Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AddressSanitizer: 2 memory leaks of metx_New(), abst_Read() #1337

Closed
Clingto opened this issue Nov 9, 2019 · 3 comments
Closed

AddressSanitizer: 2 memory leaks of metx_New(), abst_Read() #1337

Clingto opened this issue Nov 9, 2019 · 3 comments

Comments

@Clingto
Copy link

Clingto commented Nov 9, 2019

System info:
Ubuntu 16.04.6 LTS, X64, gcc 5.4.0, gpac (latest master 00dfc93)
Compile Command:

$ CC="gcc -fsanitize=address -g" CXX="g++ -fsanitize=address -g" ./configure --static-mp4box
$ make

Run Command:

$ MP4Box -diso -out /dev/null $POC-new-memory-leak

POC file:
https://github.com/Clingto/POC/blob/master/gpac-MP4Box/gpac-00dfc93-crashes/POC-new-memory-leak

gdb info:

Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[iso file] Box "metx" size 15 (start 89) invalid (read 25)
[iso file] Box "abst" size 24 (start 0) invalid (read 104)
[iso file] Incomplete box abst - start 0 size 24
[iso file] Incomplete file while reading for dump - aborting parsing
[iso file] Box "metx" size 15 (start 89) invalid (read 25)
[iso file] Box "abst" size 24 (start 0) invalid (read 104)
Truncated file - missing 24 bytes
[Inferior 1 (process 6276) exited with code 01]

ASAN info:

==26041==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 224 byte(s) in 2 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0xaefada in metx_New isomedia/box_code_base.c:8367

Direct leak of 8 byte(s) in 2 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x792106 in abst_Read isomedia/box_code_adobe.c:95
    #2 0xb62c63  (/bin/MP4Box+0xb62c63)

Indirect leak of 32 byte(s) in 2 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x46c27d in gf_list_new utils/list.c:602

Indirect leak of 16 byte(s) in 4 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7ffff63eb489 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x8b489)

SUMMARY: AddressSanitizer: 280 byte(s) leaked in 10 allocation(s).


Addition: This bug was found with our fuzzer, which is based on AFL. Our fuzzer is developed by Yuanpingyu(cfenicey@gmail.com) 、Yanhao and Marsman1996(lqliuyuwei@outlook.com)

@carnil
Copy link

carnil commented Dec 31, 2019

CVE-2019-20171 was assigned for this issue.

aureliendavid added a commit that referenced this issue Jan 8, 2020
@aureliendavid
Copy link
Contributor

Thanks for the report.

This should be fixed in master / 0.8.0 as of the above commit.

It will be included in filters / 0.9.0 in the next merge.

Feel free to reopen the issue if necessary.

@aureliendavid
Copy link
Contributor

I had forgotten something about this one. Should be ok now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants