| タイトル | GPAC 2.4 (commit 25f31f76bded83d1fa1ae36216f2fb65ae7c483f and before) NULL Pointer Dereference |
|---|
| 説明 | We recently identified a bug in the latest version of the GPAC library. In `src/media_tools/dash_client.c`, a null pointer dereference is triggered on line 5144 in a call to `strstr(base_init_url, "://")`. The root cause originates in `src/media_tools/mpd.c` at line 5322, where `gf_mpd_resolve_url` calls `gf_url_concatenate`, which fails due to an overly long input URL and returns `NULL`. The failure is not checked, and the resulting `base_init_url` remains null. This value is later dereferenced without validation, leading to a segmentation fault. The initial failure occurs in `src/utils/url.c` at line 183, where the URL length check triggers the error.
You may find the original input that caused this error below, with sha256 checksum f8d95055c6ccc8e7c190decf90496ab82a5acff727948a8a564b3381f87e8047.
The developer has fixed this issue in commit https://github.com/gpac/gpac/commit/153ea314b6b053db17164f8bc3c7e1e460938eaa |
|---|
| ソース | ⚠️ https://drive.google.com/file/d/1Z-C6RajpZ40ujo1iGNt3_mG855mPbs1Q/view?usp=share_link |
|---|
| ユーザー | CyberGym (UID 87553) |
|---|
| 送信 | 2025年07月15日 23:51 (9 月 ago) |
|---|
| モデレーション | 2025年07月18日 10:01 (2 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 316862 [GPAC 迄 2.4 dash_client.c gf_dash_download_init_segment base_init_url サービス拒否] |
|---|
| ポイント | 20 |
|---|