| tiêu đề | GPAC 2.4 (commit 25f31f76bded83d1fa1ae36216f2fb65ae7c483f and before) NULL Pointer Dereference |
|---|
| Mô tả | We recently identified a bug in the latest version of the GPAC library. In `src/media_tools/dash_client.c`, a null pointer dereference is triggered on line 5144 in a call to `strstr(base_init_url, "://")`. The root cause originates in `src/media_tools/mpd.c` at line 5322, where `gf_mpd_resolve_url` calls `gf_url_concatenate`, which fails due to an overly long input URL and returns `NULL`. The failure is not checked, and the resulting `base_init_url` remains null. This value is later dereferenced without validation, leading to a segmentation fault. The initial failure occurs in `src/utils/url.c` at line 183, where the URL length check triggers the error.
You may find the original input that caused this error below, with sha256 checksum f8d95055c6ccc8e7c190decf90496ab82a5acff727948a8a564b3381f87e8047.
The developer has fixed this issue in commit https://github.com/gpac/gpac/commit/153ea314b6b053db17164f8bc3c7e1e460938eaa |
|---|
| Nguồn | ⚠️ https://drive.google.com/file/d/1Z-C6RajpZ40ujo1iGNt3_mG855mPbs1Q/view?usp=share_link |
|---|
| Người dùng | CyberGym (UID 87553) |
|---|
| Đệ trình | 15/07/2025 23:51 (cách đây 9 các tháng) |
|---|
| Kiểm duyệt | 18/07/2025 10:01 (2 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 316862 [GPAC đến 2.4 dash_client.c gf_dash_download_init_segment base_init_url Từ chối dịch vụ] |
|---|
| điểm | 20 |
|---|