bento4: NULL pointer dereference in AP4_AtomSampleTable::GetSample (Ap4AtomSampleTable.cpp)

bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs.

The complete ASan output of the issue:

# mp42aac $FILE out.aac
==6365==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000005cf94c bp 0x7fff5857d580 sp 0x7fff5857d4c0 T0)
==6365==The signal is caused by a READ memory access.
==6365==Hint: address points to the zero page.
    #0 0x5cf94b in AP4_AtomSampleTable::GetSample(unsigned int, AP4_Sample&) /tmp/Bento4-1.5.0-617/Source/C++/Core/Ap4AtomSampleTable.cpp
    #1 0x58d158 in AP4_Track::GetSample(unsigned int, AP4_Sample&) /tmp/Bento4-1.5.0-617/Source/C++/Core/Ap4Track.cpp:435:43
    #2 0x58d158 in AP4_Track::ReadSample(unsigned int, AP4_Sample&, AP4_DataBuffer&) /tmp/Bento4-1.5.0-617/Source/C++/Core/Ap4Track.cpp:469
    #3 0x5430ad in WriteSamples(AP4_Track*, AP4_SampleDescription*, AP4_ByteStream*) /tmp/Bento4-1.5.0-617/Source/C++/Apps/Mp42Aac/Mp42Aac.cpp:192:12
    #4 0x5430ad in main /tmp/Bento4-1.5.0-617/Source/C++/Apps/Mp42Aac/Mp42Aac.cpp:274
    #5 0x7f41deb72680 in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.23-r4/work/glibc-2.23/csu/../csu/libc-start.c:289
    #6 0x44f3f8 in _start (/usr/bin/mp42aac+0x44f3f8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /tmp/Bento4-1.5.0-617/Source/C++/Core/Ap4AtomSampleTable.cpp in AP4_AtomSampleTable::GetSample(unsigned int, AP4_Sample&)
Audio Track:
  duration: 7848 ms
  sample count: 169

Affected version:

Fixed version:

Commit fix:

This bug was discovered by Agostino Sarubbo of Gentoo.



2017-09-08: bug discovered and reported to upstream
2017-09-14: blog post about the issue
2017-09-21: CVE assigned

This bug was found with American Fuzzy Lop.
This bug was identified with bare metal servers donated by Packet. This work is also supported by the Core Infrastructure Initiative.


bento4: NULL pointer dereference in AP4_AtomSampleTable::GetSample (Ap4AtomSampleTable.cpp)

This entry was posted in advisories, security. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.