SEGV ASAN in mp4decrypt

[zhangteng0526]

Dear Bento4 developers, I used AFL++ to fuzz test Bento4 and found some problems.
To debug a program built with ASan, here is some output

AddressSanitizer:DEADLYSIGNAL
=================================================================
==27447==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000028 (pc 0x00000063d760 bp 0x7ffc110725e0 sp 0x7ffc11072240 T0)
==27447==The signal is caused by a READ memory access.
==27447==Hint: address points to the zero page.
    #0 0x63d760 in AP4_Processor::ProcessFragments(AP4_MoovAtom*, AP4_List<AP4_AtomLocator>&, AP4_ContainerAtom*, AP4_SidxAtom*, unsigned long long, AP4_ByteStream&, AP4_ByteStream&) /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Core/Ap4Processor.cpp:211:56
    #1 0x64c6e0 in AP4_Processor::Process(AP4_ByteStream&, AP4_ByteStream&, AP4_ByteStream*, AP4_Processor::ProgressListener*, AP4_AtomFactory&) /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Core/Ap4Processor.cpp:726:18
    #2 0x4c89cd in main /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Apps/Mp4Decrypt/Mp4Decrypt.cpp:258:29
    #3 0x7f4eb62bc082 in __libc_start_main /build/glibc-e2p3jK/glibc-2.31/csu/../csu/libc-start.c:308:16
    #4 0x41c8fd in _start (/home/zt/cnvd/Bento4/Bento4-fuzzer/build/mp4decrypt+0x41c8fd)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/zt/cnvd/Bento4/Bento4-fuzzer/Source/C++/Core/Ap4Processor.cpp:211:56 in AP4_Processor::ProcessFragments(AP4_MoovAtom*, AP4_List<AP4_AtomLocator>&, AP4_ContainerAtom*, AP4_SidxAtom*, unsigned long long, AP4_ByteStream&, AP4_ByteStream&)
==27447==ABORTING

Crash input:

新建文件夹.zip

Validation steps

git clone https://github.com/axiomatic-systems/Bento4
cd Bento4/
mkdir check_build && cd check_build
cmake ../ -DCMAKE_C_COMPILER=clang  -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_FLAGS="-fsanitize=address" -DCMAKE_CXX_FLAGS="-fsanitize=address" -DCMAKE_BUILD_TYPE=Release
make -j$(nproc)
 ./mp4decrypt input /dev/null

环境

Ubuntu 20.04 LTS
Bento v1.6.0-641