Headline
CVE-2022-31285: allocator is out of memory in /Source/C++/Core/Ap4Array.h:172 · Issue #702 · axiomatic-systems/Bento4
An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h.
SUMMARY: AddressSanitizer: allocator is out of memory in /Source/C++/Core/Ap4Array.h:172
Version
$ ./mp42hls MP4 To HLS File Converter - Version 1.2 (Bento4 Version 1.6.0.0) © 2002-2018 Axiomatic Systems, LLC
branch d02ef82
Platform
$ gcc --version gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0 Copyright © 2019 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ uname -r 5.13.0-40-generic
$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.4 LTS Release: 20.04 Codename: focal
Steps to reproduce
$ mkdir build $ cd build $ cmake … -DCMAKE_CXX_FLAGS="-fsanitize=address -g" -DCMAKE_C_FLAGS="-fsanitize=address -g" -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address" -DCMAKE_MODULE_LINKER_FLAGS="-fsanitize=address" $ make
$ ./mp42hls poc
Asan
$ ./mp42hls poc
==2569847==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x64f7ff3b0 bytes #0 0x7f4dacc42587 in operator new(unsigned long) …/…/…/…/src/libsanitizer/asan/asan_new_delete.cc:104 #1 0x55b48862ff7c in AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity(unsigned int) (/home/wulearn/Bento4/build/mp42hls+0x40af7c) #2 0x55b48862fcf0 in AP4_Array<AP4_TrunAtom::Entry>::SetItemCount(unsigned int) /home/wulearn/Bento4/Source/C++/Core/Ap4Array.h:210 #3 0x55b48862e470 in AP4_TrunAtom::AP4_TrunAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&) /home/wulearn/Bento4/Source/C++/Core/Ap4TrunAtom.cpp:127 #4 0x55b48862de8a in AP4_TrunAtom::Create(unsigned int, AP4_ByteStream&) /home/wulearn/Bento4/Source/C++/Core/Ap4TrunAtom.cpp:51 #5 0x55b4885751ab in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom&) /home/wulearn/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:438 #6 0x55b488572f7a in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom&) /home/wulearn/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:234 #7 0x55b488572549 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) /home/wulearn/Bento4/Source/C++/Core/Ap4AtomFactory.cpp:154 #8 0x55b4885a3392 in AP4_File::ParseStream(AP4_ByteStream&, AP4_AtomFactory&, bool) /home/wulearn/Bento4/Source/C++/Core/Ap4File.cpp:104 #9 0x55b4885a2fe0 in AP4_File::AP4_File(AP4_ByteStream&, bool) /home/wulearn/Bento4/Source/C++/Core/Ap4File.cpp:78 #10 0x55b48855db38 in main /home/wulearn/Bento4/Source/C++/Apps/Mp42Hls/Mp42Hls.cpp:1894 #11 0x7f4dac6190b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x240b2)
==2569847==HINT: if you don’t care about these errors you may set allocator_may_return_null=1 SUMMARY: AddressSanitizer: out-of-memory …/…/…/…/src/libsanitizer/asan/asan_new_delete.cc:104 in operator new(unsigned long) ==2569847==ABORTING
poc: poc.zip
Thanks!