Closed RootUp closed 5 years ago
Thanks for fuzz testing WavPack and thanks for reporting this memory leak!
I think that if you look for them you will find many such “leaks” in the WavPack command-line code, especially when terminating early in the case of an error (like the one you found). It's a complex program and can allocate a lot of memory when parsing the command line (for example see the tagging options) and to free all that memory before exiting (error or not) would be error-prone, and actually a waste of CPU time because all memory is freed anyway when the process terminates. It's a little like rearranging the deck chairs on the Titanic.
You can find this debated in several places on the web, but here's my opinion. If it's straightforward to free memory before exiting, then it's a good idea because maybe the program will be converted later into a function inside a larger program. On the other hand, if freeing that memory is not obvious and would involve otherwise unnecessary complication, then I don't think it's worth it.
Summary
While fuzzing WavPack master branch a memory leak was observed in wavpack.c. I've used clang and MSAN to compile the binary.
Vulnerable code
Steps to reproduce.
PoC: poc.zip
MSAN