Open Frank-Z7 opened 12 months ago
@Frank-Z7 I can't understand the reason for this "mismatch". tracks is a MatroskaTrack[64]:
Edit: ok, so the char[] was cast to a MastroskaTrack object in line 1893. I believe the mismatch is solved simply by casting the MastroskaTrack back to the original char[] then we can delete[].
Commit pushed, can you please check tomorrow's release.
Description
We found a alloc-dealloc-mismatch (operator new [] vs operator delete) error when using tsMuxer/tsmuxer.
ASAN Log
Location
0x610000000040 is located 0 bytes inside of 184-byte region [0x610000000040,0x6100000000f8) allocated by thread T0 here:
0 0x5d8d1d in operator new[](unsigned long) (/afltest/tsMuxer/tsMuxer/tsmuxer+0x5d8d1d)
Destructor of class MatroskaDemuxer:
Version
tsMuxeR version git-2539d07 is the latest version.
Reference
https://github.com/justdan96/tsMuxer
Actual Behavior
Alloc-dealloc-mismatch
PoC
PocTsmuxer.mkv: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/PocTsmuxer.mkv
Reproduction
Environment
Credit
Zeng Yunxiang ([Huazhong University of Science and Technology](http://cse.hust.edu.cn/)) Song Jiaxuan