Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory leaks in parseSWF_IMPORTASSETS #218

Open
Radon10043 opened this issue Apr 8, 2021 · 0 comments
Open

Memory leaks in parseSWF_IMPORTASSETS #218

Radon10043 opened this issue Apr 8, 2021 · 0 comments

Comments

@Radon10043
Copy link

Hi, I found a memory leak problem.
version: 0.4.8
command: swftophp poc
poc:
parser.c_2556.zip

Here is the report from ASAN:

`header indicates a filesize of 761 but filesize is 550
<?php
$m = new SWFMovie(8);

ming_setscale(1.0);
$m->setRate(192.371094);
$m->setDimension(-13061, -13172);

/* Note: xMin and/or yMin are not 0! */

$m->setFrames(49344);
/*Unknown block type 803*/
/*Unknown block type 16*/
/*Unknown block type 307*/
/*Unknown block type 493*/
/*Unknown block type 846*/
/*Unknown block type 897*/
/*Unknown block type 927*/
/*Unknown block type 898*/
/*Unknown block type 523*/
 Stream out of sync after parse of blocktype 57 (SWF_IMPORTASSETS). 332 but expecting 340.

/* SWF_IMPORTASSETS */
/*Unknown block type 970*/
/*Unknown block type 401*/
truncated file

=================================================================
==52194==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 269 byte(s) in 10 object(s) allocated from:
    #0 0x4d2558 in malloc /home/radon/build/llvm_tools/llvm-4.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x595d03 in readBytes /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/read.c:227:17
    #2 0x594308 in parseSWF_UNKNOWNBLOCK /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/parser.c:3551:28
    #3 0x5296d1 in blockParse /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/blocktypes.c:148:10
    #4 0x52831b in readMovie /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:265:11
    #5 0x526bbc in main /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:350:2
    #6 0x7f4aeee7e83f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)

Direct leak of 256 byte(s) in 1 object(s) allocated from:
    #0 0x4d2558 in malloc /home/radon/build/llvm_tools/llvm-4.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x595edf in readString /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/read.c:242:17
    #2 0x580725 in parseSWF_IMPORTASSETS /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/parser.c:2553:20
    #3 0x529615 in blockParse /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/blocktypes.c:145:14
    #4 0x52831b in readMovie /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:265:11
    #5 0x526bbc in main /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:350:2
    #6 0x7f4aeee7e83f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)

Direct leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x4d2558 in malloc /home/radon/build/llvm_tools/llvm-4.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x580908 in parseSWF_IMPORTASSETS /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/parser.c:2556:32
    #2 0x529615 in blockParse /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/blocktypes.c:145:14
    #3 0x52831b in readMovie /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:265:11
    #4 0x526bbc in main /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:350:2
    #5 0x7f4aeee7e83f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)

Direct leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x4d2558 in malloc /home/radon/build/llvm_tools/llvm-4.0.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x580850 in parseSWF_IMPORTASSETS /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/parser.c:2555:29
    #2 0x529615 in blockParse /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/blocktypes.c:145:14
    #3 0x52831b in readMovie /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:265:11
    #4 0x526bbc in main /home/radon/Documents/subject/Delta/Type2/libming/libming-CVE-2018-8962/obj-aflgo/util/../../util/main.c:350:2
    #5 0x7f4aeee7e83f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)

SUMMARY: AddressSanitizer: 527 byte(s) leaked in 13 allocation(s).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant