Open
Description
A crafted input will lead to memroy leaks in Ap4DescriptorFactory.cpp at Bento4 1.5.1-627.
Triggered by
./mp42hls crash3.mp4
Poc
crash3.zip
Bento4 Version 1.5.1-627
The ASAN information is as follows:
ERROR: failed to write samples (-18)
=================================================================
==52749==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 88 byte(s) in 1 object(s) allocated from:
#0 0x7f6969285532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x53fd71 in AP4_DescriptorFactory::CreateDescriptorFromStream(AP4_ByteStream&, AP4_Descriptor*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4DescriptorFactory.cpp:89
Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x7f6969285532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x4de961 in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/System/StdC/Ap4StdCFileByteStream.cpp:175
#2 0x4de961 in AP4_FileByteStream::Create(char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/System/StdC/Ap4StdCFileByteStream.cpp:332
Indirect leak of 2097544 byte(s) in 10 object(s) allocated from:
#0 0x7f69692856b2 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x996b2)
#1 0x4abb54 in AP4_DataBuffer::ReallocateBuffer(unsigned int) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4DataBuffer.cpp:210
#2 0x4abb54 in AP4_DataBuffer::SetDataSize(unsigned int) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4DataBuffer.cpp:151
Indirect leak of 896 byte(s) in 16 object(s) allocated from:
#0 0x7f6969285532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x53fec9 in AP4_DescriptorFactory::CreateDescriptorFromStream(AP4_ByteStream&, AP4_Descriptor*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4DescriptorFactory.cpp:126
Indirect leak of 408 byte(s) in 17 object(s) allocated from:
#0 0x7f6969285532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x55b961 in AP4_List<AP4_Descriptor>::Add(AP4_Descriptor*) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4List.h:160
#2 0x55b961 in AP4_InitialObjectDescriptor::AP4_InitialObjectDescriptor(AP4_ByteStream&, unsigned char, unsigned int, unsigned int) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4ObjectDescriptor.cpp:260
Indirect leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7f6969285532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
#1 0x53fd32 in AP4_DescriptorFactory::CreateDescriptorFromStream(AP4_ByteStream&, AP4_Descriptor*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4DescriptorFactory.cpp:114
SUMMARY: AddressSanitizer: 2099016 byte(s) leaked in 46 allocation(s).
FoundBy: yjiiit@aliyun.com