Attachment 9012 Details for Bug 20357 – Testing notes before update

Testing notes before update

quicktime_report (text/plain), 1.73 KB, created by Len Lawrence on 2017-03-02 23:23:19 CET

(hide)

Description:

Filename:

MIME Type:

Creator: Len Lawrence

Created: 2017-03-02 23:23:19 CET

Size: 1.73 KB

patch

obsolete

>http://www.linuxfromscratch.org/blfs/view/cvs/multimedia/libquicktime.html
>
>libquicktime_config: is a graphical front end to examine and configure the available libquicktime audio and video codecs.
>
>lqtplay: is a simple QuickTime movie player for X Window System.
>
>lqt_transcode: is a command-line program used to encode video and/or audio files from one format to another.
>
>qt2text: is used to dump all text strings from a quicktime file.
>
>qtdechunk: can take movies containing rgb frames and write them out as ppm images.
>
>qtdump: displays the parsed contents of the provided file.
>
>qtinfo: prints various pieces of metadata parsed by the libquicktime library for the provided file
>
>qtrechunk: concatenates input frames into a QuickTime movie.
>
>qtstreamize: is used to make a file streamable by placing the moov header at the beginning of the file.
>
>qtyuv4toyuv: is used to write a YUV4 encoded movie as a planar YUV 4:2:0 file.
>
>libquicktime.so: is a library for reading and writing QuickTime files. It provides convenient access to QuickTime files with a variety of supported codecs. The library contains new functions integrated with all the original QuickTime 4 Linux library functions used to encode and decode QuickTime files.
>
>$ ./reproducer_data.py 
>libquicktime <= 1.2.4 Integer Overflow CVE-2016-2399
>Author: Marco Romano - @nemux_ - http://www.nemux.org
>[*] The PoC is done!
>
>That produces nemux_data.mp4.
>$ file nemux_data.mp4
>nemux_data.mp4: ISO Media
><This is common to MP4, MOV and M4V files)
>
>$ strace qtdump nemux_data.mp4 > & nemuxd.trace
>The trace is not of much intrinsic interest except to show that libquicktime is called.  The program degenerates into a SEEK_SET loop and eventually segfaults.
>Keeping it for comparison with the post update result.

http://www.linuxfromscratch.org/blfs/view/cvs/multimedia/libquicktime.html

libquicktime_config: is a graphical front end to examine and configure the available libquicktime audio and video codecs.

lqtplay: is a simple QuickTime movie player for X Window System.

lqt_transcode: is a command-line program used to encode video and/or audio files from one format to another.

qt2text: is used to dump all text strings from a quicktime file.

qtdechunk: can take movies containing rgb frames and write them out as ppm images.

qtdump: displays the parsed contents of the provided file.

qtinfo: prints various pieces of metadata parsed by the libquicktime library for the provided file

qtrechunk: concatenates input frames into a QuickTime movie.

qtstreamize: is used to make a file streamable by placing the moov header at the beginning of the file.

qtyuv4toyuv: is used to write a YUV4 encoded movie as a planar YUV 4:2:0 file.

libquicktime.so: is a library for reading and writing QuickTime files. It provides convenient access to QuickTime files with a variety of supported codecs. The library contains new functions integrated with all the original QuickTime 4 Linux library functions used to encode and decode QuickTime files.

$ ./reproducer_data.py 
libquicktime <= 1.2.4 Integer Overflow CVE-2016-2399
Author: Marco Romano - @nemux_ - http://www.nemux.org
[*] The PoC is done!

That produces nemux_data.mp4.
$ file nemux_data.mp4
nemux_data.mp4: ISO Media
<This is common to MP4, MOV and M4V files)

$ strace qtdump nemux_data.mp4 > & nemuxd.trace
The trace is not of much intrinsic interest except to show that libquicktime is called.  The program degenerates into a SEEK_SET loop and eventually segfaults.
Keeping it for comparison with the post update result.

Actions: View

Attachments on bug 20357: 9010 | 9011 | 9012