Skip to content

Memory leaks in parseSWF_IMPORTASSETS #218

Open
@Radon10043

Description

@Radon10043

Hi, I found a memory leak problem.
version: 0.4.8
command: swftophp poc
poc:
parser.c_2556.zip

Here is the report from ASAN:

`header indicates a filesize of 761 but filesize is 550
<?php
$m = new SWFMovie(8);

ming_setscale(1.0);
$m->setRate(192.371094);
$m->setDimension(-13061, -13172);

/* Note: xMin and/or yMin are not 0! */

$m->setFrames(49344);
/*Unknown block type 803*/
/*Unknown block type 16*/
/*Unknown block type 307*/
/*Unknown block type 493*/
/*Unknown block type 846*/
/*Unknown block type 897*/
/*Unknown block type 927*/
/*Unknown block type 898*/
/*Unknown block type 523*/
 Stream out of sync after parse of blocktype 57 (SWF_IMPORTASSETS). 332 but expecting 340.

/* SWF_IMPORTASSETS */
/*Unknown block type 970*/
/*Unknown block type 401*/
truncated file

=================================================================
==52194==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 269 byte(s) in 10 object(s) allocated from:
    #0 0x4d2558 in malloc /home/radon/build/llvm_tools/llvm-4.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x595d03 in readBytes /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/read.c:227:17
    #2 0x594308 in parseSWF_UNKNOWNBLOCK /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/parser.c:3551:28
    #3 0x5296d1 in blockParse /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/blocktypes.c:148:10
    #4 0x52831b in readMovie /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:265:11
    #5 0x526bbc in main /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:350:2
    #6 0x7f4aeee7e83f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)

Direct leak of 256 byte(s) in 1 object(s) allocated from:
    #0 0x4d2558 in malloc /home/radon/build/llvm_tools/llvm-4.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x595edf in readString /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/read.c:242:17
    #2 0x580725 in parseSWF_IMPORTASSETS /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/parser.c:2553:20
    #3 0x529615 in blockParse /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/blocktypes.c:145:14
    #4 0x52831b in readMovie /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:265:11
    #5 0x526bbc in main /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:350:2
    #6 0x7f4aeee7e83f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)

Direct leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x4d2558 in malloc /home/radon/build/llvm_tools/llvm-4.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x580908 in parseSWF_IMPORTASSETS /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/parser.c:2556:32
    #2 0x529615 in blockParse /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/blocktypes.c:145:14
    #3 0x52831b in readMovie /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:265:11
    #4 0x526bbc in main /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:350:2
    #5 0x7f4aeee7e83f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)

Direct leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x4d2558 in malloc /home/radon/build/llvm_tools/llvm-4.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x580850 in parseSWF_IMPORTASSETS /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/parser.c:2555:29
    #2 0x529615 in blockParse /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/blocktypes.c:145:14
    #3 0x52831b in readMovie /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:265:11
    #4 0x526bbc in main /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:350:2
    #5 0x7f4aeee7e83f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)

SUMMARY: AddressSanitizer: 527 byte(s) leaked in 13 allocation(s).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions