knik0 / faad2 Goto Github PK
View Code? Open in Web Editor NEWFreeware Advanced Audio (AAC) Decoder faad2 mirror
Home Page: https://sourceforge.net/projects/faac/
License: Other
faad2's Introduction
Freeware Advanced Audio (AAC) Decoder including SBR decoding FAAD2 is a HE, LC, MAIN and LTP profile, MPEG2 and MPEG-4 AAC decoder. FAAD2 includes code for SBR (HE AAC) decoding. FAAD2 is licensed under the GPL. __________ COPYRIGHTS For FAAD2 the following license applies: ****************************************************************************** ** FAAD2 - Freeware Advanced Audio (AAC) Decoder including SBR decoding ** Copyright (C) 2003-2005 M. Bakker, Nero AG, http://www.nero.com ** ** This program is free software; you can redistribute it and/or modify ** it under the terms of the GNU General Public License as published by ** the Free Software Foundation; either version 2 of the License, or ** (at your option) any later version. ** ** This program is distributed in the hope that it will be useful, ** but WITHOUT ANY WARRANTY; without even the implied warranty of ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ** GNU General Public License for more details. ** ** You should have received a copy of the GNU General Public License ** along with this program; if not, write to the Free Software ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ** ** Any non-GPL usage of this software or parts of this software is strictly ** forbidden. ** ** The "appropriate copyright message" mentioned in section 2c of the GPLv2 ** must read: "Code from FAAD2 is copyright (c) Nero AG, www.nero.com" ** ** Commercial non-GPL licensing of this software is possible. ** For more info contact Nero AG through [email protected]. ****************************************************************************** Please note that the use of this software may require the payment of patent royalties. You need to consider this issue before you start building derivative works. We are not warranting or indemnifying you in any way for patent royalities! YOU ARE SOLELY RESPONSIBLE FOR YOUR OWN ACTIONS! ___________________ DIRECTORY STRUCTURE faad2 - top level directory. docs - API documentation. frontend - command line frontend to the FAAD2 library, also supports MPEG-4 file decoding. include - inlude file for the FAAD2 library. libfaad - the FAAD2 AAC decoder library including SBR. codebook - Huffman codebooks. project/msvc - Visual Studio 2017 project files.
faad2's People
Contributors
Stargazers
Watchers
Forkers
jeruka9 bookong22 codinchen fengfeng0328 hlef china20 ccawley2011 chouquette greenand linuxsch csir-rtvc janisozaur dgilman thienducee xiaolou86 haileys basicmaster fcartegnie tatsuz zhoujinyan hikboy argilo awesie wuxuefu izhangly cxpolive heitbaum avsolution diabl0man shyojiang drakeo bahawk davidkorczynski hayden-t hhqhqs xiaoken2openwrt blancetang jyk1101 marcusrugger cyan1650 rockcarry mynotic wuzhh2017 dm4codes zhaoxd298 srcejon asdlei99 lwjjhy sysfce2 hangxunz krabiswabbie dragoncodecs eustas rellikjaeger xu18838022837 arcspace ce1cecl satachito schreibfaul1 pschatzmann meqyj akallabeth bzmework bahusoid johanneskauffmann jonaski gavtroy cometails scantist-ossops-m2 z3usi0tafaad2's Issues
unicode_support.h macOS build failure for faad2 2.8.7
This seems to be a bug caused by #4
mp4read.c:27:10: fatal error: unicode_support.h: No such file or directory
#include "unicode_support.h"
^~~~~~~~~~~~~~~~~~~
audio.c:41:10: fatal error: unicode_support.h: No such file or directory
#include "unicode_support.h"
^~~~~~~~~~~~~~~~~~~
main.c:55:10: fatal error: unicode_support.h: No such file or directory
#include "unicode_support.h"
^~~~~~~~~~~~~~~~~~~
And if I remove those includes, ultimately
libtool: link: /usr/local/bin/gcc-7 -Os -w -pipe -march=core2 -msse4 -mmacosx-version-min=10.11 -F/usr/local/Frameworks -Wl,-headerpad_max_install_names -o .libs/faad mp4read.o audio.o main.o -L/usr/local/lib ../libfaad/.libs/libfaad.dylib -lm
Undefined symbols for architecture x86_64:
"_faad_fopen", referenced from:
_mp4read_open in mp4read.o
_open_audio_file in audio.o
_faad_main in main.o
Full log:
https://gist.github.com/ilovezfs/54bc87c0bbb5ee01ea2cafc138002e85
FAAD 2.8.8 crashes with some MP4 files (e.g. Youtube) where 2.7 did not
Hello.
It was brought to my attention that latest FAAD v2.8.8. (built latest sources straight from Git master) crashes with certain MP4 files, e.g. MP4 files downloaded from YouTube.
FAAD v2.7 works flawlessly on these exact files!
I tracked down the problem to a "division by zero" error at this line:
Sample file (zipped) to reproduce the issue is here:
https://files.fm/u/bf4ugc6k
Regards,
MuldeR
File decoding fails
Tried sample4.aac from https://filesamples.com/formats/aac
Decoder returns Scalefactor out of range (error code 4).
This happens because in the given file "intensity" scale factor is sometimes negative. Overall it ranges -3..4.
Capping to non-negative values results in decoding success. Waveform looks similar to produced with other decoder.
Looking at code, delta applied to each next scale_factor is -60..60. Logically, if we want to have all possibilities for next value, then scale factor range width should be 60. But is it -30..30 or 0..60? Will try to find an answer in internet...
Null pointer dereference vulnerability in ifilter_bank(libfaad/filtbank.c:246)
Hi, i found a null pointer dereference bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It crashed in function ifilter_bank.the details are below(ASAN):
./faad faad_res/002-null-point-filtbank_246 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/002-null-point-filtbank_246 file info:
ADTS, 0.043 sec, 37 kbps, 48000 Hz
---------------------
| Config: 3 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
| 02 | Unknown |
---------------------
ASAN:SIGSEGV faad_res/002-null-point-filtbank_246.
=================================================================
==7062==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fe67b9599f6 bp 0x7fff60c60600 sp 0x7fff60c5e510 T0)
#0 0x7fe67b9599f5 in ifilter_bank /root/faad2_asan/libfaad/filtbank.c:246
#1 0x7fe67b99519d in reconstruct_channel_pair /root/faad2_asan/libfaad/specrec.c:1258
#2 0x7fe67b99b823 in channel_pair_element /root/faad2_asan/libfaad/syntax.c:759
#3 0x7fe67b999cbf in decode_cpe /root/faad2_asan/libfaad/syntax.c:402
#4 0x7fe67b99a398 in raw_data_block /root/faad2_asan/libfaad/syntax.c:448
#5 0x7fe67b9549c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#6 0x7fe67b954566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#7 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#8 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#9 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#10 0x7fe67b58c82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#11 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faad2_asan/libfaad/filtbank.c:246 ifilter_bank
==7062==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/002-null-point-filtbank_246
Add roundtrip check
Add CI workflow that compiles both faad2 and faac and encodes/decodes few samples in several modes (would be nice to check original/decoded similarity).
aac stream will not play
libfaad2 2.9.1-1 installed on ubuntu 20.04
Started having problems with some streams - for some reason, I now get no audio. For example, for this stream: http://stream.open.fm/68 generates this error message in the mpd log:
"faad_decoder: error decoding AAC stream: Unexpected channel configuration change"
What does this error message mean?
What should I do to fix this problem?
Thanks.
AddressSanitizer: heap-buffer-overflow at libfaad/sbr_hfgen.c:369 (auto_correlation)
As of a8dc3f8, there is a heap-buffer-overflow libfaad/sbr_hfgen.c:369 (auto_correlation) when running faad $FILE.
POCs are available here.
==17043==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62f00000d700 at pc 0x7ffff7b8aba4 bp 0x7fffffff8a00 sp 0x7fffffff89f8
READ of size 4 at 0x62f00000d700 thread T0
#0 0x7ffff7b8aba3 in auto_correlation /home/hongxu/FOT/faac/faad2-asan/libfaad/sbr_hfgen.c:369:19
#1 0x7ffff7b89208 in calc_prediction_coef /home/hongxu/FOT/faac/faad2-asan/libfaad/sbr_hfgen.c:420:5
#2 0x7ffff7b86782 in hf_generation /home/hongxu/FOT/faac/faad2-asan/libfaad/sbr_hfgen.c:123:17
#3 0x7ffff7ba1d02 in sbr_process_channel /home/hongxu/FOT/faac/faad2-asan/libfaad/sbr_dec.c:344:9
#4 0x7ffff7ba15c5 in sbrDecodeCoupleFrame /home/hongxu/FOT/faac/faad2-asan/libfaad/sbr_dec.c:488:17
#5 0x7ffff7b4672a in reconstruct_channel_pair /home/hongxu/FOT/faac/faad2-asan/libfaad/specrec.c:1314:18
#6 0x7ffff7b5672e in channel_pair_element /home/hongxu/FOT/faac/faad2-asan/libfaad/syntax.c:771:19
#7 0x7ffff7b4cf10 in decode_cpe /home/hongxu/FOT/faac/faad2-asan/libfaad/syntax.c:414:20
#8 0x7ffff7b4afd5 in raw_data_block /home/hongxu/FOT/faac/faad2-asan/libfaad/syntax.c:460:17
#9 0x7ffff7af35ed in aac_frame_decode /home/hongxu/FOT/faac/faad2-asan/libfaad/decoder.c:990:9
#10 0x7ffff7af2f81 in NeAACDecDecode /home/hongxu/FOT/faac/faad2-asan/libfaad/decoder.c:821:12
#11 0x508197 in decodeAACfile /home/hongxu/FOT/faac/faad2-asan/frontend/main.c:679:25
#12 0x5027aa in faad_main /home/hongxu/FOT/faac/faad2-asan/frontend/main.c:1323:18
#13 0x500f71 in main /home/hongxu/FOT/faac/faad2-asan/frontend/main.c:1366:12
#14 0x7ffff6b16b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#15 0x41acb9 in _start (/home/hongxu/FOT/faac/faad2-asan/install/bin/faad+0x41acb9)
0x62f00000d700 is located 368 bytes to the right of 53648-byte region [0x62f000000400,0x62f00000d590)
allocated by thread T0 here:
#0 0x4c2b03 in malloc (/home/hongxu/FOT/faac/faad2-asan/install/bin/faad+0x4c2b03)
#1 0x7ffff7b68094 in faad_malloc /home/hongxu/FOT/faac/faad2-asan/libfaad/common.c:180:12
#2 0x7ffff7b9df8e in sbrDecodeInit /home/hongxu/FOT/faac/faad2-asan/libfaad/sbr_dec.c:60:21
#3 0x7ffff7b4d77d in fill_element /home/hongxu/FOT/faac/faad2-asan/libfaad/syntax.c:1086:42
#4 0x7ffff7b566cd in channel_pair_element /home/hongxu/FOT/faac/faad2-asan/libfaad/syntax.c:763:23
#5 0x7ffff7b4cf10 in decode_cpe /home/hongxu/FOT/faac/faad2-asan/libfaad/syntax.c:414:20
#6 0x7ffff7b4afd5 in raw_data_block /home/hongxu/FOT/faac/faad2-asan/libfaad/syntax.c:460:17
#7 0x7ffff7af35ed in aac_frame_decode /home/hongxu/FOT/faac/faad2-asan/libfaad/decoder.c:990:9
#8 0x7ffff7af2f81 in NeAACDecDecode /home/hongxu/FOT/faac/faad2-asan/libfaad/decoder.c:821:12
#9 0x508197 in decodeAACfile /home/hongxu/FOT/faac/faad2-asan/frontend/main.c:679:25
#10 0x5027aa in faad_main /home/hongxu/FOT/faac/faad2-asan/frontend/main.c:1323:18
#11 0x500f71 in main /home/hongxu/FOT/faac/faad2-asan/frontend/main.c:1366:12
#12 0x7ffff6b16b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/hongxu/FOT/faac/faad2-asan/libfaad/sbr_hfgen.c:369:19 in auto_correlation
Shadow bytes around the buggy address:
0x0c5e7fff9a90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5e7fff9aa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5e7fff9ab0: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5e7fff9ac0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5e7fff9ad0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c5e7fff9ae0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5e7fff9af0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5e7fff9b00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5e7fff9b10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5e7fff9b20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5e7fff9b30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==17043==ABORTING
A Segmentation fault in output.c:49:16
System info
Ubuntu x86_64, clang 6.0, faad (latest master 1073ae)
Configure
CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure --enable-shared=no
Command line
./frontend/faad -w -b 5 @@
AddressSanitizer output
NULL 190.264 secs, 6 ch, 44100 Hz
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3662==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000546b64 bp 0x629000000200 sp 0x7ffed5a32ff0 T0)
==3662==The signal is caused by a READ memory access.
==3662==Hint: address points to the zero page.
#0 0x546b63 in get_sample /home/seviezhou/faad2/libfaad/output.c:49:16
#1 0x546b63 in to_PCM_double /home/seviezhou/faad2/libfaad/output.c:390
#2 0x546b63 in output_to_PCM /home/seviezhou/faad2/libfaad/output.c:427
#3 0x53b8df in aac_frame_decode /home/seviezhou/faad2/libfaad/decoder.c:1176:21
#4 0x52f738 in decodeMP4file /home/seviezhou/faad2/frontend/main.c:916:25
#5 0x52f738 in faad_main /home/seviezhou/faad2/frontend/main.c:1323
#6 0x7fb2de93483f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/../csu/libc-start.c:291
#7 0x41a698 in _start (/home/seviezhou/faad2/frontend/faad+0x41a698)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/seviezhou/faad2/libfaad/output.c:49:16 in get_sample
==3662==ABORTING
POC
Null pointer dereference vulnerability in ifilter_bank (libfaad/filtbank.c:275)
Hi, i found a null pointer dereference bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It crashed in function ifilter_bank.the details are below(ASAN):
./faad faad_res/008-null-point-filtbank_275 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/008-null-point-filtbank_275 file info:
ADTS, 0.043 sec, 74 kbps, 48000 Hz
---------------------
| Config: 2 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
---------------------
ASAN:SIGSEGV faad_res/008-null-point-filtbank_275.
=================================================================
==7076==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f5946ec66b1 bp 0x7fff7f757780 sp 0x7fff7f755690 T0)
#0 0x7f5946ec66b0 in ifilter_bank /root/faad2_asan/libfaad/filtbank.c:275
#1 0x7f5946f0119d in reconstruct_channel_pair /root/faad2_asan/libfaad/specrec.c:1258
#2 0x7f5946f07823 in channel_pair_element /root/faad2_asan/libfaad/syntax.c:759
#3 0x7f5946f05cbf in decode_cpe /root/faad2_asan/libfaad/syntax.c:402
#4 0x7f5946f06398 in raw_data_block /root/faad2_asan/libfaad/syntax.c:448
#5 0x7f5946ec09c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#6 0x7f5946ec0566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#7 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#8 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#9 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#10 0x7f5946af882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#11 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faad2_asan/libfaad/filtbank.c:275 ifilter_bank
==7076==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/008-null-point-filtbank_275
Error: Bitstream value not allowed by specification
012.m4a file info:
RAW
| Config: 2 Ch |
| Ch | Position |
| 00 | Left front |
| 01 | Right front |
Error: Bitstream value not allowed by specification
file size : 44.3 mb
file format : m4a
Was libmp4ff removed?
I am looking at updating the Solus package to the latest version of faad2 as this mirror carries a bunch of development and security fixes over the versions downloadable from the sourceforge page. When building version 2.9.1, I get removals of stuff related to libmp4ff and we have a couple references to code that doesn't exist in this codebase. For example, the whole folder called common, that was in the root of the project, is totally gone.
Download here and you'll see the common folder there in all it's glory. Any chance we could get that added back in, unless the functionality isn't used anymore?
If you add it back in, it might be worth to add in the improvements of this patch to the codebase.
Here's a git diff over removals:
<Package>
<Name>faad</Name>
@@ -28,8 +28,6 @@ profile, MPEG-2 and MPEG-4 AAC decoder. FAAD2 includes code for SBR
<Path fileType="library">/usr/lib64/libfaad.so.2.0.0</Path>
<Path fileType="library">/usr/lib64/libfaad_drm.so.2</Path>
<Path fileType="library">/usr/lib64/libfaad_drm.so.2.0.0</Path>
- <Path fileType="library">/usr/lib64/libmp4ff.so.0</Path>
- <Path fileType="library">/usr/lib64/libmp4ff.so.0.0.0</Path>
</Files>
</Package>
<Package>
@@ -41,16 +39,13 @@ profile, MPEG-2 and MPEG-4 AAC decoder. FAAD2 includes code for SBR
</Description>
<PartOf>programming.devel</PartOf>
<RuntimeDependencies>
- <Dependency release="7">faad</Dependency>
+ <Dependency release="8">faad</Dependency>
</RuntimeDependencies>
<Files>
<Path fileType="header">/usr/include/faad.h</Path>
- <Path fileType="header">/usr/include/mp4ff.h</Path>
- <Path fileType="header">/usr/include/mp4ffint.h</Path>
<Path fileType="header">/usr/include/neaacdec.h</Path>
<Path fileType="library">/usr/lib64/libfaad.so</Path>
<Path fileType="library">/usr/lib64/libfaad_drm.so</Path>
- <Path fileType="library">/usr/lib64/libmp4ff.so</Path>
</Files>
</Package>
<Package>
Abi symbol removals:
-libmp4ff.so.0:mp4ff_meta_get_artist
-libmp4ff.so.0:mp4ff_meta_get_by_index
-libmp4ff.so.0:mp4ff_meta_get_comment
-libmp4ff.so.0:mp4ff_meta_get_compilation
-libmp4ff.so.0:mp4ff_meta_get_coverart
-libmp4ff.so.0:mp4ff_meta_get_date
-libmp4ff.so.0:mp4ff_meta_get_disc
-libmp4ff.so.0:mp4ff_meta_get_genre
-libmp4ff.so.0:mp4ff_meta_get_num_items
-libmp4ff.so.0:mp4ff_meta_get_tempo
-libmp4ff.so.0:mp4ff_meta_get_title
-libmp4ff.so.0:mp4ff_meta_get_tool
-libmp4ff.so.0:mp4ff_meta_get_totaldiscs
-libmp4ff.so.0:mp4ff_meta_get_totaltracks
-libmp4ff.so.0:mp4ff_meta_get_track
-libmp4ff.so.0:mp4ff_meta_get_writer
-libmp4ff.so.0:mp4ff_meta_index_to_genre
-libmp4ff.so.0:mp4ff_meta_update
-libmp4ff.so.0:mp4ff_num_samples
-libmp4ff.so.0:mp4ff_open_read
-libmp4ff.so.0:mp4ff_open_read_metaonly
-libmp4ff.so.0:mp4ff_parse_metadata
-libmp4ff.so.0:mp4ff_position
-libmp4ff.so.0:mp4ff_read_char
-libmp4ff.so.0:mp4ff_read_data
-libmp4ff.so.0:mp4ff_read_int16
-libmp4ff.so.0:mp4ff_read_int24
-libmp4ff.so.0:mp4ff_read_int32
-libmp4ff.so.0:mp4ff_read_int64
-libmp4ff.so.0:mp4ff_read_mp4_descr_length
-libmp4ff.so.0:mp4ff_read_sample
-libmp4ff.so.0:mp4ff_read_sample_getsize
-libmp4ff.so.0:mp4ff_read_sample_v2
-libmp4ff.so.0:mp4ff_read_string
-libmp4ff.so.0:mp4ff_set_position
-libmp4ff.so.0:mp4ff_set_sample_position
-libmp4ff.so.0:mp4ff_tag_delete
-libmp4ff.so.0:mp4ff_time_scale
-libmp4ff.so.0:mp4ff_total_tracks
-libmp4ff.so.0:mp4ff_truncate
-libmp4ff.so.0:mp4ff_write_data
-libmp4ff.so.0:mp4ff_write_int32
-libmp4ff.so.0:parse_atoms
-libmp4ff.so.0:parse_sub_atoms
Please consider change tagging convention on next release
It would be really nice to change tagging convention and replace underscores by dots.
Invalid memory address dereference in sbr_process_channel (in libfaad/sbr_dec.c:375)
Hi, i found a issue in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It crashed in function sbr_process_channel .the details are below(ASAN):
./faad faad_res/012-invalid-def-sbr_dec_375 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/012-invalid-def-sbr_dec_375 file info:
ADTS, 0.043 sec, 37 kbps, 48000 Hz
---------------------
| Config: 15 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
| 02 | Unknown |
| 03 | Unknown |
| 04 | Unknown |
| 05 | Unknown |
| 06 | Unknown |
| 07 | Unknown |
| 08 | Unknown |
| 09 | Unknown |
| 10 | Unknown |
| 11 | Unknown |
| 12 | Unknown |
| 13 | Unknown |
| 14 | Unknown |
---------------------
ASAN:SIGSEGVfaad_res/012-invalid-def-sbr_dec_375.
=================================================================
==7096==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000009 (pc 0x7f9edd65e76f bp 0x7ffff6126140 sp 0x7ffff6126100 T0)
#0 0x7f9edd65e76e in sbr_process_channel /root/faad2_asan/libfaad/sbr_dec.c:375
#1 0x7f9edd660049 in sbrDecodeSingleFrame /root/faad2_asan/libfaad/sbr_dec.c:562
#2 0x7f9edd6089a1 in reconstruct_single_channel /root/faad2_asan/libfaad/specrec.c:1067
#3 0x7f9edd610e28 in single_lfe_channel_element /root/faad2_asan/libfaad/syntax.c:631
#4 0x7f9edd60f354 in decode_sce_lfe /root/faad2_asan/libfaad/syntax.c:351
#5 0x7f9edd6102da in raw_data_block /root/faad2_asan/libfaad/syntax.c:441
#6 0x7f9edd5ca9c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#7 0x7f9edd5ca566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#8 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#9 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#10 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#11 0x7f9edd20282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#12 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faad2_asan/libfaad/sbr_dec.c:375 sbr_process_channel
==7096==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/012-invalid-def-sbr_dec_375
Invalid memory address dereference in sbrDecodeSingleFramePS(in libfaad/sbr_dec.c:601)
Hi, i found a issue in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It crashed in function sbrDecodeSingleFramePS .the details are below(ASAN):
./faad faad_res/007-invalid-def-sbr_hfadj_601 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/007-invalid-def-sbr_hfadj_601 file info:
ADTS, 0.469 sec, 41 kbps, 48000 Hz
---------------------
| Config: 2 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
---------------------
ASAN:SIGSEGVfaad_res/007-invalid-def-sbr_hfadj_601.
=================================================================
==7085==ERROR: AddressSanitizer: SEGV on unknown address 0x0000f64f3bb0 (pc 0x7fa4348f6f2d bp 0x7ffff64fd450 sp 0x7ffff64f3b80 T0)
#0 0x7fa4348f6f2c in sbrDecodeSingleFramePS /root/faad2_asan/libfaad/sbr_dec.c:601
#1 0x7fa43489eb54 in reconstruct_single_channel /root/faad2_asan/libfaad/specrec.c:1071
#2 0x7fa4348a6e28 in single_lfe_channel_element /root/faad2_asan/libfaad/syntax.c:631
#3 0x7fa4348a5354 in decode_sce_lfe /root/faad2_asan/libfaad/syntax.c:351
#4 0x7fa4348a62da in raw_data_block /root/faad2_asan/libfaad/syntax.c:441
#5 0x7fa4348609c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#6 0x7fa434860566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#7 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#8 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#9 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#10 0x7fa43449882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#11 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faad2_asan/libfaad/sbr_dec.c:601 sbrDecodeSingleFramePS
==7085==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/007-invalid-def-sbr_hfadj_601
ALAC (Apple Lossless Audio Codec) support in faad
The Logitech Media Server uses a fork of faad 2.7 that contains support for parsing Apple Lossless Audio Codec (ALAC) format. Unfortunately that support was never submitted upstream.
Is there interest in adding ALAC support to faad?
Although the mp4 parser rewrite means that the original mods to add ALAC support cannot be integrated as-is, if adding ALAC support is a direction the faad2 maintainers think is a good one, I'd be willing to help get the changes rewritten to work with the current version.
stack-buffer-underflow in function calculate_gain(libfaad/sbr_hfadj.c:1311)
Hi, i found a stack-buffer-overflow bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8, the details are below(ASAN):
./faad faad_res/006-stack-buffer-underflow-sbr_hfadj_1311 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/006-stack-buffer-underflow-sbr_hfadj_1311 file info:
ADTS, 0.256 sec, 42 kbps, 48000 Hz
---------------------
| Config: 2 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
---------------------
=================================================================
==7026==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7fff630132fc at pc 0x7fedefda0e74 bp 0x7fff63012ef0 sp 0x7fff63012ee0
WRITE of size 4 at 0x7fff630132fc thread T0
#0 0x7fedefda0e73 in calculate_gain /root/faad2_asan/libfaad/sbr_hfadj.c:1311
#1 0x7fedefd9e392 in hf_adjustment /root/faad2_asan/libfaad/sbr_hfadj.c:83
#2 0x7fedefdbc725 in sbr_process_channel /root/faad2_asan/libfaad/sbr_dec.c:363
#3 0x7fedefdbe7fa in sbrDecodeSingleFramePS /root/faad2_asan/libfaad/sbr_dec.c:637
#4 0x7fedefd66b54 in reconstruct_single_channel /root/faad2_asan/libfaad/specrec.c:1071
#5 0x7fedefd6ee28 in single_lfe_channel_element /root/faad2_asan/libfaad/syntax.c:631
#6 0x7fedefd6d354 in decode_sce_lfe /root/faad2_asan/libfaad/syntax.c:351
#7 0x7fedefd6e2da in raw_data_block /root/faad2_asan/libfaad/syntax.c:441
#8 0x7fedefd289c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#9 0x7fedefd28566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#10 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#11 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#12 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#13 0x7fedef96082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#14 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
Address 0x7fff630132fc is located in stack of thread T0 at offset 12 in frame
#0 0x7fedefd9dd8e in hf_adjustment /root/faad2_asan/libfaad/sbr_hfadj.c:60
This frame has 1 object(s):
[32, 2972) 'adj'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-underflow /root/faad2_asan/libfaad/sbr_hfadj.c:1311 calculate_gain
Shadow bytes around the buggy address:
0x10006c5fa600: 00 00 00 00 00 00 00 00 04 f4 f4 f4 f2 f2 f2 f2
0x10006c5fa610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006c5fa620: 00 00 00 00 00 00 00 00 04 f4 f4 f4 f2 f2 f2 f2
0x10006c5fa630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006c5fa640: 00 00 00 00 00 00 00 00 04 f4 f4 f4 f3 f3 f3 f3
=>0x10006c5fa650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1[f1]
0x10006c5fa660: f1 f1 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006c5fa670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006c5fa680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006c5fa690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006c5fa6a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==7026==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/006-stack-buffer-underflow-sbr_hfadj_1311
Any version after v2.7 (incl. v2.10.0) still crashes with MP4 containing more than one track!
Hello,
as the title says, I am still locked to old version 2.7, because it seems to be the last "good" version that doesn't crash while trying to decode an MP4 file that contains more than just a single audio track - as is the case with pretty much any MP4 video file!
Example MP4 file that can be used to reproduce crash:
https://www.mediafire.com/file/pu1t25to5q0ogyh/soothsayer.mp4.zip/file
(but I think pretty much an MP4 file with video+audio track would do!)
To reproduce:
faad.exe -o test.wav soothsayer.mp4
Expected result, as with FAAD v2.7:
*********** Ahead Software MPEG-4 AAC Decoder V2.7 ******************
Build: Mar 26 2017
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
soothsayer.mp4 file info:
LC AAC 286.510 secs, 2 ch, 44100 Hz
unknown: 0
unknown: 287300
unknown: B4A7DDA45MH1341528066551075
unknown: o-o.preferred.fra07t12.v5.cache3.c.youtube.com
---------------------
| Config: 2 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
---------------------
Decoding soothsayer.mp4 took: 1.03 sec. 277.63x real-time.
Result with FAAD v2.10.0 though:
*********** Ahead Software MPEG-4 AAC Decoder V2.10.0 ******************
Build: Jan 23 2021
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
**** MP4 header ****
Brand: mp42(version 0)
Compatible brands: isomavc1mp42
*track media type: 'soun': OK
Modification Time: Tue May 4 02:23:33 2010
Samplerate: 44100
Total samples: 12647424
Total channels: 2
Bits per sample: 16
Buffer size: 613
Max bitrate: 145176
Average bitrate: 125480
Samples per frame: 0
Frames: 12351
ASC size: 2
Duration: 286.8 sec
Data offset/size: 15546/0
********************
----------tag list-------------
'gsst' : 0
'gstd' : 287300
'gssd' : B4A7DDA45MH1341528066551075
'gshh' : o-o.preferred.fra07t12.v5.cache3.c.youtube.com
-------------------------------
soothsayer.mp4 file info:
LC AAC 286.790 secs, 2 ch, 44100 Hz
---------------------
| Config: 2 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
---------------------
0% decoding soothsayer.mp4.
***crash***
Best regards
MuldeR
heap-buffer-overflow in function excluded_channels(libfaad/syntax.c:2297)
Hi, i found a heap-buffer-overflow bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8, the details are below(ASAN):
./faad faad_res/003-heap-buffer-overflow-syntax_2297 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/003-heap-buffer-overflow-syntax_2297 file info:
RAW
=================================================================
==7045==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x610000008000 at pc 0x7f8240f7803a bp 0x7fff2aae2aa0 sp 0x7fff2aae2a90
WRITE of size 1 at 0x610000008000 thread T0
#0 0x7f8240f78039 in excluded_channels /root/faad2_asan/libfaad/syntax.c:2297
#1 0x7f8240f77c2b in dynamic_range_info /root/faad2_asan/libfaad/syntax.c:2236
#2 0x7f8240f779b7 in extension_payload /root/faad2_asan/libfaad/syntax.c:2166
#3 0x7f8240f74a25 in fill_element /root/faad2_asan/libfaad/syntax.c:1110
#4 0x7f8240f725ac in raw_data_block /root/faad2_asan/libfaad/syntax.c:500
#5 0x7f8240f2c9c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#6 0x7f8240f2c566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#7 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#8 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#9 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#10 0x7f8240b6482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#11 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
0x610000008000 is located 0 bytes to the right of 192-byte region [0x610000007f40,0x610000008000)
allocated by thread T0 here:
#0 0x7f8241287602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x7f8240f8c6ae in faad_malloc /root/faad2_asan/libfaad/common.c:180
#2 0x7f8240f2ee9c in drc_init /root/faad2_asan/libfaad/drc.c:41
#3 0x7f8240f28365 in NeAACDecOpen /root/faad2_asan/libfaad/decoder.c:179
#4 0x40ed36 in decodeAACfile /root/faad2_asan/frontend/main.c:562
#5 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#6 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#7 0x7f8240b6482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-buffer-overflow /root/faad2_asan/libfaad/syntax.c:2297 excluded_channels
Shadow bytes around the buggy address:
0x0c207fff8fb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff8fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff8fd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff8fe0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff8ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c207fff9000:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff9010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff9020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff9030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff9040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff9050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==7045==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/003-heap-buffer-overflow-syntax_2297
Channel Coupling
Deleting a partially formed M4A file's header up to the "mdat" and attempting to decode results in the following:
โ uname -srvmo
Linux 5.9.11-arch2-1 #1 SMP PREEMPT Sat, 28 Nov 2020 02:07:22 +0000 x86_64 GNU/Linux
โ faad test.m4a
*********** Ahead Software MPEG-4 AAC Decoder V2.10.0 ******************
Build: Oct 20 2020
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
test.m4a file info:
RAW
Error: Channel coupling not yet implemented
Are there known workarounds? Thank you.
stack-buffer-overflow in function calculate_gain(libfaad/sbr_hfadj.c:1287)
Hi, i found a stack-buffer-overflow bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8, the details are below(ASAN):
./faad faad_res/013-stack-buffer-overflow-sbr_hfadj_1287 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/013-stack-buffer-overflow-sbr_hfadj_1287 file info:
RAW
=================================================================
==7025==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc1ba22024 at pc 0x7ffabd7b4a49 bp 0x7ffc1ba21cd0 sp 0x7ffc1ba21cc0
WRITE of size 4 at 0x7ffc1ba22024 thread T0
#0 0x7ffabd7b4a48 in calculate_gain /root/faad2_asan/libfaad/sbr_hfadj.c:1287
#1 0x7ffabd7b2392 in hf_adjustment /root/faad2_asan/libfaad/sbr_hfadj.c:83
#2 0x7ffabd7d0725 in sbr_process_channel /root/faad2_asan/libfaad/sbr_dec.c:363
#3 0x7ffabd7d17ea in sbrDecodeCoupleFrame /root/faad2_asan/libfaad/sbr_dec.c:479
#4 0x7ffabd77e11b in reconstruct_channel_pair /root/faad2_asan/libfaad/specrec.c:1314
#5 0x7ffabd783823 in channel_pair_element /root/faad2_asan/libfaad/syntax.c:759
#6 0x7ffabd781cbf in decode_cpe /root/faad2_asan/libfaad/syntax.c:402
#7 0x7ffabd782398 in raw_data_block /root/faad2_asan/libfaad/syntax.c:448
#8 0x7ffabd73c9c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#9 0x7ffabd73c566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#10 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#11 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#12 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#13 0x7ffabd37482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#14 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
Address 0x7ffc1ba22024 is located in stack of thread T0 at offset 740 in frame
#0 0x7ffabd7b37a7 in calculate_gain /root/faad2_asan/libfaad/sbr_hfadj.c:1155
This frame has 3 object(s):
[32, 228) 'Q_M_lim'
[288, 484) 'G_lim'
[544, 740) 'S_M' <== Memory access at offset 740 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /root/faad2_asan/libfaad/sbr_hfadj.c:1287 calculate_gain
Shadow bytes around the buggy address:
0x10000373c3b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000373c3c0: 00 00 00 00 04 f4 f4 f4 f2 f2 f2 f2 00 00 00 00
0x10000373c3d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000373c3e0: 00 00 00 00 04 f4 f4 f4 f2 f2 f2 f2 00 00 00 00
0x10000373c3f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10000373c400: 00 00 00 00[04]f4 f4 f4 f3 f3 f3 f3 00 00 00 00
0x10000373c410: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00
0x10000373c420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000373c430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000373c440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000373c450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==7025==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/013-stack-buffer-overflow-sbr_hfadj_1287
sound pops/crackle - faad2 > 2.8.1 , vlc > 3.0.8, & faad front end mp4 decode "Floating point exception"
Update, while the sound problem is only heard on the m92p computer, the frontend/faad crash happens on any computer, and i believe they are related as they both only happen after 8d04544 commit (~2.8.1)
I found this bug with VLC, and tracked it down (via compiling old versions) to the change in faad2 version from 2.8.1 to 2.8.2+
It seems to only happen on this one type of computer i have (lenovo m92p, stats attached), as another HP computer running same debian and vlc does not do it.
It happens with both analog and hdmi sound out, alsa and pulse, x11 and wayland, other vlc settings dont help either.
Attached are files that do it, and verbose logs.
vlc-faad-bug.zip
https://youtu.be/HXnxHLauye0 (warning, loud sound)
Invalid memory address dereference in lt_prediction(in libfaad/lt_predict.c:108)
Hi, i found a issue in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It crashed in function lt_prediction .the details are below(ASAN):
./faad faad_res/010-invalid-def-lt_predict_108 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/010-invalid-def-lt_predict_108 file info:
RAW
---------------------
| Config: 1.1 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Center front |
| 01 | Left front |
---------------------
ASAN:SIGSEGV faad_res/010-invalid-def-lt_predict_108.
=================================================================
==7092==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000fd0 (pc 0x7f09d10c9532 bp 0x7ffea06b0460 sp 0x7ffea06ac370 T0)
#0 0x7f09d10c9531 in lt_prediction /root/faad2_asan/libfaad/lt_predict.c:108
#1 0x7f09d10fb6b8 in reconstruct_channel_pair /root/faad2_asan/libfaad/specrec.c:1228
#2 0x7f09d1102823 in channel_pair_element /root/faad2_asan/libfaad/syntax.c:759
#3 0x7f09d1100cbf in decode_cpe /root/faad2_asan/libfaad/syntax.c:402
#4 0x7f09d1101398 in raw_data_block /root/faad2_asan/libfaad/syntax.c:448
#5 0x7f09d10bb9c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#6 0x7f09d10bb566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#7 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#8 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#9 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#10 0x7f09d0cf382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#11 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faad2_asan/libfaad/lt_predict.c:108 lt_prediction
==7092==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/010-invalid-def-lt_predict_108
stack-buffer-overflow in function calculate_gain(libfaad/sbr_hfadj.c:1346)
Hi, i found a stack-buffer-overflow bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8, the details are below(ASAN):
./faad faad_res/001_stack-buffer-overflow_sbr_hfadj -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/001_stack-buffer-overflow_sbr_hfadj file info:
ADTS, 12.416 sec, 37 kbps, 48000 Hz
---------------------
| Config: 2 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
---------------------
=================================================================
==7021==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffed218532c at pc 0x7f406de6e68c bp 0x7ffed2184390 sp 0x7ffed2184380
WRITE of size 4 at 0x7ffed218532c thread T0
#0 0x7f406de6e68b in calculate_gain /root/faad2_asan/libfaad/sbr_hfadj.c:1346
#1 0x7f406de6b392 in hf_adjustment /root/faad2_asan/libfaad/sbr_hfadj.c:83
#2 0x7f406de89725 in sbr_process_channel /root/faad2_asan/libfaad/sbr_dec.c:363
#3 0x7f406de8b7fa in sbrDecodeSingleFramePS /root/faad2_asan/libfaad/sbr_dec.c:637
#4 0x7f406de33b54 in reconstruct_single_channel /root/faad2_asan/libfaad/specrec.c:1071
#5 0x7f406de3be28 in single_lfe_channel_element /root/faad2_asan/libfaad/syntax.c:631
#6 0x7f406de3a354 in decode_sce_lfe /root/faad2_asan/libfaad/syntax.c:351
#7 0x7f406de3b2da in raw_data_block /root/faad2_asan/libfaad/syntax.c:441
#8 0x7f406ddf59c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#9 0x7f406ddf5566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#10 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#11 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#12 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#13 0x7f406da2d82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#14 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
Address 0x7ffed218532c is located in stack of thread T0 at offset 2972 in frame
#0 0x7f406de6ad8e in hf_adjustment /root/faad2_asan/libfaad/sbr_hfadj.c:60
This frame has 1 object(s):
[32, 2972) 'adj' <== Memory access at offset 2972 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /root/faad2_asan/libfaad/sbr_hfadj.c:1346 calculate_gain
Shadow bytes around the buggy address:
0x10005a428a10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a428a20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a428a30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a428a40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a428a50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10005a428a60: 00 00 00 00 00[04]f3 f3 f3 f3 f3 f3 f3 f3 00 00
0x10005a428a70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a428a80: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00
0x10005a428a90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a428aa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a428ab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==7021==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/001_stack-buffer-overflow_sbr_hfadj
Null pointer dereference vulnerability in ifilter_bank(libfaad/filtbank.c:307)
Hi, i found a null pointer dereference bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It crashed in function ifilter_bank.the details are below(ASAN):
./faad faad_res/011-null-point-filtbank_307 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/011-null-point-filtbank_307 file info:
ADTS, 0.043 sec, 37 kbps, 48000 Hz
---------------------
| Config: 2 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
---------------------
ASAN:SIGSEGVfaad_res/011-null-point-filtbank_307.
=================================================================
==7079==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f94bfdbee3d bp 0x7fff8addf2e0 sp 0x7fff8addd1f0 T0)
#0 0x7f94bfdbee3c in ifilter_bank /root/faad2_asan/libfaad/filtbank.c:307
#1 0x7f94bfdf819d in reconstruct_channel_pair /root/faad2_asan/libfaad/specrec.c:1258
#2 0x7f94bfdfe823 in channel_pair_element /root/faad2_asan/libfaad/syntax.c:759
#3 0x7f94bfdfccbf in decode_cpe /root/faad2_asan/libfaad/syntax.c:402
#4 0x7f94bfdfd398 in raw_data_block /root/faad2_asan/libfaad/syntax.c:448
#5 0x7f94bfdb79c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#6 0x7f94bfdb7566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#7 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#8 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#9 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#10 0x7f94bf9ef82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#11 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faad2_asan/libfaad/filtbank.c:307 ifilter_bank
==7079==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/011-null-point-filtbank_307
How to read aac waveform data๏ผ
Dear,
NO test files found, I want to read aac file and get waveform data,
Could U help me?
Please.
Thx
Reporting two bugs
Hello,
I am reporting two bugs.
-
ID0: segmentation fault
when mp4read_frame() function invokes fread(), it allocate wrong buffer, then segmentation fault. -
ID1: Denial of service (take too much time)
when faad process the input (about 260KB), it takes 120 seconds to finish. -
How to reproduce error?
I used faad program from the frontend.
$ ./faad input
- You can download the PoC file from here:
heap-buffer-overflow in function write_audio_16bit(frontend/audio.c:324)
Hi, i found a heap-buffer-overflow bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8, the details are below(ASAN):
./faad faad_res/0000-heap-buffer-overflow-audio_324 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/0000-heap-buffer-overflow-audio_324 file info:
RAW
---------------------
| Config: 5.1 Ch | WARNING: channels are reordered according to
--------------------- MS defaults defined in WAVE_FORMAT_EXTENSIBLE
| Ch | Position |
---------------------
| 00 | Center front |
| 01 | Left front |
| 02 | Right front |
| 03 | Left back |
| 04 | Right back |
| 05 | LFE |
---------------------
=================================================================
==7019==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000016100 at pc 0x000000408434 bp 0x7fff3ab6db90 sp 0x7fff3ab6db80
READ of size 2 at 0x625000016100 thread T0
#0 0x408433 in write_audio_16bit /root/faad2_asan/frontend/audio.c:324
#1 0x404d41 in write_audio_file /root/faad2_asan/frontend/audio.c:110
#2 0x40fc82 in decodeAACfile /root/faad2_asan/frontend/main.c:751
#3 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#4 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#5 0x7fe85de9b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
0x625000016100 is located 0 bytes to the right of 8192-byte region [0x625000014100,0x625000016100)
allocated by thread T0 here:
#0 0x7fe85e5be602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x7fe85e2c36ae in faad_malloc /root/faad2_asan/libfaad/common.c:180
#2 0x7fe85e2644f0 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:1121
#3 0x7fe85e263566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#4 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#5 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#6 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#7 0x7fe85de9b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-buffer-overflow /root/faad2_asan/frontend/audio.c:324 write_audio_16bit
Shadow bytes around the buggy address:
0x0c4a7fffabd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fffabe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fffabf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fffac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4a7fffac10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c4a7fffac20:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffac30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffac40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffac50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffac60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4a7fffac70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==7019==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/0000-heap-buffer-overflow-audio_324
AAC LC Broken
A simple stereo LC does not play properly.
http://people.videolan.org/~magsoft/samples/01%20-%25A0Louisiana%201927.m4a
culprit being
41a763e
Fixed PNS correlation between left and right channel. Incorrect scaling of right channel.
A heap-buffer-overflow in sbr_qmf.c:96:77
System info
Ubuntu x86_64, clang 6.0, faad (latest master 1073ae)
Configure
CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure --enable-shared=no
Command line
./frontend/faad -w -b 5 @@
AddressSanitizer output
NULL 349.611 secs, 7 ch, 24000 Hz
=================================================================
==73167==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x620000004f80 at pc 0x0000005df054 bp 0x7fffad795310 sp 0x7fffad795308
READ of size 4 at 0x620000004f80 thread T0
#0 0x5df053 in sbr_qmf_analysis_32 /home/seviezhou/faad2/libfaad/sbr_qmf.c:96:77
#1 0x598dc5 in sbr_process_channel /home/seviezhou/faad2/libfaad/sbr_dec.c
#2 0x59addc in sbrDecodeSingleFrame /home/seviezhou/faad2/libfaad/sbr_dec.c:562:17
#3 0x5c2f81 in reconstruct_single_channel /home/seviezhou/faad2/libfaad/specrec.c:1070:22
#4 0x556c2e in single_lfe_channel_element /home/seviezhou/faad2/libfaad/syntax.c:643:14
#5 0x556c2e in decode_sce_lfe /home/seviezhou/faad2/libfaad/syntax.c:357
#6 0x555c2b in raw_data_block /home/seviezhou/faad2/libfaad/syntax.c:565:13
#7 0x5389de in aac_frame_decode /home/seviezhou/faad2/libfaad/decoder.c:990:9
#8 0x52f738 in decodeMP4file /home/seviezhou/faad2/frontend/main.c:916:25
#9 0x52f738 in faad_main /home/seviezhou/faad2/frontend/main.c:1323
#10 0x7f2790ec683f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/../csu/libc-start.c:291
#11 0x41a698 in _start (/home/seviezhou/faad2/frontend/faad+0x41a698)
0x620000004f80 is located 0 bytes to the right of 3840-byte region [0x620000004080,0x620000004f80)
allocated by thread T0 here:
#0 0x4de8a8 in __interceptor_malloc /home/seviezhou/llvm-6.0.0/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x5c1a0b in allocate_single_channel /home/seviezhou/faad2/libfaad/specrec.c:736:48
#2 0x5c1a0b in reconstruct_single_channel /home/seviezhou/faad2/libfaad/specrec.c:934
#3 0x556c2e in single_lfe_channel_element /home/seviezhou/faad2/libfaad/syntax.c:643:14
#4 0x556c2e in decode_sce_lfe /home/seviezhou/faad2/libfaad/syntax.c:357
#5 0x555c2b in raw_data_block /home/seviezhou/faad2/libfaad/syntax.c:565:13
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/seviezhou/faad2/libfaad/sbr_qmf.c:96:77 in sbr_qmf_analysis_32
Shadow bytes around the buggy address:
0x0c407fff89a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c407fff89b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c407fff89c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c407fff89d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c407fff89e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c407fff89f0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c407fff8a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c407fff8a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c407fff8a20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c407fff8a30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c407fff8a40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==73167==ABORTING
POC
--without-drm stopped working with 2.8
If you ./configure --without-drm in 2.8.x you will still get a libfaad_drm.2 shared object. The config.h is properly created with DRM undefied, there is something that is putting -DDRM into the CFLAGS in the makefile and that is forcing DRM to be defined at compile time.
F
Fff
4-channel decoded order
Hello, I noticed that when I decode 4-channel audio, if the input order is 0123 then what comes out is 2013.
This is okay from the AAC spec point of view, but I wonder if there is some enum or setting that can be set in order to handle the decoded channel order?
Perpare for the next release
Checklist:
- #69
- wait 7 days after last fixed fuzzer bug (21.08.2023); NB: does not include "fixed" codepath issues
CVE Request
Hi,
This is Mike Jiang from Synology PSIRT.
A reporter has inform us a security vulnerability for faad2. The following is the commit that resolved the security issue.
720f700
Because our internal mistake, we have assign a CVE ID(CVE-2021-26567) for this issue.
In case for possible duplication, I would like to confirm
- Is the security issue already assigned a CVE ID
- If so, what is the CVE ID number
- If not, do you mind we put the commit as the CVE reference and continue using the CVE ID to address this security issue
Looking forward for you feedback.
xHE-AAC support
Are you going to implement it?
global-buffer-overflow in function parse() in frontend/mp4read.c:746
Dear FAAD2 developers,
Looks like this issue didn't have a bug report yet. Originally reported on sourceforge, still affecting the master.
Link to poc.
I have a patch pending, will PR soon. This will also address #13.
fish@ubuntu: ./afl/afl/bin/faad global-buffer-overflow-1
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Nov 11 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
**** MP4 header ****
Brand: mp42(version 0)
Compatible brands: mp42isom
*track media type: 'soun': OK
=================================================================
==73817==ERROR: AddressSanitizer: global-buffer-overflow on address 0x56118d728230 at pc 0x56118d4fdb1d bp 0x7ffd93a74c40 sp 0x7ffd93a74c30
READ of size 2 at 0x56118d728230 thread T0
#0 0x56118d4fdb1c in parse ../../frontend/mp4read.c:746
#1 0x56118d505ce2 in mp4read_open ../../frontend/mp4read.c:991
#2 0x56118d517624 in decodeMP4file ../../frontend/main.c:830
#3 0x56118d517624 in faad_main ../../frontend/main.c:1308
#4 0x7f4a23581b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#5 0x56118d4fce69 in _start (/home/fish/Desktop/2018-10-10/sound_audio/faad2/afl/afl/bin/faad+0xae69)
0x56118d728230 is located 48 bytes to the left of global variable 'mvhd' defined in '../../frontend/mp4read.c:802:22' (0x56118d728260) of size 32
0x56118d728230 is located 0 bytes to the right of global variable 'trak' defined in '../../frontend/mp4read.c:806:22' (0x56118d728020) of size 528
SUMMARY: AddressSanitizer: global-buffer-overflow ../../frontend/mp4read.c:746 in parse
Shadow bytes around the buggy address:
0x0ac2b1adcff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac2b1add000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac2b1add010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac2b1add020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac2b1add030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ac2b1add040: 00 00 00 00 00 00[f9]f9 f9 f9 f9 f9 00 00 00 00
0x0ac2b1add050: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac2b1add060: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0ac2b1add070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ac2b1add080: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
0x0ac2b1add090: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==73817==ABORTING
A stack-buffer-overflow in mp4read.c:141:9
System info
Ubuntu x86_64, clang 6.0, faad (latest master eb19fa)
Configure
CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure --enable-shared=no
Command line
./frontend/faad -w -b 5 @@
AddressSanitizer output
=================================================================
==66437==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff84ab6078 at pc 0x0000004462d7 bp 0x7fff84ab5ee0 sp 0x7fff84ab5690
READ of size 41 at 0x7fff84ab6078 thread T0
#0 0x4462d6 in printf_common(void*, char const*, __va_list_tag*) (/home/seviezhou/faad2/frontend/faad+0x4462d6)
#1 0x446f1b in __interceptor_vfprintf (/home/seviezhou/faad2/frontend/faad+0x446f1b)
#2 0x446fe6 in fprintf (/home/seviezhou/faad2/frontend/faad+0x446fe6)
#3 0x5150d3 in ftypin /home/seviezhou/faad2/frontend/mp4read.c:141:9
#4 0x5143fd in parse /home/seviezhou/faad2/frontend/mp4read.c:765:19
#5 0x5130f8 in mp4read_open /home/seviezhou/faad2/frontend/mp4read.c:999:9
#6 0x52a3a7 in decodeMP4file /home/seviezhou/faad2/frontend/main.c:830:9
#7 0x52a3a7 in faad_main /home/seviezhou/faad2/frontend/main.c:1323
#8 0x7f9c8fbc2b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#9 0x41a669 in _start (/home/seviezhou/faad2/frontend/faad+0x41a669)
Address 0x7fff84ab6078 is located in stack of thread T0 at offset 88 in frame
#0 0x514aef in ftypin /home/seviezhou/faad2/frontend/mp4read.c:126
This frame has 2 object(s):
[32, 36) 'u32.i' (line 104)
[48, 88) 'buf' (line 128) <== Memory access at offset 88 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow (/home/seviezhou/faad2/frontend/faad+0x4462d6) in printf_common(void*, char const*, __va_list_tag*)
Shadow bytes around the buggy address:
0x10007094ebb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007094ebc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007094ebd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007094ebe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007094ebf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10007094ec00: 00 00 00 00 f1 f1 f1 f1 f8 f2 00 00 00 00 00[f3]
0x10007094ec10: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x10007094ec20: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f2 f8 f2
0x10007094ec30: f8 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x10007094ec40: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x10007094ec50: f8 f2 f2 f2 04 f3 f3 f3 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==66437==ABORTING
POC
stack-buffer-underflow in function calculate_gain(libfaad/sbr_hfadj.c:1314)
Hi, i found a stack-buffer-overflow bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8, the details are below(ASAN):
./faad faad_res/015-stack-buffer-underflow-sbr_hfadj_1314 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/015-stack-buffer-underflow-sbr_hfadj_1314 file info:
ADTS, 0.555 sec, 40 kbps, 48000 Hz
---------------------
| Config: 2 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
---------------------
=================================================================
==7044==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7ffccaece094 at pc 0x7f28af4fcf51 bp 0x7ffccaecdc80 sp 0x7ffccaecdc70
WRITE of size 4 at 0x7ffccaece094 thread T0
#0 0x7f28af4fcf50 in calculate_gain /root/faad2_asan/libfaad/sbr_hfadj.c:1314
#1 0x7f28af4fa392 in hf_adjustment /root/faad2_asan/libfaad/sbr_hfadj.c:83
#2 0x7f28af518725 in sbr_process_channel /root/faad2_asan/libfaad/sbr_dec.c:363
#3 0x7f28af51a7fa in sbrDecodeSingleFramePS /root/faad2_asan/libfaad/sbr_dec.c:637
#4 0x7f28af4c2b54 in reconstruct_single_channel /root/faad2_asan/libfaad/specrec.c:1071
#5 0x7f28af4cae28 in single_lfe_channel_element /root/faad2_asan/libfaad/syntax.c:631
#6 0x7f28af4c9354 in decode_sce_lfe /root/faad2_asan/libfaad/syntax.c:351
#7 0x7f28af4ca2da in raw_data_block /root/faad2_asan/libfaad/syntax.c:441
#8 0x7f28af4849c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#9 0x7f28af484566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#10 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#11 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#12 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#13 0x7f28af0bc82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#14 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
Address 0x7ffccaece094 is located in stack of thread T0 at offset 20 in frame
#0 0x7f28af4f9d8e in hf_adjustment /root/faad2_asan/libfaad/sbr_hfadj.c:60
This frame has 1 object(s):
[32, 2972) 'adj' <== Memory access at offset 20 underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-underflow /root/faad2_asan/libfaad/sbr_hfadj.c:1314 calculate_gain
Shadow bytes around the buggy address:
0x1000195d1bc0: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000195d1bd0: 00 00 00 00 00 00 00 00 00 00 04 f4 f4 f4 f2 f2
0x1000195d1be0: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000195d1bf0: 00 00 00 00 00 00 00 00 00 00 04 f4 f4 f4 f3 f3
0x1000195d1c00: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1000195d1c10: f1 f1[f1]f1 00 00 00 00 00 00 00 00 00 00 00 00
0x1000195d1c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000195d1c30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000195d1c40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000195d1c50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000195d1c60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==7044==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/015-stack-buffer-underflow-sbr_hfadj_1314
Null pointer dereference vulnerability in ic_predict (libfaad/ic_predict.c:96)
Hi, i found a null pointer dereference bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It crashed in function ic_predict .the details are below(ASAN):
./faad faad_res/005-null-point-ic_predict_96 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/005-null-point-ic_predict_96 file info:
ADTS, 0.021 sec, 219 kbps, 96000 Hz
---------------------
| Config: 2 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Center front |
| 01 | Center back |
---------------------
ASAN:SIGSEGVfaad_res/005-null-point-ic_predict_96.
=================================================================
==7073==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f440069b99e bp 0x7ffe0d2d4b70 sp 0x7ffe0d2d49f0 T0)
#0 0x7f440069b99d in ic_predict /root/faad2_asan/libfaad/ic_predict.c:96
#1 0x7f440069cbc0 in ic_prediction /root/faad2_asan/libfaad/ic_predict.c:252
#2 0x7f44006d0a14 in reconstruct_channel_pair /root/faad2_asan/libfaad/specrec.c:1189
#3 0x7f44006d8823 in channel_pair_element /root/faad2_asan/libfaad/syntax.c:759
#4 0x7f44006d6cbf in decode_cpe /root/faad2_asan/libfaad/syntax.c:402
#5 0x7f44006d7398 in raw_data_block /root/faad2_asan/libfaad/syntax.c:448
#6 0x7f44006919c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#7 0x7f4400691566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#8 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#9 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#10 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#11 0x7f44002c982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#12 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faad2_asan/libfaad/ic_predict.c:96 ic_predict
==7073==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/005-null-point-ic_predict_96
compiler warning at pns.c
There are compiler warnings at line 215-216 of pns.c
I think it is not good to assign r1, r2 (uint32_t*) to r1_dep, r2_dep (uint32_t)
r1_dep = __r1;
r2_dep = __r2;
A heap-buffer-overflow in sbr_qmf.c:614:27
System info
Ubuntu x86_64, clang 6.0, faad (latest master 1073ae)
Configure
CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure --enable-shared=no
Command line
./frontend/faad -w -b 5 @@
AddressSanitizer output
NULL 174.805 secs, 5 ch, 48000 Hz
=================================================================
==39716==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000008900 at pc 0x0000005e19ba bp 0x7ffc780ef510 sp 0x7ffc780ef508
WRITE of size 4 at 0x621000008900 thread T0
#0 0x5e19b9 in sbr_qmf_synthesis_64 /home/seviezhou/faad2/libfaad/sbr_qmf.c:614:27
#1 0x59aeae in sbrDecodeSingleFrame /home/seviezhou/faad2/libfaad/sbr_dec.c:568:9
#2 0x5c2f81 in reconstruct_single_channel /home/seviezhou/faad2/libfaad/specrec.c:1070:22
#3 0x556c2e in single_lfe_channel_element /home/seviezhou/faad2/libfaad/syntax.c:643:14
#4 0x556c2e in decode_sce_lfe /home/seviezhou/faad2/libfaad/syntax.c:357
#5 0x55593a in raw_data_block /home/seviezhou/faad2/libfaad/syntax.c:550:13
#6 0x5389de in aac_frame_decode /home/seviezhou/faad2/libfaad/decoder.c:990:9
#7 0x52f738 in decodeMP4file /home/seviezhou/faad2/frontend/main.c:916:25
#8 0x52f738 in faad_main /home/seviezhou/faad2/frontend/main.c:1323
#9 0x7f3373f6783f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/../csu/libc-start.c:291
#10 0x41a698 in _start (/home/seviezhou/faad2/frontend/faad+0x41a698)
0x621000008900 is located 0 bytes to the right of 4096-byte region [0x621000007900,0x621000008900)
allocated by thread T0 here:
#0 0x4de8a8 in __interceptor_malloc /home/seviezhou/llvm-6.0.0/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x5c1a0b in allocate_single_channel /home/seviezhou/faad2/libfaad/specrec.c:736:48
#2 0x5c1a0b in reconstruct_single_channel /home/seviezhou/faad2/libfaad/specrec.c:934
#3 0x556c2e in single_lfe_channel_element /home/seviezhou/faad2/libfaad/syntax.c:643:14
#4 0x556c2e in decode_sce_lfe /home/seviezhou/faad2/libfaad/syntax.c:357
#5 0x55593a in raw_data_block /home/seviezhou/faad2/libfaad/syntax.c:550:13
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/seviezhou/faad2/libfaad/sbr_qmf.c:614:27 in sbr_qmf_synthesis_64
Shadow bytes around the buggy address:
0x0c427fff90d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fff90e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fff90f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fff9100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fff9110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c427fff9120:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fff9130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fff9140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fff9150: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fff9160: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fff9170: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==39716==ABORTING
POC
A heap-buffer-overflow in lt_predict.c:108:36
System info
Ubuntu x86_64, clang 6.0, faad (latest master f71b5e)
Configure
CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure --enable-shared=no
Command line
./frontend/faad -w -b 5 @@
AddressSanitizer output
=================================================================
==13979==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x620000003006 at pc 0x0000005e1605 bp 0x7ffc00e45c30 sp 0x7ffc00e45c28
READ of size 2 at 0x620000003006 thread T0
#0 0x5e1604 in lt_prediction /home/seviezhou/faad2/libfaad/lt_predict.c:108:36
#1 0x5be727 in reconstruct_single_channel /home/seviezhou/faad2/libfaad/specrec.c:995:9
#2 0x55308e in single_lfe_channel_element /home/seviezhou/faad2/libfaad/syntax.c:643:14
#3 0x55308e in decode_sce_lfe /home/seviezhou/faad2/libfaad/syntax.c:357
#4 0x551d9a in raw_data_block /home/seviezhou/faad2/libfaad/syntax.c:550:13
#5 0x534e1e in aac_frame_decode /home/seviezhou/faad2/libfaad/decoder.c:990:9
#6 0x52bbeb in decodeMP4file /home/seviezhou/faad2/frontend/main.c:916:25
#7 0x52bbeb in faad_main /home/seviezhou/faad2/frontend/main.c:1323
#8 0x7f3ce6cebb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#9 0x41a669 in _start (/home/seviezhou/faad2/frontend/faad+0x41a669)
0x620000003006 is located 122 bytes to the left of 3840-byte region [0x620000003080,0x620000003f80)
allocated by thread T0 here:
#0 0x4da520 in __interceptor_malloc (/home/seviezhou/faad2/frontend/faad+0x4da520)
#1 0x5bdc3e in allocate_single_channel /home/seviezhou/faad2/libfaad/specrec.c:714:53
#2 0x5bdc3e in reconstruct_single_channel /home/seviezhou/faad2/libfaad/specrec.c:934
#3 0x55308e in single_lfe_channel_element /home/seviezhou/faad2/libfaad/syntax.c:643:14
#4 0x55308e in decode_sce_lfe /home/seviezhou/faad2/libfaad/syntax.c:357
#5 0x551d9a in raw_data_block /home/seviezhou/faad2/libfaad/syntax.c:550:13
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/seviezhou/faad2/libfaad/lt_predict.c:108:36 in lt_prediction
Shadow bytes around the buggy address:
0x0c407fff85b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c407fff85c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c407fff85d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c407fff85e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c407fff85f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c407fff8600:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c407fff8610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c407fff8620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c407fff8630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c407fff8640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c407fff8650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==13979==ABORTING
POC
Distorted sound in AAC stream
48kbps AAC stream is decoded fine with ffmpeg while faad2 decodes it distorted. However I think for a small fraction of second at the very beginning it plays fine (volume level is significantly different between "good" and "bad"). Sample can be downloaded here:
Null pointer dereference vulnerability in ifilter_bank(libfaad/filtbank.c:223)
Hi, i found a null pointer dereference bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It crashed in function ifilter_bank.the details are below(ASAN):
./faad faad_res/004-null-point-filtbank_223 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/004-null-point-filtbank_223 file info:
ADTS, 0.043 sec, 37 kbps, 48000 Hz
---------------------
| Config: 43 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
| 02 | Unknown |
| 03 | Unknown |
| 04 | Unknown |
| 05 | Unknown |
| 06 | Unknown |
| 07 | Unknown |
| 08 | Unknown |
| 09 | Unknown |
| 10 | Unknown |
| 11 | Unknown |
| 12 | Unknown |
| 13 | Unknown |
| 14 | Unknown |
| 15 | Unknown |
| 16 | Unknown |
| 17 | Unknown |
| 18 | Unknown |
| 19 | Unknown |
| 20 | Unknown |
| 21 | Unknown |
| 22 | Unknown |
| 23 | Unknown |
| 24 | Unknown |
| 25 | Unknown |
| 26 | Unknown |
| 27 | Unknown |
| 28 | Unknown |
| 29 | Unknown |
| 30 | Unknown |
| 31 | Unknown |
| 32 | Unknown |
| 33 | Unknown |
| 34 | Unknown |
| 35 | Unknown |
| 36 | Unknown |
| 37 | Unknown |
| 38 | Unknown |
| 39 | Unknown |
| 40 | Unknown |
| 41 | Unknown |
| 42 | Unknown |
---------------------
ASAN:SIGSEGVfaad_res/004-null-point-filtbank_223.
=================================================================
==7068==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f82e567eeeb bp 0x7ffe62c6dc40 sp 0x7ffe62c6bb50 T0)
#0 0x7f82e567eeea in ifilter_bank /root/faad2_asan/libfaad/filtbank.c:223
#1 0x7f82e56b7d3e in reconstruct_single_channel /root/faad2_asan/libfaad/specrec.c:1014
#2 0x7f82e56c0e28 in single_lfe_channel_element /root/faad2_asan/libfaad/syntax.c:631
#3 0x7f82e56bf354 in decode_sce_lfe /root/faad2_asan/libfaad/syntax.c:351
#4 0x7f82e56c02da in raw_data_block /root/faad2_asan/libfaad/syntax.c:441
#5 0x7f82e567a9c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#6 0x7f82e567a566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#7 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#8 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#9 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#10 0x7f82e52b282f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#11 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faad2_asan/libfaad/filtbank.c:223 ifilter_bank
==7068==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/004-null-point-filtbank_223
Null pointer dereference vulnerability in sbr_process_channel(libfaad/sbr_dec.c:413)
Hi, i found a null pointer dereference bug in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It crashed in function sbr_process_channel.the details are below(ASAN):
./faad faad_res/014-null-point-sbr_dec_413 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/014-null-point-sbr_dec_413 file info:
ADTS, 0.469 sec, 41 kbps, 48000 Hz
---------------------
| Config: 2 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
---------------------
ASAN:SIGSEGVfaad_res/014-null-point-sbr_dec_413.
=================================================================
==7082==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f1bfe18af07 bp 0x7ffcee38c300 sp 0x7ffcee38c2c0 T0)
#0 0x7f1bfe18af06 in sbr_process_channel /root/faad2_asan/libfaad/sbr_dec.c:413
#1 0x7f1bfe18c7fa in sbrDecodeSingleFramePS /root/faad2_asan/libfaad/sbr_dec.c:637
#2 0x7f1bfe134b54 in reconstruct_single_channel /root/faad2_asan/libfaad/specrec.c:1071
#3 0x7f1bfe13ce28 in single_lfe_channel_element /root/faad2_asan/libfaad/syntax.c:631
#4 0x7f1bfe13b354 in decode_sce_lfe /root/faad2_asan/libfaad/syntax.c:351
#5 0x7f1bfe13c2da in raw_data_block /root/faad2_asan/libfaad/syntax.c:441
#6 0x7f1bfe0f69c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#7 0x7f1bfe0f6566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#8 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#9 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#10 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#11 0x7f1bfdd2e82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#12 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faad2_asan/libfaad/sbr_dec.c:413 sbr_process_channel
==7082==ABORTING
POC FILE: https://github.com/fantasy7082/image_test/blob/master/014-null-point-sbr_dec_413
Invalid memory address dereference in hf_assembly (in libfaad/sbr_hfadj.c:1536)
Hi, i found a issue in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It crashed in function hf_assembly .the details are below(ASAN):
./faad faad_res/009-invalid-def-sbr_hfadj_1536 -o out.wav
*********** Ahead Software MPEG-4 AAC Decoder V2.8.8 ******************
Build: Dec 13 2018
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
faad_res/009-invalid-def-sbr_hfadj_1536 file info:
ADTS, 0.299 sec, 42 kbps, 48000 Hz
---------------------
| Config: 2 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
---------------------
ASAN:SIGSEGVfaad_res/009-invalid-def-sbr_hfadj_1536.
=================================================================
==7089==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000030da (pc 0x7f2a44f66a79 bp 0x7ffc06965b70 sp 0x7ffc06965ab0 T0)
#0 0x7f2a44f66a78 in hf_assembly /root/faad2_asan/libfaad/sbr_hfadj.c:1536
#1 0x7f2a44f633b6 in hf_adjustment /root/faad2_asan/libfaad/sbr_hfadj.c:90
#2 0x7f2a44f81725 in sbr_process_channel /root/faad2_asan/libfaad/sbr_dec.c:363
#3 0x7f2a44f837fa in sbrDecodeSingleFramePS /root/faad2_asan/libfaad/sbr_dec.c:637
#4 0x7f2a44f2bb54 in reconstruct_single_channel /root/faad2_asan/libfaad/specrec.c:1071
#5 0x7f2a44f33e28 in single_lfe_channel_element /root/faad2_asan/libfaad/syntax.c:631
#6 0x7f2a44f32354 in decode_sce_lfe /root/faad2_asan/libfaad/syntax.c:351
#7 0x7f2a44f332da in raw_data_block /root/faad2_asan/libfaad/syntax.c:441
#8 0x7f2a44eed9c3 in aac_frame_decode /root/faad2_asan/libfaad/decoder.c:990
#9 0x7f2a44eed566 in NeAACDecDecode /root/faad2_asan/libfaad/decoder.c:821
#10 0x40f8ae in decodeAACfile /root/faad2_asan/frontend/main.c:679
#11 0x411dd4 in faad_main /root/faad2_asan/frontend/main.c:1323
#12 0x411fe5 in main /root/faad2_asan/frontend/main.c:1366
#13 0x7f2a44b2582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#14 0x401aa8 in _start (/usr/local/faad-asan/bin/faad+0x401aa8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/faad2_asan/libfaad/sbr_hfadj.c:1536 hf_assembly
==7089==ABORTING
POC FILE:https://github.com/fantasy7082/image_test/blob/master/009-invalid-def-sbr_hfadj_1536
faad2-2.9.0 missing include
I'm trying to compile libfaad2 version 2.9.0 with Visual Studio, and there's one include file missing. In ps_dec.c there are some fprintf(stderr, statements, and the compiler can't find stderr. The include that I had to add at the top was
#include <stdio.h>
It would be nice if later versions of libfaad2 sources could include the line. Thanks!
A heap-buffer-overflow in mp4read.c:355:29
System info
Ubuntu x86_64, clang 6.0, faad (latest master 1073ae)
Configure
CFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" ./configure --enable-shared=no
Command line
./frontend/faad -w -b 5 @@
AddressSanitizer output
*********** Ahead Software MPEG-4 AAC Decoder V2.9.2 ******************
Build: Aug 30 2020
Copyright 2002-2004: Ahead Software AG
http://www.audiocoding.com
bug tracking: https://sourceforge.net/p/faac/bugs/
Floating point version
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License.
**************************************************************************
**** MP4 header ****
Brand: isom(version 512)
Compatible brands: isomiso2mp41
*track media type: 'soun': OK
=================================================================
==36828==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000010 at pc 0x00000051eaca bp 0x7ffe7db7e7f0 sp 0x7ffe7db7e7e8
WRITE of size 4 at 0x602000000010 thread T0
#0 0x51eac9 in stszin /home/seviezhou/faad2/frontend/mp4read.c:355:29
#1 0x517c4d in parse /home/seviezhou/faad2/frontend/mp4read.c:766:19
#2 0x517ec2 in parse /home/seviezhou/faad2/frontend/mp4read.c:790:24
#3 0x517ec2 in parse /home/seviezhou/faad2/frontend/mp4read.c:790:24
#4 0x517ec2 in parse /home/seviezhou/faad2/frontend/mp4read.c:790:24
#5 0x517ec2 in parse /home/seviezhou/faad2/frontend/mp4read.c:790:24
#6 0x518cf8 in moovin /home/seviezhou/faad2/frontend/mp4read.c:867:15
#7 0x517c4d in parse /home/seviezhou/faad2/frontend/mp4read.c:766:19
#8 0x5169a5 in mp4read_open /home/seviezhou/faad2/frontend/mp4read.c:1005:16
#9 0x52de44 in decodeMP4file /home/seviezhou/faad2/frontend/main.c:830:9
#10 0x52de44 in faad_main /home/seviezhou/faad2/frontend/main.c:1323
#11 0x7f92a07fc83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/../csu/libc-start.c:291
#12 0x41a698 in _start (/home/seviezhou/faad2/frontend/faad+0x41a698)
0x602000000011 is located 0 bytes to the right of 1-byte region [0x602000000010,0x602000000011)
allocated by thread T0 here:
#0 0x4de8a8 in __interceptor_malloc /home/seviezhou/llvm-6.0.0/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x51e387 in stszin /home/seviezhou/faad2/frontend/mp4read.c:348:28
#2 0x517c4d in parse /home/seviezhou/faad2/frontend/mp4read.c:766:19
#3 0x517ec2 in parse /home/seviezhou/faad2/frontend/mp4read.c:790:24
#4 0x517ec2 in parse /home/seviezhou/faad2/frontend/mp4read.c:790:24
#5 0x517ec2 in parse /home/seviezhou/faad2/frontend/mp4read.c:790:24
#6 0x517ec2 in parse /home/seviezhou/faad2/frontend/mp4read.c:790:24
#7 0x518cf8 in moovin /home/seviezhou/faad2/frontend/mp4read.c:867:15
#8 0x517c4d in parse /home/seviezhou/faad2/frontend/mp4read.c:766:19
#9 0x5169a5 in mp4read_open /home/seviezhou/faad2/frontend/mp4read.c:1005:16
#10 0x52de44 in decodeMP4file /home/seviezhou/faad2/frontend/main.c:830:9
#11 0x52de44 in faad_main /home/seviezhou/faad2/frontend/main.c:1323
#12 0x7f92a07fc83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/../csu/libc-start.c:291
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/seviezhou/faad2/frontend/mp4read.c:355:29 in stszin
Shadow bytes around the buggy address:
0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa[01]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==36828==ABORTING
POC
Global buffer overflow in function ps_mix_phase() in libfaad/ps_dec.c
This issue was previously reported by pwd@360TeamSeri0us here. It would be nice to track this issue here as well.
stacktrace:
../global-buffer-overflow@ps_mix_phase file info:
ADTS, 12.416 sec, 37 kbps, 48000 Hz
---------------------
| Config: 2 Ch |
---------------------
| Ch | Position |
---------------------
| 00 | Left front |
| 01 | Right front |
---------------------
=================================================================
==29307==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fb6948846d8 at pc 0x7fb69480a53e bp
0x7ffcc1f2b5b0 sp 0x7ffcc1f2b5a8
READ of size 4 at 0x7fb6948846d8 thread T0
#0 0x7fb69480a53d in ps_mix_phase /home/hle/Development/C/faad2/faad2/libfaad/ps_dec.c:1512
#1 0x7fb69481097f in ps_decode /home/hle/Development/C/faad2/faad2/libfaad/ps_dec.c:2000
#2 0x7fb694876475 in sbrDecodeSingleFramePS /home/hle/Development/C/faad2/faad2/libfaad/sbr_dec.c:657
#3 0x7fb69481bc89 in reconstruct_single_channel /home/hle/Development/C/faad2/faad2/libfaad/specrec.c:1071
#4 0x7fb69482443d in single_lfe_channel_element /home/hle/Development/C/faad2/faad2/libfaad/syntax.c:643
#5 0x7fb69482264e in decode_sce_lfe /home/hle/Development/C/faad2/faad2/libfaad/syntax.c:357
#6 0x7fb694823781 in raw_data_block /home/hle/Development/C/faad2/faad2/libfaad/syntax.c:453
#7 0x7fb6947dc5b7 in aac_frame_decode /home/hle/Development/C/faad2/faad2/libfaad/decoder.c:990
#8 0x7fb6947dc07d in NeAACDecDecode /home/hle/Development/C/faad2/faad2/libfaad/decoder.c:821
#9 0x55d4183b20b6 in decodeAACfile /home/hle/Development/C/faad2/faad2/frontend/main.c:679
#10 0x55d4183b5462 in faad_main /home/hle/Development/C/faad2/faad2/frontend/main.c:1328
#11 0x55d4183b5688 in main /home/hle/Development/C/faad2/faad2/frontend/main.c:1371
#12 0x7fb69462009a in __libc_start_main ../csu/libc-start.c:308
#13 0x55d4183a3409 in _start (/home/hle/Development/C/faad2/faad2/frontend/.libs/faad+0xb409)
0x7fb6948846d8 is located 24 bytes to the right of global variable 'sin_gammas_fine' defined in 'ps_tables.h:505:21' (0x7fb6948844c0) of size 512
0x7fb6948846d8 is located 8 bytes to the left of global variable 'sf_iid_normal' defined in 'ps_tables.h:524:21' (0x7fb6948846e0) of size 60
SUMMARY: AddressSanitizer: global-buffer-overflow /home/hle/Development/C/faad2/faad2/libfaad/ps_dec.c:1512
in ps_mix_phase
Shadow bytes around the buggy address:
0x0ff752908880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff752908890: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0ff7529088a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff7529088b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff7529088c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff7529088d0: 00 00 00 00 00 00 00 00 f9 f9 f9[f9]00 00 00 00
0x0ff7529088e0: 00 00 00 04 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0ff7529088f0: 00 00 00 00 00 00 00 04 f9 f9 f9 f9 00 00 00 04
0x0ff752908900: f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 00 00 00 04
0x0ff752908910: f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 00 00 00 04
0x0ff752908920: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 04 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==29307==ABORTING
This issue was assigned CVE-2019-6956, I'm currently investigating it.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.