Memory leaks in function JpegEncoder::Encode

[xiaoxiaoafeifei]

Description
Memory leaks in function JpegEncoder::Encode

Version
heif-convert libheif version: 1.17.6

Replay
cd libheif
mkdir build && cd build
export CC=afl-clang-fast CXX=afl-clang-fast++ CFLAGS="-gdwarf-2 -g3 -O0 -fsanitize=address,undefined -fno-omit-frame-pointer" CXXFLAGS="-gdwarf-2 -g3 -O0 -fsanitize=address,undefined -fno-omit-frame-pointer" LDFLAGS="-fsanitize=address,undefined"
cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_UNCOMPRESSED_CODEC=ON ..
make -j
./examples/heif-convert ./poc21 1.jpg

ASAN
==523507==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 168 byte(s) in 1 object(s) allocated from:
#0 0x55737c4f5b1e in malloc (/usr/local/bin/heif-convert+0xc2b1e) (BuildId: 69e521453ea212a7fb7de9c758d7c06c6558ac42)
#1 0x7f30384d157b in jinit_memory_mgr (/lib/x86_64-linux-gnu/libjpeg.so.8+0x3957b) (BuildId: c54abff9294357e28532a76a049a4cb2542fc15b)

Direct leak of 100 byte(s) in 1 object(s) allocated from:
#0 0x55737c4f5b1e in malloc (/usr/local/bin/heif-convert+0xc2b1e) (BuildId: 69e521453ea212a7fb7de9c758d7c06c6558ac42)
#1 0x55737c5332b4 in Encoder::GetExifMetaData(heif_image_handle const*, unsigned long*) /root/fuzz/fuzz_libheif/libheif/examples/encoder.cc:54:43
#2 0x55737c56a3c5 in JpegEncoder::Encode(heif_image_handle const*, heif_image const*, std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&) /root/fuzz/fuzz_libheif/libheif/examples/encoder_jpeg.cc:174:23
#3 0x55737c54b039 in main /root/fuzz/fuzz_libheif/libheif/examples/heif_convert.cc:509:31
#4 0x7f3037f0dd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

Indirect leak of 22899 byte(s) in 5 object(s) allocated from:
#0 0x55737c4f5b1e in malloc (/usr/local/bin/heif-convert+0xc2b1e) (BuildId: 69e521453ea212a7fb7de9c758d7c06c6558ac42)
#1 0x7f30384d0ba5 (/lib/x86_64-linux-gnu/libjpeg.so.8+0x38ba5) (BuildId: c54abff9294357e28532a76a049a4cb2542fc15b)

Indirect leak of 20865 byte(s) in 7 object(s) allocated from:
#0 0x55737c4f5b1e in malloc (/usr/local/bin/heif-convert+0xc2b1e) (BuildId: 69e521453ea212a7fb7de9c758d7c06c6558ac42)
#1 0x7f30384d0de4 (/lib/x86_64-linux-gnu/libjpeg.so.8+0x38de4) (BuildId: c54abff9294357e28532a76a049a4cb2542fc15b)
#2 0x60f00000012f ()
#3 0x7f30384c4d6f (/lib/x86_64-linux-gnu/libjpeg.so.8+0x2cd6f) (BuildId: c54abff9294357e28532a76a049a4cb2542fc15b)

SUMMARY: AddressSanitizer: 44032 byte(s) leaked in 14 allocation(s).

POC
poc21.zip

Environment
Description: Ubuntu 22.04.2 LTS
gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)

[kittener]

Hi, I am trying to reproduce this vulnerability, but after I ran poc21, it did not work properly. I saw that the output showed that the vulnerability point had been passed, but it did not work. I compiled it with clang++ 10.0.0. Will the problem occur here?

Output is

xxx@ubuntu:~/Downloads/studywork/CVE-2024-25269/libheif-1.17.6/build/examples$ ./heif-convert /home/xxx/Downloads/studywork/CVE-2024-25269/poc21 1.jpeg
File contains 1 image
Invalid EXIF data (offset too large)
could not write image
xxx@ubuntu:~/Downloads/studywork/CVE-2024-25269/libheif-1.17.6/build/examples$ ./heif-convert -v
1.17.6
libheif: 1.17.6
plugin path: /usr/local/lib/libheif