2017/4/20

PoC of CVE-2017-0474 (VP9 decoder DoS)

Google fixed it before I found the PoC.
Now it goes public:

04-20 22:31:17.998 13643 13740 F libc    : Fatal signal 11 (SIGSEGV), code 1, fault addr 0xffffffec in tid 13740 (gle.vp9.decoder)
04-20 22:31:17.999   355   355 W         : debuggerd: handling request: pid=13643 uid=1046 gid=1006 tid=13740
04-20 22:31:18.061 13751 13751 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
04-20 22:31:18.062 13751 13751 F DEBUG   : Build fingerprint: 'google/angler/angler:7.0/NBD90X/3254009:user/release-keys'
04-20 22:31:18.062 13751 13751 F DEBUG   : Revision: '0'
04-20 22:31:18.062 13751 13751 F DEBUG   : ABI: 'arm'
04-20 22:31:18.063 13751 13751 F DEBUG   : pid: 13643, tid: 13740, name: gle.vp9.decoder  >>> media.codec <<<
04-20 22:31:18.063 13751 13751 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xffffffec
04-20 22:31:18.063 13751 13751 F DEBUG   :     r0 0006dc72  r1 200f3e9e  r2 00000002  r3 00000000
04-20 22:31:18.063 13751 13751 F DEBUG   :     r4 f178a008  r5 00000000  r6 00000000  r7 00000000
04-20 22:31:18.063 13751 13751 F DEBUG   :     r8 f20da779  r9 f146c624  sl 00000000  fp f17fa9e8
04-20 22:31:18.063 13751 13751 F DEBUG   :     ip f146c580  sp f146c610  lr f20799f1  pc f20797d2  cpsr 80030030
04-20 22:31:18.064 13751 13751 F DEBUG   :
04-20 22:31:18.064 13751 13751 F DEBUG   : backtrace:
04-20 22:31:18.065 13751 13751 F DEBUG   :     #00 pc 000197d2  /system/lib/libc.so (_ZN11ScopedTraceC1EPKc+141)
04-20 22:31:18.065 13751 13751 F DEBUG   :     #01 pc fffffffd  <unknown>

Google Pixel modem.img mod for Chinese carriers

Carriers in China like China Telecom was stuck on CSFB mode of 4G NOT globally popular VOLTE mode, so most cell-phones not selling in China ...