Memory leak on tsMuxer

[Frank-Z7]

Memory leak on tsMuxer

Description

We found a memory leak error when we used tsMuxer/tsmuxer to process mp4 format files.

(SUMMARY: AddressSanitizer: 26339 byte(s) leaked in 72 allocation(s).)

Version

./tsmuxer --version
tsMuxeR version git-2539d07. github.com/justdan96/tsMuxer

tsMuxeR version git-2539d07 is the latest version.

Reference

https://github.com/justdan96/tsMuxer

PoC

PocTsmuxerMp4.mp4: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/PocTsmuxerMp4.mp4

Reproduction

cd tsMuxer
./tsMuxer/tsmuxer PocTsmuxerMp4.mp4

Environment

ubuntu:20.04
gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
clang version 10.0.0-4ubuntu1
afl-cc++4.09

ASAN Log

Since github has restrictions on the length of comments, the complete ASAN Log can be found at:

https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/tsmuxer_ASAN_Log.txt

=================================================================
==1369001==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2560 byte(s) in 5 object(s) allocated from:
    #0 0x5d8c0d in operator new(unsigned long) (/afltest/tsMuxer/tsMuxer/tsmuxer+0x5d8c0d)
    #1 0x63533f in H264StreamReader::checkStream(unsigned char*, int) /afltest/tsMuxer/tsMuxer/h264StreamReader.cpp:97:24
    #2 0x745d59 in METADemuxer::detectTrackReader(unsigned char*, int, AbstractStreamReader::ContainerType, int, int) /afltest/tsMuxer/tsMuxer/metaDemuxer.cpp:749:22
    #3 0x73d0dd in METADemuxer::DetectStreamReader(BufferedReaderManager const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, bool) /afltest/tsMuxer/tsMuxer/metaDemuxer.cpp:627:39
    #4 0x6bb225 in detectStreamReader(char const*, MPLSParser*, bool) /afltest/tsMuxer/tsMuxer/main.cpp:114:34
    #5 0x6c76ef in main /afltest/tsMuxer/tsMuxer/main.cpp:689:17
    #6 0x7ffff798b082 in __libc_start_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16

Direct leak of 440 byte(s) in 5 object(s) allocated from:

Indirect leak of 4800 byte(s) in 1 object(s) allocated from:

...............
Since github has restrictions on the length of comments, the complete ASAN Log can be found at:
https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/tsmuxer_ASAN_Log.txt
...............

SUMMARY: AddressSanitizer: 26339 byte(s) leaked in 72 allocation(s).

Credit

Zeng Yunxiang ([Huazhong University of Science and Technology](http://cse.hust.edu.cn/)) Song Jiaxuan

[jcdr428]

@Frank-Z7 commit 78dd8fe should help with the two direct leaks. I don't understand the reason for the indirect leaks related to std::vector, so I'll leave it for somebody else @justdan96, @xavery

Edit: is it bad practice to resize or push_back a vector inside a structure ? Should the MOVStreamContext be changed to a class ?

[Frank-Z7]

@Frank-Z7 commit 78dd8fe should help with the two direct leaks. I don't understand the reason for the indirect leaks related to std::vector, so I'll leave it for somebody else @justdan96, @xavery

Edit: is it bad practice to resize or push_back a vector inside a structure ? Should the MOVStreamContext be changed to a class ?

Hi @jcdr428 ，Thanks for your time！ I used tsMuxeR version git-665acce to re-test it. The new version of tsMuxeR does not have memory leaks, but it seems that the program will not run properly and terminate when processing files in mp4 format. Here is my complete test compilation command: // First you need to install afl++ git clone https://github.com/AFLplusplus/AFLplusplus cd AFLplusplus apt install build-essential libtool-bin python3-dev automake flex bison libglib2.0-dev libpixman-1-dev clang python3-setuptools llvm make -j24 make install // Then compile tsMuxer export CC=afl-clang-fast export CXX=afl-clang-fast++ cmake . AFL_USE_ASAN=1 make -j24 // Finally run the test case ./tsMuxer/tsmuxer PocTsmuxerMp4.mp4

[jcdr428]

Ok, I have pushed a regression on File seeking. @Frank-Z7 can you please test tomorrow's release and confirm that the issue is closed ?