Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory leaks in parseSWF_UNKNOWNBLOCK #302

Open
pip-izony opened this issue Dec 12, 2023 · 0 comments
Open

Memory leaks in parseSWF_UNKNOWNBLOCK #302

pip-izony opened this issue Dec 12, 2023 · 0 comments

Comments

@pip-izony
Copy link

Environment

Ubuntu 22.04.3 LTS

Compiler

clang version 11.0.0
Target: x86_64-unknown-linux-gnu
Thread model: posix

Step to reproduce

./autogen.sh
./configure --disable-shared --disable-freetype
cd util
./swftophp <PoC file>

Contents of PoC file

Unzip the file below.

PoC.zip

Expected behavior

Print error or warning messages handled within swftophp.

Current behavior

header indicates a filesize of 1785366634 but filesize is 168
<?php
$m = new SWFMovie(11);

ming_setscale(1.0);
$m->setRate(81.316406);
$m->setDimension(-5068, -4562);

/* Note: xMin and/or yMin are not 0! */

$m->setFrames(22353);
 Stream out of sync after parse of blocktype 1 (SWF_SHOWFRAME). 22 but expecting 34.

/* SWF_SHOWFRAME */
$m->nextFrame(); /* end of frame 1 */
/*Unknown block type 606*/

/* SWF_JPEGTABLES */

/* SWF_PLACEOBJECT */

/* SWF_DOACTION */
Stack blown!! - peek
=================================================================
==1402211==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 23 byte(s) in 1 object(s) allocated from:
    #0 0x7f3c97cb4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x5599f195ff17 in readBytes (/home/smb8508/Desktop/work_space/debuging/libming/util/swftophp+0x57f17)
    #2 0x5599f195f509 in parseSWF_UNKNOWNBLOCK (/home/smb8508/Desktop/work_space/debuging/libming/util/swftophp+0x57509)
    #3 0x5599f192af0a in blockParse (/home/smb8508/Desktop/work_space/debuging/libming/util/swftophp+0x22f0a)
    #4 0x5599f192a3ca in readMovie (/home/smb8508/Desktop/work_space/debuging/libming/util/swftophp+0x223ca)
    #5 0x5599f192ac3d in main (/home/smb8508/Desktop/work_space/debuging/libming/util/swftophp+0x22c3d)
    #6 0x7f3c97829d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Direct leak of 18 byte(s) in 1 object(s) allocated from:
    #0 0x7f3c97cb4887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x5599f195ff17 in readBytes (/home/smb8508/Desktop/work_space/debuging/libming/util/swftophp+0x57f17)
    #2 0x5599f195573b in parseSWF_JPEGTABLES (/home/smb8508/Desktop/work_space/debuging/libming/util/swftophp+0x4d73b)
    #3 0x5599f192aee4 in blockParse (/home/smb8508/Desktop/work_space/debuging/libming/util/swftophp+0x22ee4)
    #4 0x5599f192a3ca in readMovie (/home/smb8508/Desktop/work_space/debuging/libming/util/swftophp+0x223ca)
    #5 0x5599f192ac3d in main (/home/smb8508/Desktop/work_space/debuging/libming/util/swftophp+0x22c3d)
    #6 0x7f3c97829d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: 41 byte(s) leaked in 2 allocation(s).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pip-izony