Headline
CVE-2022-40775: SEGV error · Issue #758 · axiomatic-systems/Bento4
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields.
Hi there, I use my fuzzer for fuzzing the binary mp4decrypt, and this binary crashes with the following:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==24087==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000702ee8 bp 0x7ffcf40a75f0 sp 0x7ffcf40a73b0 T0)
==24087==The signal is caused by a READ memory access.
==24087==Hint: address points to the zero page.
#0 0x702ee8 in AP4_StszAtom::WriteFields(AP4_ByteStream&) (/fuzztest/mp4decrypt/mp4decrypt+0x702ee8)
#1 0x82facf in AP4_AtomListWriter::Action(AP4_Atom*) const (/fuzztest/mp4decrypt/mp4decrypt+0x82facf)
#2 0x4fc423 in AP4_ContainerAtom::WriteFields(AP4_ByteStream&) (/fuzztest/mp4decrypt/mp4decrypt+0x4fc423)
#3 0x82facf in AP4_AtomListWriter::Action(AP4_Atom*) const (/fuzztest/mp4decrypt/mp4decrypt+0x82facf)
#4 0x4fc423 in AP4_ContainerAtom::WriteFields(AP4_ByteStream&) (/fuzztest/mp4decrypt/mp4decrypt+0x4fc423)
#5 0x82facf in AP4_AtomListWriter::Action(AP4_Atom*) const (/fuzztest/mp4decrypt/mp4decrypt+0x82facf)
#6 0x4fc423 in AP4_ContainerAtom::WriteFields(AP4_ByteStream&) (/fuzztest/mp4decrypt/mp4decrypt+0x4fc423)
#7 0x82facf in AP4_AtomListWriter::Action(AP4_Atom*) const (/fuzztest/mp4decrypt/mp4decrypt+0x82facf)
#8 0x4fc423 in AP4_ContainerAtom::WriteFields(AP4_ByteStream&) (/fuzztest/mp4decrypt/mp4decrypt+0x4fc423)
#9 0x82facf in AP4_AtomListWriter::Action(AP4_Atom*) const (/fuzztest/mp4decrypt/mp4decrypt+0x82facf)
#10 0x4fc423 in AP4_ContainerAtom::WriteFields(AP4_ByteStream&) (/fuzztest/mp4decrypt/mp4decrypt+0x4fc423)
#11 0x82facf in AP4_AtomListWriter::Action(AP4_Atom*) const (/fuzztest/mp4decrypt/mp4decrypt+0x82facf)
#12 0x62cea7 in AP4_Processor::Process(AP4_ByteStream&, AP4_ByteStream&, AP4_ByteStream*, AP4_Processor::ProgressListener*, AP4_AtomFactory&) (/fuzztest/mp4decrypt/mp4decrypt+0x62cea7)
#13 0x412846 in main (/fuzztest/mp4decrypt/mp4decrypt+0x412846)
#14 0x7fcaa49f1c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
#15 0x407c99 in _start (/fuzztest/mp4decrypt/mp4decrypt+0x407c99)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/fuzztest/mp4decrypt/mp4decrypt+0x702ee8) in AP4_StszAtom::WriteFields(AP4_ByteStream&)
==24087==ABORTING