ISOBMFF
ISOBMFF copied to clipboard
DigiDNA
Crash because of big vector allocation. [BUG]
Hi,
The application does not check the upper limit of the size of the files that are attempted to be read in the application, and therefore the application fails Segmentation Fault when parse such files.
This is because the application is trying to allocate a vector at very large sizes. We share the lines of code that we think cause this problem below:
std::vector< uint8_t > BinaryStream::Read( size_t size )
{
std::vector< uint8_t > data( size, 0 );
if( size > 0 )
{
this->Read( &( data[ 0 ] ), size );
}
return data;
}
I have attached backtrace:
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737346040512) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=140737346040512) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=140737346040512, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3 0x00007ffff7ab6476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007ffff7a9c7f3 in __GI_abort () at ./stdlib/abort.c:79
#5 0x00007ffff7dd953b in ?? () from /lib/x86_64-linux-gnu/libc++abi.so.1
#6 0x00007ffff7dc2feb in ?? () from /lib/x86_64-linux-gnu/libc++abi.so.1
#7 0x00007ffff7dd86f3 in ?? () from /lib/x86_64-linux-gnu/libc++abi.so.1
#8 0x00007ffff7ddb4d6 in ?? () from /lib/x86_64-linux-gnu/libc++abi.so.1
#9 0x00007ffff7ddb45c in __cxa_throw () from /lib/x86_64-linux-gnu/libc++abi.so.1
#10 0x00007ffff7ddafe8 in operator new(unsigned long) () from /lib/x86_64-linux-gnu/libc++abi.so.1
#11 0x00007ffff7f81d03 in std::__1::__libcpp_operator_new[abi:v15007]<unsigned long>(unsigned long) (__args=1542885733411454960) at /usr/include/c++/v1/new:246
#12 std::__1::__libcpp_allocate[abi:v15007](unsigned long, unsigned long) (__size=1542885733411454960, __align=1) at /usr/include/c++/v1/new:272
#13 std::__1::allocator<unsigned char>::allocate[abi:v15007](unsigned long) (this=0x7fffffffdb00, __n=1542885733411454960)
at /usr/include/c++/v1/__memory/allocator.h:112
#14 std::__1::__allocate_at_least[abi:v15007]<std::__1::allocator<unsigned char> >(std::__1::allocator<unsigned char>&, unsigned long) (__alloc=...,
__n=1542885733411454960) at /usr/include/c++/v1/__memory/allocate_at_least.h:54
#15 std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >::__vallocate[abi:v15007](unsigned long) (this=0x7fffffffdaf0, __n=4182248)
at /usr/include/c++/v1/vector:692
#16 0x00007ffff7f86456 in std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >::vector (this=0x3fd0e8, __n=4182248,
__n@entry=1542885733411454960, __x=<error reading variable: Cannot access memory at address 0x6>) at /usr/include/c++/v1/vector:1123
#17 0x00007ffff7f25b5a in ISOBMFF::BinaryStream::Read (this=0x555555577060, size=1542885733411454960) at ISOBMFF/source/BinaryStream.cpp:73
#18 0x00007ffff7f30193 in ISOBMFF::ContainerBox::ReadData (this=0x7fffffffdba8, parser=..., stream=...) at ISOBMFF/source/ContainerBox.cpp:115
#19 0x00007ffff7f4659c in ISOBMFF::IINF::ReadData (this=0x5555555773e8, parser=..., stream=...) at ISOBMFF/source/IINF.cpp:98
#20 0x00007ffff7f304d7 in ISOBMFF::ContainerBox::ReadData (this=0x7fffffffdcc8, parser=..., stream=...) at ISOBMFF/source/ContainerBox.cpp:136
#21 0x00007ffff7f5f8ac in ISOBMFF::META::ReadData (this=0x555555576f58, parser=..., stream=...) at ISOBMFF/source/META.cpp:99
#22 0x00007ffff7f304d7 in ISOBMFF::ContainerBox::ReadData (this=0x555555576d28, parser=..., stream=...) at ISOBMFF/source/ContainerBox.cpp:136
#23 0x00007ffff7f6a2a3 in ISOBMFF::Parser::Parse (this=this@entry=0x7fffffffde88, stream=...) at ISOBMFF/source/Parser.cpp:211
#24 0x00007ffff7f697ad in ISOBMFF::Parser::Parse (this=0x7fffffffde88, path=...) at ISOBMFF/source/Parser.cpp:163
#25 0x0000555555557cbd in main (argc=2, argv=0x7fffffffe278) at main.cpp:75
Also I have attached the file below that causes crashing the application:
