Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AddressSanitizer: memory leaks of dref_New() #1183

Closed
Marsman1996 opened this issue Dec 17, 2018 · 2 comments
Closed

AddressSanitizer: memory leaks of dref_New() #1183

Marsman1996 opened this issue Dec 17, 2018 · 2 comments

Comments

@Marsman1996
Copy link

Tested in Ubuntu 18.04, 64bit, gcc 7.3.0, gpac (master d1c4bc3)

Compile cmd:
$ ./configure --extra-cflags="-fsanitize=address,undefined -g" --extra-ldflags="-fsanitize=address,undefined -ldl -g"
$ make

Triggered by
$ MP4Box -diso $POC

POC file:
https://github.com/Marsman1996/pocs/blob/master/gpac/poc13-leak

ASAN info:

ubuntu@ubuntu-virtual-machine:~/Desktop/crashana/gpac/gpac-d1c4bc3/build_asan$ 
./bin/gcc/MP4Box -diso ../../poc13-leak 
[iso file] Unknown box type mo2v
[iso file] Box "mvhd" is invalid in container mo2v
[iso file] Box "href" is invalid in container dinf
[iso file] Unknown box type stb.
[iso file] Box "trik" is invalid in container stb.
[iso file] Read Box type .... (0x01000000) has size 0 but is not at root/file level, skipping
[iso file] Box "stpp" size 15 invalid (read 33)
[iso file] Box "stpp" is invalid in container stb.
[iso file] Unknown box type pts.
[iso file] Box "UNKN" is larger than container box
[iso file] Missing dref box in dinf
[iso file] Box "dinf" size 44 invalid (read 494)
[iso file] Box "trik" is invalid in container minf
[iso file] Read Box type .... (0x01000000) has size 0 but is not at root/file level, skipping
[iso file] Box "stpp" size 15 invalid (read 33)
[iso file] Box "stpp" is invalid in container minf
[iso file] Unknown box type pts.
[iso file] Box "trak" size 128 invalid (read 714)
[iso file] Unknown box type 
[iso file] Incomplete box UNKN
[iso file] Incomplete file while reading for dump - aborting parsing
[iso file] Unknown box type mo2v
[iso file] Box "mvhd" is invalid in container mo2v
[iso file] Box "href" is invalid in container dinf
[iso file] Unknown box type stb.
[iso file] Box "trik" is invalid in container stb.
[iso file] Read Box type .... (0x01000000) has size 0 but is not at root/file level, skipping
[iso file] Box "stpp" size 15 invalid (read 33)
[iso file] Box "stpp" is invalid in container stb.
[iso file] Unknown box type pts.
[iso file] Box "UNKN" is larger than container box
[iso file] Missing dref box in dinf
[iso file] Box "dinf" size 44 invalid (read 494)
[iso file] Box "trik" is invalid in container minf
[iso file] Read Box type .... (0x01000000) has size 0 but is not at root/file level, skipping
[iso file] Box "stpp" size 15 invalid (read 33)
[iso file] Box "stpp" is invalid in container minf
[iso file] Unknown box type pts.
[iso file] Box "trak" size 128 invalid (read 714)
[iso file] Unknown box type 
Truncated file - missing 1936916471 bytes
Error opening file ../../poc13-leak: IsoMedia File is truncated
=================================================================
==93222==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7fed213dcb50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50)
    #1 0x7fed1df0b7fa in dref_New /home/ubuntu/Desktop/crashana/gpac/gpac-d1c4bc3/src/isomedia/box_code_base.c:1012

SUMMARY: AddressSanitizer: 40 byte(s) leaked in 1 allocation(s).
@aureliendavid
Copy link
Contributor

with a bit of delay: this should now be fixed

@carnil
Copy link

carnil commented Sep 20, 2019

CVE-2018-21017 as assigned for this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants