MP4Box buffer overflow detected

Bug #273075 reported by Kim Botherway on 2008-09-22
318
This bug affects 6 people
Affects Status Importance Assigned to Milestone
gpac
Fix Released
Undecided
Unassigned
gpac (Ubuntu)
High
MOTU Media Team
Intrepid
Undecided
Unassigned

Bug Description

Binary package hint: gpac

Description: Ubuntu intrepid (development branch)
Release: 8.10
Kernel: Linux dj-dvant-server 2.6.27-3-server #1 SMP Wed Sep 10 17:02:55 UTC 2008 x86_64 GNU/Linux

gpac:
  Installed: 0.4.4-0.3ubuntu2
  Candidate: 0.4.4-0.3ubuntu2
  Version table:
 *** 0.4.4-0.3ubuntu2 0
        500 http://ftp.iinet.net.au intrepid/multiverse Packages
        100 /var/lib/dpkg/status

libgpac0.4.4:
  Installed: 0.4.4-0.3ubuntu2
  Candidate: 0.4.4-0.3ubuntu2
  Version table:
 *** 0.4.4-0.3ubuntu2 0
        500 http://ftp.iinet.net.au intrepid/multiverse Packages
        100 /var/lib/dpkg/status

Trying to remove a track ID from an aac. MP4Box has no problem adding x264 files to an MP4 container, just aac files. The aac file specifically converted with neroAacEnc from a wav.

MP4Box -raw 1 temp.aac
*** buffer overflow detected ***: MP4Box terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7fbd2989c7d7]
/lib/libc.so.6[0x7fbd2989a6a0]
/usr/lib/libgpac-0.4.4.so(chpl_New+0x39)[0x7fbd29e363c9]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0xd1)[0x7fbd29e4f5d1]
/usr/lib/libgpac-0.4.4.so(udta_Read+0x3d)[0x7fbd29e373ad]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0x13b)[0x7fbd29e4f63b]
/usr/lib/libgpac-0.4.4.so(gf_isom_read_box_list+0x32)[0x7fbd29e4fa62]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0x13b)[0x7fbd29e4f63b]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_root_box+0x4a)[0x7fbd29e4fb4a]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_movie_boxes+0x6a)[0x7fbd29e5593a]
/usr/lib/libgpac-0.4.4.so(gf_isom_open_file+0xd0)[0x7fbd29e55d10]
MP4Box[0x40a56f]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7fbd297bb466]
MP4Box[0x406949]
======= Memory map: ========
00400000-00424000 r-xp 00000000 08:02 556088 /usr/bin/MP4Box
00624000-00628000 r--p 00024000 08:02 556088 /usr/bin/MP4Box
00628000-00629000 rw-p 00028000 08:02 556088 /usr/bin/MP4Box
008f7000-00918000 rw-p 008f7000 00:00 0 [heap]
7fbd28909000-7fbd2891f000 r-xp 00000000 08:02 1512815 /lib/libgcc_s.so.1
7fbd2891f000-7fbd28b1e000 ---p 00016000 08:02 1512815 /lib/libgcc_s.so.1
7fbd28b1e000-7fbd28b1f000 r--p 00015000 08:02 1512815 /lib/libgcc_s.so.1
7fbd28b1f000-7fbd28b20000 rw-p 00016000 08:02 1512815 /lib/libgcc_s.so.1
7fbd28b20000-7fbd28b22000 r-xp 00000000 08:02 1512582 /lib/libdl-2.8.90.so
7fbd28b22000-7fbd28d22000 ---p 00002000 08:02 1512582 /lib/libdl-2.8.90.so
7fbd28d22000-7fbd28d23000 r--p 00002000 08:02 1512582 /lib/libdl-2.8.90.so
7fbd28d23000-7fbd28d24000 rw-p 00003000 08:02 1512582 /lib/libdl-2.8.90.so
7fbd28d24000-7fbd28d3b000 r-xp 00000000 08:02 1512593 /lib/libpthread-2.8.90.so
7fbd28d3b000-7fbd28f3a000 ---p 00017000 08:02 1512593 /lib/libpthread-2.8.90.so
7fbd28f3a000-7fbd28f3b000 r--p 00016000 08:02 1512593 /lib/libpthread-2.8.90.so
7fbd28f3b000-7fbd28f3c000 rw-p 00017000 08:02 1512593 /lib/libpthread-2.8.90.so
7fbd28f3c000-7fbd28f40000 rw-p 7fbd28f3c000 00:00 0
7fbd28f40000-7fbd290a3000 r-xp 00000000 08:02 215754 /usr/lib/libcrypto.so.0.9.8
7fbd290a3000-7fbd292a2000 ---p 00163000 08:02 215754 /usr/lib/libcrypto.so.0.9.8
7fbd292a2000-7fbd292af000 r--p 00162000 08:02 215754 /usr/lib/libcrypto.so.0.9.8
7fbd292af000-7fbd292c5000 rw-p 0016f000 08:02 215754 /usr/lib/libcrypto.so.0.9.8
7fbd292c5000-7fbd292c9000 rw-p 7fbd292c5000 00:00 0
7fbd292c9000-7fbd29312000 r-xp 00000000 08:02 215755 /usr/lib/libssl.so.0.9.8
7fbd29312000-7fbd29512000 ---p 00049000 08:02 215755 /usr/lib/libssl.so.0.9.8
7fbd29512000-7fbd29513000 r--p 00049000 08:02 215755 /usr/lib/libssl.so.0.9.8
7fbd29513000-7fbd29518000 rw-p 0004a000 08:02 215755 /usr/lib/libssl.so.0.9.8
7fbd29518000-7fbd2959c000 r-xp 00000000 08:02 1512583 /lib/libm-2.8.90.so
7fbd2959c000-7fbd2979b000 ---p 00084000 08:02 1512583 /lib/libm-2.8.90.so
7fbd2979b000-7fbd2979c000 r--p 00083000 08:02 1512583 /lib/libm-2.8.90.so
7fbd2979c000-7fbd2979d000 rw-p 00084000 08:02 1512583 /lib/libm-2.8.90.so
7fbd2979d000-7fbd29906000 r-xp 00000000 08:02 1512579 /lib/libc-2.8.90.so
7fbd29906000-7fbd29b05000 ---p 00169000 08:02 1512579 /lib/libc-2.8.90.so
7fbd29b05000-7fbd29b09000 r--p 00168000 08:02 1512579 /lib/libc-2.8.90.so
7fbd29b09000-7fbd29b0a000 rw-p 0016c000 08:02 1512579 /lib/libc-2.8.90.so
7fbd29b0a000-7fbd29b0f000 rw-p 7fbd29b0a000 00:00 0
7fbd29b0f000-7fbd29b26000 r-xp 00000000 08:02 214545 /usr/lib/libz.so.1.2.3.3
7fbd29b26000-7fbd29d25000 ---p 00017000 08:02 214545 /usr/lib/libz.so.1.2.3.3
7fbd29d25000-7fbd29d27000 rw-p 00016000 08:02 214545 /usr/lib/libz.so.1.2.3.3
7fbd29d27000-7fbd29fa5000 r-xp 00000000 08:02 581290 /usr/lib/libgpac-0.4.4.so
7fbd29fa5000-7fbd2a1a5000 ---p 0027e000 08:02 581290 /usr/lib/libgpac-0.4.4.so
7fbd2a1a5000-7fbd2a1a7000 r--p 0027e000 08:02 581290 /usr/lib/libgpac-0.4.4.so
7fbd2a1a7000-7fbd2a1af000 rw-p 00280000 08:02 581290 /usr/lib/libgpac-0.4.4.so
7fbd2a1af000-7fbd2a1b1000 rw-p 7fbd2a1af000 00:00 0
7fbd2a1b1000-7fbd2a1d0000 r-xp 00000000 08:02 1512573 /lib/ld-2.8.90.so
7fbd2a335000-7fbd2a3af000 rw-p 7fbd2a335000 00:00 0
7fbd2a3cb000-7fbd2a3cf000 rw-p 7fbd2a3cb000 00:00 0
7fbd2a3cf000-7fbd2a3d0000 r--p 0001e000 08:02 1512573 /lib/ld-2.8.90.so
7fbd2a3d0000-7fbd2a3d1000 rw-p 0001f000 08:02 1512573 /lib/ld-2.8.90.so
7fff323a3000-7fff323d0000 rw-p 7ffffffd2000 00:00 0 [stack]
7fff323fe000-7fff323ff000 r-xp 7fff323fe000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

Related branches

Kim Botherway (dj-dvant) wrote :
Josh Ancill (mempf) wrote :

I can confirm this bug. I ran into it when I was using mvpod, a java based frontend to mencoder and gpac.

Changed in gpac:
status: New → Confirmed
Kevin Christmas (kachristmas) wrote :

I got this running MP4Box from the command line.

Matteo Croce (teknoraver) wrote :

I can confirm it too, it breaks my encoding scripts (mp4tools)

Tom Worley (tom-worley) wrote :
Download full text (4.1 KiB)

I too can confirm this bug after trying to add an AAC from nero with x264 video

from command line:
MP4Box -inter 500 -add file.aac -add file.264 file.mp4 -fps 29.9699

*** buffer overflow detected ***: MP4Box terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x4b)[0xb7c91fdb]
/lib/libc.so.6[0xb7c90040]
/lib/libc.so.6[0xb7c8f285]
/usr/lib/libgpac-0.4.4.so(chpl_New+0x50)[0xb7e14da0]
/usr/lib/libgpac-0.4.4.so(gf_isom_box_new+0x715)[0xb7e33265]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0x13d)[0xb7e3446d]
/usr/lib/libgpac-0.4.4.so(udta_Read+0x60)[0xb7e15ff0]
/usr/lib/libgpac-0.4.4.so(gf_isom_box_read+0xbd)[0xb7e3003d]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0x279)[0xb7e345a9]
/usr/lib/libgpac-0.4.4.so(gf_isom_read_box_list+0x3d)[0xb7e34a5d]
/usr/lib/libgpac-0.4.4.so(moov_Read+0x2e)[0xb7e1734e]
/usr/lib/libgpac-0.4.4.so(gf_isom_box_read+0x977)[0xb7e308f7]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0x279)[0xb7e345a9]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_root_box+0x52)[0xb7e34b42]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_movie_boxes+0x96)[0xb7e3b686]
/usr/lib/libgpac-0.4.4.so(gf_isom_open_file+0xe7)[0xb7e3ba27]
/usr/lib/libgpac-0.4.4.so(gf_isom_open+0x4f)[0xb7e3f90f]
/usr/lib/libgpac-0.4.4.so(gf_media_import+0xb0)[0xb7eb7b90]
MP4Box[0x8061f6f]
MP4Box[0x804ef28]
/lib/libc.so.6(__libc_start_main+0xe5)[0xb7bc5685]
MP4Box[0x804cea1]
======= Memory map: ========
08048000-0806f000 r-xp 00000000 08:01 1418 /usr/bin/MP4Box
0806f000-08071000 r--p 00026000 08:01 1418 /usr/bin/MP4Box
08071000-08072000 rw-p 00028000 08:01 1418 /usr/bin/MP4Box
08072000-08093000 rw-p 08072000 00:00 0 [heap]
b79c2000-b79cf000 r-xp 00000000 08:01 46666 /lib/libgcc_s.so.1
b79cf000-b79d0000 r--p 0000c000 08:01 46666 /lib/libgcc_s.so.1
b79d0000-b79d1000 rw-p 0000d000 08:01 46666 /lib/libgcc_s.so.1
b79da000-b79dc000 rw-p b79da000 00:00 0
b79dc000-b79de000 r-xp 00000000 08:01 45711409 /lib/libdl-2.8.90.so
b79de000-b79df000 r--p 00001000 08:01 45711409 /lib/libdl-2.8.90.so
b79df000-b79e0000 rw-p 00002000 08:01 45711409 /lib/libdl-2.8.90.so
b79e0000-b79f4000 r-xp 00000000 08:01 45711432 /lib/libpthread-2.8.90.so
b79f4000-b79f5000 r--p 00013000 08:01 45711432 /lib/libpthread-2.8.90.so
b79f5000-b79f6000 rw-p 00014000 08:01 45711432 /lib/libpthread-2.8.90.so
b79f6000-b79f8000 rw-p b79f6000 00:00 0
b79f8000-b7b2a000 r-xp 00000000 08:01 10679 /usr/lib/i686/cmov/libcrypto.so
.0.9.8
b7b2a000-b7b32000 r--p 00132000 08:01 10679 /usr/lib/i686/cmov/libcrypto.so
.0.9.8
b7b32000-b7b3f000 rw-p 0013a000 08:01 10679 /usr/lib/i686/cmov/libcrypto.so
.0.9.8
b7b3f000-b7b43000 rw-p b7b3f000 00:00 0
b7b43000-b7b85000 r-xp 00000000 08:01 10680 /usr/lib/i686/cmov/libssl.so.0.
9.8
b7b85000-b7b86000 r--p 00041000 08:01 10680 /usr/lib/i686/cmov/libssl.so.0.
9.8
b7b86000-b7b89000 rw-p 00042000 08:01 10680 /usr/lib/i686/cmov/libssl.so.0.
9.8
b7b89000-b7bad000 r-xp 00000000 08:01 45711411 /lib/libm-2.8.90.so
b7bad000-b7bae000 r--p 00023000 08:01 45711411 /lib/libm-2.8.90.so
b7bae000-b7baf000 rw-p 00024000 08:01 45711411 /lib/libm-2.8.90.so
b7baf000-b7cec000 r-xp 00000000 08:01 45711403 /lib/libc-2.8...

Read more...

Confirming. Interestingly, manually applying a patch to the 0.4.4 source as instructed on the Ubuntu Forums (http://ubuntuforums.org/showthread.php?t=689757) worked great on Hardy, but not any more on Intrepid.

ikus060 (ikus060-renamed) wrote :

Compiling from source doesn't resolved the problem. GPac team must fix this problem.

MMarking (cpt-mocha) wrote :

Confirmed here too on Intrepid. Please fix this!

Kevin Christmas (kachristmas) wrote :

I've been using mp4creator from the mpeg4ip-server package as a substitute for MP4Box since this issue started.

Kevin Christmas (kachristmas) wrote :

Is upstream aware of this problem?

*shrug* This has brought my mkv to mp4 muxing to a halt. I would LOVE
for it to get fixed, but it doesn't seem like anything is being done.
I'll give mp4creator a try.

On Fri, Nov 14, 2008 at 9:13 AM, Kevin Christmas <email address hidden> wrote:
> Is upstream aware of this problem?
>
> --
> MP4Box buffer overflow detected
> https://bugs.launchpad.net/bugs/273075
> You received this bug notification because you are a direct subscriber
> of the bug.
>

giladrom (gilad-rom) wrote :
Download full text (7.1 KiB)

Same here... Please let me know how mp4creator works out for you.

Thanks!

On Fri, Nov 14, 2008 at 7:23 PM, m/ike <email address hidden> wrote:
> *shrug* This has brought my mkv to mp4 muxing to a halt. I would LOVE
> for it to get fixed, but it doesn't seem like anything is being done.
> I'll give mp4creator a try.
>
> On Fri, Nov 14, 2008 at 9:13 AM, Kevin Christmas <email address hidden> wrote:
>> Is upstream aware of this problem?
>>
>> --
>> MP4Box buffer overflow detected
>> https://bugs.launchpad.net/bugs/273075
>> You received this bug notification because you are a direct subscriber
>> of the bug.
>>
>
> --
> MP4Box buffer overflow detected
> https://bugs.launchpad.net/bugs/273075
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in "gpac" source package in Ubuntu: Confirmed
>
> Bug description:
> Binary package hint: gpac
>
> Description: Ubuntu intrepid (development branch)
> Release: 8.10
> Kernel: Linux dj-dvant-server 2.6.27-3-server #1 SMP Wed Sep 10 17:02:55 UTC 2008 x86_64 GNU/Linux
>
> gpac:
> Installed: 0.4.4-0.3ubuntu2
> Candidate: 0.4.4-0.3ubuntu2
> Version table:
> *** 0.4.4-0.3ubuntu2 0
> 500 http://ftp.iinet.net.au intrepid/multiverse Packages
> 100 /var/lib/dpkg/status
>
> libgpac0.4.4:
> Installed: 0.4.4-0.3ubuntu2
> Candidate: 0.4.4-0.3ubuntu2
> Version table:
> *** 0.4.4-0.3ubuntu2 0
> 500 http://ftp.iinet.net.au intrepid/multiverse Packages
> 100 /var/lib/dpkg/status
>
> Trying to remove a track ID from an aac. MP4Box has no problem adding x264 files to an MP4 container, just aac files. The aac file specifically converted with neroAacEnc from a wav.
>
> MP4Box -raw 1 temp.aac
> *** buffer overflow detected ***: MP4Box terminated
> ======= Backtrace: =========
> /lib/libc.so.6(__fortify_fail+0x37)[0x7fbd2989c7d7]
> /lib/libc.so.6[0x7fbd2989a6a0]
> /usr/lib/libgpac-0.4.4.so(chpl_New+0x39)[0x7fbd29e363c9]
> /usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0xd1)[0x7fbd29e4f5d1]
> /usr/lib/libgpac-0.4.4.so(udta_Read+0x3d)[0x7fbd29e373ad]
> /usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0x13b)[0x7fbd29e4f63b]
> /usr/lib/libgpac-0.4.4.so(gf_isom_read_box_list+0x32)[0x7fbd29e4fa62]
> /usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0x13b)[0x7fbd29e4f63b]
> /usr/lib/libgpac-0.4.4.so(gf_isom_parse_root_box+0x4a)[0x7fbd29e4fb4a]
> /usr/lib/libgpac-0.4.4.so(gf_isom_parse_movie_boxes+0x6a)[0x7fbd29e5593a]
> /usr/lib/libgpac-0.4.4.so(gf_isom_open_file+0xd0)[0x7fbd29e55d10]
> MP4Box[0x40a56f]
> /lib/libc.so.6(__libc_start_main+0xe6)[0x7fbd297bb466]
> MP4Box[0x406949]
> ======= Memory map: ========
> 00400000-00424000 r-xp 00000000 08:02 556088 /usr/bin/MP4Box
> 00624000-00628000 r--p 00024000 08:02 556088 /usr/bin/MP4Box
> 00628000-00629000 rw-p 00028000 08:02 556088 /usr/bin/MP4Box
> 008f7000-00918000 rw-p 008f7000 00:00 0 [heap]
> 7fbd28909000-7fbd2891f000 r-xp 00000000 08:02 1512815 /lib/libgcc_s.so.1
> 7fbd2891f000-7fbd28b1e000 ---p 00016000 08:02 1512815 /lib/libgcc_s.so.1
> 7fbd28b1e000-...

Read more...

Kevin Christmas (kachristmas) wrote :

Attached is the script that I've been using to remux mkv files, using mp4creator, for play back on my XBOX 360. I hope it helps.

Did some testing tonight: mp4creator is a suitable and working replacement for muxing mp4's on Intrepid. It even seems to do its job a bit faster than mp4box, but that may only be in my head :P. As Kevin stated, it can be found in the mpeg4ip-server package and his script provides some good example syntax. Thanks!

Zach (zivester) wrote :

Just to tag along with others, I noticed some weird problem... and it seems to be related to a directory/parsing issue... Don't know if it's 100% related, but I Have a fresh install of Intrepid and am getting segfaults.

me@ME:~/.makevids$ MP4Box -aviraw video /home/me/.makevids/ABC.mov -out /home/me/ABC.h264
Extracting AVI video (format h264) to /home/me/ABC_video.h264
me@ME:~/.makevids$ MP4Box -aviraw video /home/me/.makevids/ABC.mov -out /home/me/.makevids/ABC.h264
*** buffer overflow detected ***: MP4Box terminated

As you can see, the command without a directory beginning with a "." works fine, but the second segfaults... Exact same input, and ".makevids" has the correct permissions, so that's not the problem.

macaholic (macaholic1116) wrote :

Confirmed not working in Intrepid 64-bit with standard package, but working when gpac is built with latest cvs tree.

MMarking (cpt-mocha) wrote :

Intrepid 32 bit, CVS checkout is working properly, here is a quick HOWTO if you need to get your encoding going again:

In a root terminal:
apt-get remove gpac
cd /usr/src
cvs -z3 -d:pserver:<email address hidden>:/cvsroot/gpac co -P gpac
cd gpac/
./configure --prefix=/usr
make
make install

bass80 (sebastien-212) wrote :

You can fix the problem by installing libgpac0.4.4 for hardy ( 0.4.4-0.3ubuntu1) instead of libgpac0.4.4 for intrepid( 0.4.4-0.3ubuntu2).To avoid update of the lib , just lock the hardy version in synaptic. Confirmed working properly on Intrepid 32 bit.

Michael Shadle (mshadle) wrote :

+1 broken on intrepid 64-bit server

replaced with libgpac0.4.4_0.4.4-0.3ubuntu1~gutsy1_amd64.deb

works properly now.

please update/fix ASAP!

Rob Hall (rhall-lincommander) wrote :

I have managed to compile a working DEB on x86_64. It appears the GCC fortify source handling is getting in the way. I disabled it completely with the CFLAG -D_FORTIFY_SOURCE=0. -D_FORTIFY_SOURCE=1 may work but I didn't bother trying it. All I wanted was a working MP4Box.

I also added the CFLAG -D_GNU_SOURCE=1 although I don't know if that's strictly required.

For anybody who wants to try this I'll provide brief details of what I did (it may or may not be the correct way of doing things :) ).

apt-get build-deps gpac
apt-get source gpac
cd gpac-0.4.4
vim debian/rules
(edit the "CFLAGS = -Wall -g" line to read "CFLAGS = -D_GNU_SOURCE=1 -D_FORTIFY_SOURCE=0 -Wall -g" and save the file)
debuild -us -uc -b
cd ..
dpkg -i *.deb

Kim Botherway (dj-dvant) wrote :
Download full text (5.9 KiB)

Thank you for that, gpac finally builds and installs but still doesn't work. But I seem to have moved on, since I am converting to play on Play Station 3 I now convert to .m2st files. I am not sure where I got the script, but it does use tsMuxeR (http://www.smlabs.net/tsmuxer_en.html)

I can now convert a 1GB matroska file in under 1 minute. Totem and VLC play the files perfectly and there is no need to remix the surround sound channels.

The mp4box error is:

MP4Box -add temp.h264 -add temp.aac -fps 23.976 -nosys -new "temp.mp4"
*** buffer overflow detected ***: MP4Box terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f9085154887]
/lib/libc.so.6[0x7f9085152750]
/usr/lib/libgpac-0.4.4.so(chpl_New+0x39)[0x7f90856ee349]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0xd1)[0x7f9085707561]
/usr/lib/libgpac-0.4.4.so(udta_Read+0x3d)[0x7f90856ef34d]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0x13b)[0x7f90857075cb]
/usr/lib/libgpac-0.4.4.so(gf_isom_read_box_list+0x32)[0x7f90857079f2]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0x13b)[0x7f90857075cb]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_root_box+0x4a)[0x7f9085707ada]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_movie_boxes+0x6a)[0x7f908570d8ca]
/usr/lib/libgpac-0.4.4.so(gf_isom_open_file+0xd0)[0x7f908570dca0]
/usr/lib/libgpac-0.4.4.so(gf_media_import+0xcd)[0x7f9085777fbd]
MP4Box[0x41766c]
MP4Box[0x4083cb]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f9085073466]
MP4Box[0x4068b9]
======= Memory map: ========
00400000-00424000 r-xp 00000000 08:02 468163 /usr/bin/MP4Box
00623000-00627000 r--p 00023000 08:02 468163 /usr/bin/MP4Box
00627000-00628000 rw-p 00027000 08:02 468163 /usr/bin/MP4Box
0159b000-01f20000 rw-p 0159b000 00:00 0 [heap]
7f90841c0000-7f90841d6000 r-xp 00000000 08:02 1802304 /lib/libgcc_s.so.1
7f90841d6000-7f90843d6000 ---p 00016000 08:02 1802304 /lib/libgcc_s.so.1
7f90843d6000-7f90843d7000 r--p 00016000 08:02 1802304 /lib/libgcc_s.so.1
7f90843d7000-7f90843d8000 rw-p 00017000 08:02 1802304 /lib/libgcc_s.so.1
7f90843d8000-7f90843da000 r-xp 00000000 08:02 1802266 /lib/libdl-2.8.90.so
7f90843da000-7f90845da000 ---p 00002000 08:02 1802266 /lib/libdl-2.8.90.so
7f90845da000-7f90845db000 r--p 00002000 08:02 1802266 /lib/libdl-2.8.90.so
7f90845db000-7f90845dc000 rw-p 00003000 08:02 1802266 /lib/libdl-2.8.90.so
7f90845dc000-7f90845f3000 r-xp 00000000 08:02 1802277 /lib/libpthread-2.8.90.so
7f90845f3000-7f90847f2000 ---p 00017000 08:02 1802277 /lib/libpthread-2.8.90.so
7f90847f2000-7f90847f3000 r--p 00016000 08:02 1802277 /lib/libpthread-2.8.90.so
7f90847f3000-7f90847f4000 rw-p 00017000 08:02 1802277 /lib/libpthread-2.8.90.so
7f90847f4000-7f90847f8000 rw-p 7f90847f4000 00:00 0
7f90847f8000-7f908495b000 r-xp 00000000 08:02 2574826 /usr/lib/libcrypto.so.0.9.8
7f908495b000-7f9084b5a000 ---p 00163000 08:02 2574826 ...

Read more...

Motin (motin) wrote :

Rob Hall's solution worked wonders for me. I also added a changelog entry so that update manager won't attempt to replace the rebuilt version with the one from the repos:

sudo apt-get build-dep gpac
apt-get source gpac
cd gpac-0.4.4
gedit debian/rules
(edit the "CFLAGS = -Wall -g" line to read "CFLAGS = -D_GNU_SOURCE=1 -D_FORTIFY_SOURCE=0 -Wall -g" and save the file)
gedit debian/changelog
(add the changelog entry below to the top of this file, then save and close it)
debuild -us -uc -b
cd ..
sudo dpkg -i gpac_0.4.4-0.3ubuntu3_i386.deb

Here is the changelog entry to add:
gpac (0.4.4-0.3ubuntu3) intrepid; urgency=low

  * Rebuild without fortify (LP: #273075).

 -- Your Name <email address hidden> Tue, 26 Dec 2008 19:02:17 +0100

Motin (motin) wrote :

Here is the resulting i386-deb

sjeemz (6-launchpad-sjeemz-nl) wrote :
Download full text (7.6 KiB)

Motin's .deb does not work for me:

[user@desktop ~/mkv]$ /usr/bin/MP4Box -raw 1 inf-ibr.aac
*** buffer overflow detected ***: /usr/bin/MP4Box terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7c3c558]
/lib/tls/i686/cmov/libc.so.6[0xb7c3a680]
/usr/lib/libgpac-0.4.4.so(chpl_New+0x50)[0xb7dc2da0]
/usr/lib/libgpac-0.4.4.so(gf_isom_box_new+0x715)[0xb7de1265]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0x13d)[0xb7de246d]
/usr/lib/libgpac-0.4.4.so(udta_Read+0x60)[0xb7dc3ff0]
/usr/lib/libgpac-0.4.4.so(gf_isom_box_read+0xbd)[0xb7dde03d]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0x279)[0xb7de25a9]
/usr/lib/libgpac-0.4.4.so(gf_isom_read_box_list+0x3d)[0xb7de2a5d]
/usr/lib/libgpac-0.4.4.so(moov_Read+0x2e)[0xb7dc534e]
/usr/lib/libgpac-0.4.4.so(gf_isom_box_read+0x977)[0xb7dde8f7]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_box+0x279)[0xb7de25a9]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_root_box+0x52)[0xb7de2b42]
/usr/lib/libgpac-0.4.4.so(gf_isom_parse_movie_boxes+0x96)[0xb7de9686]
/usr/lib/libgpac-0.4.4.so(gf_isom_open_file+0xe7)[0xb7de9a27]
/usr/lib/libgpac-0.4.4.so(gf_isom_open+0x4f)[0xb7ded90f]
/usr/bin/MP4Box[0x8052211]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7b58685]
/usr/bin/MP4Box[0x804ce31]
======= Memory map: ========
08048000-0806e000 r-xp 00000000 08:11 1526454 /usr/bin/MP4Box
0806e000-08070000 r--p 00026000 08:11 1526454 /usr/bin/MP4Box
08070000-08071000 rw-p 00028000 08:11 1526454 /usr/bin/MP4Box
09b01000-09b22000 rw-p 09b01000 00:00 0 [heap]
b7846000-b796d000 rw-p b7846000 00:00 0
b796d000-b796f000 r-xp 00000000 08:11 1238654 /lib/tls/i686/cmov/libdl-2.8.90.so
b796f000-b7970000 r--p 00001000 08:11 1238654 /lib/tls/i686/cmov/libdl-2.8.90.so
b7970000-b7971000 rw-p 00002000 08:11 1238654 /lib/tls/i686/cmov/libdl-2.8.90.so
b7971000-b7972000 rw-p b7971000 00:00 0
b7972000-b7987000 r-xp 00000000 08:11 1238666 /lib/tls/i686/cmov/libpthread-2.8.90.so
b7987000-b7988000 r--p 00014000 08:11 1238666 /lib/tls/i686/cmov/libpthread-2.8.90.so
b7988000-b7989000 rw-p 00015000 08:11 1238666 /lib/tls/i686/cmov/libpthread-2.8.90.so
b7989000-b798b000 rw-p b7989000 00:00 0
b798b000-b7abd000 r-xp 00000000 08:11 1548715 /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7abd000-b7ac5000 r--p 00132000 08:11 1548715 /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7ac5000-b7ad2000 rw-p 0013a000 08:11 1548715 /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7ad2000-b7ad6000 rw-p b7ad2000 00:00 0
b7ad6000-b7b18000 r-xp 00000000 08:11 1548718 /usr/lib/i686/cmov/libssl.so.0.9.8
b7b18000-b7b19000 r--p 00041000 08:11 1548718 /usr/lib/i686/cmov/libssl.so.0.9.8
b7b19000-b7b1c000 rw-p 00042000 08:11 1548718 /usr/lib/i686/cmov/libssl.so.0.9.8
b7b1c000-b7b40000 r-xp 00000000 08:11 1238655 /lib/tls/i686/cmov/libm-2.8.90.so
b7b40000-b7b41000 r--p 00023000 08:11 1238655 /lib/tls/i686/cmov/libm-2.8.90.so
b7b41000-b7b42000 rw-p 00024000 08:11 1238655 /lib/tls/i686/cmov/libm-2.8.90.so
b7b42000-b7c9a000 r-xp 00000000 08:11 1238651 /lib/tls/i686/cmov/libc-2.8.90.so
b7c9a000-b7c9c000 r--p 00158000 08:11 1238651 /lib/tls/i686/cmov/libc-2.8.90.so
b7c9c000-b7c9d000 rw-p 0015a000 08:11 1238651 /li...

Read more...

Zach (zivester) wrote :

Can't get the 64 bit to build with the above suggested instructions.

Has anyone tried the new .4.5 version? I have and cannot get it to work either... any suggestions of how to get this one working? I've installed it but it still segfaults.

If you guys dont recommend it, how can I roll back and remove all traces of gpac (I did a make install).

Rob Hall (rhall-lincommander) wrote :

64Bit GPac Deb built using my instructions is attached. What I've found is that MP4Box from my Deb will not import AAC files unless it's run as root (it simply reports Aborted if executed as a nomal user). I remember this was an issue with GPac/MP4Box on Hardy so I've not really bothered. I'll attach the librarby Deb to the next post seeing as you only seem to be able to attach one file per post.

Rob Hall (rhall-lincommander) wrote :

Follow on from previous post.

Kevin Christmas (kachristmas) wrote :

I rebuilt gpac 0.4.5 from the source debs at debian-multimedia.org. I get the same result.

I will also rebuilt with the environment variables that Rob Hall suggested.

Kevin Christmas (kachristmas) wrote :

I'd like to apologize for the horrible grammar in my previous comment.

I added Rob Hall's flags to debian/rules and rebuilt gpac 0.4.5 on my amd64 install. MP4Box still terminates with a "buffer overflow detected," message and stack.

Michael Shadle (mshadle) wrote :

I don't want to be rude but there is a workaround out there. Is it that hard to get it fixed and in the repo? I'd do it myself if these packages weren't such a pain and I had access. Right now I'm stuck in limbo having to hold back certain packages and having to compile some on my own...

I wish there was a full-on this-package-includes-everything with ffmpeg, mp4box, gpac, all that - with all compile options enabled.

Kevin Christmas (kachristmas) wrote :

It seems that if the '-O3' switch is used, then the compiler does not honor the '-D_FORTIFY_SOURCE=0' flag. I need to investigate that more.

I rebuilt gpac 0.4.5 with gcc options -01 -D_FORTIFY_SOURCE=0. MP4Box is now working on my machine. I can import aac files with out error.

I uploaded my slightly modified gpac 0.4.5 to my ppa. You'll have to build it yourself because libamrnb-dev is only available in the medibuntu repo.

Changed in gpac:
assignee: nobody → motumedia
importance: Undecided → High
viikinki (hamajukk) wrote :

+1 broken on Jaunty i386.

I have tried most of the tricks above but with no luck ( I am n00b so it might be related to that)

Any information when this will be fixed? I have been waiting three weeks of this :/

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gpac - 0.4.4-0.3ubuntu4

---------------
gpac (0.4.4-0.3ubuntu4) jaunty; urgency=low

  * Add 20_memset_typo.dpatch: correct the chpl_New function to not
    overwrite memory during initialization (LP: #273075).

 -- Kees Cook <email address hidden> Thu, 05 Mar 2009 10:56:07 -0800

Changed in gpac:
status: Confirmed → Fix Released
Zach (zivester) wrote :

Where can I grab this new supposed "fixed" binary? Searching synaptic under Intrepid x64 I seem to only get 0.4.4-0.3ubuntu2.1

bass80 (sebastien-212) wrote :

It's the same thing for the 32 bit version.

Julien Lavergne (gilir) wrote :

The version is only available in Jaunty. If you want it for Intrepid, you need to request a backport of the fix from Jaunty to Intrepid :
https://help.ubuntu.com/community/UbuntuBackports#How%20to%20request%20new%20packages

xlynx (xlynx) wrote :

Julien,

I don't want to hijack this bug for general Ubuntu help, but I read that link and it suggested to try https://wiki.ubuntu.com/StableReleaseUpdates first, where there is a long and complicated procedure I'm not sure I can follow. Can you confirm whether it should be backports or SRU? I'm sure we'd all want to avoid using backports if we can help it.

Julien Lavergne (gilir) wrote :

SRU is also a long and uncertain procedure. I think it's a good candidate for this type of update, I'll try to complete the procedure but without guarantee.

Julien Lavergne (gilir) wrote :

Attached debdiff is a backport of the fix currently in jaunty for the intrepid package.
Source version of gpac are the same for intrepid and jaunty.
Testing package will be available in my PPA.

motu-sru ACK.

Changed in gpac (Ubuntu Intrepid):
status: New → Confirmed

Please note that the version number should be 0.4.4-0.3ubuntu2.2 (there is 0.4.4-0.3ubuntu2.1 version in intrepid-updates). Julien, please reupload your debdiff with that change and check for a sponsor.

Julien Lavergne (gilir) wrote :

Thanks, I updated the debdiff.

xlynx (xlynx) wrote :
Download full text (5.2 KiB)

Interestingly, after installing gpac_0.4.4-0.3ubuntu2.1~ppa1_i386.deb on Intrepid I still get the buffer overflow:

$ MP4Box -isma -nodrop -new -brand mp42 -add video.mp4:fmt=h264:fps=25#video -add audio.5G5KRU:fmt=aac:lang=eng:#audio -chap chapters.004KRU movie.mp4
[iso file] Box "avcC" size 8 invalid (read 433)
[iso file] Box "avcC" size 8 invalid (read 433)
IsoMedia import - track ID 1 - Video (size 720 x 48)
AAC import - sample rate 48000 - MPEG-4 audio - 2 channels
Converting to ISMA Audio-Video MP4 file...
*** buffer overflow detected ***: MP4Box terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7d126d8]
/lib/tls/i686/cmov/libc.so.6[0xb7d10800]
/usr/lib/libgpac-0.4.4.so(chpl_New+0x50)[0xb7e97d30]
/usr/lib/libgpac-0.4.4.so(gf_isom_box_new+0x715)[0xb7eb61c5]
/usr/lib/libgpac-0.4.4.so(gf_isom_add_chapter+0x1fc)[0xb7ecab3c]
/usr/lib/libgpac-0.4.4.so(gf_media_import_chapters+0xbff)[0xb7f1fabf]
MP4Box[0x80524c9]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7c2e685]
MP4Box[0x804cea1]
======= Memory map: ========
08048000-0806f000 r-xp 00000000 08:03 530817 /usr/bin/MP4Box
0806f000-08071000 r--p 00026000 08:03 530817 /usr/bin/MP4Box
08071000-08072000 rw-p 00028000 08:03 530817 /usr/bin/MP4Box
08dd3000-08ead000 rw-p 08dd3000 00:00 0 [heap]
b7953000-b7979000 rw-p b79e9000 00:00 0
b7a22000-b7a2f000 r-xp 00000000 08:03 122181 /lib/libgcc_s.so.1
b7a2f000-b7a30000 r--p 0000c000 08:03 122181 /lib/libgcc_s.so.1
b7a30000-b7a31000 rw-p 0000d000 08:03 122181 /lib/libgcc_s.so.1
b7a41000-b7a42000 rw-p b7a41000 00:00 0
b7a42000-b7a44000 r-xp 00000000 08:03 139465 /lib/tls/i686/cmov/libdl-2.8.90.so
b7a44000-b7a45000 r--p 00001000 08:03 139465 /lib/tls/i686/cmov/libdl-2.8.90.so
b7a45000-b7a46000 rw-p 00002000 08:03 139465 /lib/tls/i686/cmov/libdl-2.8.90.so
b7a46000-b7a5b000 r-xp 00000000 08:03 139496 /lib/tls/i686/cmov/libpthread-2.8.90.so
b7a5b000-b7a5c000 r--p 00014000 08:03 139496 /lib/tls/i686/cmov/libpthread-2.8.90.so
b7a5c000-b7a5d000 rw-p 00015000 08:03 139496 /lib/tls/i686/cmov/libpthread-2.8.90.so
b7a5d000-b7a60000 rw-p b7a5d000 00:00 0
b7a60000-b7b93000 r-xp 00000000 08:03 545810 /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7b93000-b7b9b000 r--p 00132000 08:03 545810 /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7b9b000-b7ba8000 rw-p 0013a000 08:03 545810 /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7ba8000-b7bac000 rw-p b7ba8000 00:00 0
b7bac000-b7bee000 r-xp 00000000 08:03 545814 /usr/lib/i686/cmov/libssl.so.0.9.8
b7bee000-b7bef000 r--p 00041000 08:03 545814 /usr/lib/i686/cmov/libssl.so.0.9.8
b7bef000-b7bf2000 rw-p 00042000 08:03 545814 /usr/lib/i686/cmov/libssl.so.0.9.8
b7bf2000-b7c16000 r-xp 00000000 08:03 139467 /lib/tls/i686/cmov/libm-2.8.90.so
b7c16000-b7c17000 r--p 00023000 08:03 139467 /lib/tls/i686/cmov/libm-2.8.90.so
b7c17000-b7c18000 rw-p 00024000 08:03 139467 /lib/tls/i686/cmov/libm-2.8.90.so
b7c18000-b7d70000 r-xp 00000000 08:03 139114 /lib/tls/i686/cmov/libc-2.8.90.so
b7d70000-b7d72000 r--p 00158000 08:03 139114 /lib/tls/i686/cmov/libc-2.8.90.so
b7d72000-b7d73000 rw-p 0015a000 08:03 1391...

Read more...

Julien Lavergne (gilir) wrote :

Thanks for the test.
To be sure, I re-upload a version with the patch to my PPA : https://edge.launchpad.net/~gilir/+archive/updates (version 0.4.4-0.3ubuntu2.2~ppa1). Could you test with it and report if the bug is still here ?

xlynx (xlynx) wrote :

Julien,

I have your new rebuild installed. I still get the buffer overflow crash.

$ dpkg -l gpac | grep gpac
ii gpac 0.4.4-0.3ubuntu2.2~ppa1

Here's the full dependency listing of gpac:
ii faac 1.26-0.1ubuntu2
ii gocr 0.45-2
ii lame 3.98-0.0
ii libfaac0 1.26-0.1ubuntu2
ii libggi-target-x 1:2.2.2-1ubuntu1
ii libggi2 1:2.2.2-1ubuntu1
ii libgii1 1:1.0.2-2
ii libgii1-target-x 1:1.0.2-2
ii libglide2 2002.04.10-16ubuntu2
ii libgpac0.4.4 0.4.4-0.3ubuntu2.1
ii libjpeg-progs 6b-14
ii liblzo2-2 2.03-1
ii libmp3lame0 3.98-0.0
ii libmp4v2-0 1:1.6dfsg-0.2ubuntu3
ii libnetpbm10 2:10.0-12
ii libogmrip0 0.12.2-0.0ubuntu1
ii libopenal1 1:1.3.253-4ubuntu1
ii libpcrecpp0 7.6-2.1ubuntu1
ii libsvga1 1:1.4.3-27
ii libwxbase2.6-0 2.6.3.2.2-2ubuntu5
ii libwxgtk2.6-0 2.6.3.2.2-2ubuntu5
ii libxvidcore4 2:1.1.2-0.1ubuntu3
ii libxvmc1 2:1.0.4-2ubuntu1
ii mencoder 2:1.0~rc2-0ubuntu17
ii mkvtoolnix 2.0.2-1.1
ii mplayer 2:1.0~rc2-0ubuntu17
ii mplayer-skins 2-7
ii netpbm 2:10.0-12
ii ocrad 0.17-3
ii ogmrip 0.12.2-0.0ubuntu1
ii ogmrip-doc 0.12.2-0.0ubuntu1
ii ogmtools 1:1.5-3
ii transfig 1:3.2.5-rel-3.1
ii vorbis-tools 1.2.0-5

Is there any other info or testing I can provide? My personal thanks for you efforts.

Julien Lavergne (gilir) wrote :

Thanks xlynx for the test.
It appear that the patch applied on Jaunty doesn't solve the problem.

security vulnerability: no → yes
Julien Lavergne (gilir) on 2009-04-07
Changed in gpac (Ubuntu):
status: Fix Released → Confirmed
Iain Lane (laney) wrote :

I can't see anything to sponsor. Please resubscribe the sponsors when there is something.

Asraniel (asraniel) wrote :

Is there a fix in work for this problem? because i can't watch movies on my ipod because of this

Parallax (parallaxview) wrote :

Can confirm this is still around:

:~$ dpkg -l gpac | grep gpac
ii gpac 0.4.4-0.3ubuntu4 multimedia framework based on the MPEG-4 Systems standard

This needs to get sorted either through work around or fix. It is no beuno when Ubuntu is the only distro with the issue.

xlynx (xlynx) wrote :

workaround:
# upgrade to Jaunty (now the current release).
# if problem persists, install the gpac package referenced above.

I know, I know - Intrepid is still supported for another 10+ months, but I don't know if that includes such fixes - I suppose you could try making some noise.

Parallax (parallaxview) wrote :

I am currently running Jaunty.

I do not see the package, the debdiff doesn't seem to play nice for me.

Parallax (parallaxview) wrote :

Is there a workaround for this in Jaunty? I am not longer using Intrepid and it is still not working, and none of the above steps seems to correct the issue.

Michael Shadle (mshadle) wrote :

Not afaik. I'm still waiting. I have a custom compiled gpac 0.4.5-1 and it works fine against the ubuntu libraries, but I had to compile the gpac (mp4box) myself. It seems to have fixed it.

libgpac-dev 0.4.4-0.3ubuntu4
libgpac0.4.4 0.4.4-0.3ubuntu4
my-gpac 0.4.5-1

Can this package's sponsors please push a newer version of the entire thing out?

Michael Shadle (mshadle) wrote :

I don't understand what xmlrpc has to do with gpac... at least the gpac package, maybe the gpac libs need it, but that's quite odd.

Sounds like the xmlrpc bug has a fix already for it, so why can't we get both of them pushed through?

Parallax (parallaxview) wrote :

I compiled gpac 0.4.5 from source and can verify that it does solve the problem.

Sammy Spets (sammys) wrote :

I stumbled onto the problem when I started using hidden directories (i.e. those starting with a dot [.blah]). Revert back to not using them and it works again.

Artur Rona (ari-tczew) on 2009-10-25
tags: added: patch
Artur Rona (ari-tczew) wrote :

Status:

Closed
Resolution:

Fixed

Changed in gpac:
importance: Unknown → Undecided
status: Unknown → New
status: New → Fix Released
Alessio Treglia (quadrispro) wrote :

Anyone can confirm this with Karmic/Lucid?

Changed in gpac (Ubuntu):
status: Confirmed → Incomplete
Julien Lavergne (gilir) wrote :

Should be fixed with 0.4.5 version in karmic.

Changed in gpac (Ubuntu):
status: Incomplete → Fix Released
Alex Valavanis (valavanisalex) wrote :

Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug has been fixed in newer releases of Ubuntu.

Changed in gpac (Ubuntu Intrepid):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.