Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AddressSanitizer: a memory leak of dinf_New() #1321

Closed
Clingto opened this issue Oct 28, 2019 · 2 comments
Closed

AddressSanitizer: a memory leak of dinf_New() #1321

Clingto opened this issue Oct 28, 2019 · 2 comments

Comments

@Clingto
Copy link

Clingto commented Oct 28, 2019

System info:
Ubuntu 16.04.6 LTS, X64, gcc 5.4.0, gpac (master 6ada10e)
Compile Command:

$ CC="gcc -fsanitize=address -g" CXX="g++ -fsanitize=address -g" ./configure --static-mp4box
$ make

Run Command:

$ MP4Box -diso -out /dev/null $POC-memory-leak

POC file:
https://github.com/Clingto/POC/blob/master/gpac-MP4Box/POC-memory-leak
ASAN info:

==26273==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0xad2eed in dinf_New isomedia/box_code_base.c:945

Indirect leak of 160 byte(s) in 2 object(s) allocated from:
    #0 0x7ffff6f02961 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98961)
    #1 0x46c43a in realloc_chain utils/list.c:622
    #2 0x46c43a in gf_list_add utils/list.c:629

Indirect leak of 96 byte(s) in 2 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0xad1d0d in url_New isomedia/box_code_base.c:575

Indirect leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0xad318d in dref_New isomedia/box_code_base.c:1005

Indirect leak of 32 byte(s) in 2 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x46c27d in gf_list_new utils/list.c:602

SUMMARY: AddressSanitizer: 448 byte(s) leaked in 10 allocation(s).

Edit

This bug issue still exists in latest version 0.8.0: 4c19ae5 and 0.9.0: 1de1f8d


Addition: This bug was found with our fuzzer, which is based on AFL. Our fuzzer is developed by Yuanpingyu(cfenicey@gmail.com) 、Yanhao and Marsman1996(lqliuyuwei@outlook.com)

@carnil
Copy link

carnil commented Dec 31, 2019

CVE-2019-20159 was assigned for this issue.

@Clingto Clingto changed the title AddressSanitizer: 4 memory leaks of dinf_New()、gf_list_add()、url_New()、gf_list_new() AddressSanitizer: a memory leak of dinf_New() Jan 2, 2020
aureliendavid added a commit that referenced this issue Jan 8, 2020
@aureliendavid
Copy link
Contributor

Thanks for the report.

This should be fixed in master / 0.8.0 as of the above commit.

It will be included in filters / 0.9.0 in the next merge.

Feel free to reopen the issue if necessary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants