45e in _start () pwndbg>
fixed when fixing #1999, thanks for the report
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Version:
command:
POC7.zip
Result
bt