Skip to content

memory leak in png_malloc_warn and png_create_info_struct #307

Closed
@zer0yu

Description

@zer0yu

Hi,libpng team. there are memory leaks in the function png_malloc_warn and png_create_info_struct, respectively.

I compiler gif2png to the 32-bit LSB version with ASAN. The software runs in the x86-64 Ubuntu 16.04 services.

the bug is trigered by ./gif2png -r poc.
libpng_poc.zip

the asan debug info is as follows:

=================================================================
==35676==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 64056 byte(s) in 51 object(s) allocated from:
#0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x7ffff6c43c0d in png_malloc_warn (/lib/x86_64-linux-gnu/libpng16.so.16+0xac0d)

Direct leak of 17544 byte(s) in 51 object(s) allocated from:
#0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x7ffff6c3e032 in png_create_info_struct (/lib/x86_64-linux-gnu/libpng16.so.16+0x5032)
#2 0x4039d8 in processfile (/home/zeroyu/target_gif2png/gif2png64+0x4039d8)
#3 0x40406d in main (/home/zeroyu/target_gif2png/gif2png64+0x40406d)
#4 0x7ffff688f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 6656 byte(s) in 26 object(s) allocated from:
#0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x405df0 in xalloc (/home/zeroyu/target_gif2png/gif2png64+0x405df0)
#2 0x405953 in ReadImage (/home/zeroyu/target_gif2png/gif2png64+0x405953)
#3 0x404a6d in ReadGIF (/home/zeroyu/target_gif2png/gif2png64+0x404a6d)
#4 0x403647 in processfile (/home/zeroyu/target_gif2png/gif2png64+0x403647)
#5 0x40406d in main (/home/zeroyu/target_gif2png/gif2png64+0x40406d)
#6 0x7ffff688f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 2048 byte(s) in 8 object(s) allocated from:
#0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x405df0 in xalloc (/home/zeroyu/target_gif2png/gif2png64+0x405df0)
#2 0x405953 in ReadImage (/home/zeroyu/target_gif2png/gif2png64+0x405953)
#3 0x4049cc in ReadGIF (/home/zeroyu/target_gif2png/gif2png64+0x4049cc)
#4 0x403647 in processfile (/home/zeroyu/target_gif2png/gif2png64+0x403647)
#5 0x40406d in main (/home/zeroyu/target_gif2png/gif2png64+0x40406d)
#6 0x7ffff688f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 90304 byte(s) leaked in 136 allocation(s).
[Inferior 1 (process 35676) exited with code 027]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions