[ISOBMFF] AV1ConfigurationBox: read only 4 bytes (expected 16).
[iso file] Box "av1C" (start 20) has 12 extra bytes
[isom] not enough bytes in box dimC: 0 left, reading 1 (file isomedia/box_code_3gpp.c, line 1082)
[iso file] Read Box "dimC" (start 44) failed (Invalid IsoMedia File) - skipping
Error opening file /home/fuzz/test/poc_ml: Invalid IsoMedia File
=================================================================
==71539==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 2566 byte(s) in 1 object(s) allocated from:
#0 0x7fe8c635f808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fe8c2ef8d39 in dimC_box_read isomedia/box_code_3gpp.c:1060
#2 0x7fe8c2fb75c3 in gf_isom_box_read isomedia/box_funcs.c:1866
#3 0x7fe8c2fb75c3 in gf_isom_box_parse_ex isomedia/box_funcs.c:271
#4 0x7fe8c2fb8a15 in gf_isom_parse_root_box isomedia/box_funcs.c:38
#5 0x7fe8c2fe1a8c in gf_isom_parse_movie_boxes_internal isomedia/isom_intern.c:378
#6 0x7fe8c2fe7ca1 in gf_isom_parse_movie_boxes isomedia/isom_intern.c:868
#7 0x7fe8c2fe7ca1 in gf_isom_open_file isomedia/isom_intern.c:988
#8 0x55c56a3e9139 in mp4box_main /home/fuzz/gpac/applications/mp4box/mp4box.c:6209
#9 0x7fe8c0558082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 2566 byte(s) leaked in 1 allocation(s).
code location:
GF_Err dimC_box_read(GF_Box *s, GF_BitStream *bs)
{
u32 i, msize;
GF_DIMSSceneConfigBox *p = (GF_DIMSSceneConfigBox *)s;
ISOM_DECREASE_SIZE(p, 3);
p->profile = gf_bs_read_u8(bs);
p->level = gf_bs_read_u8(bs);
p->pathComponents = gf_bs_read_int(bs, 4);
p->fullRequestHost = gf_bs_read_int(bs, 1);
p->streamType = gf_bs_read_int(bs, 1);
p->containsRedundant = gf_bs_read_int(bs, 2);
char *str = gf_malloc(sizeof(char)*(p->size+1)); //line 1060 here p->size+1 = 2566
if (!str) return GF_OUT_OF_MEM;
msize = (u32) p->size;
str[msize] = 0;
i=0;
str[0]=0;
while (i < msize) {
ISOM_DECREASE_SIZE(p, 1);
str[i] = gf_bs_read_u8(bs);
if (!str[i]) break;
i++;
}
if (i == msize) {
gf_free(str);
return GF_ISOM_INVALID_FILE;
}
p->textEncoding = gf_strdup(str);
i=0;
str[0]=0;
while (i < msize) {
ISOM_DECREASE_SIZE(p, 1); //line :1082 not enough bytes in box dimC: 0 left, reading 1
str[i] = gf_bs_read_u8(bs);
if (!str[i]) break;
i++;
}
if (i == msize) {
gf_free(str);
return GF_ISOM_INVALID_FILE;
}
p->contentEncoding = gf_strdup(str);
gf_free(str);
if (!p->textEncoding || !p->contentEncoding)
return GF_OUT_OF_MEM;
return GF_OK;
}
ps: The issue could be verified using the poc in issue 2294 and 2296. The patch of issue 2294 and 2296 was not perfect because it still existed memory leak risk .
Description
Memory Leak in dimC_box_read at isomedia/box_code_3gpp.c:1060
System info
ubuntu 20.04 lts
version info:
compile
./configure --enable-sanitizer
make
crash command:
./MP4Box -bt poc_ml
poc :
https://github.com/Janette88/test_pocs/blob/main/poc_ml
Here is output by ASAN:
code location:
ps: The issue could be verified using the poc in issue 2294 and 2296. The patch of issue 2294 and 2296 was not perfect because it still existed memory leak risk .
ref:
#2294
#2296
The text was updated successfully, but these errors were encountered: