Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AddressSanitizer: bugs in mp42aac #980

Open
G2FUZZ opened this issue Sep 9, 2024 · 0 comments
Open

AddressSanitizer: bugs in mp42aac #980

G2FUZZ opened this issue Sep 9, 2024 · 0 comments

Comments

@G2FUZZ
Copy link

G2FUZZ commented Sep 9, 2024
edited
Loading

Describe the bug

I found three bugs when I tested mp42aac.

To Reproduce

Built Bento4 main branch according to the instructions in the README.md file.

Environment

Bento4 Version 1.6.0
Ubuntu 22.04

Bug1: FPE on unknown address

Input

Bug1.zip

CMD

./mp42aac Bug1 /dev/null

ASAN Output

AddressSanitizer:DEADLYSIGNAL
=================================================================
==11251==ERROR: AddressSanitizer: FPE on unknown address 0x55bb556f8773 (pc 0x55bb556f8773 bp 0x607000000170 sp 0x7ffd94f8fc40 T0)
    #0 0x55bb556f8773 in AP4_TfraAtom::AP4_TfraAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4TfraAtom.cpp:153
    #1 0x55bb556fb083 in AP4_TfraAtom::Create(unsigned int, AP4_ByteStream&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4TfraAtom.cpp:53
    #2 0x55bb55572f62 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:443
    #3 0x55bb55578a69 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #4 0x55bb55578a69 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:154
    #5 0x55bb55480c41 in AP4_File::ParseStream(AP4_ByteStream&, AP4_AtomFactory&, bool) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4File.cpp:104
    #6 0x55bb55481899 in AP4_File::AP4_File(AP4_ByteStream&, bool) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4File.cpp:78
    #7 0x55bb5546af61 in main /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Apps/Mp42Aac/Mp42Aac.cpp:250
    #8 0x7fb83a7b8d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    #9 0x7fb83a7b8e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    #10 0x55bb554702c4 in _start (/experiments/programs_AFLplusplus/aflasan/mp42aac+0x4d2c4)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4TfraAtom.cpp:153 in AP4_TfraAtom::AP4_TfraAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&)
==11251==ABORTING

Bug2: heap-buffer-overflow

Input

Bug2.zip

CMD

./mp42aac Bug2 /dev/null

ASAN Output

=================================================================
==11273==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000013c at pc 0x5578282fcbc7 bp 0x7ffd30564a40 sp 0x7ffd30564a30
READ of size 4 at 0x60200000013c thread T0
    #0 0x5578282fcbc6 in AP4_DataBuffer::GetData() const /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4DataBuffer.h:56
    #1 0x5578282fcbc6 in AP4_BitReader::ReadCache() const /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4Utils.cpp:446
    #2 0x5578282fcbc6 in AP4_BitReader::ReadBits(unsigned int) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4Utils.cpp:467
    #3 0x5578283fb525 in AP4_Dac4Atom::AP4_Dac4Atom(unsigned int, unsigned char const*) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4Dac4Atom.cpp:201
    #4 0x5578283ff347 in AP4_Dac4Atom::Create(unsigned int, AP4_ByteStream&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4Dac4Atom.cpp:58
    #5 0x557828369276 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:776
    #6 0x557828370254 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #7 0x5578283d6eac in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:196
    #8 0x5578282d9601 in AP4_SampleEntry::Read(AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4SampleEntry.cpp:115
    #9 0x5578282d9601 in AP4_AudioSampleEntry::AP4_AudioSampleEntry(unsigned int, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4SampleEntry.cpp:420
    #10 0x5578282d9601 in AP4_Ac4SampleEntry::AP4_Ac4SampleEntry(unsigned int, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4SampleEntry.cpp:801
    #11 0x55782836a989 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:342
    #12 0x557828370254 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #13 0x5578282e8d34 in AP4_StsdAtom::AP4_StsdAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4StsdAtom.cpp:102
    #14 0x5578282ea629 in AP4_StsdAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4StsdAtom.cpp:57
    #15 0x55782836905d in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:458
    #16 0x557828370254 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #17 0x5578283d6eac in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:196
    #18 0x5578283d7db0 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:140
    #19 0x5578283d7db0 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:88
    #20 0x5578283672b9 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:816
    #21 0x557828370254 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #22 0x5578283d6eac in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:196
    #23 0x5578283d7db0 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:140
    #24 0x5578283d7db0 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:88
    #25 0x5578283672b9 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:816
    #26 0x557828370254 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #27 0x5578283d6eac in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:196
    #28 0x5578283d7db0 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:140
    #29 0x5578283d7db0 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:88
    #30 0x5578283672b9 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:816
    #31 0x557828370254 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #32 0x5578283d6eac in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:196
    #33 0x5578283d748d in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:140
    #34 0x5578282f3f17 in AP4_TrakAtom::AP4_TrakAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4TrakAtom.cpp:165
    #35 0x55782836841f in AP4_TrakAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4TrakAtom.h:58
    #36 0x55782836841f in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:413
    #37 0x557828370254 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #38 0x5578283d6eac in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:196
    #39 0x5578283d748d in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:140
    #40 0x55782827d012 in AP4_MoovAtom::AP4_MoovAtom(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4MoovAtom.cpp:80
    #41 0x55782836b2d7 in AP4_MoovAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4MoovAtom.h:56
    #42 0x55782836b2d7 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:393
    #43 0x55782836ea69 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #44 0x55782836ea69 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:154
    #45 0x557828276c41 in AP4_File::ParseStream(AP4_ByteStream&, AP4_AtomFactory&, bool) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4File.cpp:104
    #46 0x557828277899 in AP4_File::AP4_File(AP4_ByteStream&, bool) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4File.cpp:78
    #47 0x557828260f61 in main /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Apps/Mp42Aac/Mp42Aac.cpp:250
    #48 0x7ff3cafd8d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    #49 0x7ff3cafd8e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    #50 0x5578282662c4 in _start (/experiments/programs_AFLplusplus/aflasan/mp42aac+0x4d2c4)

0x60200000013c is located 0 bytes to the right of 12-byte region [0x602000000130,0x60200000013c)
allocated by thread T0 here:
    #0 0x7ff3cb5c1357 in operator new[](unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:102
    #1 0x557828273af2 in AP4_DataBuffer::ReallocateBuffer(unsigned int) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4DataBuffer.cpp:210
    #2 0x557828273af2 in AP4_DataBuffer::SetBufferSize(unsigned int) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4DataBuffer.cpp:136

SUMMARY: AddressSanitizer: heap-buffer-overflow /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4DataBuffer.h:56 in AP4_DataBuffer::GetData() const
Shadow bytes around the buggy address:
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff8000: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
  0x0c047fff8010: fa fa 04 fa fa fa fd fd fa fa 00 06 fa fa 00 04
=>0x0c047fff8020: fa fa 00 04 fa fa 00[04]fa fa fa fa fa fa fa fa
  0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==11273==ABORTING

Bug3: heap-buffer-overflow

Input

Bug3.zip

CMD

./mp42aac Bug3 /dev/null

ASAN Output

=================================================================
==11290==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000091 at pc 0x7f8d44cae7cf bp 0x7ffd0e1b64f0 sp 0x7ffd0e1b5c98
WRITE of size 49 at 0x602000000091 thread T0
    #0 0x7f8d44cae7ce in __interceptor_fread ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1046
    #1 0x55e20effc5d1 in AP4_StdcFileByteStream::ReadPartial(void*, unsigned int, unsigned int&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/System/StdC/Ap4StdCFileByteStream.cpp:341
    #2 0x55e20ef279c1 in AP4_ByteStream::Read(void*, unsigned int) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ByteStream.cpp:54
    #3 0x55e20eff34fc in AP4_MetaDataStringAtom::AP4_MetaDataStringAtom(unsigned int, unsigned int, AP4_ByteStream&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/MetaData/Ap4MetaData.cpp:1637
    #4 0x55e20eff34fc in AP4_MetaDataAtomTypeHandler::CreateAtom(unsigned int, unsigned int, AP4_ByteStream&, unsigned int, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/MetaData/Ap4MetaData.cpp:428
    #5 0x55e20f025c20 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:844
    #6 0x55e20f02d254 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #7 0x55e20f093eac in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:196
    #8 0x55e20f094db0 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:140
    #9 0x55e20f094db0 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:88
    #10 0x55e20eff35bd in AP4_MetaDataAtomTypeHandler::CreateAtom(unsigned int, unsigned int, AP4_ByteStream&, unsigned int, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/MetaData/Ap4MetaData.cpp:419
    #11 0x55e20f025c20 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:844
    #12 0x55e20f02d254 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #13 0x55e20f0f9e89 in AP4_IproAtom::AP4_IproAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4IproAtom.cpp:77
    #14 0x55e20f0fa55c in AP4_IproAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4IproAtom.cpp:52
    #15 0x55e20f028467 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:684
    #16 0x55e20f02d254 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #17 0x55e20f093eac in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:196
    #18 0x55e20f094db0 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:140
    #19 0x55e20f094db0 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4ContainerAtom.cpp:88
    #20 0x55e20f0242b9 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:816
    #21 0x55e20f02ba69 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:234
    #22 0x55e20f02ba69 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4AtomFactory.cpp:154
    #23 0x55e20ef33c41 in AP4_File::ParseStream(AP4_ByteStream&, AP4_AtomFactory&, bool) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4File.cpp:104
    #24 0x55e20ef34899 in AP4_File::AP4_File(AP4_ByteStream&, bool) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4File.cpp:78
    #25 0x55e20ef1df61 in main /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Apps/Mp42Aac/Mp42Aac.cpp:250
    #26 0x7f8d4473cd8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    #27 0x7f8d4473ce3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    #28 0x55e20ef232c4 in _start (/experiments/programs_AFLplusplus/aflasan/mp42aac+0x4d2c4)

0x602000000091 is located 0 bytes to the right of 1-byte region [0x602000000090,0x602000000091)
allocated by thread T0 here:
    #0 0x7f8d44d25357 in operator new[](unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:102
    #1 0x55e20efa0300 in AP4_String::AP4_String(unsigned int) /experiments/programs_AFLplusplus/unibench/Bento4-newest/Source/C++/Core/Ap4String.cpp:85

SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1046 in __interceptor_fread
Shadow bytes around the buggy address:
  0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff8000: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
=>0x0c047fff8010: fa fa[01]fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==11290==ABORTING
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@G2FUZZ