Skip to content

Memory leaks in Ap4DescriptorFactory.cpp:89 at Bento4 1.5.1-627 when running mp42hls #343

Open
@PikaQQQ

Description

@PikaQQQ

A crafted input will lead to memroy leaks in Ap4DescriptorFactory.cpp at Bento4 1.5.1-627.

Triggered by
./mp42hls crash3.mp4

Poc
crash3.zip

Bento4 Version 1.5.1-627
The ASAN information is as follows:

ERROR: failed to write samples (-18)

=================================================================
==52749==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x7f6969285532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
    #1 0x53fd71 in AP4_DescriptorFactory::CreateDescriptorFromStream(AP4_ByteStream&, AP4_Descriptor*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4DescriptorFactory.cpp:89

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f6969285532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
    #1 0x4de961 in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/System/StdC/Ap4StdCFileByteStream.cpp:175
    #2 0x4de961 in AP4_FileByteStream::Create(char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/System/StdC/Ap4StdCFileByteStream.cpp:332

Indirect leak of 2097544 byte(s) in 10 object(s) allocated from:
    #0 0x7f69692856b2 in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x996b2)
    #1 0x4abb54 in AP4_DataBuffer::ReallocateBuffer(unsigned int) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4DataBuffer.cpp:210
    #2 0x4abb54 in AP4_DataBuffer::SetDataSize(unsigned int) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4DataBuffer.cpp:151

Indirect leak of 896 byte(s) in 16 object(s) allocated from:
    #0 0x7f6969285532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
    #1 0x53fec9 in AP4_DescriptorFactory::CreateDescriptorFromStream(AP4_ByteStream&, AP4_Descriptor*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4DescriptorFactory.cpp:126

Indirect leak of 408 byte(s) in 17 object(s) allocated from:
    #0 0x7f6969285532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
    #1 0x55b961 in AP4_List<AP4_Descriptor>::Add(AP4_Descriptor*) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4List.h:160
    #2 0x55b961 in AP4_InitialObjectDescriptor::AP4_InitialObjectDescriptor(AP4_ByteStream&, unsigned char, unsigned int, unsigned int) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4ObjectDescriptor.cpp:260

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7f6969285532 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99532)
    #1 0x53fd32 in AP4_DescriptorFactory::CreateDescriptorFromStream(AP4_ByteStream&, AP4_Descriptor*&) /home/jas/Downloads/Bento4-SRC-1-5-1-627/Source/C++/Core/Ap4DescriptorFactory.cpp:114

SUMMARY: AddressSanitizer: 2099016 byte(s) leaked in 46 allocation(s).

FoundBy: yjiiit@aliyun.com

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions