Skip to content

Memory leak on tsMuxer #780

Closed
Closed
@Frank-Z7

Description

@Frank-Z7

Memory leak on tsMuxer

Description

We found a memory leak error when we used tsMuxer/tsmuxer to process mp4 format files.

(SUMMARY: AddressSanitizer: 26339 byte(s) leaked in 72 allocation(s).)

Version

./tsmuxer --version
tsMuxeR version git-2539d07. github.com/justdan96/tsMuxer

tsMuxeR version git-2539d07 is the latest version.

Reference

https://github.com/justdan96/tsMuxer

PoC

PocTsmuxerMp4.mp4: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/PocTsmuxerMp4.mp4

Reproduction

cd tsMuxer
./tsMuxer/tsmuxer PocTsmuxerMp4.mp4

Environment

ubuntu:20.04
gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
clang version 10.0.0-4ubuntu1
afl-cc++4.09

ASAN Log

Since github has restrictions on the length of comments, the complete ASAN Log can be found at:

https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/tsmuxer_ASAN_Log.txt

=================================================================
==1369001==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2560 byte(s) in 5 object(s) allocated from:
    #0 0x5d8c0d in operator new(unsigned long) (/afltest/tsMuxer/tsMuxer/tsmuxer+0x5d8c0d)
    #1 0x63533f in H264StreamReader::checkStream(unsigned char*, int) /afltest/tsMuxer/tsMuxer/h264StreamReader.cpp:97:24
    #2 0x745d59 in METADemuxer::detectTrackReader(unsigned char*, int, AbstractStreamReader::ContainerType, int, int) /afltest/tsMuxer/tsMuxer/metaDemuxer.cpp:749:22
    #3 0x73d0dd in METADemuxer::DetectStreamReader(BufferedReaderManager const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) /afltest/tsMuxer/tsMuxer/metaDemuxer.cpp:627:39
    #4 0x6bb225 in detectStreamReader(char const*, MPLSParser*, bool) /afltest/tsMuxer/tsMuxer/main.cpp:114:34
    #5 0x6c76ef in main /afltest/tsMuxer/tsMuxer/main.cpp:689:17
    #6 0x7ffff798b082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16

Direct leak of 440 byte(s) in 5 object(s) allocated from:

Indirect leak of 4800 byte(s) in 1 object(s) allocated from:

...............
Since github has restrictions on the length of comments, the complete ASAN Log can be found at:
https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/tsmuxer_ASAN_Log.txt
...............

SUMMARY: AddressSanitizer: 26339 byte(s) leaked in 72 allocation(s).

Credit

Zeng Yunxiang ([Huazhong University of Science and Technology](http://cse.hust.edu.cn/))
Song Jiaxuan

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions