-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SEGV on unknown address mp4file.cpp:2662 in MP4File::GetChapters #53
Comments
I also found heap-based buffer overflow in mp4file.cpp:2662. PoCSee testcases.
ASAN output
ty |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I found segfault on unknown address in mp4file.cpp:2662. It seems to occur because
sample
could not get a valid reference inpChapterTrack->ReadSample
on line 2655.Abstract
Segmentation fault (maybe null pointer reference) on mp4chaps(libmp4v2.so.2).
Environment
OS: Ubuntu 22.04.4 LTS
Compiler: gcc version 11.4.0
Build
To enable Address Sanitizer, add the following options to CMakeFiles.txt.
PoC
See testcases.
ASAN output
Solution
It is recommended to insert a null pointer judgment, and take other instruction (if-else/exception handling) if
sample
is NULL. For example, if branch inserted line 2662 in src/mp4file.cpp can prevent the segfault.ty
The text was updated successfully, but these errors were encountered: