Closed ZFeiXQ closed 2 years ago
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Version:
./MP4Box -version MP4Box - GPAC version 1.1.0-DEV-rev1574-g8b22f0912-master (c) 2000-2021 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC: https://doi.org/10.1145/1291233.1291452 GPAC Configuration: Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB
command:
./bin/gcc/MP4Box -hint POC10
POC10.zip
Result
Abort
bt
Program received signal SIGABRT, Aborted. [----------------------------------registers-----------------------------------] RAX: 0x0 RBX: 0x7ffff697e740 (0x00007ffff697e740) RCX: 0x7ffff74fb18b (<__GI_raise+203>: mov rax,QWORD PTR [rsp+0x108]) RDX: 0x0 RSI: 0x7fffffff8060 --> 0x0 RDI: 0x2 RBP: 0x7fffffff83b0 --> 0x7ffff76a0b80 --> 0x0 RSP: 0x7fffffff8060 --> 0x0 RIP: 0x7ffff74fb18b (<__GI_raise+203>: mov rax,QWORD PTR [rsp+0x108]) R8 : 0x0 R9 : 0x7fffffff8060 --> 0x0 R10: 0x8 R11: 0x246 R12: 0x7fffffff82d0 --> 0x5555555eafa0 --> 0x7374626c ('lbts') R13: 0x10 R14: 0x7ffff7ffb000 --> 0x6565726600001000 R15: 0x1 EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x7ffff74fb17f <__GI_raise+191>: mov edi,0x2 0x7ffff74fb184 <__GI_raise+196>: mov eax,0xe 0x7ffff74fb189 <__GI_raise+201>: syscall => 0x7ffff74fb18b <__GI_raise+203>: mov rax,QWORD PTR [rsp+0x108] 0x7ffff74fb193 <__GI_raise+211>: xor rax,QWORD PTR fs:0x28 0x7ffff74fb19c <__GI_raise+220>: jne 0x7ffff74fb1c4 <__GI_raise+260> 0x7ffff74fb19e <__GI_raise+222>: mov eax,r8d 0x7ffff74fb1a1 <__GI_raise+225>: add rsp,0x118 [------------------------------------stack-------------------------------------] 0000| 0x7fffffff8060 --> 0x0 0008| 0x7fffffff8068 --> 0x0 0016| 0x7fffffff8070 --> 0x5555555e7d50 --> 0x5555555eaa30 --> 0x100010000000006 0024| 0x7fffffff8078 --> 0xf6015b1303ad4900 0032| 0x7fffffff8080 --> 0x5 0040| 0x7fffffff8088 --> 0x5555555e83e0 --> 0x5555555ebe10 --> 0x5555555ebbb0 --> 0x0 0048| 0x7fffffff8090 --> 0x7fffffff81e0 --> 0x0 0056| 0x7fffffff8098 --> 0x0 [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGABRT __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. gdb-peda$ bt #0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff74da859 in __GI_abort () at abort.c:79 #2 0x00007ffff75453ee in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff766f285 "%s\n") at ../sysdeps/posix/libc_fatal.c:155 #3 0x00007ffff754d47c in malloc_printerr (str=str@entry=0x7ffff7671600 "free(): invalid next size (fast)") at malloc.c:5347 #4 0x00007ffff754ed2c in _int_free (av=0x7ffff76a0b80 <main_arena>, p=0x5555555e1640, have_lock=0x0) at malloc.c:4249 #5 0x00007ffff78cc82b in stco_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #6 0x00007ffff78f8b6c in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #7 0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #8 0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #9 0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #10 0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #11 0x00007ffff78f8b9f in gf_isom_box_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #12 0x00007ffff78f9bc7 in gf_isom_box_array_del () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #13 0x00007ffff79031b7 in gf_isom_delete_movie () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #14 0x00007ffff79064c3 in gf_isom_close () from /home/zxq/CVE_testing/source/gpac/bin/gcc/libgpac.so.10 #15 0x000055555557bd12 in mp4boxMain () #16 0x00007ffff74dc0b3 in __libc_start_main (main=0x55555556d420 <main>, argc=0x3, argv=0x7fffffffe318, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe308) at ../csu/libc-start.c:308 #17 0x000055555556d45e in _start () gdb-peda$
fixed when fixing #1999, thanks for the report
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you!
Detailed guidelines: http://gpac.io/2013/07/16/how-to-file-a-bug-properly/
Version:
command:
POC10.zip
Result
bt