Skip to content

Latest commit

 

History

History
31 lines (17 loc) · 1.79 KB

gpac_1.md

File metadata and controls

31 lines (17 loc) · 1.79 KB

Affected Version: gpac 2.2.1 0ff40625b602590afffb383ab03d155e0ba509ed(Current latest commit)

Vulnerability Description: The vulnerability is a memory leak issue, where a local variable named "dst_props" in the gf_filter_pid_merge_properties_internal function is allocated memory but not released.

gpac download address: https://github.com/gpac/gpac.git

Defect Location and Description:

In the gf_filter_pid_merge_properties_internal function, a pointer variable named dst_props is defined. This pointer variable is allocated a block of dynamic memory by the check_new_pid_props function at line 6101 of the program, as shown in the following figure.

image

In the check_new_pid_props function, a pointer variable named map is allocated a block of memory by the gf_props_new function and returned, as illustrated in the figure below.

image

In the gf_props_new function, the pointer variable map is allocated a block of memory by GF_SAFEALLOC and returned, as shown in the following diagram.

image

The gf_malloc function calls the malloc function to allocate a memory block of a specified size, as illustrated in the following diagram.

image

After the program completes the aforementioned memory allocation operation, the variable dst_props obtains a dynamically allocated memory region. However, at line 6131, the program returns without releasing the memory pointed to by dst_props, leading to a memory leak defect, as depicted in the following diagram.

image