Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More fixes for issues caught by fuzzer #935

Merged
merged 6 commits into from Apr 6, 2024
Merged

More fixes for issues caught by fuzzer #935

merged 6 commits into from Apr 6, 2024

Commits on Mar 23, 2024

  1. Add boundary checks to Ap4OdheAtom 

    Fuzzer caught another large malloc. This is caused by lack of boundary check
in Ap4OdheAtom causing underflow.
    @roticv
    roticv committed Mar 23, 2024
    Configuration menu
    Copy the full SHA
    06f0d06 View commit details
    Browse the repository at this point in the history

  2. More boundary checks for Ap4SaioAtom 

    Earlier boundary checks were insufficient to prevent certain potential
payloads. This adds more boundary checks to prevent underflow of remains. I have
also remove the usage of GetHeaderSize in constructor as it is a virtual method.
    @roticv
    roticv committed Mar 23, 2024
    Configuration menu
    Copy the full SHA
    84b95d4 View commit details
    Browse the repository at this point in the history

Commits on Mar 24, 2024

  1. Add boundary checks to Ap4SbgpAtom 

    Fuzzer caught another large malloc. This is caused by lack of boundary check
in Ap4SbgpAtom causing underflow.
    @roticv
    roticv committed Mar 24, 2024
    Configuration menu
    Copy the full SHA
    f9f6b22 View commit details
    Browse the repository at this point in the history

Commits on Mar 27, 2024

  1. Prevent overflow in boundary check for Ap4SbgpAtom 

    Fuzzer caught another large malloc in Ap4SbgpAtom. It is caused by overflow
in boundary check
    @roticv
    roticv committed Mar 27, 2024
    Configuration menu
    Copy the full SHA
    8806fe2 View commit details
    Browse the repository at this point in the history

Commits on Mar 28, 2024

  1. Boundary checks in Ap4ContainerAtom 

    The lack of boundary checks in Ap4ContainerAtom leads to an underflow
in size which then leads to existing validation checks to fail and hence allow
large malloc.
    @roticv
    roticv committed Mar 28, 2024
    Configuration menu
    Copy the full SHA
    b977973 View commit details
    Browse the repository at this point in the history

Commits on Apr 2, 2024

  1. Add boundary checks for Ap4StsdAtom 

    Same problem as before, underflow of bytes_available results in some potential
attack
    @roticv
    roticv committed Apr 2, 2024
    Configuration menu
    Copy the full SHA
    26df396 View commit details
    Browse the repository at this point in the history